Skip to Content Skip to navigation
General Policy
Digital & Information
Information Governance & Security Advisor
Head of Information Governance & Security
Head of Information Governance & Security
02 August 2022
10 August 2022
10 August 2024

General Note

NHS Fife acknowledges and agrees with the importance of regular and timely review of policy statements and aims to review policies within the timescales set out.

New policies will be subject to a review date of no more than 1 year from the date of first issue.

Reviewed policies will have a review date set that is relevant to the content (advised by the author) but will be no longer than 3 years.

If a policy is past its review date, then the content will remain extant until either such time as the policy review is complete and the new version published, or there are national policy or legislative changes.

1 Function/Purpose

The purpose of this policy is:

• To ensure that NHS Fife complies with the law in relation to an individual’s rights of access to information.
• To ensure all staff are aware of their responsibilities under the law.
• To outline NHS Fife’s procedure in responding to requests for information.

This policy outlines the procedure for dealing with requests under Freedom of Information (Scotland) Act 2002 (FOISA) and Environmental Information Requests (EIR).

All requests will be handled by the Information Governance & Security Advisor (IG&S Advisor – FOISA Lead) and supported by the Information Governance team.

NHS Fife’s Information Governance & Security Advisor’s (FOISA Lead) contact details are:

Information Governance & Security Advisor,
NHS Fife,
Lynebank Hospital,
Dunfermline, KY11 4UW

Telephone: 07811 718 307

2 Introduction/Background

The Freedom of Information (Scotland) Act 2002 (FOISA) and the Environmental Information (Scotland) Regulations 2004 (EIRs) give a general right of access to recorded information held by NHS Fife subject to certain exemptions or exceptions. The purpose of the Act is to drive forward openness in Scottish public authorities.

Any individuals or organisation can request information from any public authority. The details must be provided promptly and within 20 working days of receiving the request. Requests require to be made in writing (or verbal in the case of EIRs) or other permanent form such as email.

FOISA also places a duty on public authorities to provide advice and assistance to applicants requesting information at all stages in the process.

3 Scope

Freedom of Information requests can be received by anyone in the organisation.

FOISA requests need to be in writing (or verbal in the case of EIRs) and must state the applicant’s name within the email/letter.

Please see examples below of the type of recorded information requested from NHS Fife (regardless of format), which this policy covers (please note this list is not exhaustive) -

• Information in all electronic formats, including removable media
• Information in paper format
• Emails
• Policies
• Meetings of minutes
• Information held in shared drives
• Microfiche
• Video

Freedom of Information requests are logged within our Axlr8 system. This system generates a unique reference number for the request and sends requests on to the appropriate service. Information provided by a service can be uploaded on the Axlr8 system or emailed to

4 Procedures/Processes for Staff in receipt of an information request

If you receive a request directly -
If you receive a request for information, you must pass it to the IG&S Advisor as soon as possible.

Requests are viewed as being received as soon as they enter the organisation, either by post or email. It is important to act promptly as we only have a maximum of 20 working days to respond to each request.

Failure to comply with this 20-working day deadline, or to not provide the information requested (unless exempt), is a breach of the law.

Requests for information sent to you by the IG&S Advisor -
If you are sent a FOISA request for information (via Axlr8/Email), all questions should be completed as required.

You will be given between 10-15 working days to provide all the requested information.

If there are any problems meeting this date, then please contact the IG&S Advisor immediately to discuss the issuing of a revised deadline.

All the requested information should be provided to the IG&S Advisor. If it is felt the requested information should not be provided to the requester, you must provide a reason/explanation. Information must be provided in full to the IG&S Advisor in the first instance.

Further information may be requested, or explanations required, if it is felt necessary to provide context around the response, to help an applicant understand what is being provided, or if the answer returned could create media/political interest. Please use plain English and explain all acronyms etc.

Even if the information requested is not held, we have a duty to provide advice and assistance and, as a minimum, an explanation of why we don’t have the information and, if appropriate, advice on who would hold the information.

It is the IG&S Advisor’s decision (in consultation with the relevant Executive Director/Chief Executive) if information is to be withheld and an exemption/exclusion or exception be applied, please see Appendix 2.

The main exemptions NHS Fife use are –

Section 12 – Excessive cost of compliance.
Section 17 – Information not held.
Section 25(1) – Information otherwise accessible/available.
Section 35 – Law enforcement
Section 38(1)(b) – Personal information.


If you do not understand what the applicant is asking you should contact the IG&S Advisor immediately. Clarification may need to be sought from the requester.

Requesting clarification, however, must be done promptly (within a couple of days of receipt of the request).

Where the applicant has provided insufficient information to enable the
identification/location of the information sought; it is important that clarification is requested from the applicant as soon as possible.

Appropriate help should be given to the applicant to advise and assist them in
making the request clarification.

Where an applicant does not respond to the request for information within 40 working days of the request submission (review period), the request will be closed.

Handling requests

All relevant information should be provided. If there are any concerns, including searching, locating, or retrieving the information, discuss with the IG&S Advisor immediately. Do not withhold the information.

Information should be checked by the service for accuracy before being returned to the IG&S Advisor.

If a response has not been received from the service, a reminder will be sent after 15 days and the matter escalated to the relevant Executive Director. The Axlr8 system will automatically generate reminders to the service on day 5 and day 10.

Even if the information requested is not held, we have a duty to provide advice and assistance and as a minimum an explanation of why we don’t have the information. If appropriate, advice on who holds the information would be given.

5 Reviews/Appeals Process

If someone is dissatisfied with a response or does not receive a response on time, the applicant has a right to seek a review of any decision and, if still dissatisfied, can then submit an appeal to the Scottish Information Commissioner.

Reviews are carried out by a member of the Information Governance and Security team who was not involved in the processing of the original request and will re-consider the response against the original request.

The aim of a review is to allow us to take a fresh look at the response, to confirm the decision (with or without modifications) or, if appropriate, to substitute a different decision or make available amended information.

The review procedure must therefore be fair and impartial and allow decision-makers to look at the request afresh. It should also enable different decisions to be taken.

Appeals are heard by the Scottish Information Commissioner who has powers to enforce individual’s rights under the legislation. They can be contacted as follows:

Scottish Information Commissioner,
Kinburn Castle,
Doubledykes Road,
St Andrews, Fife KY16 9DS

Telephone: 01334 464610

6 Legal Context

The policy complies with the following acts, regulations, and best practice standards:

• Data Protection Legislation
• EU General Data Protection Regulations (GDPR)
• Environmental Information (Scotland) Regulations, 2004.
• Freedom of Information (Scotland) Act, 2002
• Human Rights Act, 1998
• Public Records (Scotland) Act 2011

7 Maintaining and Destroying Records

It is a criminal offence, under section 65 of FOISA and regulation 19 of EIRs, if an individual alters, defaces, blocks, erases, destroys or conceals information with the intention of preventing the disclosure of information.

It is essential that, in addition to this policy, all staff adhere to the NHS Fife Records Management Policy, which provides guidance on good record-keeping and retention and destruction procedures.

Appendix 1 - FOI Leads

Appendix 2 - FOISA Flow Chart