Your Medical Records
Doctors have always had the discretion to allow patients to see their health records and to share information where appropriate with the carers of children and incapacitated adults. Additionally in recent years Acts of Parliament have given certain statutory rights of access to records. None of the legislation prevents doctors from informally showing patients their records or, bearing in mind duties of confidentiality, discussing relevant health issues with carers.
The implementation of data protection legislation in early 2000 changed patients' statutory rights of access to their health records. The purpose of this guidance is to set out in some detail the legal requirements on doctors as holders of health records. This summary highlights the main points.
What records are covered?
All manual and computerised health records about living people are accessible under the Data Protection Act 1998.
Does it matter when the records were made?
No, access must be given equally to all records regardless of when they were made.
Does the Act cover all of the UK?
Who can apply for access?
Competent patients may apply for access to their own records, or may authorise a third party, such as their lawyer, to do so on their behalf. Parents may have access to their child's records if this is in the child's best interests and not contrary to a competent child's wishes. People appointed by a court to manage the affairs of mentally incapacitated adults may have access to information necessary to fulfil their function.
Are there any exemptions?
Yes, the main exemptions are that information must not be disclosed if it:
- is likely to cause serious physical or mental harm to the patient or another person; or
- relates to a third party who has not given consent for disclosure (where that third party is not a health professional who has cared for the patient).
Must copies of the records be given if requested?
Yes, patients are entitled to a copy of their records, for example a photocopy of paper records or print out of computerised records.
Is it necessary for patients to make a formal application for access to see their records?
No, nothing in the law prevents doctors from informally showing patients their records or, bearing in mind duties of confidentiality, discussing relevant health issues with carers.
Can a fee be charged?
Yes, and the fee varies depending on the type of record and whether the patient wants copies of the records or just to see them.
To provide access and copies:
- Records held totally on computer: £11
- Records held in part on computer and in part manually: a reasonable fee of up to £50
- Records held totally manually: a reasonable fee of up to £50
To allow patients to read their records (where no copy is required):
- Records held totally on computer: £11
- Records held in part on computer and in part manually: £11
- Records held totally manually: £11 unless the records have been added to in the last 40 days when no charge can be made
If you are applying to access your health record you will need to
- Complete this form
- Provide two types of identification as well as proof of current address. Photocopies should initially be provided, but original copies must be available when collecting your information
- An initial administration fee of £11.00 will be charged. This must be paid by cash or cheque. Please make all cheques payable to Dr Monella and Partners
- There may be an additional charge payable when you collect your results as detailed above.
What about access to the records of deceased patients?
The Data Protection Act 1998 only covers the records of living patients. If a person has a claim arising from the death of an individual, he or she has a right of access to information in the deceased's records necessary to fulfil that claim. These rights are set out in the Access to Health Records Act 1990 or Access to Health Records (Northern Ireland) Order 1993. The provisions and fees are slightly different from those in the Data Protection Act.
If you wish to access your medical records please contact reception for an application form.
Guidance on confidentiality and on sharing information with relatives and carers is available from the BMA's Medical Ethics Department.
© British Medical Association 2004
Freedom of Information
The Freedom of Information (FOI) Act was passed on 30 November 2000. It gives a general right of access to all types of recorded information held by public authorities, with full access granted in January 2005. The Act sets out exemptions to that right and places certain obligations on public authorities.
FOI replaced the Open Government Code of Practice, which has been in operation since 1994.
For information about the Freedom of Information Act model publication scheme click here.
Data Protection and FOI – how do the two interact?
The Data Protection Act 1998 came into force on 1 March 2000. It provides living individuals with a right of access to personal information held about them. The right applies to all information held in computerised form and also to non-computerised information held in filing systems structured so that specific information about particular individuals can retrieved readily.
Individuals already have the right to access information about themselves (personal data), which is held on computer and in some paper files under the Data Protection Act 1998.
The right also applies to those archives that meet these criteria. However, the right is subject to exemptions, which will affect whether information is provided. Requests will be dealt with on a case by case basis.
The Freedom of Information Act and the Data Protection Act are the responsibility of the Lord Chancellor’s Department. A few of its strategic objectives being:
- To improve people’s knowledge and understanding of their rights and responsibilities
- Seeking to encourage an increase in openness in the public sector
- Monitoring the Code of Practice on Access to Government Information
- Developing a data protection policy which properly balances personal information privacy with the need for public and private organisations to process personal information
The Data Protection Act does not give third parties rights of access to personal information for research purposes.
The FOI Act does not give individuals access to their personal information, though if a request is made, the Data Protection Act gives the individual this right. If the individual chooses to make this information public it could be used alongside non-personal information gained by the public under the terms of the FOI Act.
Date updated: 16/09/2011