Doctors have always had the discretion to allow patients to see their health records and to share information where appropriate with the carers of children and incapacitated adults. Additionally in recent years Acts of Parliament have given certain statutory rights of access to records. None of the legislation prevents doctors from informally showing patients their records or, bearing in mind duties of confidentiality, discussing relevant health issues with carers.
The implementation of data protection legislation in early 2000 changed patients’ statutory rights of access to their health records. The purpose of this guidance is to set out in some detail the legal requirements on doctors as holders of health records. This summary highlights the main points.
How do I access my medical records?
- Please use the NHS app to access your medical record electronically.
- If you have any problems, please contact our IT team by emailing [email protected]
What records are covered?
All manual and computerised health records about living people are accessible under the Data Protection Act 1998.
Does it matter when the records were made?
No, access must be given equally to all records regardless of when they were made.
Does the Act cover all of the UK?
Yes.
Who can apply for access?
Competent patients over the age of 18 may apply for access to their own records, or may authorise a third party, such as their lawyer, to do so on their behalf. Parents may have access to their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. People appointed by a court to manage the affairs of mentally incapacitated adults may have access to information necessary to fulfill their function.
Must copies of the records be given if requested?
Yes, patients are entitled to a copy of their records, for example a photocopy of paper records or print out of computerised records.
Are there any exemptions?
Yes, the main exemptions are that information must not be disclosed if it:
- is likely to cause serious physical or mental harm to the patient or another person; or
- relates to a third party who has not given consent for disclosure (where that third party is not a health professional who has cared for the patient).
Can a fee be charged?
Not under the new GDPR regulations. A fee may be charged for repetitive or excessive requests, these limits are set by the Surgery.
What about access to the records of deceased patients?
The Data Protection Act 1998 only covers the records of living patients. If a person has a claim arising from the death of an individual, he or she has a right of access to information in the deceased’s records necessary to fulfill that claim. These rights are set out in the Access to Health Records Act 1990 or Access to Health Records (Northern Ireland) Order 1993. The provisions and fees are slightly different from those in the Data Protection Act.
In these circumstances please contact our Non-NHS Team by emailing [email protected]
Latest guidance on confidentiality and on sharing information with relatives and carers is available from the BMA’s Medical Ethics Department.