Privacy Notice & GDPR


In order to provide the right level of care, we are required to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.

Confidentiality and Personal Information

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.

You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.

Your Medical Records and Insurance Companies

There are many good reasons why insurance companies may request a copy of your medical records or a Doctor's report. For example, you may be making a claim under your medical insurance policy. In this instance, the insurance company is entitled to request access to relevant medical information to allow them to process your claim.

Lindfield Medical Centre takes the processing of your data very seriously and so we will only process data when we can be certain that there is a lawful basis for doing so.

There have been reported cases where insurance companies (or other 3rd parties) have requested information using a Data Subject Access Request and have asked for a copy of all of a patient's medical records. In such cases, they will have the patient's consent to do so, but we have found instances where patients have not been fully aware of the extent of the information that will be released.

Therefore, when we receive such a request, we will always contact you, verify your identity and confirm that you are fully aware of the extent of the request. 

The British Medical Association has questioned whether the law allows insurance companies to use Data Subject Access Requests to obtain confidential and sensitive personal data. The General Data Protection Regulation states that only data which is sufficient for the purpose for which it is required should be disclosed and sensitive personal data which is not relevant or excessive in relation to this purpose should not be disclosed.  

The Information Commissioner’s Office (ICO) has recently written to the insurance industry to confirm that they consider the use of Data Subject Access rights in this way is inappropriate and an abuse of that right to access medical records. As the guardian of your medical record we are responsible for ensuring only necessary and relevant information held on your record is shared with an insurance company, however we also have a duty to comply with a Data Subject Access Request made by you as a patient and do not want to cause any delays to your application.  

We feel that contacting you to discuss the request is the best way to ensure that we meet all of our lawful obligations without causing any unnecessary delay.

Opting out of NHS Digital collecting your data

There are two types of Opt-out you can make.

Type 1 Opt-out which is handled by the Surgery and prevents information being shared outside of the Surgery for purposes other than direct care.

Please download and complete the Type 1 Opt-out form and hand into the Surgery, or attach it via email to

National Data Opt-out allows patients to opt-out of their confidential patient information being used for research and planning.

 NHS National Data Opt-out

Type+1+Opt-out+form (1).pdf