The General Data Protection Regulations known as “GDPR” comes into force as of the 25th May 2018, replacing the UK’s Data Protection Act 1998. It is a Europe-wide shake up of data protection, setting out requirements for how your personal data is handled by businesses and organisations.
But what does this mean for your medical records?
Under the new GDPR rules and the Right of Access NHS organisations, GP practices and private hospitals/care facilities are no longer able to charge for providing you with a copy of your records.
However, where records are voluminous, requests are considered to be manifestly unfounded or repetitive and requests have been made to obtain further copies of the same information requested previously, they are entitle to charge a reasonable fee. The reasonable fee being charged must be based on administrative costs only for providing the information.
Under the new rules receipt of your medical records without undue delay and in any event within one month of receipt of your request, the current time frame is 40 days, and to be provided in an electronic format.
If your request is refused, they must inform you why and that you have the right to complain to the supervisory authority and your right of a judicial remedy. This must be done without undue delay, and within one month at the latest.