Subject Access Request - More Information - Thyroid UK

Thyroid UK

141,270 members166,540 posts

Subject Access Request - More Information

helvella profile image
helvellaAdministrator
18 Replies

Response received from Information Commissioner's Office this morning:

Dear <helvella>,

Thank you for your email of 30 January 2020.

Data protection legislation does not specify how to make a valid request. Therefore, an individual can make a subject access request verbally or in writing.

Organisations can ask an individual to complete a form, but the individual is under no obligation to do so. A subject access request is valid if it is submitted by any means, so they will still need to comply with any request they receive verbally, in a letter or a standard email.

Although you can make a request verbally we do recommend doing so in writing if possible, because this gives you a record of your request.

There is further information about how to make a subject access request on our website, via the previous link.

I hope this information is helpful to you. If you would like to discuss this further, please contact me on my direct number <redacted phone number>. If you need advice on a new issue you can contact us via our Helpline on 0303 123 1113 or through our live chat service. In addition, more information about the Information Commissioner’s Office and the legislation we oversee is available on our website ico.org.uk.

Yours sincerely

<redacted name>

Case Officer

Information Commissioner's Office

I hope this clarifies - but I have asked for further clarification about the "signed consent form" that is also being demanded.

Written by
helvella profile image
helvella
Administrator
To view profiles and participate in discussions please or .
18 Replies

No doubt I'm being dim, but what is this "Signed consent form" about?

london81 profile image
london81

a signed consent form is usually standard practise when releasing sensitive and confidential data to an individual. it covers the organisation handing out this info and they can leave this on file to assure their governing bodies etc that the data was released in accordance with the law

nightingale-56 profile image
nightingale-56

Having just asked for Subject Access Request from my local hospital via PALS I was emailed a form to fill in requesting what information I wished to have and asking for two pieces of supporting evidence of who I was and signing the form under GDPR . I then email all this information back to them and they should return to me a disc with all the information requested in 30 days from receipt. Is this the signed consent form, do you think Hidden ? Thanks for this information helvella .

london81 profile image
london81 in reply tonightingale-56

that sounds like standard practise. i’ve requested records from uk border agency, social services etc and always completed a form and provided written consent from clients. same with requesting my own records from GP. yes, information laws don’t require this but it’s practical and covers legal and moral duties to ensure our data is safe

nightingale-56 profile image
nightingale-56 in reply tolondon81

By far the easiest way to ask for information london81 .

in reply tonightingale-56

So "Subject Access Request" is the same as asking for a disclosure of medical records. I've heard of PALS (Patient Access...something-or-other) but can't remember what GDPR is.

I have thought about asking for my full medical records but anything official, such as filing in forms, or even asking for such a form, does my head in!

So in answer to your question "Is this the signed consent form, do you think?" I haven't a clue :-O

london81 profile image
london81 in reply to

it just means a request for your data/records. it is a great provision to give us what we rightly need- our own medical history.

you can simply write a letter to your GP saying please provide me with my medical records, including test results and reference ranges. then sign and date it, and give them a copy of your ID. that should suffice. if they ask you to complete a form its usually personal details, what you want and a declaration saying you are who you say you are

gdpr is just the new name for data protection. that just means the law that gives us some rights to our data and privacy rights, generally speaking. and it covers circumstances where officials give away our information by accident/breach our confidentially. it’s quite useful.

in reply tolondon81

Thank you

Treepie profile image
Treepie in reply to

PALS is a patient advisory and liaison service ,a link between patients and hospital carers.

nightingale-56 profile image
nightingale-56 in reply to

I would think so.

london81 profile image
london81

you don’t have to for those particular rules, but for easy administration, confidentiality and data protection it’s better that we do comply and organisations take our privacy seriously ( in my opinion) ,

helvella profile image
helvellaAdministrator in reply tolondon81

I would be far happier if the people writing instructions/rules took account of the legal situation. Something like:

If you wish to access your medical records, we find the best way is for you to download or pick up our standard form, fill it in and email it to us or drop it off at the surgery.

This helps to ensure that all information necessary to fulfil your request has been provided and we will be best able to handle your request efficiently.

If there is some reason you would prefer not to, or cannot, use a form, we can accept requests without.

london81 profile image
london81 in reply tohelvella

yes.... but then again we can’t even get the medics to take account of the medical situation half the time! dammit!!! but yes unfortunately it feels like rules and regulations aren’t explained or rolled out in a way that is easy to navigate! it’s what i’ve spent my whole career helping people to do.

Lora7again profile image
Lora7again

I had to show my Doctors surgery my passport which I find strange because I have been with them for over 30 years.

helvella profile image
helvellaAdministrator in reply toLora7again

And if you do not have a passport?

(To avoid the obvious next suggestion. :-) )

And if you do not have a driving licence?

london81 profile image
london81 in reply tohelvella

i suppose it comes down to this- if the person:/agency in question hands out your medical data they break the law- personally and organisationally. therefore having proof of ID on file along with written confirmation of the request that covers them with their auditors and the law. whilst information rules don’t necessarily require this, data and confidentiality best practise often do. i’m not splitting hairs or defending the medical institutions (as i’ve had so many issues with them), i’m just pointing out this is one battle we don’t need to have. if one doesn’t have a photo ID they should accept two other forms of ID such as utility bill and medical letter or such like

Lora7again profile image
Lora7again in reply tohelvella

You would probably have to use a birth certificate or even get someone like a lawyer to sign a photograph to confirm it is you.

Lora7again profile image
Lora7again

I know ... why we have to battle to get treated is beyond me. I once burst into tears when my Endocrinologist told me everything was normal when I felt so ill .... his response counselling!!

Not what you're looking for?

You may also like...

Patient Record Access with patientsknowbest

I have just posted about Patients Know Best on another thread. This system gives patients access to...
DJR1 profile image

Reply from GP Surgery to medical record access

After ten weeks plus my MP's senior researcher has finally received a reply to my request for full...
2pence profile image

Access to copies of referral letters/medical records and information on GP online record access

Just to clarify for everyone for future reference: You are entitled to a copy of any data held...
DJR1 profile image

Access to your digital GP record-System Functionlity

Another query today about system functionality and in particular Systmonline. This is a useful...
DJR1 profile image

Important Update: New Access to your Historical Online GP Record

My last post on this subject described how the new GP contract had brought in new regulation giving...
DJR1 profile image

Moderation team

See all
SlowDragon profile image
SlowDragonAdministrator
PurpleNails profile image
PurpleNailsAdministrator
Jaydee1507 profile image
Jaydee1507Administrator

Content on HealthUnlocked does not replace the relationship between you and doctors or other healthcare professionals nor the advice you receive from them.

Never delay seeking advice or dialling emergency services because of something that you have read on HealthUnlocked.