Access to Medical Records





The Data Protection Act gives every living person (or authorised representative) the right to apply for access to their health records.


Online Access to Medical Records

As of March 2016, [Coded information from Medical Records / Full Medical Records] can be accessed as part of the Practice’s online services. For security reasons, you will have to visit the practice to undertake an identity check before you are granted access to these records.


To make a subject access request

A request for your medical records held at Ryeland Surgery must be made by submitting a Data Subject Access Request (DSAR) form, these can be submitted electronically or handed in at reception.  The forms are available by request or can be collected from the reception.  Due to limited capacity within the practice these requests are outsourced to who will liaise with you directly.  Medi2data are accredited by NHS Digital and conform to the relevant data security standards. It can take up to 30 days to receive a copy of your records. 

Upon completiing the application form, please return the form to the surgery along with two forms of ID (one being a form of photo ID(passport/driving licence). If the application relates to a patient under the age of 13, then ID of the parent/guardian and the childs birth certificate will need to be provided. 



Under the Data Protection Act you will not normally be charged a fee for the first copy of your records however you may be charged a fee for any subsequent copies of the same information.



  • CCTV images will not be retained longer than is considered necessary, and will be then be deleted.
  • All images will be held securely, and all access requests, and access to images will be documented.
  • Except for law enforcement bodies, images will not be provided to third parties.
  • Images may record individuals and/or record incidents. Not all recordings are designed to identify persons.
  • Other than in accordance with statutory rights, the release or availability of images will be at the discretion of the Data Controller(s) for the purposes of the Data Protection Act.
  • Images are held to improve the personal security of patients and staff whilst on the premises, and for the prevention and detection of crime, and images may be provided to police or other bodies.
  • Where access is granted in response to an application received, the image may be edited to exclude images of third parties who may be also included within the requested image. This may be necessary to protect the identity of the third parties. In these circumstances the image released as part of the application may identify the “data subject” only.
  • Images will be located by the Data Controller or authorised person.
  • The practice regularly reviews compliance with the ICO’s CCTV Code of Practice; continued operational effectiveness and whether the system continues to meet its purposes and remains justified.


If you have any complaints about any aspect of your application to obtain access to your health records, you should first discuss this with the clinician concerned. If this proves unsuccessful, you can make a complaint through the NHS complaints procedure by contacting the Practice Manager.

Further information about the NHS Complaints procedure is available on the NHS website

Alternatively you can contact the Information Commissioners Office (responsible for governing Data Protection compliance)

Wycliffe House
Water Lane

Tel: 01625 545745 or visit the website

All complaints will be acknowledged within three working days and a full response will be provided within 20 working days. If a complaint  is made verbally to the practice, this will be documented and you will be asked to confirm in writing that you agree with what has been recorded