What is an SAR?

An individual has the right to ask an organisation whether or not they are using or storing their personal information. They can also ask the business for copies of their personal information, verbally or in writing.

This is called the right of access and is commonly known as making a subject access request or SAR.


SAR Policy

Under the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) individuals referred to in the legislation as Data Subjects have the following rights: Under the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) individuals referred to in the legislation as Data Subjects have the following rights:

• Transparency over how we use their personal information (right to be informed).

• To request a copy of the personal information we hold about them, which will be provided to them within one month (right of access).

• An update or amendment of the personal information we hold about them (right of rectification)

• To ask us to stop using personal information (right to restrict processing).

• Ask us to remove their personal information from our records (right to be forgotten).

• Request us to remove their personal information for marketing purposes (right to object).

• To obtain and reuse their personal data for their own purposes (right to portability).

• Not to be subject to a decision based on automated processing.

Our Privacy Policy details these rights and advises individuals that they can contact us by letter or email to exercise any of these rights.
The legislation does not require an individual to make a request in writing but Medicus Health Partners is of the view it is preferable for record purposes that if any individual makes contact whether by telephone or text, or in any other way asking how they should make a request they should be advised that they can make the request by letter or email to the Data Lead Officer at the address of the surgery at which they are a patient.
On receipt of any request to exercise one of the rights this should be immediately passed to the Data Lead Officer at the surgery at which the patient is registered who will deal with this request.


On receiving the request the Data Lead Officer will:

• Record on both any data base relating to the individual and in the data subject access data base the receipt of the request.

• Consider whether they are satisfied the request is from the Data Subject or whether Identification should be requested before responding.

• If the request is from an individual or organisation acting on behalf of the Data Subject ask for and receive written authorisation (consent) from the Data Subject to provide the access to that individual or organisation.

• In a situation where the Data Subject has given written authorisation (consent) to the release of information to another individual or organisation but there is concern as to whether the Data Subject (patient) has understood the meaning of the authorisation consideration will be given to sending the response or the information direct to the Data Subject.

• If the request is made by an individual or organisation (e.g. the Police) who does not act on behalf of the Data Subject ensure that they have the appropriate legal authority to make the request.

• If the request is made after the death of the Data Subject check whether it is the Personal Representatives who are making the request. Careful consideration should also be given as to whether there are issues of confidentiality in respect of the personal information and if there are whether this means the information should not be disclosed.

• If the patient (Data Subject) is a child under 16 years’ consideration will be given as to whether they are mature enough to give their own consent to access the personal information or whether the person or persons with parental responsibility must give consent. If there is any difficulty in making the decision the DPO will be consulted.

• If the agreeing to the request would result in disclosing personal information of another Data Subject then the consent of the other Data Subject should be obtained or the information relating to them redacted.

• Acknowledge the request within 7 days. We have standard draft letters to be used for acknowledging these requests.

• Make a diary entry for the request to be fully responded to within 30 days. We can extend the time, where necessary, by up to two further 30 day periods.

• Undertake full consideration of the request and decide whether to agree to the request or that there are proper grounds for not agreeing to the whole or any part of the request.

• Prepare a response in respect of the decision and send this to the individual (Data Subject) making the request. We have draft responses which can be used as templates.

• Record on the subject access request data base and on any records relating to the individual copies of the full response or setting out the decision made.

Subject Access Request Form

[forminator_form id="996"]


What is eConsult?
It is an new way to request medical care and fit notes at a time convenient to you. You can complete an eConsult form anytime and there is no need to be waiting on the telephone on hold to arrange an appointment, and the surgery will get back to you within a stated timeframe. It enables you to provide key information about your condition before your appointment which is really helpful to doctors and nurses. Also improves telephone access for vulnerable patients who can’t use online services by decreasing phone call waiting times.
Where can I get help in using eConsult?
The form will provide you with instructions on how to complete it as you fill it in, and you can also watch this tutorial on YouTube for more information – https://www.youtube.com/watch?v=j1-LQI1f0TI
Is it easy to use eConsult?
Yes – it is as straightforward as using online shopping, banking or social media.
Does eConsult mean I won’t see my GP?
If you need to have a GP consultation, you will still have one with your GP (or another clinician at the practice if necessary). All eConsults submitted relating to a health issue will be looked at by a clinician, who will decide next course of action. If you need a consultation with a GP, you’ll have one (it could be in person, over the phone or through a video consultation). Admin requests e.g. fit note requests may be looked at by a member of the admin team, freeing up the doctors’ time.
Do I need an account and password?
No, you just use the eConsult portal on the GP surgery website. New feature includes NHS Login which means that you can use your existing NHS password to submit an eConsult. That helps practices match your online consultation with your previous records. Another way to submit an eConsult is through the NHS App.

How can I use eConsult when I don’t have a computer, tablet or smartphone?
eConsult is only available online, but you can still telephone the GP surgery in the same way you always have. Practice receptionists will talk you through a questionnaire and complete an eConsult on your behalf if you do not have online access.