Medical Records: obtaining access to log files showing the who, where and when in relation to access to medical records.

NHS Health Scotland did not have the information requested.

Dear NHS Health Scotland,

I write at this time in regard to the matter of obtaining log files detailing who has accessed, where access has taken place from and when access to my medical records, as maintained by the GP and surgery that I am registered with, has occurred.

I understand that medical records such as records held by the Doctor's surgery that I am registered with will be held electronically. I assume that these records will be network based with the possibility that they can be accessed at more than one location and may not necessarily be 'stored' at the local surgery that I am registered with; my implication being that I imagine my medical records will be stored externally and 'served over the network' from some central location.

Accordingly, if I wished to obtain a list or copy of the log file of all the 'locations' and 'users' that have accessed my medical records specifically, as maintained by the GP and surgery that I am registered with since 1 January 2013, could you advise as to:

(a) Whether my assumptions in paragraph two above are correct and if so where those electronic records in actuality are stored?

(b) If this type of data (log files pertaining to who has accessed my files, where files were accessed from and dates and times of access) is held?

(c) Who I should direct such a request to (request for log files) that holds or can obtain and supply this overarching view/log of who has accessed my records (employee name or similar), where (location) access to the medical records originated from (e.g., surgery name or hospital name, but not limited to these two locations) and the dates and times of any logged accesses?

(d) What mechanisms are in place to prevent unauthorised staff (e.g., staff in other surgeries) from accessing my medical records?

I trust that I have directed my enquiry to the correct organisation but if not please accept my apologies; if this is the case and you know the correct organisation that I should direct this enquiry to I would welcome your direction.

I look forward to hearing back from you.

Yours faithfully,

Mr Stevenson

HealthScotland-FOI (NHS HEALTH SCOTLAND), NHS Health Scotland

2 Attachments

Dear Mr Stevenson,

 

Information Request – Medical records access log

 

I am writing with regard to your Freedom of Information request on 21
March 2016 that was received by NHS Health Scotland the next day, in which
you ask the following:

 

“I understand that medical records such as records held by the Doctor's
surgery that I am registered with will be held electronically.  I assume
that these records will be network based with the possibility that they
can be accessed at more than one location and may not necessarily be
'stored' at the local surgery that I am registered with; my implication
being that I imagine my medical records will be stored externally and
'served over the network' from some central location.

 

Accordingly, if I wished to obtain a list or copy of the log file of all
the 'locations' and 'users' that have accessed my medical records
specifically, as maintained by the GP and surgery that I am registered
with since 1 January 2013, could you advise as to:

 

(a) Whether my assumptions in paragraph two above are correct and if so
where those electronic records in actuality are stored?

 

(b) If this type of data (log files pertaining to who has accessed my
files, where files were accessed from and dates and times of access) is
held?

 

(c) Who I should direct such a request to (request for log files) that
holds or can obtain and supply this overarching view/log of who has
accessed my records (employee name or similar), where (location) access to
the medical records originated from (e.g., surgery name or hospital name,
but not limited to these two locations) and the dates and times of any
logged accesses?

 

(d) What mechanisms are in place to prevent unauthorised staff (e.g.,
staff in other surgeries) from accessing my medical records?”  

 

Unfortunately we are unable to help you with your request.  Although NHS
Health Scotland is a part of the NHS in Scotland, we do not provide health
services directly to the public and we have no role in monitoring or
providing the information that you are looking for. Our role is to work
with a range of organisations including other NHS Boards, local
government, the third sector and employers to help them use knowledge
about what works to improve the health of people in Scotland.    [1]This
link describes the different organisations that make up the NHS in
Scotland.

 

I’d like to assist you as much as I am able to, and therefore I suggest
that you may find it helpful to redirect your request to the your local
Health Board for local area information, and in this case details can be
found here [2]http://www.gov.scot/Topics/Health/NHS-Wo...

 

I trust that this answers your query.  However, if for any reason you are
not satisfied with our response, you do have the right to ask the Chief
Executive to review our response. You should do this within 40 working
days of receipt of this letter and in a recordable format (letter, email,
audio tape etc). The Chief Executive will consider your query, consulting
with others as necessary, and will respond to you within 20 working days.

 

I hope that this is of help to you.

 

Yours sincerely

[3]Cath_sig

 

 

Cath Denholm

Director of Strategy

NHS Health Scotland

 

 

Amanda Stewart

Communications and Engagement Officer

NHS Health Scotland

0141 414 2825

07500854551

 

[email address]

www.healthscotland.com

@NHS_HS

 

 

show quoted sections

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org