Access To Medical Records




Making a Subject Access Request (SAR)


The Data Protection Act 1998 gives every living person (or authorised representative) the right to apply for access to their health records.


To make a request

A request for your medical health records held at Clapham Park Group Practice must be made in writing (e-mails accepted) to the data controller who is Chris Newman (please contact the practice for alternative methods of access if you are unable to make a request in writing).

You can apply with a simple letter detailing your request to:

Chris Newman
Practice Business Manager
Clapham Park Group Practice
72 Clarence Avenue

or via our secure online form



Under the Data Protection Act 1998 (Fees and Miscellaneous Provisions) Regulations 2000, you may be charged a fee to view your health records or to be provided with a copy of them. The maximum permitted charges are set out in the tables below


To provide you with a copy of your health record the costs are

  • Health records held totally on computer: up to a maximum of £10
  • Health records held in-part on computer and paper: up to a maximum of £50
  • Health records held totally on paper: up to a maximum of £50.

There is no charge to allow you to view your health record (where no copy is required):

All the above maximum charges include postage and packaging costs.

Once the data controller has all the required information, and fee where relevant, your request should be fulfilled within 21 days (in exceptional circumstances where it is not possible to comply within this period you will be informed of the delay and given a timescale for when your request is likely to be met).



In some circumstances, the Act permits the data controller to withhold information held in your health record. These rare cases are:

  • Where it has been judged that supplying you with the information is likely to cause serious harm to the physical or mental health or condition of you, or any other person, or;
  • Where providing you with access would disclose information relating to or provided by a third person who had not consented to the disclosure. This exemption does not apply where that third person is a clinician involved in your care.

When making your request for access, it would be helpful if you could provide details of the time-periods and aspects of your health record you require (this is optional, but it may help save practice time and resources and reduce the cost of your access request).

If you are using an authorised representative, you need to be aware that in doing so, they may gain access to all health records concerning you, which may not all be relevant. If this is a concern, you should inform your representative of what information you wish them to specifically request when they are applying for access.

GPs have ethical obligations around how patient records are shared, and should explain to patients, in broad terms, the implications of making a Subject Access Request so they can make an informed decision on whether they wish to exercise their rights under the Data Protection Act.



If you have any complaints about any aspect of your application to obtain access to your health records, you should first discuss this with the clinician concerned. If this proves unsuccessful, you can make a complaint through the NHS Complaints Procedure by contacting the Practice Manager.

Alternatively you can contact the Information Commissioners Office (responsible for governing Data
Protection compliance)

Wycliffe House,
Water Lane,

Tel 01625 545745 or via the website

All complaints will be acknowledged within five working days and we will aim to provide a full response within a further 10 working days.

If a complaint is made verbally to the practice, this will be documented and you will be asked to confirm in writing that you agree with what has been recorded.


CCTV Images

  • CCTV images will not be retained longer than is considered necessary, and will be then be deleted.
  • All images will be held securely, and all access requests and access to images will be documented.
  • Except for law enforcement bodies, images will not be provided to third parties.
  • Images may record individuals and/or record incidents. Not all recordings are designed to identify persons.
  • Other than in accordance with statutory rights, the release or availability of images will be at the discretion of the Data Controller(s) for the purposes of the Data Protection Act.
  • Images are held to improve the personal security of patients and staff whilst on the premises, and for the prevention and detection of crime, and images may be provided to police or other bodies.
  • Where access is granted in response to an application received, the image may be edited to exclude images of third parties who may be also included within the requested image. This may be necessary to protect the identity of the third parties. In these circumstances the image released as part of the application may identify the “data subject” only.
  • Images will be located by the Data Controller or authorised person.
  • The practice regularly reviews compliance with the ICO’s CCTV Code of Practice; continued operational effectiveness and whether the system continues to meet its purposes and remains justified.