In accordance with the General Data Protection Regulation, patients (data subjects) have the right to access their data and any supplementary information held by Scott Park Surgery; this is commonly known as a data subject access request (DSAR). Data subjects have a right to receive:
· Confirmation that their data is being processed
· Access to their personal data
· Access to any other supplementary information held about them
Options for access
Best practice recommendation in the GDPR is that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information. Please contact us to apply for online services if you have not already done so.
As of April 2016, practices have been obliged to allow patients access to their health record online. This service will enable the patient to view coded information held in their health record. Prior to accessing this information, you will have to visit the practice and undertake an identity check before being granted access to your records.
In addition, you can make a request to be provided with copies of your health record. To do so, you must submit a Data Subject Access Request (DSAR) form which is available to download here. Alternatively, a paper copy of the DSAR is available from reception. You will need to return the completed paper copy of the DSAR to the practice with proof of identity.
We accept the following forms of identification:
• Birth Certifiate/Current UK/EEA Passport
• UK Driving Licence
• Financial Statement issued by bank, building society or credit card company
• Utility bill for supply of gas, electric, water or telephone landline
Once the DSAR form is submitted, Scott Park Surgery Practice will aim to process the request within one month.
There may be occasions when the data controller will withhold information kept in the health record, particularly if the disclosure of such information is likely to cause undue stress or harm to you or any other person.
No charge to comply with the request (with exceptions)
If you don’t have access to online services, we will provide a copy of the information free of charge, as per the GDPR rules. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We may also charge a reasonable fee to comply with requests for further copies of the same information. We understand that this does not mean that we can charge for all subsequent access requests.
Excessive, manifestly unfounded or repetitive requests
Where requests are manifestly unfounded, excessive and repetitive, we may refuse to act on the request or charge a reasonable administration fee.
As stated we have to respond to a SAR within one month. If more time is needed to respond to complex requests, an extension of another two months is permissible, provided this is communicated to you in a timely manner within one month.
Where we decide not take action on the request of the data subject, you will be informed of this decision without delay and at the latest within one month of receipt of the request.
Scott Park Surgery is the data controller. Should you have any questions relating to accessing your medical records, please ask to discuss this with the Practice Manager.