Medical Records

Department of Health and Social Care written question – answered on 6th December 2018.

Alert me about debates like this

Photo of Lord Freyberg Lord Freyberg Crossbench

To ask Her Majesty's Government who owns the (1) information contained in patients’ health records, and (2) health records themselves; and who is responsible for (a) the use of information contained in patients’ health records, and (b) access to the health records themselves.

Photo of Lord O'Shaughnessy Lord O'Shaughnessy The Parliamentary Under-Secretary for Health and Social Care

The Data Protection Act 2018 gives effect to The General Data Protection Regulation (GDPR) introduced in May 2018. The GDPR provides rights in relation to the control of data, rather than referring to ownership.

The organisation that creates a health record is responsible for the use of information in the record and determines who has access to it and that any access is lawful. In addition, under the national data opt-out an individual has the right to opt out of their data being shared beyond their direct care, and under Article 21 of the GDPR, an individual has the right to object to the processing of their personal data under certain circumstances.

Every organisation is required by law to maintain the original medical record of patients and must safeguard it from loss, damage, alteration and unauthorised use. Every organisation handling personal data must comply with the GDPR when processing patients’ personal data and is accountable for its own compliance and risk management strategies and decisions.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.