Accessing your medical records

Introduction

In accordance with the General Data Protection Regulation, patients (data subjects) have the right to access their data and any supplementary information held by Merton Medical Practice; this is commonly known as a data subject access request (DSAR). Data subjects have a right to receive:

  • Confirmation that their data is being processed
  • Access to their personal data
  • Access to any other supplementary information held about them

iGPR Technologies Limited

Merton Medical Practice use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for. iGPR manages the reporting process for us by reviewing and responding to requests in accordance with applicable laws, including UK data protection laws. The instructions we issue to iGPR include general instructions on responding to requests. Please do contact us if you have any queries in this regard. IGPR will contact you directly if they are processing your request.

Options for access

As of April 2016, practices have been obliged to allow patients access to their health record online. This service will enable the patient to view coded information held in their health record. Prior to accessing this information, you will have to visit the practice and undertake an identity check before being granted access to your records.

In addition, you can make a request to be provided with copies of your health record. To do so, you must submit a Data Subject Access Request (DSAR) form; this can be submitted electronically and the DSAR form is available on the practice website. Alternatively, a paper copy of the DSAR is available from reception. You will need to submit the form online or return the completed paper copy of the DSAR to the practice. Patients do not have to pay a fee for first time requests of copies of their records. If a repeat request is received for information previously supplied, a fee may be applicable.

Time frame

Once the DSAR form is submitted, Merton Medical Practice will aim to process the request within 28 days; however, this may not always be possible. The maximum time permitted to process DSARs is one calendar month.

Exemptions

There may be occasions when the data controller will withhold information kept in the health record, particularly if the disclosure of such information is likely to cause undue stress or harm to you or any other person.

Data controller

At Merton Medical Practice the data controller is the Practice Manager and should you have any questions relating to accessing your medical records, please ask to discuss this with the named data controller.

Signed

Dr Rafik Taibjee
Data controller

Merton Medical Practice

Published: 04/02/2020

Review: 01/04/2024