Privacy Policy

How The Medical Records Trust Protects Your Personal Information

Darwinist Team June 02, 2025 Healthcare Policy

Privacy GDPR NHS Records Data Protection Policy

How The Medical Records Trust (TRMT) collects, uses, and protects your personal and health information in line with UK GDPR and NHS standards.

Privacy Policy

Effective date: [insert date]

This Privacy Policy explains how The Medical Records Trust (“TRMT”, “we”, “our” or “us”) collects, uses, and protects your personal information when you:

Create an account with TRMT
Ask us to obtain copies of your health records from GP practices, NHS trusts, or other providers
View, share, or delete those records through our website, mobile application, or FHIR API

TRMT is a Charitable Incorporated Organisation (CIO) registered in England and Wales.
For UK data-protection law (UK GDPR and the Data Protection Act 2018), TRMT is the data controller for the information described below.

1. Contact Details

Data-controller name: The Medical Records Trust (CIO)
Registered address: [insert postal address]
Email: privacy@medicalrecordstrust.org
Telephone: [insert number]
Data Protection Officer: [insert DPO name] – dpo@medicalrecordstrust.org

2. What Information We Collect

We collect different types of information, including:

Identity data: Your name, date of birth, NHS number, and previous addresses (provided by you)
Contact data: Your current address, email, and phone number (provided by you)
Verification data: Photo ID (such as passport or driving licence) and proof of address (provided by you)
Health data: GP records, hospital letters, lab results, imaging, and medication history (provided by healthcare providers when you authorise us)
Consent & audit data: Dates and details of your consents, logs of record requests, and access logs (generated by TRMT)
Usage data: Log-ins, IP address, browser type, and cookies (see section 9) (collected automatically)

3. Legal Bases for Processing

We process your data for the following reasons:

To verify your identity: We are required by law (UK GDPR Article 6(1)(c)) to check your identity before releasing records.
To request and receive your health records: We rely on your consent (UK GDPR Article 6(1)(a) and Article 9(2)(a) for special-category data).
To provide you with consolidated records: We use your consent and the provision of health care as legal bases (UK GDPR Article 6(1)(a) and Article 9(2)(h)).
To maintain security and audit trails: We have a legitimate interest in keeping your data safe and complying with NHS requirements (UK GDPR Article 6(1)(f) and Article 9(2)(h)).
To improve our services: We use anonymised or pseudonymised data where possible, based on our legitimate interests (UK GDPR Article 6(1)(f)).

You can withdraw your consent at any time (see section 7).

4. How We Collect and Process Records

You provide identity documents, contact details, and information about your past healthcare providers and addresses.
You sign a time-limited authority allowing TRMT to make subject-access requests on your behalf.
We contact each provider, supplying your ID and requesting copies of any records they hold.
Providers respond; if data are not already in FHIR format, we convert them to UK FHIR Core R4.
You review your combined record via our portal or FHIR API and decide whether to share it.
You remain in control – you may delete individual items or your entire record at any time (see section 6).
Sometimes, a GP practice or hospital may contact you directly to confirm that you authorised TRMT to act for you. Please reply promptly to avoid delays.

5. How We Protect Your Information

All health data are stored only in encrypted UK data centres (NHS-accepted Tier 1 cloud or ISO 27001 on-premises).
Data in transit are protected by TLS 1.2+; FHIR API access requires OAuth 2.0 with role-based scopes.
We complete the NHS Data Security & Protection Toolkit every year and appoint a Caldicott Guardian and Data Protection Officer.
Access logs, anomaly detection, and penetration tests help us detect unauthorised activity.

6. Retention and Deletion

Health records: Kept until you delete your TRMT account or ask us to delete specific items. You can delete any item or your whole record at any time via the portal.
Identity and consent logs: Kept for six years after your last action (legal limitation period). We cannot shorten this, but they are removed after six years.
Web-usage logs: Kept for 12 months. You can opt out of non-essential cookies (see section 9).

When you delete your record, we erase both primary and backup copies within 14 days and send you confirmation.

7. Your Rights

You have the right to:

Access a copy of your data
Correct inaccurate data
Delete your data (“right to erasure”)
Restrict or object to processing
Receive your data in FHIR bundles (data portability)
Withdraw consent at any time
Raise a complaint with the Information Commissioner’s Office (ICO) – ico.org.uk

Contact our DPO to exercise any of these rights.

We only share your data:

With healthcare providers you nominate (such as your GP, consultant, or a new app) via UK FHIR Core
With trusted service providers under contract (such as cloud hosting or document-conversion services) who must meet NHS standards
Where required by law (for example, a court order)

We do not sell or lease your data.

9. Cookies and Analytics

Our website uses:

Essential cookies: These keep you logged in and secure (cannot be turned off).
Analytics cookies: These help us understand how our service is used (you may opt out on your first visit).
No advertising cookies.

10. International Transfers

All data are stored and processed in the United Kingdom. We do not transfer personal data outside the UK/EU.

11. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The latest version is always available on our website. We will notify you of significant changes by email or in-app message.

Privacy Policy

Effective date: [insert date]

This Privacy Policy explains how The Medical Records Trust (“TRMT”, “we”, “our” or “us”) collects, uses, and protects your personal information when you:

Create an account with TRMT
Ask us to obtain copies of your health records from GP practices, NHS trusts, or other providers
View, share, or delete those records through our website, mobile application, or FHIR API

1. Contact Details

Data-controller name: The Medical Records Trust (CIO)
Registered address: [insert postal address]
Email: privacy@medicalrecordstrust.org
Telephone: [insert number]
Data Protection Officer: [insert DPO name] – dpo@medicalrecordstrust.org

2. What Information We Collect

We collect different types of information, including:

Identity data: Your name, date of birth, NHS number, and previous addresses (provided by you)
Contact data: Your current address, email, and phone number (provided by you)
Verification data: Photo ID (such as passport or driving licence) and proof of address (provided by you)
Health data: GP records, hospital letters, lab results, imaging, and medication history (provided by healthcare providers when you authorise us)
Consent & audit data: Dates and details of your consents, logs of record requests, and access logs (generated by TRMT)
Usage data: Log-ins, IP address, browser type, and cookies (see section 9) (collected automatically)

3. Legal Bases for Processing

We process your data for the following reasons:

To verify your identity: We are required by law (UK GDPR Article 6(1)(c)) to check your identity before releasing records.
To request and receive your health records: We rely on your consent (UK GDPR Article 6(1)(a) and Article 9(2)(a) for special-category data).
To provide you with consolidated records: We use your consent and the provision of health care as legal bases (UK GDPR Article 6(1)(a) and Article 9(2)(h)).
To maintain security and audit trails: We have a legitimate interest in keeping your data safe and complying with NHS requirements (UK GDPR Article 6(1)(f) and Article 9(2)(h)).
To improve our services: We use anonymised or pseudonymised data where possible, based on our legitimate interests (UK GDPR Article 6(1)(f)).

You can withdraw your consent at any time (see section 7).

4. How We Collect and Process Records

You provide identity documents, contact details, and information about your past healthcare providers and addresses.
You sign a time-limited authority allowing TRMT to make subject-access requests on your behalf.
We contact each provider, supplying your ID and requesting copies of any records they hold.
Providers respond; if data are not already in FHIR format, we convert them to UK FHIR Core R4.
You review your combined record via our portal or FHIR API and decide whether to share it.
You remain in control – you may delete individual items or your entire record at any time (see section 6).
Sometimes, a GP practice or hospital may contact you directly to confirm that you authorised TRMT to act for you. Please reply promptly to avoid delays.

5. How We Protect Your Information

All health data are stored only in encrypted UK data centres (NHS-accepted Tier 1 cloud or ISO 27001 on-premises).
Data in transit are protected by TLS 1.2+; FHIR API access requires OAuth 2.0 with role-based scopes.
We complete the NHS Data Security & Protection Toolkit every year and appoint a Caldicott Guardian and Data Protection Officer.
Access logs, anomaly detection, and penetration tests help us detect unauthorised activity.

6. Retention and Deletion

Health records: Kept until you delete your TRMT account or ask us to delete specific items. You can delete any item or your whole record at any time via the portal.
Identity and consent logs: Kept for six years after your last action (legal limitation period). We cannot shorten this, but they are removed after six years.
Web-usage logs: Kept for 12 months. You can opt out of non-essential cookies (see section 9).

When you delete your record, we erase both primary and backup copies within 14 days and send you confirmation.

7. Your Rights

You have the right to:

Access a copy of your data
Correct inaccurate data
Delete your data (“right to erasure”)
Restrict or object to processing
Receive your data in FHIR bundles (data portability)
Withdraw consent at any time
Raise a complaint with the Information Commissioner’s Office (ICO) – ico.org.uk

Contact our DPO to exercise any of these rights.

We only share your data:

With healthcare providers you nominate (such as your GP, consultant, or a new app) via UK FHIR Core
With trusted service providers under contract (such as cloud hosting or document-conversion services) who must meet NHS standards
Where required by law (for example, a court order)

We do not sell or lease your data.

9. Cookies and Analytics

Our website uses:

Essential cookies: These keep you logged in and secure (cannot be turned off).
Analytics cookies: These help us understand how our service is used (you may opt out on your first visit).
No advertising cookies.

10. International Transfers

All data are stored and processed in the United Kingdom. We do not transfer personal data outside the UK/EU.

11. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The latest version is always available on our website. We will notify you of significant changes by email or in-app message.

Privacy Policy

1. Contact Details

2. What Information We Collect

3. Legal Bases for Processing

4. How We Collect and Process Records

5. How We Protect Your Information

6. Retention and Deletion

7. Your Rights

8. Sharing Your Information

9. Cookies and Analytics

10. International Transfers

11. Changes to This Policy