ELM Group – Policies


Confidentiality is central to trust between doctors and patients. Without assurances about confidentiality, patients may be reluctant to seek medical attention or to give doctors the information they need in order to provide good care.

Appropriate information sharing is essential to the efficient provision of safe, effective care, both for the individual patient and for the wider community of patients. Your medical records are held on our computer system. The Practice has a stringent security and confidentiality policy which fully complies with the Data Protection Act. Your details are only available to and used by those involved in your care. However this information may be used for research purposes but in such cases will be anonymised and encrypted.

All staff undertake yearly training and assessment in the importance of maintaining patient confidentiality. You have the right to know what information we hold about you.

An example of our commitment to confidentiality is that we cannot divulge information about your appointments to anyone else (this includes telephone consultations). It may be that you share this information with family members but we cannot assume that is the case. Therefore if we contact you about an appointment or for a phone consultation we will not identify ourselves to anyone but you. This can at times appear excessive but is evidence that should there be occasions when you do not want anyone to know you have an appointment at the surgery you can be confident that we will not reveal that information.

Access to Medical Records

The Data Protection Act 1998, which became effective from 1 March 2000, gives every living person (or their authorised representative) the right to apply for access to their health records, irrespective of when they were compiled.


Within the Data Protection Act 1998, a health record is defined as “a record consisting of information about the physical or mental health, or condition, of an identifiable individual, made by, or on behalf of, a health professional, in connection with the care of that individual.”

A health record can be in computerised and/or manual form. It may include such documentation as hand written clinical notes, letters to and from other health professionals, laboratory reports, radiographs and other imaging records, printouts, photographs, videos and tape recordings.

Personal information relating to an individual includes factual information, expressions of opinion, and the intentions of the health professional in relation to the individual concerned.

Application for access to health records

• Any application for access to health records must be made in writing.
• Applications must be signed and dated by the applicant.
• Where an application is made on behalf of an individual, a signed form of consent must accompany the written application.
• The application must clearly identify the patient in question, and the records required, including the following details:
• Full name – including previous names
• Address – including previous address(es)
• NHS number (if available)
• Dates of health records required

We normally recommend that access to your medical record is given via our online services. To register for this service you must bring ID into your usual surgery reception desk. We can give you access to book & cancel appointments, request repeat prescriptions and look at the key parts of your record such as diagnoses, allergies and test results.

The surgery has the right to check with the applicant the reasons why they require access to their entire health record, and confirm what material the applicant requires prior to processing the request.

Where a request for access to records has previously been complied with, the surgery is not obliged to respond to a subsequent identical or similar request unless a reasonable interval has elapsed since the previous request. Any extra copies of records made will be chargeable depending on the size of the record requested.

Requests for access to records made by a patient representative

A patient can authorise a representative to access their health records on their behalf. This must be done in writing, with confirmation of the representative’s  identity and relationship to the patient.

Representatives able to provide evidence that they are acting under power of attorney will be granted access to the health records of the patient.

Where a patient who is physically or mentally disabled and unable to provide written consent for a representative to seek access on their behalf, the surgery will give the patient as much assistance as possible, in order to ascertain whether consent has been granted by other means.

Parental Responsibility

Parents, or those with parental responsibility, will generally have the right to apply for access to a child’s health record.

General Data Protection Regulations

These came into effect on 25th May 2018.

Please note that from that date, children aged 13 and over have the right to access their own record online and will need to give their consent for their parents to also have online access (known as proxy access).