The General Data Protection Regulation (GDPR)

For the purposes of the General Data Protection Regulation (2018), the Group Practice is the “Data Controller”, registered as such with the Information Commissioner’s Office.

The General Data Protection Regulation (GDPR) superseded the Data Protection Act (1998) in May 2018.  The aim of the GDPR is to standardize Data Protection Regulations across Europe.  These new rules are similar to the Data Protection Act but further strengthen rights and empower individuals by giving you more control over your personal data, bringing a new age of compliance and accountability.

Accessing your medical records

For information on your right to access your medical records click on the following links:

The Group Practice GDPR Privacy Policy – explains your rights and our obligations regarding your personal data.

How to make a Subject Access Request (SAR) – advice on how to request a copy of your medical records.

Download a Subject Access Request (SAR) form.

For further information on GDPR or on SARs you can visit the Information Commissioner’s Office website.


Alternatively you can contact our Data Protection Officer:

Name:  Jennifer Hepburn

Title:     Data Protection Officer

Mail:     The Group Practice, Health Centre, Stornoway, Isle of Lewis HS1 2PS

Email:  [email protected]

Phone:  01851 703145, ext. 239

Sharing of information

Whenever information is shared we will only share the minimum data required, and will only share data in compliance with the law.

Our legal basis for sharing health information is usually that it is necessary;

  • for the provision of health or social care or treatment or the management of health or social care systems and services; or
  • for reasons of public interest in the area of public health; or
  • for reasons of substantial public interest or aims that are proportionate and respect people’s rights, for example research; or
  • in order to protect the vital interests of an individual; or
  • for the establishment, exercise or defence of legal claims or in the case of a court order.

No information is disclosed outside of the health service without your permission unless there is a legal basis to do so. Maintaining the confidentiality and security of personal information is of utmost importance to the Group Practice.

Anonymous patient information may also be used at local and national level to help the Health Board and Government plan services e.g. for diabetic care. If you do not wish anonymous information about you to be used in such a way, please let us know.

We share patient information with NHS Western Isles through the Electronic Medical Record (eMRec). This gives clinicians access to information that is relevant to their patients’ treatment at the point of care. More information can be found here.

When the surgery is closed NHS 24 or Accident and Emergency can access your Emergency Care Summary. Please tell the surgery if you do not want your summary accessed by emergency care.

We share information with NHS National Services Scotland who are responsible for health statistics through Scottish Primary Care Information Resource (SPiRE). No notes your doctor or nurse has made from discussions with you will be used and no information will contain names of personal details. More information can be found at: https://spire.scot

We share information with NHS National Services Scotland who are responsible for health statistics through Scottish Primary Care Information Resource (SPiRE). No notes your doctor or nurse has made from discussions with you will be used and no information will contain names of personal details. More information can be found at: https://spire.scot

If you want any more information please contact our Practice Manager:

Ms Jennifer Hepburn

Phone:              01851 703145 (Ext. 239)

Email:               [email protected]

Please do not use the eConsult system for urgent matters as we may not respond to your eConsult the same day it is submitted.