Access to Medical Records

Introduction

In accordance with the General Data Protection Regulation, patients (data subjects) have the right to access their data and any supplementary information held by The Good Practice; this is commonly known as a data subject access request (DSAR). Data subjects have a right to receive:

  • Confirmation that their data is being processed
  • Access to their personal data
  • Access to any other supplementary information held about them

 Options for access

As of April 2016, practices have been obliged to allow patients access to their health record online. This service will enable the patient to view coded information held in their health record. Prior to accessing this information, you will have to visit the practice and undertake an identity check before being granted access to your records.

In addition, you can make a request to be provided with copies of your health record. To do so, you must submit a Data Subject Access Request (DSAR) form; this can be submitted electronically and the DSAR form is available on the practice website. Alternatively, a paper copy of the DSAR is available from reception. You will need to submit the form online or return the completed paper copy of the DSAR to the practice. Patients do not have to pay a fee for copies of their records.

Time frame

Once the DSAR form is submitted, The Good Practice will aim to process the request within 28 days; however, this may not always be possible. The maximum time permitted to process DSARs is one calendar month, however this can be extended to up to three months when the request is complicated, we will let you know within the one calendar month time period as to whether or not we need to extend.

Exemptions

There may be occasions when the data controller will withhold information kept in the health record, particularly if the disclosure of such information is likely to cause undue stress or harm to you or any other person.

Data Controller

The partnership is the collective data controller at The Good Practice

Data Protection Officer

 If you have any concerns regarding data processing or control or how any request has been handled please speak to the data protection officer –

Cameron Mclvor

0207 351 1766

thegoodpractice2@nhs.net

GP Net Earnings

All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice.

The average pay for GPs working in The Good Practice in the last financial year was £56,836 before tax and National Insurance. This is for 2 full time GPs who worked in the practice for more than six months.

Further Policy Information

Confidentiality & Medical Records

The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

  • To provide further medical treatment for you e.g. from district nurses and hospital services.
  • To help you get other services e.g. from the social work department. This requires your consent.
  • When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Freedom of Information

Information about the General Practioners and the practice required for disclosure under this act can be made available to the public. All requests for such information should be made to the practice manager.

Access to Records

In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.

Violence Policy

The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.

Confidentiality

In order to ensure that you get the best possible continuity of medical care we keep records of every consultation.  Your written records are locked when the surgery is shut and your computer records can only be accessed by secure passwords.  All doctors and staff are governed by strict rules of confidentiality and training is given to all new staff members.  Training in data protection and confidentiality is repeated annually for all staff.

Your records are managed in accordance with the Data Protection Act 1998 and no information given to us can be divulged to any third party unless you give us explicit permission to do so.  Relevant details of your medical history may be passed to another clinician to whom you are being referred, if you have any concerns about this, please speak to your GP.

We cannot give out any information about you to friends, family, partners, employers, police, Social Services, benefits agencies, insurance companies, solicitors, etc, without your permission.

You have a right of access to your own records should you wish to read them and are also entitled to see any written reports about you before they are sent.

Freedom of Information

The  Freedom of Information Act creates a right of access to recorded information and obliges a public authority to:

  • Have a publication scheme in place
  • Allow public access to information held by public authorities.

The Act covers any recorded organisational information such as reports, policies or strategies, that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland, however it does not cover personal information such as patient records which are covered by the Data Protection Act.

Public authorities include government departments, local authorities, the NHS, state schools and police forces.

The Act is enforced by the Information Commissioner who regulates both the Freedom of Information Act and the Data Protection Act.

Who Can Request Information?

Under the Act, any individual, anywhere in the world, is able to make a request to a practice for information. An applicant is entitled to be informed in writing, by the practice, whether the practice holds information of the description specified in the request and if that is the case, have the information communicated to him. An individual can request information, regardless of whether he/she is the subject of the information or affected by its use.

How Should Requests be Made?

Requests must:

  • be made in writing (this can be electronically e.g. email/fax)
  • state the name of the applicant and an address for correspondence
  • describe the information requested

What Cannot be Requested?

Personal data about staff and patients covered under Data Protection Act.

For more information see these websites:

Summary Care Record

There is a new Central NHS Computer System called the Summary Care Record (SCR). It is an electronic record which contains information about the medicines you take, allergies you suffer from and any bad reactions to medicines you have had.

Why do I need a Summary Care Record?

Storing information in one place makes it easier for healthcare staff to treat you in an emergency, or when your GP practice is closed.

This information could make a difference to how a doctor decides to care for you, for example which medicines they choose to prescribe for you.

Zero Tolerance Policy

We treat our patients with courtesy and respect and ask for the same in return. We ask that you treat your GP and all other Practice Staff courteously without violence, abuse or harassment.

GPs and their staff have the right to care for others without fear of being attacked or abused.  Any behaviour whether that be verbal, physical or in writing, which causes staff to feel uncomfortable, embarrassed or threatened, is totally unacceptable.

The Zero Tolerance policy includes abuse, aggression or threats made in person, over the telephone or in written communication, including on social media. The Practice considers threatening behaviour to be:

  • Attempted or actual aggressive, threatening or physical actions made towards any member of staff
  • The use of aggressive, threatening or abusive language, (including raising of the voice, swearing, shouting or in writing) which threatens or intimidates staff

This policy applies throughout the premises. It also applies to any employee or partner away from the practice but only in so far as it relates to the business of the practice.

Any instance or threat of physical abuse will be reported to the police. The offender will be removed from the premises by the police. The patient will then be removed from the practice list.

Instances of abusive/threatening behaviour from a patient will be reported to the Practice Manager. Breach of the Zero Tolerance policy will result in their removal from the Practice list.

We hope you understand the reason for this policy which is designed to keep our staff and other patients safe at all times.