Access to Records

Based on recent guidance received, we will no longer be able to provide medical information to a parent or guardian of any patient aged 13 to 16 years of age without the consent of the patient. Apologies for any inconvenience this causes.

Data Protection Guidance for children aged 13-16 is as follows:

How We Use Your Personal Information

This notice explains why the practice collects information about you and how that information may be used.

The health care professionals, who provide you with care will keep records about your health and any treatment or care you have received (e.g. hospital, GP surgery, walk-in centre etc.). These records help to give you the best possible healthcare.

From the age of 13 years, the ICO (Information Commissioner’s Office) regards you as having enough understanding to consent to your own health care.

This is in line with what is called the ‘Gillick Competence’ which is a medical law that decides whether a child under 16 years are able to consent to his/her own medical treatment without the need for consent from a parent/carer/legal guardian.

These records may be electronic (information kept on our computers), on paper (letters that we may have or that we receive) or a mixture of both, and we take every care to make sure that your information is kept confidential and secure.

It is our job to give you the best care possible and so your records are used to make sure that this happens. We may sometimes need to share your information with other people in the NHS to help us to make things in the NHS better.

How We Keep Your Records Confidential

We have to keep your personal information and records private so we will only use or share your information in line with the various laws and guidance available to us.

Every member of staff who works for the Practice or another NHS organisation has a legal obligation to keep information about you confidential. Staff at this practice attend regular training regarding their responsibilities to protect and deal with confidential information.

Organisations That We May Share Your Information With

We may also have to share or receive your information, under strict agreements on how it will be used, with the following organisations:-

  • NHS organisations
  • Doctor, dentist, optician or pharmacist
  • Ambulance service
  • Social care and safeguarding services
  • Child health
  • County council
  • Schools
  • Fire and rescue services
  • Police and court services (if we are asked by law)

Access to Your Information

Under the new General Data Protection Regulation (GDPR) you have the right to ask to see your medical records whenever you like and this is free. Also, if you think that any of the information you see is not correct, you can ask for an amendment. This can only be done if we are 100% sure that the information is not correct. To be able to see your records, this is what you will need to do:

  • Write a letter to the doctor here to ask to look at your records. You will need to include your full name, date of birth, NHS number (if you know it) and your address. This is so that we can make sure that we are giving this information to the right person.
  • The doctor will use the Gillick Competence rules (that we talked about above) to make sure that you are able to have that consent.
  • We will not charge for this (unless you ask a lot of times then we may put on a charge)
  • If the doctor agrees that it is okay for you to have access, we will give you the information within 30 days

Data Processor

This is the person/people or organisation that is responsible for using and recording your information. All staff at Wonersh Surgery are individual Data Processors.

Data Controller

The Data Controller is the person/organisation responsible for keeping your information secure and confidential. Wonersh surgery is your Data Controller

Data Protection Officer (DPO)

The Data Protection Officer has overall responsibility for GDPR within this area. Our designated DPO is:

The Surrey Heartlands Primary Care DPO Service

Additional Information / Objections / Complaints

If you need to know anything else about how we use or keep your information, you can write to our Practice Manager and he will be happy to explain. If you have access to the internet, you can also read more about this on the ICO website.

Change of Details

It is important that you tell us or any other person treating you if any of your details such as your name, address or contact details have changed.


It is very important that we know your wishes. From the age of 13 we will also be asking you to complete a consent form to allow one or both of your parents or your guardian to access your medical records, to book appointments online, order your
prescriptions or request medical information, for example results of investigations or if any letters need to be written about you.

This will also include the telephone number you would like to be contacted on.


Under the General Data Protection Regulations we have to register this surgery with the Information Commissioner to describe the purposes for which we process personal and sensitive information. This practice is registered with the Information Commissioners Office (ICO).

This information is available for everyone on the Information Commissioners Office website.

Over 16 Years of Age

In accordance with General Data Protection Regulations (GDPR) and Access to Health Records Act, patients may request to see their medical records. Such requests should be made in writing addressed to the practice manager. No information will be released without the patient consent unless we are legally obliged to do so.

All subject Access Requests will be processed within 30 days of receiving the appropriate request with consent forms where applicable. Should this not be possible you will be notified in writing as to why it is not possible to provide the information.