Subject access requests and Freedom of Information requests during the current Coronavirus (COVID-19) pandemic
Guy's and St Thomas' Trust (GSTT) are committed to complying with 'Right of Access' requests made under the Data Protection Act 2018 and the Freedom of Information Act 2000.
However, the NHS is facing unprecedented challenges relating to the coronavirus (COVID-19) pandemic at the current time, and our resources have been prioritised to support our front-line colleagues who are working tremendously hard to provide care for our patients.
The Information Commissioner's Office has recognised the current situation in the NHS as being out of the ordinary.
While it is always our aim to be transparent and to work with a culture of openness, at this time, the care of our patients and the safety of our staff takes precedence. As a result of our prioritisation on supporting front-line colleagues, it is likely that responses to requests for information or records will be delayed, and it may sometimes take up to three months to respond to a subject access request. Therefore, please can we ask that you consider if your request is still required or can be delayed until after the this pandemic is over.
It should also be noted that we will not be able to provide copies of paper health records or have the ability to print or copy health records to complete access requests. For the period of the COVID-19 lockdown, we can only process requests if they, in part or wholly, involve electronic health records systems which staff can access and extract data from. We will therefore suspend all requests that wholly require paper health records to complete. We will also partially suspend any part of a request which requires health records or any other content to be printed and scanned.
We apologise for this in advance, and will endeavour to provide you with as much information as we can, as soon as we are able.
For Freedom of Information requests, the Trust will continue to process these as normal, but again this will be dependent on the availability of staff, which could impact on timely delivery of FOI responses during this challenging period.
If you have a complaint linked to how we are dealing with requests, please contact the Trust Data Protection Officer at firstname.lastname@example.org.
What are health records?
Your health records contain information about your healthcare. They are made by doctors, nurses or other health professionals and can include:
- details about you, for example your date of birth, address, next of kin, gender, language, ethnicity, any disabilities you have
- hand-written clinical notes
- electronic clinical notes
- letters to and from other health professionals
- laboratory reports and results
- imaging scans such as x-rays
- printouts from monitoring equipment
- photographs and other recordings.
For more information, see our leaflet How we use and protect your health information (PDF 35Kb).
How is my information used?
Health and social care services need to share some of your information so that you can receive the best possible care. This happens in a number of ways – letters, phone calls, fax and through secure email and computer systems. Information in your care record includes things like details of your medication and treatments, current and previous care, test results and any other relevant care information.
Health and care staff working in south east London (Bexley, Bromley, Greenwich, Lambeth, Lewisham and Southwark) now have better access to more accurate information, so they can provide safer, faster and more effective care and support.
The Local Care Record (Bromley, Lambeth and Southwark) and Connect Care (Bexley, Greenwich and Lewisham) systems have been linked, connecting 15,000 care professionals across six boroughs. This means relevant information about you can be safely shared between the staff who need it across the whole of south east London. No matter where you receive care in south east London, the staff looking after you will have the most up-to-date information when they need it.
For example, if you live in Lewisham but are receiving treatment from Guy’s and St Thomas’ NHS Foundation Trust, your records are immediately available to the staff looking after you or making the referral.
How does this help with my care?
- You won’t have to tell your story to lots of different professionals.
- You will have fewer unnecessary appointments and tests.
- Transfer of care between services will be smoother.
- Care records are available immediately online.
- Delays in care and treatment will be reduced.
Can I access my health records?
Yes, with very rare exceptions (such as where the member(s) of staff caring for you believe this would cause serious physical or mental harm to you or anyone else).
If you would like to see your health records you can ask the clinician who is treating you, or another member of staff.
If you would like a copy of your health records, please complete the access to records request form (Word 81Kb) and send it to the below address or email it to email@example.com.
St Thomas' Hospital
Westminster Bridge Road
London SE1 7EH
Tel: 020 7188 7525
Is there a charge?
Where we process data about you, you can request to receive a copy of the data free of charge. In some circumstances a fee may be charged, for example if repeated requests are made.
Under the Data Protection Act 2018 we are required to keep your health records secure.
Every member of staff working for, or with the NHS, has an individual duty to keep your information confidential. We will only share it with other organisations in strict accordance with the law and where this will help us in providing high quality care.
See our leaflet How we use and protect your health information (PDF 35Kb) for more information.
The national data opt-out
The national data opt-out was introduced for the health and social care system on 25 May 2018. It gives people more control over how their confidential patient information is used for research and planning purposes. Find out more about confidential patient information on the NHS website.
NHS Trusts are required to be compliant with the national data opt-out policy by March 2020.
What is the national data opt-out?
It is a service that enables the public to register to opt-out of their confidential patient information being used for research and planning. The public can change their national data opt-out choice at any time.
What is confidential patient information?
Confidential patient information is when two types of information from your health records are joined together.
The two types of information are:
- something that can identify you
- something about your health care or treatment.
For example, your name and what medicine you take.
Information that only identifies you, like your name and address, is not considered to be confidential patient information and may still be used. For example, to contact you about your care or change in appointments or to ask you if you want to opt back in for an individual research study you may consider worth opting back in for.
Information about your health or care that is anonymised so that you can no longer be identified is not considered to be confidential patient information.
The choice you make does not apply when your information is used to help with your own treatment and care. For more information on when your choice does not apply visit
Visit the NHS website for more information on when your choice does not apply.
Who needs to comply with national data opt-out policy?
The national data opt-out applies to data for patients where their care is provided in England by a publicly funded organisation, or the care has been arranged by a public body such as the NHS or a local authority. It does not apply to data related to private patients at private providers.
In summary, the national data opt-out applies to:
- all NHS organisations (including private patients treated within such organisations)
- all local authorities providing publicly funded care
- adult social care providers where the care provided is funded or arranged by a public body
- private or charitable healthcare providers providing NHS funded treatment or arranged care.
Which data disclosures do national data opt-outs apply to?
National data opt-outs apply to a disclosure when an organisation, such as a research body, confirms they have approval from the Confidentiality Advisory Group (CAG) for the disclosure of confidential patient information held by another organisation such as an NHS Trust (the data controller). Find out more about the Confidential Advisory Group on the NHS health research authority website.
The CAG approval is also known as a section 251 approval, and refers to section 251 of the National Health Service Act 2006 and its current regulations, the Health Service (Control of Patient Information) Regulations 2002. The NHS Act 2006 and the Regulations enable the common law duty of confidentiality to be temporarily lifted, so that confidential patient information can be disclosed without the data controller being in breach of the common law duty of confidentiality.