Delete your personal data from the NHS
Rightly, Champions of Data, empowers you to easily and securely manage your personal online data.
In February 2022, it was reported that the NHS had leaked personal data from tens of thousands of people, including details of medical procedures, names and addresses, including children. In 2021, in another incident the private data of thousands of NHS patients was wrongly shared with strangers, including a case where a person’s HIV status was released.
On this page we’ll explain why it’s a good idea to get your data deleted from the NHS and how to go about it. Or if you just want to get started, click the Start Now button which will take you directly to our Rightly Protect service, enabling you to find out who has your data and get it deleted, quickly and for free.
Can I delete my data from the NHS?
Yes you can! You have the right to ask any organisation to delete all the data they hold on you and they have to comply within 30 days. This right flows from GDPR (General Data Protection Regulation) legislation and if companies don’t comply without a valid reason, they can be in trouble.
How do I delete data from the NHS?
The easiest way to get your data deleted from companies like the NHS is to use our Rightly Protect service. In addition to picking the NHS and asking them to erase your data, you can use our service to analyse your email inbox to figure out all the companies that have your data. Then, you can ask all of them to delete the data they hold on you in one click. Because many companies have your data, even companies you’ve never heard of, and it often runs into hundreds or even thousands of organisations putting your data at risk.
How long until the NHS responds?
The NHS should reply within one calendar month. If they have genuine reasons that they need extra time to consider your request, they can take up to an extra two months - but they should let you know within one month that they need more time and the reasons why. If you’re unhappy with how they respond, you can make a complaint to the NHS and then if you’re still unhappy, you can complain to the ICO (Information Commissioner’s office).
Does the NHS actually delete your data?
Yes, it’s a legal requirement. After one calendar month has passed since your account deletion request, your account and all of your information will be permanently erased by the NHS, and you will not be able to retrieve it.
What type of data does the NHS store on me?
The NHS can collect a wide range of data from registered users:
● Names and passwords
● Phone numbers
● ID photos
● Medical photos
● Xrays and scans data
● Metadata on how people use the the NHS
● Facial recognition data
● Data on which devices are linked to which accounts
● Geolocational data
● Medical records
What does the NHS do with my data?
The NHS holds data so that it can keep records and help you navigate medical services and access health information on computers and mobile devices. It combines data generated through your GP with data from hospitals in both private and public sectors.
Other data that the NHS collects helps the organisation perform strategic market research, communicate directly with users, and counter suspected misuse.
Why delete my data from the NHS?
The NHS has suffered a series of breach attempts and there can be little doubt that hackers will continue attempts to compromise your personal data.
If you are worried about the data held by the NHS about you, you can instruct the organisation to delete all the data they have about you and so prevent it from being stolen as a result of a data breach.