Freedom of Infomation and GDPR

Enys Road Surgery conforms to the requirements of this law and has produced a publication scheme in accordance with the Act.


All our staff are bound by the same rules of confidentiality as the Doctors and Nurses. They all have a legal duty to maintain the highest level of confidentiality about patient information. This means that no information will be divulged to a third party such as relatives, insurance companies or solicitors unless the patient has given us written permission to do so.
  • This also applies to relatives or friends checking on appointment times.
  • Asking for test results.
  • Asking whether someone has attended the Practice for an appointment.
  • No clinical messages will be left on an answering machine.

Although in most cases these would be innocent requests, we obviously do not know all our patients particular circumstances and we therefore have to ensure that patient confidentiality is not broken.

Unfortunately, this will, at times mean that the receptionists may appear to be withholding information but they are following guidelines laid down by the Department of Health and are not trying to be obstructive.

Your understanding of this matter would be very much appreciated. If you wish to discuss the above details please speak with Julie Brooker the Practice Manager who will do her best to help you.

Data Protection Act

The Practice is computerised and patients’ details are held on computer. We are, therefore, registered under the Data Protection Act 1984. In line with the Department of Health Guidelines, the Caldicott report and the Data Protection Act, we wish to advise you of how we handle information about our patients.

We ask for information so that you can receive proper care and treatment. We keep this information, together with details of your care, because it may be needed if we see you again. We may use some of this information for other reasons: for example to help us protect the health of the public generally and to see that the NHS runs efficiently: to plan for the future: to train staff and account for actions taken. Sometimes the law requires us to pass on information: for example to notify birth.

The NHS Central Register for England & Wales contains basic personal information of all patients who are registered with a General Practitioner. The Register does not contain clinical information. You have a right to access your health records.

Release of information to Solicitors – Please be aware that if you consent to release of your medical records to your Solicitor copies of all your notes will be released. These may subsequently be seen by the defendant’s Solicitor and other third parties. You need to discuss with your GP the provision of sensitive or inappropriate information before providing any consent to seek such information to your Solicitor.


Your data, privacy and the Law. How we use your medical records
  • This practice handles medical records according to the laws on data protection and confidentiality.
  •  We share medical records with health professionals who are involved in providing you with care and treatment. This is on a need to know basis and event by event.
  •  Some of your data is automatically copied to the Shared Care Summary Record.
  •  We may share some of your data with local out of hours/urgent or emergency care service
  •  Data about you is used to manage national screening campaigns such as Flu, Cervical cytology and Diabetes prevention.
  •  Data about you, usually de-identified, is used to manage the NHS and make payments.
  •  We share information when the Law requires us to do so, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people.
  •  Your data is used to check the quality of care provided by the NHS.
  •  For more information and further privacy notices please request the folder at reception. Thank you

COVID-19 Privacy notice

Subject Access Request (SARs)

If you put in a SAR for your medical records please be aware that this may be redacted due to a number of reasons including;

  • It may contain information about another person who has not given their permission to share data
  • It may be information that has been supplied by another authority and the practice are not the data controller of that information
  • The Caldicott Guardian may have put a restriction on a certain aspect of information due to it being incorrect, not in line with guidance, inappropriate or deemed may cause upset or harm to the patient.