Advice: Redacting sensitive information from health records

Patients will soon have digital access to their GP health records. Risk adviser Alan Frame offers advice for practices on redacting records in real time.

RedactingBIG changes are ahead for GP practices in England with plans to allow people aged 16 or over to register for an online account to view their medical records. Patients with the NHS App and other online accounts will be provided with digital access to new entries in their GP health records under NHS Digital plans.

The scheme has faced delays, with the most recent “go-live” date pushed back from April 2022 to November 2022.

Giving access to patient notes in this way will significantly impact practices’ day-to-day management of records.

Real-time redaction of records

Patients are currently able to access personal information under a data subject access request (SAR) and the records should be carefully checked before being disclosed. The new arrangement will mean that GPs have to consider the impact of each clinical entry being made in real time. However, patients will not see new personal information (e.g. scanned documents or positive test results) until they have been checked/authorised in order to give clinicians the opportunity to contact and speak to patients first.

Patients will still be required to file a SAR to view historic coded records (filed before the "go-live" date), allowing requisite checks. This is expected to be made easier via the NHS App later in 2022 but there will be no requirement for general practices to review the retrospective records of every patient. Those patients who already have been provided digital access to their past health records will maintain this access.

Prospective access to records will be subject to the same safeguarding requirements and management of third-party information as when applied to a SAR, and practices should ensure that an awareness of the patient's ability to view their information is integrated within existing policies and processes.

Sensitive third-party data

GP records often contain confidential information directly relating to a third party or information that has been provided by a third party, which is clinically relevant and may be considered sensitive. Practices must ensure that careful consideration is given to what third-party information which is unknown to the patient is redacted from the patient’s view (the ICO provides guidance on this).

It is therefore essential to review how entries are made and also to consider how third-party information (as well as information which could cause serious harm) is identified and redacted at the point of entry into the records.

Practice staff entering data into patient records must be able to recognise the circumstances in which information should be hidden from patient view – and how this is done. Additional training may be necessary in this regard and staff should be encouraged to ask senior staff when in doubt.

One particular area of concern is redacting information contained in letters from hospitals, as this could be overlooked without clinical checks taking place.

What is sensitive data?

Particular examples of sensitive data might include third-party identifiers in child protection reports or clinic letters received by the practice, where the status of other family members is being discussed.

Another example would be information that has been provided to a clinician by a family member or other acquaintance about a patient which is considered to be clinically significant, and where the third party has an expectation of confidentiality. For example, a patient’s wife might raise concerns with the GP about her husband’s increased alcohol consumption.

A practice might also receive information about a patient that raises concern about a vulnerability or safeguarding issue, which might need to be recorded and followed up to establish veracity. In such cases, the identity of informants should be redacted from patient view.

Retrospective redaction of records: responding to SARs

GP practices in England redacting third-party information from records in real-time will mean that future data subject access requests should become more straightforward.

Understanding responsibilities in relation to third-party information is important when dealing with a subject access request for retrospective records. Some practices use redaction software to assist in the process of complying with a SAR. In other practices, administrative staff undertake this process. It is important that records subject to a SAR are clinically reviewed to be certain no third-party information or harmful information has been missed.

Other healthcare professionals

Third-party identifiers do not include other healthcare professionals, who must remain identifiable, and anything they have written in a patient’s record regarded as personal information can be legitimately disclosed. This comes with the usual exception of information that could cause serious harm (for example, information about a possible mental illness diagnosis contained in a psychiatrist’s letter, where a clinical decision was made to withhold this from the patient).

Training available

NHS England are running online awareness sessions (Microsoft Teams) for GP and operational staff on getting ready for patients to have access to their future data.

Key points

  • Be aware that patients will be able to see their future records and ensure that practice systems have been updated to comply with the new online access arrangements.
  • Consider whether additional training will be required for all staff who make entries within patient records.
  • Ensure that third-party identifiers and information have been redacted from prospective clinical record entries before access is provided to eligible patients, or when responding to a SAR for retrospective access to records.
Alan Frame is a risk adviser at MDDUS

For registration, or any login issues, please visit our login page.