Requesting to see a Health Record
Under data protection laws, patients have the right to request access to the information contained in their health record.
Current patients can ask a member of staff and they can make an appointment to view their health record.
Where patients are no longer in contact with us, they can still request access to their health record, but we will need some additional details in order to locate them.
Patients will not be able to take away the original health record, but a copy can be made. This request will need to be put in writing. A member of staff can help with this if necessary.
We will try to make sure any requests are dealt with within 21 days, but by law we should provide these within one month of the request unless it is a complex request.
Legally we are able to withhold any parts of health records that, in our professional medical opinion, are likely to cause serious harm to the physical or mental health to the patient or any other person.
Information Governance Team – Access to Records
Brighton General Hospital
or email email@example.com
Why we collect patient information
Healthcare professionals keep health records about the care and treatment of a patient in order to provide the best possible care. Health records may be stored in paper format or electronically; and may include information such as:
Health records are used to ensure:
Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.
A number of services provided by Sussex Community NHS Foundation Trust are now using an electronic health record system called SystmOne.
Patient confidentiality and information security
Where patients are being cared for by one of our services using SystmOne, any other Sussex Community NHS Foundation Trust service directly involved in the patient’s care (accessing SystmOne) will also be able to access the health record on a need-to-know basis. Sharing this information between services means that our staff will be able to get up-to-date information about a patient’s care and are able to treat them safely and efficiently. It will also mean that healthcare professionals do not have to keep asking patients the same questions.
Patient care may be provided through a multi-disciplinary care team. This might include people from other organisations such as general practice; social care; education; or other care organisations. We will inform patients if this is the case.
Where we have the ability to share a patient’s full health record with other healthcare professionals involved in a patient’s care (such as another NHS services or the GP), we will ask permission to do so.
The GP, or other health professionals, may also ask whether a patient would like services at Sussex Community NHS Foundation Trust to be able to view their health records when treating them.
Patients can change these sharing preferences at any time by discussing this with the Health Professional involved in their care.
How health records are used to help the NHS
In most cases where information is required to help the NHS other than for direct care, any information which may identify a patient will be removed. Where there is a requirement for us to be able to identify a patient (such as investigating complaints or an incident), we will ask the patient’s permission (unless we are required to disclose information by law).
Health records are also used to assist with:
We have a legal requirement to provide information to NHS Digital to collate and analyse in order to produce anonymised reports to allow the effective monitoring of national and local service standards, including efficiency, equity and effectiveness of services and improve data quality. Patients have the right to opt-out of their data being used in this way.
Working with Sussex Health and Care Partnership
Sussex Community NHS Foundation Trust is a key part of the Sussex Health and Care Partnership. Across Sussex, the NHS and local councils, who look after social care and public health, are working together to improve health and care.
Sussex Health and Care Partnership brings together 13 organisations into what is known as an integrated care system (ICS), and Sussex Community NHS Foundation Trust is a key part of this partnership to take collective action to improve the health of local people, ensure that health and care services are high-quality and to make the most efficient use of our resources.
In doing so, there are a number of key initiatives involving the use and sharing of information. Details of these initiatives, can be found on Sussex Health and Care Partnership’s Digital Priorities webpage. Further information about how your data is used is also available within each initiative’s page – ‘My Health and Care Record’; Plexus Care Record; and Sussex Integrated Data Set, which are all listed on the Digital Priorities webpage.
The legal basis for the processing of data for health care purposes under data protection laws (such as the General Data Protection Regulation (GDPR) and the Common Law Duty of Confidentiality) is that the NHS is an official authority with a public duty to care for its patients. The Department of Health and data protection law says it is appropriate to do so for health and social care treatment of patients, and the management of health or social care systems and services.
If we need to use a patient’s personal information for any reason beyond those stated above, we will discuss this with them.
At times we have a legal duty to share information which identifies patients without obtaining permission.
Examples of these are:
Where patients have queries on the uses of their information in the provision of direct care, they should speak to their health professional.
Sussex Community NHS Foundation Trust (SCFT) holds and retains health information in paper and electronic formats for specified periods of time to provide high quality patient care and to keep a public record in accordance with the Public Records Act 1958. SCFT adheres to the current national guidance on retention periods set out in the Information Governance Alliance Record Management Code of Practice for Health and Social Care 2016.
The Record Management Code of Practice for Health and Social Care 2021 can be accessed in full using the link provided: https://www.nhsx.nhs.uk/information-governance/guidance/records-management-code/
All personal information held and retained by Sussex Community NHS Foundation Trust is processed in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
For queries on other uses of their information contact our Data Protection Officer / Information Governance Team on 01273 666473 or email firstname.lastname@example.org
Data Protection Laws give individuals certain rights in respect of the personal information that is held about them. These are:
Some of these rights are absolute and we must follow them. Others will need to be carefully reviewed as we have other legal duties so they do not apply in all circumstances.
In the first instance a patient should discuss this with the Health Professional involved in their care with details of the information and the reason for the correction, deletion or restriction.
Where it is agreed that corrections are necessary these will be made. If, however, after professionally reviewing the information, the health professional considers this to be correct, we will discuss this with the patient and note the concerns in the record.
We have a legal duty to record information gathered although information can be corrected, we will need to keep an audit trail of the correction. Where it is requested that information is fully deleted from a record, we would in most case, request a court order to do so.
In most cases we have a legal duty to collect and use information to ensure that the patient receives the best, most efficient and effective healthcare provision.
If a patient wishes to objects or restricts the use of their information this should initially be discussed with the health professional.
Where the use of information is for the patient’s direct healthcare, the health professionals will discuss the reasons for this. Where the restriction on use or sharing would not impact the patient’s direct care, this would be respected and documented in the record.
It will be explained to the patient that there may be cases where their objection or restriction may be overridden if there is a legal reason to do so. Examples of these are safeguarding children and vulnerable adults, the prevention and detection of crime or if a court orders us to do so.
If a patient wants to object or restrict their data being processed for other reasons other than direct patient care (secondary uses) they should contact the Information Governance Team to discuss.
As part of SCFT’s Privacy by Design and Default requirements under Data Protection Legislation, a Data Protection Impact Assessment (DPIA) is completed to evaluate and manage any risks to personal data. To view a list of our current DPIAs, please click here.
Sussex Community NHS Foundation Trust is one of many organisations working in the health and care system to improve care for patients and the public. We are part of the Sussex Health and Care Partnership, which is a group of NHS and local councils that look after social care and public health and work together to improve health and care. The Sussex Health and Care Partnership (SHCP) brings together 13 organisations into what is known as an integrated care system (ICS). One of the priorities of the ICS is the “Our Care Connected” programme which seeks to deliver a single health and care record for each person living in Sussex. The “Our Care Connected” programme will introduce the “Plexus Care Record”, a shared care record for care across Sussex and the Sussex Integrated Data Set. Further information about this is available on the Sussex Health and Care Partnership website.
Whenever you use a health or care service provided by Sussex Community NHS Foundation Trust, such as attending a Minor Injury Unit or using one of our community services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this when allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified, in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out, your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters or contact NHS Digital Contact Centre 0300 303 5678.
You can also find out more about how patient information is used for health research at:
https://www.hra.nhs.uk/information-about-patients (which covers health and research)
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made).
For further information or for queries relating to any of the above, please initially speak to your service.
To contact the Data Protection Officer / The Information Governance Team:
Telephone 01273 666473 or email email@example.com
For advice, or to make a comment about our services, facilities or staff, please contact our Patient Advice Liaison Service (PALS) on 01273 242292 or email sc-tr.PALS@nhs.net
Here is a handy leaflet explaining more about our use of patient data.