Learn about the sort of access to your medical records insurers may request when you apply for policies like life insurance and health insurance.
Besides diaries kept under the bed, love-letters, or those texts you unwisely sent to your old flame at four o'clock in the morning, it's hard to think of anything as deeply personal as your own medical records.
It's reassuring, then, to assume those documents are kept securely under lock and key - both literally, in the case of physical pieces of paper, or in the virtual world of computer files.
Yet there are occasions when a third party - such as the police, courts, social services, or even the DVLA - can have access to an individual's medical records via a doctor, without a person's consent. These circumstances are strictly governed.
There are also times when medical records can be seen by others with the patient's consent. Insurance companies fall into this second category.
It's worth reinforcing that basic point. Unless you've given your written permission, no insurance company can get their hands, or eyes, on your medical history.
Subject access requests are powerful and may lead to all of the information held by an organisation being disclosed
ICO spokesman Greg Jones
This protection is given legal force by the Data Protection Act (1998).
However, if you agree to disclosure then your doctor will normally comply with an insurers' request to examine your records.
The key questions that arise are what amount of those records are seen and what relevance they have to the particular insurance application being made.
These are currently hotly contested issues within the debates over privacy, data collection and medical ethics.
Over 50s life insurance doesn't require a medical check, but there are some serious downsides to think about if you're considering one of these policies.
If a medical condition is disclosed then insurers may seek more information from your doctor's records in order to work out the premiums, or could impose certain restrictions on cover.
As mentioned, the customer must give written consent and the doctor should only provide records that relate to the application.
Some doctors argue that if patients feel their entire records are routinely viewed by insurers they may decide not to reveal certain conditions to their GP
Increasingly, however, some insurance companies have asked patients to agree to make their entire medical records available.
The companies have argued that this is more efficient and keeps down costs.
It's done through the customer making an enquiry to his doctor known as a subject access request.
This is the formal legal right anyone has to see the medical information held on them, in order to challenge it if it's wrong.
In this case, though, the customer is not usually seeking the entire record to check it - but simply asking that it be passed on to the insurance company.
The Information Commissioner's Office - the body responsible for balancing privacy with information rights - has confirmed that it's currently investigating this method, which is being used by some insurers.†
"The Data Protection Act provides individuals with a right to make a subject access request to find out what information is held about them and to hold organisations to account," said ICO spokesman Greg Jones.
"These requests are powerful and may lead to all of the information held by an organisation being disclosed.
"The Access to Medical Reports Act provides a means for insurers to find out relevant medical information with appropriate safeguards. We are in the process of analysing how insurers access medical information and how this complies with the Data Protection Act."
The ICO are not the only group with concerns over this blanket approach to obtaining medical information.
Insurers will only take into account information on something they judge to be relevant to their ability to risk and underwrite a specific customer
Some doctors argue that if patients feel their entire records are routinely viewed by insurers they may decide not to reveal certain conditions to their GP.
Dr Pallavi Bradshaw, medicolegal adviser at the Medical Protection Society, which advises doctors on legal and ethical issues, said:
"If a patient has provided signed consent, the doctor can release their medical records to insurance companies as per caveats of the Data Protection Act.
"Many patients may not appreciate the implications of the release of their full medical records which will contain personal sensitive material, much of it historic and irrelevant to the application for insurance."
It's worth noting that as well as having the right to see your medical records, or to allow others to have a look, everyone also has the right to see them before passing them on.
If you feel that there's too much information that should be kept private, or that the records distort the true picture, then you can always stop it being sent to the insurer.
Remember, though, that such a refusal could well result in you not being offered the insurance policy.
The Association of British Insurers (ABI) insist that they take a responsible view and that relying on narrower answers from doctors can leave them short of the necessary facts.
An ABI spokesman said: "Insurers will only take into account information on something they judge to be relevant to their ability to risk and underwrite a specific customer.
"The challenge is that asking the GP to provide information they judge to be relevant to a specific condition or symptom often results in the insurer not getting the full information they need."