Scott Park Surgery
Data Subject Access Policy
Introduction
In accordance with the General Data Protection Regulation, patients (data subjects) have the right to access their data and any supplementary information held by Scott Park Surgery; this is commonly known as a data subject access request (DSAR). Data subjects have a right to receive:
- Confirmation that their data is being processed
- Access to their personal data
- Access to any other supplementary information held about them
Options for access
Best practice recommendation in the GDPR is that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information. Please contact us to apply for online services if you have not already done so.
As of April 2016, practices have been obliged to allow patient access to their health record online. This service will enable the patient to view coded information held in their health record. Prior to accessing this information, you will have to visit the practice and undertake an identity check before being granted access to your records.
In addition, you can make a request to be provided with copies of your health record in other formats. To do so, you must submit a Data Subject Access Request (DSAR) form which is available to download here (PDF, 599KB).
Alternatively, a paper copy of the DSAR form is available from reception. You will need to return the completed paper copy of the DSAR form to the practice with proof of identity.
We accept the following forms of identification:
- Birth Certificate / Current UK / EEA Passport
- UK Driving Licence
- Financial Statement issued by bank, building society or credit card company
- Utility bill for supply of gas, electric, water or telephone landline
Requests relating to children/young persons
The presumed age of consent for children for this purpose is 13 years; the consent (signature) of the child must be sought before a person with parental responsibility may be given access. However, if a child younger than 13 and may have capacity to consent, then their consent should be sought. Where, in the view of the appropriate professional, the child is not capable of understanding the nature of the application, the holder of the record is entitled to deny access if it is not felt to be in the patient’s best interests.
Time frame
Once the DSAR form is submitted, Scott Park Surgery Practice will aim to process the request within one month.
Fees
Under the GDPR, a copy of the requested information should be provided free of charge. However, we can charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive.
Exemptions
There may be occasions when Scott Park Surgery will withhold information kept in the health record, particularly if the disclosure of such information is likely to cause undue stress or harm to the data subject or any other person or when the record has information relating to third party.
Excessive, manifestly unfounded or repetitive requests
Where requests are manifestly unfounded, excessive and repetitive, we may refuse to act on the request or charge a reasonable administration fee.
Complex requests
If more time is needed to respond to complex requests, an extension of another two months is permissible, provided this is communicated to you in a timely manner within one month of receiving the request.
Declining a Request
Where we decide not to take action on the request of the data subject due to excessive, manifestly unfounded or repetitive requests, you will be informed of this decision without any delay and at the latest within one month of receipt of the request.
Data controller
Scott Park Surgery is the data controller. Should you have any questions relating to accessing your medical records, please ask to discuss this with the Practice Manager.
The Appointed Data Protection Officer of Scott Park Surgery is:
Jane Marley
Head of Information Governance and Data Protection Officer Essex CCGs
01268 594531
Data Subject Access Policy
Recent Reviewed: June 2020
Next review: June 2023