In Accordance with The Data Protection Act 2018 patients have the right to request information on their own medical records. Requests for information under this Act should:
- Be in writing to the data controller (The Practice Manager is the data controller) at THE MAPLES. Requests may be made in other ways – please contact reception for more information
- Be accompanied with sufficient proof of identity to satisfy the data controller and to enable them to locate the correct information (where requests are made on behalf of another, the data controller must satisfy themselves that correct and adequate consent has been given);
- Be accompanied with the correct fee where applicable (see below for guidance on fees);
Where an information request has been previously fulfilled, the data controller does not have to honour the same request again unless a reasonable time-period has elapsed. It is up to the data controller to ascertain what constitutes a reasonable time-period.
Requests for health records information under a Subject Access Request (a request from the person that the data relates to) should be recorded internally and fulfilled within 30 calendar days (unless under exceptional circumstances – the applicant must be informed where a longer period is required). Information given should be in a manner that is clear and intelligible to the individual.
Access Request Fees
Under the new Data Protection Act 2018 (which incorporates the GDPR requirements), the charge for fulfilling an SAR has been removed unless the Practice determines that the request is “manifestly unfounded or excessive”. There is statutory timescales of 30 days to complete the request.
Forms to request access can be downloaded here.