Subject Access Request (SAR) Policys

1. Introduction

Triam Health Limited (“Triam Health”) is committed to ensuring that individuals are able to exercise their rights of access to personal information in accordance with UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy outlines how Subject Access Requests (SARs) are managed for:

• Private GP services
• Aesthetic and cosmetic healthcare services
• Medico-legal and independent medical expert services
• Occupational health services
• Website and digital healthcare systems

2. Scope

This policy applies to all staff, clinicians, contractors, and third-party service providers who process personal information on behalf of Triam Health.

The policy applies to all personal information held in:

• Electronic systems
• Medical records
• Medico-legal records
• Emails and communications
• Paper records
• Digital and cloud-based systems

3. Right of Access

Under UK GDPR, individuals have the right to request access to personal information held about them.

Individuals may request:

• Confirmation that personal information is being processed
• Access to copies of their personal information
• Information about how their data is used
• Information regarding recipients or categories of recipients
• Information regarding retention periods
• Information regarding data sharing and processing activities

4. Submitting a Subject Access Request

Subject Access Requests should preferably be submitted in writing by email or post.

Requests should include:

• Full name
• Contact details
• Sufficient information to identify the records requested
• Proof of identity where required

5. Identity Verification

Triam Health may request proof of identity before releasing personal information to ensure information is disclosed only to authorised individuals.

Acceptable identification may include:

• Passport
• Driving licence
• Utility bill
• Official correspondence

6. Response Timeframes

Triam Health will normally respond to Subject Access Requests within one calendar month from receipt of:

• The request
• Any necessary identity verification

Where requests are complex or numerous, the response period may be extended by up to two additional months where permitted by law.

7. Fees

Subject Access Requests are generally processed free of charge.

However, a reasonable administrative fee may be charged where requests are:

• Manifestly unfounded
• Excessive
• Repetitive

Triam Health may also refuse requests where permitted under applicable legislation.

8. Medico-Legal and Healthcare Records

Certain healthcare and medico-legal information may be subject to legal or professional exemptions.

Information may be withheld where disclosure:

• Could cause serious harm to the physical or mental health of an individual
• Could prejudice legal proceedings
• Contains third-party confidential information
• Is subject to legal privilege
• Is otherwise exempt under applicable legislation

Independent medical experts may act as independent Data Controllers in relation to medico-legal opinions and reports.

9. Information Security and Disclosure

Personal information disclosed in response to a Subject Access Request will be provided securely.

Triam Health may provide information:

• Electronically
• By secure email
• By secure portal
• By post where appropriate

Appropriate security and confidentiality measures will be maintained throughout the process.

10. Technology Providers and Data Processing

Triam Health may use Trikon Digital Ltd as a technology and software services provider for secure case management, communications, cloud hosting, and digital healthcare systems.

Trikon Digital Ltd acts as a Data Processor on behalf of Triam Health and processes information only under contractual instructions and applicable data protection legislation.

11. Complaints

If an individual is dissatisfied with the handling of a Subject Access Request, they may contact:

12. ICO Registrations

Triam Health Limited is registered with the Information Commissioner’s Office (ICO).