Accessing medical or Health and Social Care records

How to access your records

Your doctor's surgery holds your health records. A hospital holds records of any treatment you have had there. You may have other records, for example, those held in health and social care facilities. You have the right to receive a copy of these under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

If you wish to access your health records from your GP, surgery staff or Health Trust you should do so in writing. In your letter you should clearly state what information you want and also include a copy of some form of photographic identification, for example, a driving licence or passport.

An application form may be available on the Trust or GP website that will help you to apply for your records and explain what information and documents you need to provide.

The information you request is usually provided free of charge but there may be a charge. Under GDPR, the Trust or surgery has one month to respond to a request in writing. If the request is more complex this can be extended by a further two months (three months in total).

If the records are held at a hospital, or a community setting, you should address the letter to your hospital's records manager. You may also send requests to the Trust data protection officer.

• Your local doctor (GP)
• Health and Social Care Trusts
• Northern Ireland Ambulance Service HSC Trust

If access to records is denied

You will not be allowed access to your records if:

• healthcare professionals believe that information in the records is likely to cause serious harm or distress to you or another person
• details about third parties are included in the records - these may be removed

If you are denied access, you can approach the Information Commissioner's Office if you think the organisation has breached the Data Protection Act.

• Information Commissioner's Office

Cost of accessing your medical records

In most cases, the information will be provided free of charge. In some circumstances, the organisation has the right to charge a fee for access to your health records. It will make you aware of the fee.

Accessing someone else's records

If you are applying for health records on behalf of someone else, you will need to:

• be acting on their behalf with their consent
• have legal authority to make decisions on their behalf (power of attorney)
• have another legal basis for access

You should be aware that having power of attorney does not provide you with an automatic right to someone else’s medical records. Other factors including the best interests of the patient need to be taken into account before a decision can be made.

• Managing your affairs and enduring power of attorney

Accessing children’s medical records

If you are accessing information on children you may need to confirm that you have parental responsibility.  Professionals may deem a child to have capacity to consent even if they are under 16 years of age and consent may be requested from children.

Accessing a deceased person's medical record

To access the health records of someone who has died, you need to apply to the GP or Health Trust under the Access to Health Records (NI) Order 1993.

Due to a duty of confidentiality that remains after a person’s death, access can only be provided in limited circumstances.  You should check the organisation’s website or contact Information Governance department for further details on how to apply.

Who your information is shared with

To make sure you are provided with the best care or service for you, your information may need to be shared with authorised individuals directly involved in your care.

This should only be done if it is needed in your interests. Your relatives, friends and carers may be given information about you, but only if you agree, or in circumstances where it is necessary to make sure your health and well-being.

Apart from this, your information shouldn’t be shared with other individuals unless you have given your permission to do so. If a service wants to share your information, you will be contacted to seek consent and you have a right to withdraw your consent at any time, where relevant.

Your information may also be used in a way that does not identify you, for example, for research or to help identify trends (such as the increase in certain diseases).

Occasions where information may be shared without consent

There may be occasions where your information can be shared with other organisations without your consent but this will only happen when it is:

• required by law
• required by a court order
• necessary to detect or prevent crime, including allegations or suspicions of fraud
• necessary to protect the public from serious harm, for example, the protection of vulnerable adults
• required for monitoring certain health conditions
• monitoring of deaths