Data Protection/Freedom of Information

Data Protection Policy

The Data Protection Act 1998 (DPA) requires a clear direction on policy for security on information within the Walk in Centre.  The policy will provide direction on security against unauthorised access, unlawful processing and loss or destruction of personal information.

The following Statement of Policy will apply

The Policy

  • The Walk in Centre is committed to security of patient and staff records.
  • The Walk in Centre displays a poster in the waiting room explaining to patients the centre policy.
  • The Walk in Centre will take steps to ensure that individual patient information is not deliberatley or accidentally released, or made available or accessible to a third party without the patient’s consent, unless legally compliant.  This will include training on Confidentiality issues, DPA principles, working security procedures and the application of Best Practice in the workplace.
  • The walk in Centre will undertake prudence in the use of, and testing of, arrangements for the backup and recovery of data in the event of an adverse event.
  • The Walk in Centre will maintain a system of “Significant Event Reporting” through a no-blame culture to apture and address incidents which threaten non-compliance.
  • DPA issues will form part of the Walk in Centre general procedures for the management of risk.
  • Specific instructions will be documented within confidentiality and security and will be promoted to all staff.


Data Sharing

Our walk in patients only come to see us when they have something wrong wth them.  Problems discussed are usually of a personal nature and patients expect that the information they share with us will remain confidential.  This confidentiality is central to the trust between doctor and patient.  Withour doctor – patient confidentiality, you may be reluctant to disclose information of a personal nature that we may need to give you the best possible healthcare.

What we record at the Walk in Centre

Our doctors and nurses record information about the care we provide.  The type of information that is recorded includes the following:

  • Demographics, e.g address, phone no. e-mail. date of birth, gender etc.
  • What you tell us in consultations, e.g. about your physical and psychological health
  • Diagnosis, investigations, treatments, referrals, family background
  • Social information such as smoking status, alcohol

What we share about you

  • Personalinformation about you and your illness, when needed for direct care, e.g. for referral to hospital consultants
  • With explicit consent, personal information to others outside the NHS, e.g. insurance companies.
  • Under certain acts of parliament to protect you, e.g. court order

Salisbury Walk in Health Centre is registered under the Data Protection Act 1998 (DPA)

As part of the DPA, all healthcare professionals have an obligation to only share information on a need to know basis.  For further information on the DPA please visit

Access to Medical Records

How do I access my health records?

Under the Data Protection Act, you are able to access your health records.

  • Collect a form from reception: Patient Authority Consent Form, Access to Health Records under the Data Protection Act 1998 (Subject Access Request)
  • Complete the form and return it to us for the attention of the practice Administrators
  • Your request will be dealt with promptly, within 21 days. In exceptional circumstances, it may take longer in which case you will be informed and an explanation given.
  • Your doctor will check your health records in accordance with the Data Protection Act. If the doctor is in agreement with your request one of the Secretaries will contact you to inform you of the costs and set a date for you to view the relevant records once the relevant fee has been paid.

Only in exceptional cases will access be denied.

How do I access the health records of someone I represent?

  • Collect a form from reception: Patient Representative Authority Consent Form, Access to Health Records under the Data Protection Act 1998 (Subject Access Request)
  • Ask the patient to complete the form and return it to us for the attention of the practice Administrators
  • If you require access to health records of a deceased person, please contact the PALS Manager at Wiltshire CCG, Southgate House, Pans Lane, Devizes, SN10 5EQ.

Telephone: 01380 728899 E mail:

What shall I do if I live abroad?

When a patient moves abroad, their health records are transferred to the relevant Primary Care Trust where they are retained for a minimum of 10 years

If this applies to you, please contact the PALS Manager at Trust Headquarters, NHS Bath and North East Somerset, St Martins Hospital, Clara Cross Lane, BATH, BA2 5RP