Access to Records

The law states that NHS organisations must, when requested by an individual, give that person access to their personal health information, and occasionally, certain relevant information pertaining to others. In order to do this, they must have procedures in-place that allow for easy retrieval and assimilation of this information.

There are three main areas of legislation that allow the right of the individual to request such personal information, and they are:

  • The Data Protection Act 2018 (formerly DPA 1998) (DPA)
  • The General Data Protection Regulation 2016 (GDPR)
  • The Access to Health Records Act 1990
  • The Medical Reports Act 1988

Where the request for information by an individual falls under the legislation of any of these areas, access must be granted. Patients requesting information about their own personal medical records would usually have their request dealt with under the provisions of the Data Protection Act 2018 and GDPR 2016.

The GMS contract and PMS agreement for 2015-2016 require practices to promote and offer their registered patients online access to all coded data in their GP records, referred to as their Detailed Coded Record.

The introduction of online patient access to services does not change the right that patients already have to request access to their medical records provided by the provisions of the Data Protection Act (DPA) and GDPR. The DPA principles and confidentiality requirements apply in the same way for online access as they do for paper copies of the record