Practice Policies

Missed Appointments

Please phone and cancel appointments if you are unable to attend.

Failure to cancel an appointment contributes significantly to the waiting time for booked appointments for other patients.

Suggestions & Complaints

We are constantly trying to improve our services and would welcome any constructive suggestions. These should be directed to the Practice Manager, Mrs M Ferguson.

Practice Complaints Procedure

If you have a complaint,  please contact the Practice Manager in writing as soon as possible. Complaints should be made preferably within six months and not later than one year. Your complaint will be acknowledged in writing within two days and you will be offered an appointment to discuss matters fully.

If this does not produce a satisfactory resolution to your complaint, then a written complaint can be made to the:

Complaints Officer,
12-22 Linenhall Street,
Telephone: 0300 555 0113

Complaints hotline number: 028 95363893

If you still remain unsatisfied, you can contact the Northern Ireland Public Services Ombudsman. The contact number is 0800 343424

Patient’s Rights

You will be treated with respect and as a partner in your care. Being a partner means you have responsibilities too.

We will:

  • Ensure our patients have 24-hour access to medical advice.
  • Aim for you to have access to a suitably qualified medical professional within 48 hours of your initial contact during surgery hours, or in an urgent case, the same day.
  • Work in partnership with you to achieve the best medical care possible.
  • Involve you and listen to your opinions and views in all aspects of your medical care.
  • The prevention of disease, illness and injury is a primary concern.

The medical staff will advise and inform you of the steps you can take to promote good health and a healthy lifestyle. We would respectfully ask that you:

  • Let us know if you intend to cancel an appointment or are running late.
  • Treat staff with courtesy and respect. Reception staff may have to ask some personal questions to assist us in providing you with the best service
  • Inform the practice staff of any alterations in your circumstances, such as change of surname, address or telephone number. Please ensure that we have your correct telephone number, even if it’s ex-directory.

As patients, you are responsible for your own health and that of any dependents. It is important that you adhere to information and advice given to you by health professionals, and co-operate with the practice in endeavouring to keep you healthy.


All staff are been trained in keeping all information about you strictly confidential. In order to maintain confidentiality, laboratory results and x-ray results will only be given to patients themselves or to parents of minors where appropriate. When enquiring for a result, please telephone the practice and speak to one of the receptionists. Please note that results will not be given out until they have been reported on by the doctor.

The practice complies with Data Protection and Access to Medical Records legislation. Identifiable information about you will be shared with others in the following circumstances:

To provide further medical treatment for you e.g. from district nurses and hospital services.
To help you get other services e.g. from the social work department. This requires your consent.
When we have a duty to others e.g. in child protection cases Anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.
If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Freedom Of Information

The Freedom of Information (FOI) Act was passed on 30 November 2000. It gives a general right of access to all types of recorded information held by public authorities, with full access granted in January 2005. The Act sets out exemptions to that right and places certain obligations on public authorities.

FOI replaced the Open Government Code of Practice, which has been in operation since 1994.


Privacy Notice

Dr Cairns & Partners

Lisburn Health Centre

 Privacy Notice

 Your information, privacy and the Law. How we use your medical records.

This Privacy Notice explains why our Practice collects information about you, how we keep it safe and confidential and how that information may be used.

The use and sharing of personal information forms an essential part of the provision of health and care. Your doctor has a strong legal and ethical duty to protect your information and all information you share with your doctor is kept confidential.

Data Controller and Data Protection Officer

We comply with GDPR (General Data Processing Regulations) in ensuring your personal information is as confidential and secure as possible. The Practice is the Data Controller and is responsible for your personal data (collectively referred to as “the Practice”, “we”, “us” or “our” in this privacy notice.

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the Practice

Why We Collect Information About You

Health Care Professionals who provide you with care and treatment are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation. These records help to provide you with the best possible healthcare.

Under Article 9(h) and Article 6 of the GDPR legislation, we have the right to collect, use and share our patients’ medical data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and / or electronic form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as outcomes of needs assessments.

Details We Collect About You

The healthcare professionals who provide you with care maintain records about your health and any treatment or care you have received previously or elsewhere (e.g. hospital services, other GP Practices, Out of Hours Centres, A&E, Walk-in clinics, Private Providers etc.) These records help to provide you with the best possible healthcare.

Records which this GP Practice may hold about you may include the following:

  • Details about you, such as your name, address, legal representative, next of kin, emergency contact details, marital status, date of birth and gender
  • Your home telephone number, mobile number
  • Any contact the surgery has had with you, such as appointments, clinic visits, immunisations, emergency appointments, telephone conversations and letters etc.
  • Notes and reports from other health service providers about your physical health treatment and care (including sexual health) as well as your mental health treatment and care which are scanned into patient records
  • Copies of referral letters sent to other providers of medical services, e.g. hospitals, private consultants, community services etc.
  • Results of investigations such as laboratory tests, x-rays etc.
  • Relevant information from other health professionals, relatives or those who care for you
  • Reports from social services such as child protection reports or police reports if relevant to the care of you or your family
  • Private reports sent, at your request, to other organisationsSharing your personal data Confidential patient data will be shared within the healthcare team at the Practice, including nursing staff, admin staff, and receptionists, and with other healthcare professionals to whom a patient is referred. Those individuals have a professional and contractual duty of confidentiality.
  • Data Processors

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.

 Referrals for specific health care purposes

We sometimes provide your information to other organisations for them to provide you with medical services. These include:

  • Diabetes Education Programme (“DESMOND”)
  • Diabetic Retinopathy Screening
  • Cervical Cancer Screening
  • Aortic Aneurysm Screening
  • Breast Cancer Screening  professionals outside of the Practice to view limited information from your GP record,
  • with your explicit consent, should that need arise. These schemes include:
  • In Northern Ireland limited data sharing schemes are active locally, enabling healthcare
  • Data Sharing
  • The NI Electronic Care Record (NIECR) – is a computer system that health and social care staff can use to get information about your medical history. When treating or looking after you they will need to know about any allergies, long term health conditions or medicine you take. NIECR can only be accessed over the HSC secure network and patient data can only be accessed by authorised HSC staff who need to see it to support your care but there is no access to your GP consultation records.
  • The Business Services Organisation (BSO) provides a broad range of regional business support functions and specialist professional services to the health and social care sector in Northern Ireland. This includes the management of patient registrations for General Practice. Changes to patient data are sent through the secure HSC network. Complete records are returned to BSO when a patient leaves the Practice or dies.
  • Clinical Computer System supplier (EMIS) provides IT support and are authorised to access the clinical system to resolve any technical issues relating to patient data.
  • BSO Probity Unit carry out regular inspections in General Practice and part of their role is to check the legitimacy of patient specific data in relation to claims made to the NHS by the Practice.
  • Northern Ireland Medical and Dental Training Agency (NIMDTA) – medical representatives check the standard of clinical record keeping as part of their regular visits to us as a training Practice.
  • Medical students may be working in the Practice and as part of their educational experience will have access to patient’s medical records. Patients will always be asked to consent to medical students attending consultations.
  • You will be asked to consent before any information is shared with Community Pharmacies, for example, if you have registered for chemist collection of your prescriptions. Your consent will be required if you wish the Practice to provide prescriptions to a third party i.e. stoma care products.

Details of data sharing and of your right to opt-out can be found on our web site or in our “Your Medical Records” booklet in the Practice.

Mandatory disclosures of information

We are sometimes legally obliged to disclose information about patients to relevant authorities. In these circumstances the minimum identifiable information that is essential to serve that legal purpose will be disclosed.

That organisation will also have a professional and contractual duty of confidentiality. Data will be anonymised if at all possible before disclosure if this would serve the purpose for which the data is required.

Organisations that we are sometimes obliged to release information to include:

  • Driver Vehicle Licensing Authority (DVLA)
  • General Medical Council (GMC)
  • NHS Counter Fraud Unit
  • PSNI
  • The Courts
  • Department of Health & Social Services
  • Local Authorities (Social Services / Benefits Agencies)
  • The Health Service Ombudsman
  • Information Commissioner
  • Capita for PIP Claims
  • The Appeals Service

Permissive disclosures of information

Only with your explicit consent, can the Practice release information about you, from your GP record, to relevant organisations. These may include:

Your employer

Insurance companies


Local Authorities

Our Practice website may include links to third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website we encourage you to read the privacy notice of every website you visit.

Accessing your information on other databases

The Practice can access certain medical information about you, when relevant or necessary, that is held on other databases (i.e. under the control of another data controller). These include Local Healthcare Trusts. Accessing such information would only be for your direct medical care.

Keeping your records up to date

GDPR requires that the information we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us such as a house move or name change.

Your rights under GDPR

GDPR gives certain rights to individuals in relation to their personal data:

Right of access

You have a right to request access to the personal data we process about you. This is known as a ‘Subject Access Request’ (SARs). Details of how to do this can be found on our web site. We have one calendar month to respond and you will not normally be charged a fee.

Right to rectification

This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We have one calendar month to respond to a request and in some circumstances the request may be refused.

Right to erasure

This enables you to ask us to remove or delete personal data. However we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Right to object

You have the right to object (or opt-out) to ways in which your information is processed or shared, both for direct medical care purposes i.e. primary uses of your information, or for purposes other than your direct medical care – so-called secondary uses. The request should be made in writing and we have one calendar month to respond.

Keeping your information confidential and safe

We are committed to protecting your privacy and will only use information collected lawfully in accordance with GDPR.

We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who have a business or clinical need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

All of our staff and healthcare professionals associated with the Practice receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.

Some of your medical records are kept electronically. The Health & Social Care Board is responsible for providing the data processing systems which they have verified as being secure. These include EMIS PCS (our clinical system), Apollo Scan (document management and scanning facility) and Jayex Technology (automated check-inservice). They provide internet facilities which ensure secure email links between NHS organisations and secure access to the internet.

There is a facility with secure systems in place for GPs and designated staff to access the clinical system remotely.

We will not email you, or use your mobile number to text you, regarding matters of medical care, such as appointment reminders or test results. If this changes in the future we will notify you and obtain your consent. We will only email you regarding non-medical matters if you have given us your explicit consent to do so.

We will maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you, if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires us to do so.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long do we keep patient data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Complete medical records are returned to the Business Services Organisation (BSO) when a patient leaves the Practice or dies. At present digital records remain on our clinical system indefinitely.

Notification to the Information Commissioner

The Practice is required to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.

We are registered as a data controller and our registration (number) can be viewed online in the public register at:

Transferring your data outside the EEA

The Practice does not transfer data outside the EEA.

Changes to this Privacy Notice

We may make changes to this Privacy Notice. An updated version will be available on our website.

Complaints about how we handle your personal data

Should you have any concerns about how your information is managed at the Practice, please contact us. If you are still unhappy following a review by the Practice, you can raise your concerns with:

The Information Commissioner (ICO)

Wycliffe House

Water Lane


Cheshire SK9 5AF

Phone: 08456 30 60 60


What do I need to do?

If you are happy for your data to be extracted and used for the purposes described in this Privacy Notice then you do not need to do anything.

If you do not want your personal data being extracted and leaving the GP practice for any of the purposes described, you need to let us know as soon as possible so please write to the Practice.

All patients have the right to change their minds and reverse a previous decision. Please contact the Practice if you change your mind regarding any previous choice.

Further Information

For independent advice about GDPR, privacy, and data sharing issues, you can contact the Information Commissioners Office.

If you would like any further information about primary or secondary uses of your GP record, opting out, the NHS Databases, access to your medical record, confidentiality, or about any other aspect of NHS data sharing or your medical records, then please do contact the Practice.


Dr Cairns & Partners, Lisburn Health Centre


Under the General Data Protection Regulation 2018, patients have the right to apply for access to their health records. Provided that a written application is made by one of the individuals referred to below, Dr Cairns & Partners (hereby referred to as ‘the Practice’ is obliged to comply with a request for access subject to certain exceptions (see below). However, the Practice also has a duty to maintain the confidentiality of patient information and to satisfy itself that the applicant is entitled to have access before releasing information.


The application for access to health records may be made in any of the circumstances explained below.

The patient

A request for access to health records in accordance with the GDPR (the GDPR refers to these as a subject access request) should be made in writing to the data controller, ie: the Practice.

The requester should provide enough proof to satisfy the Practice of their identity and to enable the Practice to locate the information required. If this is information is not contained in the original request, the Practice should seek proof as required. Where requests are made on the behalf of the individual patient, the Practice should be satisfied that the individual has given consent to the release of their information.

As good practice, the Practice may check with the applicant whether all or just some of the information contained in the health record is required before processing the request.

Where an access request has previously been met the GDPR permits that a subsequent identical or similar request does not have to be fulfilled unless a reasonable time interval has elapsed between.

A request does not have to use the term ‘subject access’ or ‘data protection’ or ‘GDPR’ for it to be valid.

A patient, or their representative, is under no obligation to provide a reason for the request, even if asked by the Practice.

 Children of 16 years or over

If a mentally competent child is 16 years or over then they are entitled to request or refuse access to their records. If any other individual requests access to these the Practice should first check with the patient that he or she is happy for them to be released.

Children under 16 years

Individuals with parental responsibility for an under 16 year old will have a right to access to their medical records. A person with parental responsibility is either:

  • The birth mother, or
  • The birth father (if married to the mother at the time of the child’s birth or subsequently), or
  • An individual given parental responsibility by a court.

(This is not an exhaustive list but contains the most common circumstances)

If the appropriate health professional considers that a child patient is Gillick competent (ie has sufficient maturity and understanding to make decisions about disclosure of their records) then the child should be asked for his or her consent before disclosure is given to someone with parental responsibility.

If the child is not Gillick competent and there is more than one person with parental responsibility, each may independently exercise their right of access. Technically, if a child lives with, for example, its mother and the father applies for access to the child’s records, there is no ‘obligation’ to inform the mother. In practical terms, however, this may not be possible and both parents should be made aware of access requests unless there is a good reason not to do so.

In all circumstances good practice dictates that a Gillick competent child should be encouraged to involve parents or other legal guardians in any treatment/disclosure decisions.

Patient Representatives

A patient can give written authorisation for a person (for example a solicitor or relative) to make an application on their behalf. The Practice may withhold access if it is of the view that the patient authorising the access has not understood the meaning of the authorisation.

Next of Kin

Despite the widespread use of the phrase ‘next of kin’ this is not defined, nor does it have formal legal status. A next of kin cannot give or withhold their consent to the sharing of information on a patient’s behalf. A next of kin has no rights of access to medical records.

Court Representatives

A person appointed by the court to manage the affairs of a patient who is incapable of managing his or her own affairs may make an application. Access may be denied where the GP is of the opinion that the patient underwent relevant examinations or investigations in the expectation that the information would not be disclosed to the applicant.

Access to a Deceased Patient’s Medical Records

Where the patient has died, the patient’s personal representative or any person who may have a claim arising out of the patient’s death may make an application. Access shall not be given (even to the personal representative) to any part of the record which, in the GP’s opinion, would disclose information which is not relevant to any claim which may arise out of the patient’s death.

The effect of this is that those requesting a deceased person’s records should be asked to confirm the nature of the claim which they say may have arising out of the person’s death. If the person requesting the records was not the deceased’s spouse or parent (where the deceased was unmarried) and if they were not a dependant of the deceased, it is unlikely that they will have a claim arising out of the death.

Court Children’s Services/Family Intervention Team

Where Court Children’s Services or the Family Intervention Team has been appointed to write a report to advise a judge in relation to child welfare issues, the Practice would attempt to comply by providing factual information as requested.

Before records are disclosed, the patient or parent’s consent (where appropriate) should be obtained. If this is not possible, and in the absence of a court order, the Practice will need to balance its duty of confidentiality against the need for disclosure without  consent where this is necessary:

  • To protect the vital interests of the patient or other, or
  • To prevent or detect any unlawful act where disclosure is in the substantial public interest (eg serious crime), and
  • Because seeking consent would prejudice those purposes.

The relevant health professional should provide factual information and their response should be forwarded to the designated GP in the Practice for Child Protection who will approve the report.

Amendments to or Deletions from Records

If a patient feels information on their health record is incorrect then they should firstly make an informal approach to the health professional concerned to discuss the situation in an attempt to have the records amended. If this is unsuccessful then they may pursue a complaint under the NHS Complaints procedure in an attempt to have the information corrected or erased.

The patient has a ‘right’ under GDPR to request that personal information contained within the medical records is rectified, blocked, erased or destroyed if this has been inaccurately recorded.

He or she may apply to the Information Commissioner but they could also apply for rectification through the courts. The Practice as the data controller should take reasonable steps to ensure that the notes are accurate and if the patient believes these to be inaccurate, that this is noted in the records. Each situation will be decided upon the facts and the Practice will not be taken to have contravened the GDPR is those reasonable steps were taken. In the normal course of events, however, it is most likely that these issues will resolve amicably.

Further information can be obtained from the Information Commissioner.


 Notification of requests

The Practice will keep a central record of all requests in order to ensure that requests are cross-referenced with any complaints or incidents and that the deadlines for response are monitored and adhered to.

Requirements to Consult Appropriate Health Professional

It is the GP’s responsibility to consider an access request and to disclose the records if the correct procedure has been followed. Before the Practice discloses or provides copies of medical records the patient’s GP must have been consulted and he/she checked the records and authorised the release or part-release.

Ground for Refusing Disclosure of Health Records

The GP should refuse to disclose all or part of the health record if he/she is of the view that:

  • Disclosure would be likely to cause serious harm to the physical or mental health of the patient or any other person; or
  • The records refer to another individual who can be identified from that information (apart from a health professional or Practice staff). This is unless that other individual’s consent is obtained or the records can be anonymised or it is reasonable in all the circumstances to comply with the request without that individual’s consent, taking into account any duty of confidentiality owed to the third party :or
  • The request is being made for a child’s records by someone with parental responsibility or for an incapacitated person’s record by someone with power to manage their affairs, and the:
  • Information was given by the patient in the expectation that it would not be disclosed to the person making the request, or
  • The patient has expressly indicated it should not be disclosed to that person.Informing of the Decision Not to DiscloseIf a decision is taken that the record should not be disclosed, a letter must be sent by recorded delivery to the patient or their representative stating that disclosure would be likely to cause serious harm to the physical or mental health of the patient, or to any other person. The general position is that the Practice should inform the patient if the records are to be withheld on the above basis.If, however, the appropriate health professional thinks that telling the patient:
  • Will effectively amount to divulging that information; or
  • Is likely to cause serious physical or mental harm to the patient or another individual

Then the GP could decide not to inform the patient, in which case an explanatory note should be made in the file.

The decision can only be taken by the GP and an explanatory note should be made in the file. Although there is no right of appeal to such a decision, it is the Practice’s policy to give a patient the opportunity to have their case investigated by invoking the complaints procedure, The patient must be informed in writing that every assistance will be offered to them if they wish to do this. In addition, the patient may complain to the Information Commissioner for an independent ruling on whether non-disclosure is proper.

Disclosure of a Deceased Patient’s Medical Record

The same procedure used for disclosing a living patient’s records should be followed when there is a request for access to a deceased patient’s records. Access should be given if:

  • The appropriate health professional is of the view that this information is likely to cause serious harm to the physical or mental health of any individual: or
  • The records contain information relating to or provided by an individual (other than the patient or a health professional) who could be identified from that information (unless that individual has consented or can be anonymised); or
  • The records contain a note made at the request of the patient before his/her death that he/she did not wish access to be given on application. (If while still alive, the patient asks for information about his/her right to restrict access after death, this should be provided together with an opportunity to express this wish in the notes); or
  • The holder is of the opinion that the deceased person gave information or underwent investigations with the expectation that the information would not be disclosed to the applicant, or
  • The Practice considers that any part of the records is not relevant to any claim arising from the death of the patient.
  • The Practice will not process any Access to Records request where the patient’s medical records have been returned to Business Services Organisation (BSO).

 Disclosure of the Record

Once the appropriate documentation has been received and disclose approved, a copy of the health record can be given to the patient or their representative.

There should be no circumstances in which it would not be possible to supply permanent copies of health records.

Originals should not be sent.

Confidential medical records should not be sent by fax unless there is absolutely no alternative. If a fax must be sent, it should include the minimum information and names should be removed and telephone through separately.

All staff should be aware that safe haven procedures apply to the sending of confidential information by fax, for whatever reason. That is, the intended recipient must be alerted to the fact that confidential information is being sent. The recipient then makes a return telephone call to confirm safe and complete receipt. A suitable disclaimer, advising any unintentional recipient to contact the sender and to either send back or destroy the document, must accompany all such faxes.

A suitable disclaimer would be:

‘Warning: The information in this fax is confidential and may be subject to legal professional privilege. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, please notify the sender immediately. Unless you are the intended recipient or his/her representative you are not authorised to, and must not, read, copy, distribute, use or retain this message or any part of it.’

 Confidential information should not be sent by email unless:

  • The email address of the recipient is absolutely verified
  • The data is via an encrypted service such as HSC Northern Ireland GP Webmail; or
  • The data is fully encrypted via at least 128-bit AES and preferably 256-bit AES. In such circumstances, the password must be at least 32 characters and contain a mixture of letters (upper and lower case), digits and punctuation. The password must be conveyed to the patient separately from the encrypted file and preferably not by email at all (ie in person, by telephone or post).

If the information is handed directly to the patient then the patient must provide verifiable information at the time of collection.

 A note should be made in the file of what has been disclosed to whom and on what grounds.

Where information is not readily intelligible an explanation (eg of abbreviations or medical terminology must be given an appointment arranged with the relevant doctor.

Charges and timescales

 Under the GDPR, copies of records should be supplied within one calendar month of receiving a valid and complete access request. In exceptional circumstances, it may take longer.

Where further information is required by the Practice to enable it to identify the record required or validate the request, this must be requested within 14 days of receipt of the application and the timescale for responding begins on receipt of the full information.

Under GDPR, the Practice will not charge for copies of records. However, a reasonable fee may be applied when a request is manifestly unfounded or excessive, particularly if it is repetitive.

Patients living abroad

 For former patients living outside of the UK and whom once had treatment for their stay here, under the GDPR they still have the same rights to apply for access to their UK health records. Such a request should be dealt with as someone making a subject access request from within the UK.

Requests made by telephone

 No patient information may be disclosed to members of the public by telephone. However, it is sometimes necessary to give information to another NHS employee over the telephone.

Before doing so, the identity of the person requesting the information must be confirmed. This may best be achieved by telephoning the person’s official office and asking to be put through to their extension. Requests from patients must be in writing.

Requests made by the Police

 In all cases the Practice can release confidential information if the patient has given his/her consent (preferably in writing) and understands the consequences of making that decision. There is, however, no legal obligation to disclose information to the police unless there is a court order of this is required under statute (eg Road Traffic Accident)

The Practice does, however, have a power under the GDPR to release confidential health records without consent for the purposes of the prevention or detection of crime or the apprehension or prosecution of offenders.

The release of the information must be necessary for the administration of justice and is only lawful if this is necessary:

  • To protect the patient or another person’s vital interests, or
  • For the purposes of the prevention or detection of any unlawful act where seeking consent would prejudice those purposes and disclosure is in the substantial public interest (eg where the seriousness of the crime means there is a pressing social need for disclosure).

Only information which is strictly relevant to a specific police investigation should be considered for release and only then if the police investigation would be seriously prejudiced or delayed without it. The police should be asked to provide written reasons why this information is relevant and essential for them to conclude their investigations.

Requests from Solicitors

 Solicitors who are acting in civil litigation cases for patients should obtain consent from the patient. The Practice will verify this with the patient.

Court Proceedings

 The Practice may be ordered by a court of law to disclose all or part of the health record if it is relevant to a court case.

FOI and Access to Health Records

 The FOI is not intended to allow people to gain access to private sensitive information about themselves or others, such as information held in health records. Those wishing to access personal information about themselves should apply under GDPR. The Information Commissioner has provided guidance to the effect that the health records of the deceased are exempt from the provisions of FOI due to their sensitive and confidential nature.

Signed:                                                                                                Date:

Violence Statement

The practice considers aggressive behaviour to be any personal, abusive and/or aggressive comments, cursing and/or swearing, physical contact and/or aggressive gestures.

The practice will request the removal of any patient from the practice list who is aggressive or abusive towards a doctor, member of staff, other patient, or who damages property.

All instances of actual physical abuse on any doctor or member of staff, by a patient or their relatives will be reported to the police as an assault.