This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

Data Protection Act (DPA)

confidentialityThe Data Protection Act 1998 gives every living person the right to apply for access to his or her health records. The exception to this are the records of deceased persons which are still governed by Access to Health Records Act 1990.  The Act does not provide applicants with a right to directly inspect their health records, but this may be arranged at the discretion of the Data Controller. Patients are allowed to see their records subject to given exemptions and unless compelling reasons to the contrary.

  • Requests for access to health records must be made in writing to data controller or own GP or  records manager at hospital for hospital records.
  • There will be a charge for this service
  • Time limit for access is restricted to 40 days from when data controller has all information and fee has been paid
  • Individuals may request access covering certain periods - this will reduce costs
  • Individuals may NOT change anything or remove originals from their records. Should there be anything the individual disagrees with it will be discussed with their GP and a written note made if problem is with written notes; computer entry if in computer record

Patients moving abroad may not take their records to their new GP but can request a summary of their treatment. If their records have already been sent to the local health authority they will need to apply there instead.

Access to children's records can be applied for but there are certain restrictions.

Access to a deceased person's health records are covered by the 1990 Act. Their personal representative, executor or administrator or anyone having a claim resulting from the death has the right to apply for access. The request must be made in writing to the record holder and a fee is payable. Records are normally kept for 10 years; hospital records for 8 years.

Data Protection Act

Your personal details and medical records are held on computer and in writing. We confirm that we comply with the provisions of the following Data Protection Principals (1998/99) (in summary):

  • Any information will be fairly and lawfully processed
  • The information will be used in the provision of patient care in NHS hospitals, community services, family practice or in private health care institutions. Abstract information may be used for research or statistical analysis.
  • The information will be adequate, relevant and accurate
  • The information will not be kept longer than necessary (for as long as you are registered with this Practice)
  • Information will only be divulged to a third party with your written consent.
  • Information will be held securely within the Surgery
  • Information will not be transferred to countries outside the EEA without adequate protection.
Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website