Access to health records

by | Mar 24, 2026 | Library

Meeting the requirements of the UK General Data Protection Regulation and Data Protection Act 2018

The UK GDPR should be read alongside the UK Data Protection Act 2018 (DPA 2018). Detailed guidance
and resources on the legislation can be found on the Information Commissioner’s website.
This guidance sets out a range of circumstances in which healthcare professionals may receive, and
respond to, requests for access to health records. It reflects the common enquiries received by the BMA.
The guidance is divided into the following areas.
– Defining a health record (part 2)
– Advice on record-keeping (part 3)
– Subject access requests (part 4)
– Requests for access made on behalf of others (part 5)
– Requests from the police (part 6)
– Requests from insurers (part 7)
– Deceased patients (part 8)
– Records retention (part 9)

access-to-health-records-2025

Accelerated Access to GP-held Patient Records Guidance

1013103_20220511-accelerated-access-to-gp-v3

What access to medical records are GPs required to offer?

 

Accelerating access to GP records – FAQs

 

official guidance and support tools final

Practice guidance Offering patients prospective record access

Prospective-records-access-practice-guide-v1.2

Latest -Online access to patient records – NHS Digital and automatic switch on-

In response to the declarations made by EMIS and TPP on 30 October 2022 and doubtless following the announcement  by the Secretary of State in the House of Commons yesterday that online access would be enabled, NHS Digital has issued a further statement.

supplementary bulletin Latest Online access NHS Digital

Police information requests to NHS Organisations, GPs and other healthcare providers in respect of potential homicide investigation, proof of life enquiries and more general enquiries to trace missing persons

Information_sharing_between_police_and_health_and_care

Powered by  GDPR Cookie Compliance
Privacy Overview

Privacy Overview

Introduction

This privacy overview explains how our website, [Your Website Name], collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR). We are committed to safeguarding your privacy and ensuring the security of your information.

What is the GDPR?

The GDPR is a European data protection law that gives individuals more control over their personal data. It applies to all organizations that process the personal data of EU residents, regardless of where the organization is located.

Data We Collect

We only collect data that is necessary for the purposes for which it is collected. The types of data we may collect include:

  • Contact Information: Name, email address, phone number, and postal address when you fill out a form or sign up for a newsletter.
  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. We collect this data through cookies and similar technologies.
  • Usage Data: Information about how you use our website, products, and services.

How We Use Your Data

We use your data for the following purposes:

  • To provide you with the services you have requested, such as a newsletter or a product purchase.
  • To improve our website and services.
  • To communicate with you about your account or our services.
  • To comply with legal obligations.
  • With your consent, to send you marketing communications.

Legal Basis for Processing

We will only process your personal data where we have a lawful basis to do so, which may include:

  • Consent: You have given us clear consent to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or those of a third party, provided your fundamental rights are not overridden.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to be Informed: The right to be informed about how we collect and use your data.
  • Right of Access: The right to request a copy of the data we hold about you.
  • Right to Rectification: The right to correct any inaccurate or incomplete data we hold about you.
  • Right to Erasure ('Right to be Forgotten'): The right to request the deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: The right to restrict the processing of your data in certain situations.
  • Right to Data Portability: The right to obtain and reuse your personal data for your own purposes across different services.
  • Right to Object: The right to object to the processing of your data in certain circumstances.
  • Rights related to automated decision-making and profiling: The right not to be subject to a decision based solely on automated processing.