This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

How we use your Health Records

Why we collect information about you and how it is used
Who we might share your information with
Your right to see your health records
How we keep your records confidential

Why we collect information about you

In the National Health Service we aim to provide you with the highest quality of health care.

To do this we must keep comprehensive up to date records about you, either in writing or held on computer.

These records may include:
  • Basic details about you, such as address, date of birth, next of kin
  • When we have seen or had contact with you
  • Notes and reports about treatment you have received and care you need
  • Results eg., x-rays, blood tests and screening including evaluations of your health risk
  • Relevant information from people who care for you and know you well, such as health professionals and relatives

The NHS Care Record Guarantee sets out the standards on how patient confidential information is used in the NHS and what control you can have over this. The new European Legislation (GDPR) provides laws to govern data collection & processing and gives patients choice over what information can be shared.

It includes information on:
  • Your access to your own records
  • How access will be monitored and what controls are in place to prevent unauthorised access
  • Options you have to limit further access
  • What happens if you are unable to make decisions for yourself.  The Care Record Guarantee can be seen online at:- 

How your records are used to help you

Relevant parts of your named health record are shared to help others (eg., community nurses or social care workers) provide some of the care you need.

Any sharing of your named record will be in line with the General Data Protection Regulations (GDPR):

  • To underpin all health decisions made by you and your care professionals and to check the quality of care.
  • To make sure that anyone treating you in any setting eg., doctors in A&E, know enough about your medical history, current medication and treatment to treat you safely and effectively.  This will normally be with your consent unless you are unable to make such a choice.

We also use your information 'minus your name' to help us plan for the future healthcare needs of you and others', eg.,

  • Identifying risks to help prevent illness in the first place.
  • Planning for extra services in your area.
  • Helping people to plan, buy and keep tract of health services (eg., physiotherapy) in your area.
  • Helping investigate any concerns or complaints you or your family have about your healthcare.
  • To support approved research projects using anonymised information to improve care, in keeping with the NHS Constitution.

When we might use or share your named health record without asking you

Sometimes there is a legal duty, such as when registering births, reporting certain infectious diseases or where a court order has been issued.

When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group eg., keeping registers of cancer patients, checking quality of care or to conduct national audits or health research. See:

A senior clinician may permit disclosure where the public interest outweighs your right to confidentiality.

This is very rare but could include when:
  • A serious crime has been committed
  • There are serious risks to the public or staff
  • It is necessary to protect children or vulnerable adults who are not able to decide for themselves whether their information should be shared.

Partner organisations we might also share your information with

  • Commissioners of your health services
  • Local healthcare and ambulance provider
  • Your Local Authority, Social Services and Education organisations
  • Your voluntary or private sector care provider

We will not share your information with other third parties, such as insurance companies, without your explicit consent.

How we keep your records confidential

Everyone working for the NHS has a legal and contractual duty to keep information about you confidential in line with the NHS Confidentiality Code of Practice & GDPR.  We also have information security and data protection policies to safeguard your information.  We only use secure methods to transfer your information between NHS computer systems and all processes meet NHS security requirements.

Apart from your GP and other medical staff or healthcare professionals (eg., physiotherapists) involved in your care, only a number of approved GP Practice staff and a very small number of approved analysts will be able to see data that identifies you and only then under strict security restrictions.

We check that anyone who wants to see your records has the correct authority to do so.  Access to your records is recorded and auditable.

We have a duty to:

  • Maintain full and accurate records of the care we provide to you
  • Keep records about you confidential, secure and accurate (including after you die)
It is good practice for people in the NHS who provide care to:
  • Discuss and agree with you what they are going to record about you
  • Give you a copy of letters they are writing about you; and
  • Show you what they have recorded about you, if you ask.

Access to your Health Records

You  have the right to confidentiality under the General Data Protection Regulations (EU 2016) and the common law duty of confidence (the Disability Discrimination and the Race Relations Acts may also apply).

The GDPR allows you to find out what personal information is held about you on computer and manual records.

If you want to see or obtain a copy of your records speak to the healthcare professional treating you or contact the Practice Manager.

You will be required to provide proof of your identity or consent if acting on behalf of someone else.  We will respond to you within 1 month.

If you think anything is inaccurate or incorrect, please inform the organisation holding your information.


The GDPR (EU/2016) requires organisations to notify the Information Commissioner of the purposes for which they process personal information.

If you have concerns about what information is held or shared about you please discuss this (including the potential not to share some information) with your GP. However, when trying to identify current and future healthcare needs, more complete information will enable better healthcare decisions to be made.

If you do not wish personal data that we hold about you to be used or shared in the way that is described in this information, please discus the matter with us.  You have the right to opt-out, but this may affect our ability to provide you with care or advice.

Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website