Medical Records Access

Source: Data Protection Act 2018; UK General Data Protection Regulation (UK GDPR); Access to Health Records Act 1990

Written in plain language for general understanding. This is educational content, not legal advice. Based on UK Acts of Parliament, statutory instruments, and official guidance.

UK National Law

What is this right?

You have the legal right to see your medical records — including GP records, hospital records, mental health records, and test results.

Key rules:

  • You can make a Subject Access Request (SAR) under the UK GDPR — the healthcare provider must respond within one month.
  • There is no charge for most requests (though a reasonable fee can be charged for manifestly excessive requests).
  • You can view your records online through the NHS App or your GP surgery's online services — including test results, medications, and consultation notes.

Records of deceased patients can be accessed by their personal representative or those with a claim arising from the death under the Access to Health Records Act 1990.

When does it apply?

  • You want to see your own medical records — whether for personal information, a legal case, an insurance application, or a second opinion.
  • Information can only be withheld in very limited circumstances: if disclosure would cause serious harm to your physical or mental health, or if it includes information about a third party who hasn't consented.
  • Parents can access their child's records if the child lacks capacity to consent — but a Gillick-competent child can refuse parental access.
  • Your records must be kept for specified periods: GP records are kept for 10 years after death (or the patient leaving the practice), hospital records for 8 years (30 years for maternity and children's records).

What should you do?

  • Use the NHS App — the quickest way to access your GP records, test results, and prescriptions.
  • For a formal request, write to the healthcare provider's data protection officer making a Subject Access Request. Include your full name, date of birth, and NHS number if possible.
  • If your request is refused or incomplete, contact the provider's complaints team, then the Information Commissioner's Office (ICO).
  • If you find an error in your records, you have the right to request correction under the UK GDPR.

What should you NOT do?

  • Don't accept delays beyond one month — if the provider needs more time, they must tell you within the first month and can only extend by a further 2 months.
  • Don't assume your records are automatically shared between different NHS organisations — you may need to request from each provider separately.
  • Don't pay an upfront fee unless the request is manifestly unfounded or excessive — standard SARs are free.

More in Healthcare Rights

NHS Constitution RightsThe NHS Constitution sets out your legal rights and pledges when using NHS services in England. Key rights include:Treat...Read more →Right to Informed ConsentBefore any medical treatment, you have the right to be fully informed and to give or withhold your consent. This means y...Read more →Right to ComplainIf you are unhappy with NHS care, you have the right to complain and have your complaint investigated. The process has t...Read more →

Related Topics

Family LawChild MaintenanceWorkers' RightsUnfair Dismissal
← Browse all Healthcare Rights

Legal Resources

We may earn a commission if you use these services — at no extra cost to you. This supports our mission to make legal information free for everyone.

LawDepotCreate healthcare directives, power of attorney for health care, and medical consent forms. Ready in minutes.Create Health DocumentsLegalZoomDraft a living will, healthcare proxy, or advance directive with attorney support available.Get Started

You came here to know your rights — help someone else know theirs.

Support This Mission