Menu
Login
  • Home
  • SevernSide IUC
  • Staff Resources
  • Home
  • SevernSide IUC
  • Staff Resources
home/Knowledge Base/Policies & SOPs/Rectification of Personal Data
Popular Search:Policies, Training, Staff Newsletter

Rectification of Personal Data

BrisDoc Governance Team

What is the right to rectification?

Under Article 16 of the UK GDPR, individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed- this will depend on the purposes for the processing. This right has close links to the Accuracy Principle of the UK GDPR (Article 5,1,D). Although you may have already taken steps to ensure that the personal data was accurate when it was obtained, this right imposes a specific obligation to reconsider accuracy upon request.

How to recognise a request

The UK GDPR does not specify how to make a valid request. Therefore: an individual can make a request for rectification verbally or in writing. This can be made to any part of the organisation and does not have to be a specific person or contact point.

A request to rectify personal data does not need to mention the phase `request for rectification` or Article 16 of the UK GDPR to be a valid request. As long as the individual has challenged the accuracy of their data and has asked you to correct it or has asked for you to complete the data held about them that is incomplete, this will be a valid request under Article 16.

We have a legal responsibility to identify that an individual has made a request and handle it accordingly.

When is data inaccurate?

UK GDPR does not give a definition of the term accuracy. However, the data protection act 2018 states that personal data is inaccurate if it is incorrect or misleading as to any matter of fact.

When a patient makes a request for rectification, we will ask them to

  • State clearly what they believe is inaccurate or incomplete.
  • Where available, provide evidence of the inaccuracies.

When we are asked to correct/amend data, we will take reasonable steps to investigate whether the data is accurate and will be able to demonstrate we have done so. To do this we will consider the individuals reasons and any evidence they provide.

We will then contact the individual and either:

  • Confirm it has been corrected, deleted, or amended, or
  • inform the individual we cannot change the data and explain why we believe the data is accurate.

If a patient provides the incorrect information?

If an individual makes a request to remove consultation information where they have purposely misled a clinician, this will be rejected.  A discussion may be had with the surgery regarding the addition of a note to explain the incorrect information being added to the original consultation if this is deemed appropriate.

For example, CKMP receive a request under Right to Rectification.  It becomes apparent the patient gave false information to the clinician at the time of the consultation in order to take paid time off of work.  Some substantial time later he asked for this information to be removed from his record.  This is not something that can be removed under right to rectification as it was an accurate picture of the patient’s presenting condition.  A note could be added, explaining that the patient had misled the clinician and suggesting that the consultation notes be viewed as inaccurate as a result.

You should let the individual know if you are satisfied that the personal data is accurate, and tell them that you will not be amending the data. You should explain your decision, and inform them of their right to make a complaint to the ICO or another supervisory authority; and their ability to seek to enforce their rights through a judicial remedy.

It is also good practice to place a note on your system indicating that the individual challenges the accuracy of the data and their reasons for doing so.

How long do we have to comply?

You must comply with a request for rectification without undue delay and at the latest within one month of receipt of the request or (if later) within one month of receipt of:

  • any information requested to confirm the requester’s identity

You should calculate the time limit from the day you receive the request (whether it is a working day or not) until the corresponding calendar date in the next month.

Example

An organisation receives a request on 3 September. The time limit will start from the same day. This gives the organisation until 3 October to comply with the request. If this is not possible because the following month is shorter (and there is no corresponding calendar date), the date for response is the last day of the following month.

If the corresponding date falls on a weekend or a public holiday, you have until the next working day to respond. This means that the exact number of days you must comply with a request varies, depending on the month in which the request was made.

Example

An organisation receives a request on 31 March. The time limit starts from the same day. As there is no equivalent date in April, the organisation has until 30 April to comply with the request. If 30 April falls on a weekend, or is a public holiday, the organisation has until the end of the next working day to comply.

Can we extend the time for a response?

You can extend the time to respond by a further two months if the request is complex or you have received a number of requests from the individual. You must let the individual know within one month of receiving their request and explain why the extension is necessary.

Do we need to inform other organisations if we rectify personal data?

If you have disclosed the personal data to others, you must contact each recipient and inform them of the rectification or completion of the personal data – unless this proves impossible or involves disproportionate effort. If asked to, you must also inform the individual about these recipients.

The UK GDPR defines a recipient as a natural or legal person, public authority, agency or other body to which the personal data are disclosed. The definition includes controllers, processors and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Additional Information

Additional guidance can be found by clicking the links below:

Amending patient and service user records – NHS Transformation Directorate (england.nhs.uk)

Right to rectification | ICO

Appendix 1

Receiving a request to rectify personal data – OOH

Appendix 2

  • REQUEST FOR RECTIFICATION OF A HEALTH RECORD
Date of Request Patient Name
Date of Birth NHS Number
Are you the Patient? Yes/No Contact Number
If no, please indicate your name and relationship to the patient
Please note, we must have written and signed consent from the patient giving permission for you to make this request on their behalf.                     (if this form is for you, you do not need to provide further consent)
Date of Error Area of concern (please indicate)
Diagnosis Consultation Medication
Personal Details Other (please specify)
Please explain your reason for this request:

 

 

 

Date of Error Area of concern (please indicate)
Diagnosis Consultation Medication
Personal Details Other (please specify)
Please explain your reason for this request:

 

 

Date of Error Area of concern (please indicate)
Diagnosis Consultation Medication
Personal Details Other (please specify)
Please explain your reason for this request:

 

 

Date of Error Area of concern (please indicate)
Diagnosis Consultation Medication
Personal Details Other (please specify)
Please explain your reason for this request:

 

 

Signature Print Name

 

Appendix 3

How to Rectify Personal data – OOH

Change Register

Date Version Name changes
17/08/23 1.0 TC SOP created
       
       

 

Attached Files
#
File Type
File Size
Download
1 .pdf 334.39 KB Rectification of data SOP
Related Articles
  • Volunteering Policy
  • BrisDoc Clinical Risk Management
  • Thiamine IM in the treatment of Alcohol Dependency
  • BMC Evacuation and Lockdown SOP
  • IUC Patient Engagement Strategy and Patient Representative Group TOR
  • HHS Managing Violence and Aggression including Lockdown and Evacuation Plans.

Can't find what you're looking for? Contact Us

Categories
  • Information Governance
  • IUC Rotas
    • 1. Rota – Monday
    • 2. Rota – Tuesday
    • 3. Rota – Wednesday
    • 4. Rota – Thursday
    • 5. Rota – Friday
    • 6. Rota – Saturday
    • 7. Rota – Sunday
  • Policies & SOPs
  • SevernSide IUC
    • Bases / Urgent Treatment Centres
      • 168 Medical – Weston Base Documents
      • Christchurch Base Documents
      • Clevedon Base Documents
      • Cossham Base Documents
      • Greenway Base Documents
      • Marksbury Road Base Documents
      • Osprey Court Control Room Documents
    • IUC Business Continuity – Disaster Recovery
    • IUC Roles
      • Call Handlers – IUC
      • Drivers – IUC
        • Meeting minutes
      • Hosts – IUC
      • On Call Managers – IUC
      • Shift Managers – IUC
      • WaCCs – IUC
        • Meeting minutes – April 2022
    • Mental Health IAP
      • IAP Call Handlers
      • IAP Shift Manager
      • IAP SOPs
    • SESUI
    • System CAS
  • Staff Resources
    • Co-owners Council Documents
      • Co-owners Council Minutes
    • Handbooks
    • Induction Documents
    • New Starter Checklists
    • Parental Leave Forms
    • PDR Resources
    • Training
    • Useful Forms
  • User Guides
    • RotaMaster Admin Documents

  Record of Processing Activities

Safeguarding Policy  

All Rights Reserved | BrisDoc Healthcare Services
Popular Search:Policies, Training, Staff Newsletter