Online Access / Making a Subject Access Request (SAR)
Introduction
The Data Protection Act gives every living person (or authorised representative) the right to apply for access to their health records.
Online Access to Medical Records
As of March 2016, Coded information from Medical Records can be accessed as part of the Practice’s online services. For security reasons, you will have to visit the practice to undertake an identity check before you are granted access to these records.
To make a subject access request
A request for your medical health records held at Blacketts Medical Practice must be made in writing (e-mails accepted) to the data controller who is: Sarah Stelling, Practice Manager. Please contact the practice for alternative methods of access if you are unable to make a request in writing).
You can apply using an Application for Access to Medical Records Form which are available from reception if you wish.
Costs
Under the Data Protection Act you will not normally be charged a fee to view your health records or to be provided with a copy of them unless the request is judged to be unfounded or excessive.
CCTV Images
CCTV images will not be retained longer than is considered necessary, and will be then be deleted.
All images will be held securely, and all access requests, and access to images will be documented.
Except for law enforcement bodies, images will not be provided to third parties.
Images may record individuals and/or record incidents. Not all recordings are designed to identify persons.
Other than in accordance with statutory rights, the release or availability of images will be at the discretion of the Data Controller(s) for the purposes of the Data Protection Act 2017.
Images are held to improve the personal security of patients and staff whilst on the premises, and for the prevention and detection of crime, and images may be provided to police or other bodies.
Where access is granted in response to an application received, the image may be edited to exclude images of third parties who are also included within the requested image. This may be necessary to protect the identity of the third parties. In these circumstances the image released as part of the application may identify the “data subject” only.
Images will be located by the Data Controller or authorised person.
The practice regularly reviews compliance with the ICO’s CCTV Code of Practice; continued operational effectiveness and whether the system continues to meet its purposes and remains justified.
Complaints
If you have any complaints about any aspect of your application to obtain access to your health records, you should first discuss this with the Practice. All complaints will be acknowledged within three working days and a full response will be provided.
Alternatively you can contact the Information Commissioners Office (responsible for governing Data Protection compliance) –
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF
Tel 01625 545745 or visit www.ico.org.uk/