PLANS to give patients in England digital access to all new entries in their GP health records are in the final stages. Practices who have not already made the switch have been given a final deadline of 31 October 2023.
MDDUS has received a steady stream of advice calls ahead of the ‘go-live’ date, with a number of queries focusing around three key areas:
- considering access for patients with safeguarding concerns
- managing potentially harmful information
- proxy access to records.
Below is practical advice on these areas, as well as helpful tips from “early adopter” practices who shared their experiences with NHS Digital.
The key take-home messages are:
- Have agreed policies for identification of potentially harmful information and vulnerable patients. Ensure this provides clear guidance for all staff members and is reviewed and updated regularly.
- Maintain good communication with staff and patients. Make use of all resources available and have information visible in a variety of accessible formats.
- Ensure all staff have role-appropriate training and that this is refreshed regularly.
As the planned automatic switch-on applies only to prospective records, this is where we will focus our advice in this article. You can also read more general advice on online access in this MDDUS article.
How do we identify patients who may be unsuitable for online access?
It can be helpful to put in place a policy outlining the process to identify and manage access for key patient groups. First, you could meet as a team to identify and agree groups of patients who may be unsuitable for access.
Consider adding enhanced review codes to the records of those to exclude from auto enrolment until a discussion can take place with the patient. These might include codes relating to domestic violence, safeguarding, vulnerability (adults and children), learning disability, abuse and mental health diagnoses. Encourage the team to also consider any other patients without the relevant codes who would benefit from a review prior to enabling access.
Consider how you will flag the records to highlight the need for discussion with the patient and how you will update the records after discussion – either allowing or blocking access. Different IT systems will have different ways of doing this, so be sure to check this with your clinical system supplier.
Have a plan for patients who wish to revoke access to their online records. Be ready to act on such requests quickly as access can always be reinstated if necessary.
Make sure all colleagues (including new-starts) are aware of the policy and review regularly.
How do we manage third-party requests for access to records?
Patients often find it helpful to grant “proxy access” to their medical records to a third party, for example a trusted family member, friend or carer. The proxy can book appointments, request prescriptions, or view clinical notes on the patient’s behalf. This can be helpful for patients who lack capacity or have complex comorbidities.
The proxy should have their own login. This allows the practice to set varying levels of access depending on need, and to switch off access where necessary.
Parents often request proxy access for children, so it’s important to have a specific policy on this. The practice may decide to completely exclude parental proxy access or review the merits on a case-by-case basis. Be sure to consider the child’s age and review proxy access once the child has capacity to provide consent for proxy access. As this is likely to vary, practices may wish to implement restrictions once a patient reaches a certain age and then review ongoing access on a case-by-case basis considering patient consent and their best interests. Read more about parental responsibility.
What staff training should be provided?
Frontline staff will require a greater level of understanding, but all staff should have a general awareness and be able to provide patients with appropriate support and information.
Encourage staff not to use acronyms in records and avoid misspelling as this can create confusion or cause distress. Key messages could be posted on a staff noticeboard.
Consider appointing an online access champion who can act as a ‘go to’ for staff and patients. This will be someone able to lead the team, ensure information is up-to-date, and identify and monitor risks and issues. They may also run engagement sessions with staff and patients.
How do we best communicate with patients?
Give patients information (including how to opt out) and regular updates in a variety of formats and locations, e.g. practice website/social media, posters, newsletters, waiting room screens, patient participation group (PPG) engagement, drop-in sessions etc. Posters in public toilet areas may be helpful for more vulnerable patients.
There are many mobile apps and online services available to provide records access, with the NHS app proving popular so far. One early adopter practice recommends choosing one app and promoting this to patients to avoid confusion.
What other tips and experiences can we learn from?
One early adopter practice told NHS Digital that the overall process has been positive and less stressful than anticipated. They found it reduced the number of subject access requests (SAR) and other administrative burdens. They noted that patients were empowered and have embraced having access to their own records online.
Incoming correspondence should be reviewed carefully before filing. Avoid ‘auto file’ functions to make sure information that should be redacted isn’t uploaded to the online record. Practices should already be reviewing correspondence for action points, so this should not increase workload.
How much to redact?
Redacting sections of correspondence may lead to concerns from patients, so consider if entire letters, or consultations should be removed from patient/proxy view.
Keep in mind that redacted information and redaction flags will pop up on-screen and may be visible to patients during face-to-face consultations.
Get IT aware
GP clinical IT systems will have different ways of redacting or ‘hiding’ information from online visibility. It is important to ensure you’re fully aware of the functionality of your own system and stay up to date with guidance and resources provided by system providers and NHS Digital.
Contact firstname.lastname@example.org for more detailed advice.
- The RCGP online services toolkit has lots of useful guidance about online records access, including issues around clinical safety (safeguarding, coercion, domestic violence), proxy access and managing potentially harmful information.
- NHS England presentation (PDF) Safeguarding Related to Online Services: Proxy Access and Coercion, NHS England.
- The RCGP adult safeguarding toolkit and child safeguarding toolkit on domestic violence, relevant to the topic of coercion.
- NICE advice on recognising and responding to evidence of domestic violence and abuse and domestic violence and abuse: multi-agency working.
- NHS England guidance for care homes and GP practices - Proxy access to GP Online services by care home staff.
This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.