Confidentiality & Medical Records




Confidentiality & Medical Records

The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

  • To provide further medical treatment for you e.g. from district nurses and hospital services.
  • To help you get other services e.g. from the social work department. This requires your consent.
  • When we have a duty to others e.g. in child protection cases anonymised patient information will also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care.

If you do not wish anonymous information about you to be used in such a way, please let us know.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Extended Access – we provide extended access services to our patients which means you can access medical services outside of our normal working hours. In order to provide you with this service, we have formal arrangements in place with the Clinical Commissioning Group and with other practices whereby certain key “PCN” practices offer this service on our behalf for you as a patient to access outside of our opening hours. This means, those key “PCN” practices will have to have access to your medical record to be able to offer you the service. Please note to ensure that those practices comply with the law and to protect the use of your information, we have very robust data sharing agreements and other clear arrangements in place to ensure your data is always protected and used for those purposes only.

  • The key PCN practices are as follows:
    St Mary’s Surgery, Solent GP Surgeries, Alma Medical Centre, Mulberry Surgery & Southampton Homeless Health

Access to Records

In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Such requests should be made through the practice manager and may be subject to an administration charge. No information will be released without the patient consent unless we are legally obliged to do so.


Covid/COPI information

As part of the NHS Digital response to the Covid 19 Pandemic, arrangements have been made for GP Practices in England to access the GP Connect functionality.  Confidential patient information can be processed for the purposes as set out in Regulation 3(1) of the Control of Patient Information  (COPI) to support the Secretary of State’s response to Covid 19 (Covid 19 purpose).  This notice will remain in place until 31 October 2022.  Information can be shared under the regulations by GPs, NHS Digital and NHS England.



Freedom Of Information

What Is A Freedom Of Information (FOI) Request?

The FOI Act 2000 provides public access to information held by public authorities in two ways. Public authorities are obliged to publish certain information about their activities and members of the public are entitles to request information from public authorities. 

Recorded information includes printed documents, computer files, letters, emails, photographs, sound and/or video recordings. It is not limited to official documents and it covers for example drafts, emails, notes, recordings of telephone conversations etc. It is also not limited to information the Trust has created. 

Anyone can make a request for information including members of the public, journalists, lawyers, businesses, charities and employees. The Act does not cover any personal information. The Trust has 20 working days to respond to FOI requests either a disclosure or exemption. Any FOI released will be published on the Trusts publication scheme.

What You Need To Know?

Information Asset Owners’ (IAO) have been identified by the Trust, as leads for their services information and are generally Operational, Associate Director or in cases of Corporate Services this  sometimes Heads of Services. They are responsible for all information assets within their service(s) and as a result have overall responsibility of what information is released to the public. 

  • The IG Team receive all the FOI requests and will acknowledge and place the request into a draft template. 
  • The draft FOI Template will be sent to the relevant “IAO(s)” of the services identified to be involved in the request. The “IAO” / service will be allocated 15 of the 20 working days in which to compile a complete response and return to the IG team.
  • The draft document is to be completed and returned to the IG team.
  • The “IAO” will be asked to approve the submission as a first stage approval.
  • The IG team will then send the request to the relevant Director of the services for final sign off prior to release and publication.

What Information To Release? 

When responding to an FOI request you / your service must provide all the relevant requested information. If you do not hold the information, it is best practice to advise the IG team who does. 
The Trust can refuse a request or specific questions is it falls under an exemption. Common exemptions used are listed in Appendix A, for further information please visit the ICO website.

Sign Off Process

Sign Off means that you are agreeing that the response has been;

  • Checked
  • All information has been provided
  • The information provided is an accurate representation of the information held by the Trust

Where requests responses have not been returned directly by the “IAO” or their approval is not contained within the email trail returning the response to the IG Team; approval will be sought by the IG Team as a first stage approval. 

Please note: where multiple services have been asked to contribute towards a FOI request, each individual “IAO” will be required to sign off their relevant questions / sections. 

Once approved at first stage approval the IG team will then seek approval from the relevant Director(s) of the services involved within the request. 

If a query is raised at any approval stage then the IG team will assist in directing the request back to the relevant IAO / services to respond. 

Once final approval has been received by all relevant Directors the IG team will release the approved document to the requestor and periodically upload the released document onto the Trusts public Publication Scheme.

What We Need From You

  • To confirm if your services are appropriate to respond to the request
  1. Signposted direction where appropriate
  • To gather / delegate the response within your team(s) within the 15 working day timescale
  1. Advise where clarity from the requestor may be required
  2. Liaise with the IG Team on any questions where you believe an exemption may apply 
  • To approve the request at the first stage (IAO) 
  • To approve the request at final stage (Director)

Appendix A: Exemptions Commonly Used By The Trust 

Please see the ICO website for more details

S21 Information Accessible by Other Means 
The purpose of the section 21 exemption is to ensure that there is no right of access to information via FOI if it is available to the applicant by another route. In general, information available via the publication scheme or on our Trust public website will be reasonably accessible to an applicant. 

S40 Personal Information 
When handling a request under FOI, any information that may include personal data or contain data that would allow the identity of another person to become known without a legal basis to do so then the information is exempt from disclosure. 

Please note that the following information should be released; 

  • Job Titles and Bandings (not exact salaries or pay points) 
  • Staff information, that would not identify anything person about the employee (information relating to the job role should be considered to be released) 
  • Organisation Structures 

S41 Information Provided in Confidence (Public Interest Test Required) 
Section 41 sets out an exemption from the right to know where the information was provided to the public authority in confidence. 

It is designed to give those who provide confidential information to public authorities, a degree of assurance that their confidences will continue to be respected, should the information fall within the scope of an FOIA request. 

This exemption applies if the following two conditions are satisfied:

  • You received the information from someone else; and
  • Complying with the request would be a breach of confidence that is actionable

S43 Commercial Interests (Public Interest Test Required) 
This exemption applies only where a person would be able to bring a successful action for breach of confidence as a result of disclosure to the public, which would normally only occur in the event of there being a contract. 

There is interaction with the law of breach of confidence which may be complex to interpret. The fact that a document is marked "Confidential" or "Commercial in Confidence" is not in itself evidence that the exemption applies.

Section 43 of the Act sets out an exemption from the right to know if: 

  • The information requested is a trade secret, or release of the information is likely to prejudice the commercial interests of any person. (A person may be an individual, a company, the public organisation itself or any other legal entity.) 

Section 43 is a qualified exemption. That is, it is subject to the public interest test which is set out in section 2 of the Act. Where a public organisation is satisfied that the information requested is a trade secret or that its release would prejudice someone’s commercial interests, it can only refuse to provide the information if it is satisfied that the public interest in withholding the information outweighs the public interest in disclosing it. The bias is in favour of disclosure and there will be occasions where information is released even though it is a trade secret or is likely to prejudice someone’s commercial interest. 

Public Interest Test
The exemptions in Part II of the Freedom of Information Act are „absolute‟ or „qualified‟. If an absolute exemption applies, the information does not have to be released. If the exemption is qualified, the public organisation must weigh the public interest in maintaining the exemption against the public interest in disclosure. This is the public interest test. 

A public organisation can only withhold the information if the public interest in maintaining the exemption outweighs the public interest in disclosure. 

The public interest here means the public good, not what is of interest to the public, and not the private interests of the requester. 

In carrying out the public interest test the organisation should consider the circumstances at the time of the request or within the normal time for compliance. 

Public interest arguments for the exemption must relate specifically to that exemption. For example, where the exemption is about prejudice to a particular interest there is an inherent public interest in avoiding that prejudice. However, there is not necessarily an inherent public interest where the exemption protects a particular class of information. 

The authority must consider the balance of public interest in the circumstances of the request. There will always be a general public interest in transparency. There may also be a public interest in transparency about the issue the information relates to. The authority should consider any public interests that would be served by disclosing the information.

Vexatious Requests 
Under section 14(1) of the Act, public authorities do not have to comply with vexatious requests. There is no public interest test. 

Indicators (not listed in any order of importance) 

  • Abusive or aggressive language: The tone or language of the requester’s correspondence goes beyond the level of criticism that a public organisation or its employees should reasonably expect to receive. 
  • Burden on the authority: The effort required to meet the request will be so grossly oppressive in terms of the strain on time and resources, that the authority cannot reasonably be expected to comply, no matter how legitimate the subject matter or valid the intentions of the requester. 
  • Personal grudges: For whatever reason, the requester is targeting their correspondence towards a particular employee or office holder against whom they have some personal enmity. 
  • Unreasonable persistence: The requester is attempting to reopen an issue which has already been comprehensively addressed by the public organisation or otherwise subjected to some form of independent scrutiny. 
  • Unfounded accusations: The request makes completely unsubstantiated accusations against the public organisation or specific employees. 
  • Intransigence: The requester takes an unreasonably entrenched position, rejecting attempts to assist and advise out of hand and shows no willingness to engage with the authority. 
  • Frequent or overlapping requests: The requester submits frequent correspondence about the same issue or sends in new requests before the public organisation has had an opportunity to address their earlier enquiries. Deliberate intention to cause annoyance: The requester has explicitly stated that it is their intention to cause disruption to the public organisation, or is a member of a campaign group whose stated aim is to disrupt the authority. 
  • Scattergun approach: The request appears to be part of a completely random approach, lacks any clear focus, or seems to have been solely designed for the purpose of „fishing‟ for information without any idea of what might be revealed. 
  • Disproportionate effort: The matter being pursued by the requester is relatively trivial and the authority would have to expend a disproportionate amount of resources in order to meet their request. 
  • No obvious intent to obtain information: The requester is abusing their rights of access to information by using the legislation as a means to vent their anger at a particular decision, or to harass and annoy the authority, for example, by requesting information which the authority knows them to possess already. 
  • Futile requests: The issue at hand individually affects the requester and has already been conclusively resolved by the authority or subjected to some form of independent investigation. 
  • Frivolous requests: The subject matter is inane or extremely trivial and the request appears to lack any serious purpose. The request is made for the sole purpose of amusement.

GP Connect

We use a facility called GP Connect to support your direct care. GP Connect makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes.

The NHS 111 service (and other services determined locally e.g. Other GP practices in a Primary Care Network) will be able to book appointments for patients at GP practices and other local services.

GP Connect is not used for any purpose other than direct care.

Legal basis - 6.1.e - NHS Contract authority 9.2.h - delivery of direct health care


Joy App

Southampton PCN are introducing the “Joy App” which is a cloud-based application, to improve the efficiency of social prescribing, an initiative designed to improve the wellbeing and mental health of patients by connecting them to non-medical interventions such as exercise groups and activities.

Currently, social prescribing is mostly paper-based. The adoption of the Joy application will deliver several benefits that the current way of working does not offer for patients:

Benefits to patients:

  • Ability for patients to make an informed choice about the services they access – the Joy app provides review and efficiency data on local services and groups. This helps patients decide which services to access based upon what has worked in the past.
  • Less form-filling in. The Joy app enables social prescribers to instantly refer a client to a service. This reduces the amount of time a patient must spend filling in forms to sign up to a service and provides a better experience for a patient.
  • Reduced waiting time for social prescribing. Joy improves the efficiency of Social Prescribers enabling them to hold larger caseloads. The interoperability with the clinical systems reduces the likelihood of a missed referral to the social prescribing service – possible when social prescribers are covering multiple sites and logging in to several GP systems