Under the Data Protection Act 2018 and UK GDPR (UK General Data Protection Regulation), and subject to certain conditions, individuals have a legal right of access to personal information held about them, including their health records.

Requests for access to personal information are called Subject Access Requests.

Access includes:

• The right to obtain a copy of the record in permanent form, and
• The right to review a record without obtaining a copy
• The right to have information explained where necessary

The Act requires us to respond to a subject access request within one calendar month of receiving it. However, the Department of Health recommends that we respond within 21 days of receipt.

There are two circumstances under which access may be denied or restricted:

• If access might cause serious harm to the patients' physical or mental health
• If the record contains third party information.

Your patient records

Please see Health records.

We will need to confirm your identity before disclosing any information or releasing photocopies.

Data for research in the Thames Valley and Surrey

The responsible use of health and care data is essential for providing individual care, planning services and developing new medical treatments. 

Across the country there is an increased focus on how to create better access to data for research and maintaining the highest standards of security and confidentiality.

Part of this approach is to develop local Secure Data Environments (SDE). NHS organisations in the Thames Valley and Surrey (TVS) are working together to set up a local SDE for research.

This environment will securely store patient data. People, like university or industry researchers, can apply to become approved users to access this data. The data they can see is agreed before they are given access. The data will not leave the NHS.

To help develop the local SDE, we are working with patients, the public and healthcare professionals.