Privacy Notice: Access to Medical Reports

 

The Access to Medical Reports Act 1988 allows both employers and insurers to a request medical report from a GP. Employers and Insurers are required to seek a patient’s consent prior making a request and a patient must be informed of their right to withhold consent during the process. Where requests are made for copies of your medical records for insurance purposes, we will contact you to discuss the request and confirm you are happy for us to release the records. This is in line with guidance from the British Medical Association (BMA) and the Information Commissioners Office (ICO). 

Patients may also request a copy of the report however, there are some exemptions to this right that can be applied in certain circumstances such as:

  • Where serious harm to the physical or mental health of the individual or others or would indicate the intentions of the practitioner in respect of the individual.
  • Where the report reveals information about another person, or reveals the identity of another person who has supplied information to the practitioner about the individual.

1) Controller contact details

Penge PCN

2) Data Protection Officer contact details

Danielle Gibbons
GP Data Protection Officer
gpdpo@selondonics.nhs.uk

3) Purpose of the processing

To provide the Employers and Insurers with a Medical Reports following the consent of the patient.

4) Lawful basis for processing

The legal basis will be

Article 6(1)(a) “the data subject has given clear consent to the processing of his or her personal data for one or more specific purposes”

And

Article 9(2)(a)”the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”

5) Recipient or categories of recipients of the shared data

The data will be shared with the specified employment or Insurance organisation or specified Officers. Patients may also request a copy of a report.

6) Rights to object

You have absolute right to object to your information being shared for direct marketing.

You have the right to object to some or all the information being shared with Employers or Insurers. Contact the Controller or the practice.

7) Right to access and correct

You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.

8) Retention period

The data will be retained for active use during the processing and thereafter according to NHS Policies and the law.

9) Right to Complain.

You have the right to complain to the Information Commissioner's Office online or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).