Confidentiality & Medical Records




The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

  • To provide further medical treatment for you e.g. from district nurses and hospital services.
  • To help you get other services e.g. from the social work department. This requires your consent.
  • When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.



The Access to Health Records Act 1990 and the Access to Medical Reports Act 1988 gave individuals the right of access, subject to certain exceptions, to health information recorded about themselves, and, in certain circumstances, about others, within manual records.                                                                                                 

The Access to Medical Reports Act 1988 covers the rights of individuals to access medical reports prepared about them for employment or insurance purposes.

The Data Protection Act (DPA) 1998 came into force in March 2000 and repealed most of the 1990 Access to Health Records Act.  All applications for access to records, whether paper based or electronic, of living persons are now made under the Data Protection Act. The DPA was updated even further in 2018 to meet the General Data Protection Regulation.

Under the DPA, patients have the right to apply for access to their health records. Provided that a written application is made by one of the individuals referred to below, the practice is obliged to comply with a request for access subject to certain exceptions. However, the practice also has a duty to maintain the confidentiality of patient information and to satisfy itself that the applicant is entitled to have access before releasing information.

For deceased persons, applications are made under sections of the 1990 Access to Health Records Act, which has been retained. These sections provide the right of access to the health records of deceased individuals for their personal representative and others having a claim under the estate of the deceased.

Applications for access to medical records

GP practices receive applications for access to records via a number of different sources, for example: 

Patients’ solicitors

Patients & relatives

Patient Carers

Parents of patients under 16 years old

Requests should be in writing, with a patient signature. Email requests are valid for the purposes of the DPA, however the practice will need to be satisfied that the request is made by the data subject or their legal representative only. Where a solicitor or other representative is making the request, ensure that you have patient-signed consent and sufficient information to clearly identify the patient.


All patient information is considered to be confidential and we comply fully with the Data Protection Act. All employees have access to this information in relation to their role and have signed a confidentiality agreement. Information may be shared, in confidence, with other NHS organisations in the interests of patient care.

CCTV is installed internally in public areas and externally for security. Recordings are used entirely at the discretion of the partners including provision of images to the police or other official bodies, and will otherwise comply with the Practice’s Data Protection registration.