%20Logo_CtoC%20May21-0.jpg)
DSAR (Data Subject Access request)
The General Data Protection Regulation (GDPR) 2018 allows individuals more control over their personal data, by granting them eight data subject rights. One of those rights is the right of access to obtain information about the data an organisation holds about them. This is called a data subject access request (DSAR).
In healthcare, this means that you, as a patient, can ask us to give you information held in your medical records. If you are over the age of 13, an easier way for you to access your medical information without the need for a DSAR is via the NHS APP.
What information are we obliged to provide in a DSAR response?
On request, we will provide:
-
Information held about you in your medical records.
-
Information we hold about complaints that you have made which will not be attached to your medical records.
What information can we withhold?
When we return the DSAR, we may withhold information as follows:
-
Third party information relating to other members of the primary and secondary health care team, or references you may have made in your consultations to family or friends.
-
Any information regarding adoption.
-
Any information that might be considered sensitive or harmful to your health and wellbeing, such as information on mental health and safeguarding issues.
The information that you can view online is the the same as what we would give in a DSAR.
Who Can Submit a DSAR?
In primary care, the following can submit a DSAR:
-
The patient
-
Any person (relative, friend, legal representative) that you have asked, and to whom you give written consent.
-
Anyone who has full parental responsibility for the patient and the patient is under the age of 18 (and if over 13 years of age they have consented to this, or is not able to consent for any reason).
-
Anyone that has been appointed by the Office of the Public Guardian to manage your affairs relating to your health and welfare, and can provide registration of a lasting Power Of Attorney.
Deceased Patients
In the case of a deceased patient, access to medical records is governed by the Access to Health Records Act 1990. People who can apply for access to a deceased person’s medical records:
-
An individual who has been given a court order to do so
-
A deceased patient’s personal representative: the executor of their will, or
-
A named administrator of their estate if there is no will
-
Someone who may have a claim arising from the death of the patient
-
A legal representative of any of the above
Proof of Identity
In all circumstances, we will request proof of identity and in the case of those requests not from the patient, a letter of consent. Further information can be found at: https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/
What you can do with the NHS app:
-
Order repeat prescriptions and nominate a pharmacy where you would like to collect them.
-
View your GP health record to see information like your allergies and medicines (if your GP has given you access to your detailed medical record, you can also see information like test results).
-
Book and manage coronavirus (COVID-19) vaccinations.
-
Register your organ donation decision.
-
Choose how the NHS uses your data.
-
View your NHS number.
-
Use NHS 111 online to answer questions and get instant advice or medical help near you.
-
Search trusted NHS information and advice on hundreds of conditions and treatments.
-
Find NHS services near you.
-
Access health services on behalf of someone you care for.
-
View and manage your hospital and other healthcare appointments.
-
View and manage care plans.
Keeping your data secure
To access the NHS App, you will need to set up an NHS login and prove who you are. Your NHS App then securely connects to information from your GP surgery.
If your device supports fingerprint detection or facial recognition, you can use it to log in to your NHS App each time, instead of using a password and security code.