Access to Medical Records

Source: General Data Protection Regulation (EU 2016/679), Articles 15–16; Data Protection Acts 1988–2018; Health (Provision of Information) Act 1997

Written in plain language for general understanding. This is educational content, not legal advice. Based on Irish Acts of the Oireachtas, statutory instruments, and official guidance.

Irish National Law

What is this right?

You have a legal right to access your medical records under the GDPR. This includes:

  • Hospital records: Notes, test results, scans, discharge summaries, referral letters.
  • GP records: Your GP must provide copies of your file on request.
  • Mental health records: You have the same right, though access can be restricted if disclosure would cause serious harm to your health.

Under the GDPR, a Data Subject Access Request (DSAR) must be responded to within 1 month. The request is free (no charge can be made for the first copy).

When does it apply?

  • You want to see your own medical records — for personal knowledge, a second opinion, a legal case, or insurance purposes.
  • A parent can request a child's records. An executor or next-of-kin can request a deceased person's records (under the Health (Provision of Information) Act 1997).
  • The healthcare provider can only refuse access if disclosure would cause serious harm to your health or the health of another person.

What should you do?

  • Make a written request to the healthcare provider (hospital, GP, clinic) — state that it is a DSAR under the GDPR.
  • Provide proof of identity if asked.
  • The provider must respond within 1 month (extendable by 2 months for complex requests).
  • If they refuse or delay, complain to the Data Protection Commission (DPC) at dataprotection.ie.
  • You also have the right to have inaccurate records corrected — submit a request under Article 16 of the GDPR.

What should you NOT do?

  • Don't accept a refusal without explanation — the provider must give a reason and tell you about your right to complain to the DPC.
  • Don't pay a fee — the first copy is free under the GDPR. A reasonable charge can only be made for additional copies.
  • Don't assume records are destroyed — hospitals must retain records for minimum periods (typically 8 years for adults, 25 years for children's records).

More in Healthcare Rights

Public Health EntitlementsIreland has a two-tier healthcare system — public and private. Your entitlements to public healthcare depend on your res...Read more →Patient Consent and CapacityAs a patient, you have the right to make your own decisions about medical treatment. Key principles:Informed consent: Be...Read more →Mental Health RightsIf you need mental health treatment in Ireland, you have specific rights designed to protect your dignity and autonomy:V...Read more →

Related Topics

Family LawCohabitants' RightsWorkers' RightsMaternity and Parental Leave
← Browse all Healthcare Rights

Legal Resources

We may earn a commission if you use these services — at no extra cost to you. This supports our mission to make legal information free for everyone.

LawDepotCreate healthcare directives, power of attorney for health care, and medical consent forms. Ready in minutes.Create Health DocumentsLegalZoomDraft a living will, healthcare proxy, or advance directive with attorney support available.Get Started

You came here to know your rights — help someone else know theirs.

Support This Mission