Skip to main content

Can I find out who has accessed my records?

Can I find out who has accessed my records?

Speak To An Expert

Get clear, personalised advice for your situation.

Jot down a few questions to make the most of your conversation.


Can I find out who has accessed my records?

Yes, in many cases you can ask who has accessed your records. In the UK, organisations that hold your personal data must keep it secure and use it properly. If you want to know who has seen your information, you can usually make a subject access request.

This applies to records held by the NHS, GP practices, hospitals, councils, employers, schools, banks, and many other organisations. The exact details you receive may vary, but you can often get a copy of the data and a log of access where one exists.

How to ask for access information

The simplest way is to contact the organisation directly and ask for a copy of your records and any available access history. You do not usually need to use special legal wording, although saying you are making a subject access request can help.

Under UK data protection law, organisations normally have one month to respond. They may ask for proof of identity before releasing information. In some cases, they can extend the deadline if the request is complex.

What information you may receive

You may be told who has viewed your records, when they accessed them, and sometimes why. This is more likely with electronic systems that keep detailed audit logs. Paper records may not always show the same level of detail.

Sometimes you will receive only the record itself, without a full list of every person who looked at it. If that happens, you can still ask whether access logs are kept and whether they can be disclosed. The organisation may redact some information if releasing it would affect someone else’s privacy.

Are there any limits?

Yes, there are some limits. For example, information may be withheld if it would reveal details about another person, if it is legally privileged, or if disclosure would cause serious harm. This does not mean you cannot ask, but it does mean some parts may be edited out.

In healthcare, staff may also see your records as part of their work. Legitimate access by doctors, nurses, or admin staff is normal, but it should be appropriate and recorded. If you think access was improper, you can ask for an explanation and raise a complaint.

What to do if you are concerned

If you believe someone has accessed your records without permission, act quickly. Start by contacting the organisation’s data protection officer, complaints team, or records department. Ask for an audit trail and a clear explanation of the access.

If you are not satisfied, you can escalate the matter to the Information Commissioner’s Office. In serious cases, you may also want legal advice. Keeping copies of your request and any replies will help if you need to take the issue further.

Frequently Asked Questions

Typically, only authorized users such as the account owner, administrators, compliance staff, or designated privacy officers can view the audit log for who accessed my records.

You can usually check the audit trail by signing in to your account, opening the security or privacy section, and reviewing the access history for who accessed my records.

The access log for who accessed my records often includes the date, time, user name or role, type of access, and sometimes the device or location used.

Systems record who accessed my records to support transparency, privacy compliance, security monitoring, and investigation of improper access.

In many systems, yes, the audit log for who accessed my records includes a timestamp showing the exact time of each access event.

Some systems show which sections or documents were viewed in who accessed my records, while others only show that the record was accessed.

The retention period for viewing who accessed my records depends on the system and policy, but many platforms keep audit logs for a defined period such as months or years.

If you suspect unauthorized access to who accessed my records, report it to the system administrator, privacy team, or support desk immediately and request a review of the audit log.

Many organizations allow you to request a copy of the access history for who accessed my records through a privacy request or records request process.

Yes, if the system tracks administrative activity, the audit log for who accessed my records may include administrator access as well as standard user access.

If proxies or delegates are permitted and tracked, their activity may appear in the audit log for who accessed my records with their assigned role or identity.

Some systems offer alert settings that notify you when someone accesses who accessed my records, especially for sensitive or high-risk records.

If you see an incorrect entry in who accessed my records, contact support or the privacy team and provide the date, time, and details of the suspected error.

An export of who accessed my records usually includes the events available in the audit log at the time of export, subject to system limits and retention rules.

Some audit logs distinguish between view, edit, download, and delete actions, so you may be able to tell whether who accessed my records was only viewed or also modified.

Some systems record failed access attempts separately from successful ones, but this depends on the security settings for who accessed my records.

Often, yes, the audit log for who accessed my records may include the device type, application, or browser used for access.

If you cannot view who accessed my records, contact the system administrator, support team, or privacy office for help with permissions or access settings.

Yes, access logs for who accessed my records are usually protected by role-based permissions, encryption, and other security controls to prevent unauthorized viewing.

To request a correction, submit a formal privacy or records request explaining the issue in who accessed my records and provide any supporting evidence.

Useful Links

Useful Links : Can I find out who has accessed my records?
Your rights on the information we hold about you

You can find out more by sending an email to informationgovernance@somerset.gov.uk · Under Schedule 2 Part 1 Paragraphs 2, 3 and 5 of the Data Protection Act 2018 the local authority is able to disclose information to the police and other agencies for specified purposes where it is required for: ... disclosure of the data is required by an enactment, a rule of law or an order of a court or tribunal · it is necessary for the purpose of legal proceedings (including prospective legal proceedings), to obtain legal advice, or is otherwise necessary for establishing, exercising or defending legal rights.
Right of Access - Requesting your personal data | The Crown Prosecution Service

Under the Data Protection Act 2018, subject to certain exemptions, you have the right to access your personal data and receive supplementary information under the Right of Access.
Consent and confidential patient information - NHS Transformation Directorate

The law requires all organisations to make information readily available to you that explains this. This will include the legal reasons for keeping health and care records, how and why information will be used, who might be able to access ...
HMRC Privacy Notice - Local authority portal - GOV.UK

We aim to retain your personal information for only as long as it is necessary for us to do so for the purposes for which we are using it and in line with our published records management and retention and disposal policy. In some circumstances we’ll anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you. You have a number of rights in relation to the processing of your personal information by HMRC.
Citizens Advice privacy policy - Citizens Advice

We have rules and controls in place to stop people accessing or using your information when they shouldn’t. Tell an adviser if you’re worried about your details being on a national system. We’ll work with you to take extra steps to protect your information - for example by recording your problem without using your name.
Help to Claim - our privacy policy - Citizens Advice

When you use the Help to Claim service, we collect personal information about you so we can support you. We have a ‘legitimate interest’ to do this under data protection law.
Privacy policy - Citizens Advice Chapeltown

Find out how Citizens Advice Chapeltown collects, uses and stores your personal information and data
Important Information On Using This Service


This website offers general information and is not a substitute for professional advice. Always seek guidance from qualified professionals. If you have any medical concerns or need urgent help, contact a healthcare professional or emergency services immediately.

Some of this content was generated with AI assistance. We've done our best to keep it accurate, helpful, and human-friendly.

  • Ergsy carefully checks the information in the videos we provide here.
  • Videos shown by Youtube after a video has completed, have NOT been reviewed by ERGSY.
  • To view, click the arrow in centre of video.
Using Subtitles and Closed Captions
  • Most of the videos you find here will have subtitles and/or closed captions available.
  • You may need to turn these on, and choose your preferred language.
Turn Captions On or Off
  • Go to the video you'd like to watch.
  • If closed captions (CC) are available, settings will be visible on the bottom right of the video player.
  • To turn on Captions, click settings.
  • To turn off Captions, click settings again.