Your Health Records

To top

Access to your Health Records

Under the Data Protection Act 1998, you have a legal right to access your health records. If you want to see your health records you can write to the Practice Manager to request a time to come in and read them. You don’t have to give a reason for wanting to see your records.

It's a good idea to state the dates of the records that you want to see – for example, from 2009 to 2012 - and to send the letter by recorded delivery. You should also keep a copy of your letter for your records. You will usually receive a response to your request within 21 days, although the law states that your hospital, or the Practice, has up to 40 days to respond.

Hospital Records

As well as having a copy of your health records the Practice will also have a summary of any hospital tests, or treatment, that you have had. Any hospitals where you have had treatment, or tests, will also hold records.

To see your hospital health records, you will have to contact your local Hospital. Your request to see your records will be forwarded to the health records manager. The manager will decide whether your request will be approved. Your request will usually only be refused if your records manager, GP, or other health professional believes that information in the records is likely to cause you, or another person, serious harm.

Charges

If your records have been updated in the last 40 days – that is, you have seen your GP, or another health professional, in the last 40 days, you’re entitled to see your records free of charge. However, if your records are held on a computer, there may be an administration charge of up to £10.
For a copy of older paper records, and results such as X-rays, you may have to pay photocopying and administration charges. These charges will be a maximum of £50 (in total).

Power of Attorney

Your health records are confidential, and members of your family are not allowed to see them, unless you give them written permission, or they have power of attorney. A lasting power of attorney is a legal document that allows you to appoint someone to make decisions for you, should you become incapable of making decisions yourself.

The person you appoint is known as your attorney. An attorney can make decisions about your finances, property, and welfare. It is very important that you trust the person you appoint so that they do not abuse their responsibility. A legal power of attorney must be registered with the Office of the Public Guardian before it can be used.

If you wish to see the health records of someone who has died, you will have to apply under the Access to Medical Records Act 1990. You can only apply if you: are that person’s next of kin, are their legal executor (the person named in a will who is in charge of dealing with the property and finances of the deceased person), have the permission of the next of kin, or have obtained written permission from the deceased person before they died. To access the records of a deceased person, you must go through the same process as a living patient. This means either contacting the Practice or the hospital where the records are stored.

To top

Data Protection

We are obliged to comply with Data Protection 1998 and other guidance on privacy and data confidentiality, which we take very seriously. In order to provide care we are obliged to keep records of all medical information, which is kept either in paper form or stored on computer. In order to manage services and improve the quality of patient care we proved we are sometimes asked to share information on practice activity with the CHP pharmacist, Health Board, Common Service
       
Agency and the Scottish Executive. Whenever possible this information is anonymised. Information is not shared with any third party outside the Health Service without your written consent. We are obliged by law to provide certain information e.g. notification of certain infectious diseases. If you require further information regarding Data Protection please contact the Practice Manager.

To top

Emergency Care Summary

All patients in Scotland have something called an Emergency Care Summary. This consists of basic information about your health which might be im-portant if you require urgent medical attention when your GP surgery is closed. It is copied from your GP’s computer system and stored electroni-cally.

With your agreement the following NHS staff can look at you Emergency Care Summary when you surgery is closed

  • Doctors, nurses and receptionists in out-of-hours medical centres.
  • Staff at NHS 24 involved in your care.
  • Staff in hospital accident and emergency departments.

Information within the Emergency Care Summary

  • Your name and address
  • Date of birth and 4 digit CHI number
  • GP surgery
  • Information about medicines prescribed by your GP in the last four weeks
  • Any bad reactions to medicines that GP knows about

To top

Freedom of Information (Scotland) Act 2002

Under Section 23 of the Freedom of Information (Scotland) Act 2002 (The Act), a "public authority" which is defined as including General Practitioners, must prepare a publication scheme setting out the information it routinely makes publicly available. The British Medical Association Model Publication Scheme for General Practitioners in Scotland has been ap-proved by the Scottish Information Commissioner who is responsible for promoting and en-forcing the Act. In addition, we have to review the scheme from time to time.

The Publication Scheme is a complete guide to the information routinely made available to the public by Anchor Mill Medical Practice. It is a description of the information about our General Practitioners and Practice, which we make publicly available. It will be reviewed at regular intervals and we will monitor its effectiveness. In adopting (or reviewing) our publication scheme, we are required to have regard to the public interest in:

  • Allowing public access to information we hold: and
  • The publication of reasons for the decisions we make.

Freedom of Information Contact Details

The point of contact for further information or comments relating to the Model Publication Scheme is: Ms Carrie Young, Secretary, Scottish General Practitioners Committee, British Medical Association, 14 Queen Street, Edinburgh EH2 1LL, Tel. 0131 247 3000, Fax. 0131 247 3001.

If you require further clarification regarding the Freedom of Information Act 2002, please contact the Practice Manager on 0141 889 8809

To top

Information Sharing

The practice complies with Data Protection and Access to Medical Records legislation. Identifiable information about you will be shared with others in the following circumstances:

  • To provide further medical treatment for you e.g. from district nurses and hospital services.
  • To help you get other services e.g. from the social work department. This requires your consent.
  • When we have a duty to others e.g. in child protection case.

Anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care. If you do not wish anonymous information about you to be used in such a way please let us know.

To top

Scottish Primary Care Information Resource (SPIRE)

NHS Scotland is improving the way it uses information from your GP patient record – this information sheet explains what it means for you.

The improved service is called Scottish Primary Care Information Resource (SPIRE) and has been developed to help GPs, the NHS in Scotland and researchers plan for Scotland’s health and care needs. This will be introduced in phases across Scotland from January 2017.

Find out more in this Information Leaflet.

To top

Subject Access Requests

Introduction

Under the terms of the data protection act, we as the “data controller” have a responsibility to ensure the confidentiality and integrity of the information we hold about you. Furthermore, as your doctor we have a responsibility to ensure the confidentiality of matters of a sensitive medical, psychological, and emotional nature. A subject access request requires us as data controller to give you as the “subject” access to all data we hold about you. This includes every recorded encounter you have had with any GP or nurse in the surgery as well as copies of all hospital letters, test results and prescriptions issued.

Insurance Companies

Insurance companies require medical information from yourself and ourselves to assess your risk of illness, death and disability. There is a system in place for GPs to give a pertinent summary of all relevant medical information (excluding information of a sensitive or irrelevant nature) by way of an industry approved General Practitioner’s Report (GPR). The format of this report was agreed by the Association of British Insurers and the British Medical Association. This system has been in place since then and a fee is paid by the insurance company to ourselves to ensure a prompt efficient service.

Lately some companies have been using the SAR system to obtain patients’ full medical records. We have reason to believe that this may be done to reduce costs to the insurance company. More worryingly, we are concerned that our patients may not have received adequate explanation that their full record will be given to the insurance company, or that there is a simpler system in place whereby we can provide a GP report (or GPR) which releases only the relevant information.

Once we release a medical record to a third party we are no longer the data controller for that information, and we have no control over how that information is stored, used, or shared. As a result, we no longer respond to subject access requests by insurance companies. We have written to your insurance company to suggest that they submit a request to us for a GP report.

Should you wish to submit a subject access request to have copies of your full medical record under the terms of the data protection act, you may do so. Your medical records are held on a combination of paper (for older records) and computer (for new records). You may be required to meet the administrative costs involved up to a maximum of £50, and we will be able to liaise with you directly to provide this information within forty days. If however, you wish us to provide a standard report, we recommend that you contact your insurance company directly to express your preference for a General Practitioner’s Report (GPR).

Update

The Information Commissioner’s Office (ICO) has recently ruled on the use of SARs by insurance companies to obtain full copies of patient medical records.  In brief the ICO determined that the use of SARs in this way was inappropriate and has written to the Association of British Insurers (ABI) to advise them of this.  In light of the ICO ruling, the BMA and GPC produced a Focus On’ Subject Access Requests for Insurance Purposes guidance document

As a result we will no longer supply insurance companies with full copies of your medical records.

To top

Your Personal Health Information

To provide you with the care you need, we hold the details of your consultations, illnesses, tests, prescriptions and other treatments that have been recorded by everyone involved in your care e.g. GP, health visitor, practice nurse. This information may be stored on paper or electronically on computer files by practice staff.

We sometimes disclose some of your personal health information to other organisations involved in your care. For example, when your GP refers you to a specialist at the hospital we will send relevant details about you in the referral letter and receive information about you from them.

Our practice also participates in regional and national programmes such as the cervical cytology screening service and your name and address, date of birth and health number will be given to them in order to send an invitation to you.

We need to use some of your personal health information for administrative purposes. In order to receive payment for services provided to you, we have to disclose basic details about you to the NHS Board responsible for this area and to the Common Services Agency for the Scottish Health Service. These organisations have a role in protecting public funds and are authorised to check that payments are being properly made. We are required to co-operate with these checks and disclosure of your data is a necessary part of our provision of healthcare services. Sometimes we may participate in studies that are designed to improve the way services are provided to you or to check that our performance meets required standards. Whenever we take part in activities such as these we will ensure as far as possible any details that may identify you are not disclosed.

Where you need a service provided jointly with a local authority we will seek your permission before giving them your details.

Sometimes we are required by law to pass on information e.g. the notification to the government of births and deaths and certain diseases or crimes is a legal requirement.
Our use of your personal health information is covered by a duty of confidentiality, and is regulated by the Data Protection Act. The Data Protection Act gives you a number of rights in relation to how your personal information is used including a right to access the information we hold about you.

Everyone working for the NHS has a legal duty to keep information about you confidential and adheres to a Code of Practice on protecting patient confidentiality. Anyone who receives information from us is also under a legal duty to keep it confidential.