Frequently asked questions about accessing health records

What is a health record?
A health record is defined in the Data Protection Act 1998 as a record consisting of information about the physical or mental health or condition of an identifiable individual made by or on behalf of a health professional in connection with the care that individual.

How are health records recorded?
A health record can be recorded in a computerised form or in a manual form or a mixture of both. Health records may include such things as: hand-written clinical notes, letters to and from other health professionals, laboratory reports, radiographs and other imaging records e.g. X-rays and not just X-ray reports, printouts from monitoring equipment, photographs, videos and tape-recordings of telephone conversations.

What about private health records?
The Data Protection Act 1998 is not confined to health records held for the purposes of the National Health Service ("the NHS"). It applies equally to the private health sector and to health professionals' private practice records. It also applies to the records of employers who hold information relating to the physical or mental health of their employees, if the record has been made by or on behalf of a health professional in connection with the care of the employee.

Does it matter when the record was created?
No. Individuals have a right to apply for access to records irrespective of when they were compiled. Whereas the Access to Health Records Act 1990 did not provide individuals with a statutory right of access to records compiled prior to November 1991, under the Data Protection Act 1998 there is no such limitation.

Can applicants directly inspect their medical records?
The Act gives patients the right, among other things, to know whether a data controller is processing information about them, a description of the data, and the information constituting the data. It remains Department of Health policy that patients who wish to actually see what is written about them in their records should be allowed to do so, subject to given exemptions and unless there are compelling reasons to the contrary.

Are individuals entitled to apply for access to their complete health record?
Individuals are entitled to apply for access to their total health record as it stands at the time the request was received. The information provided may, however take account of any amendment or deletion which is made to the record in the period between the request having been received and dealt with, being an amendment or deletion that would have been made regardless of the receipt of the request.

Who has a duty under the Act to deal with access requests ?
Responsibility for dealing with a subject access request lies with the "data controller". A data controller is defined in the Data Protection Act 1998 as a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data about an individual are, or are to be, processed.