GP practices in England will be aware that from April 2022 people aged 16 or over can register for an online account to view their medical records. Patients with the NHS App and other online accounts will be provided with digital access to new entries in their GP health records under NHS Digital plans.
There have been calls to delay the “go live” date for this but NHS Digital has yet to issue an update.
Real-time redaction of records
Patients are currently able to access personal information under a data subject access request (SAR) and the records should be carefully checked before being disclosed. The new arrangement will mean that GPs have to consider the impact of each clinical entry being made in real time. However, patients will not see new personal information (e.g. scanned documents or positive test results) until they have been checked/authorised in order to give clinicians the opportunity to contact and speak to patients first.
Patients will still be required to file a SAR to view historic coded records (filed before the "go live" date), allowing requisite checks. This is expected to be made easier via the NHS App later in 2022 but there will be no requirement for general practices to review the retrospective records of every patient. Those patients who already have been provided digital access to their past health records will maintain this access.
Prospective access to records will be subject to the same safeguarding requirements and management of third-party information as when applied to a SAR, and practices should ensure that an awareness of the patient's ability to view their information is integrated within existing policies and processes.
Sensitive third-party data
GP records often contain confidential information directly relating to a third party or information that has been provided by a third party, which is clinically relevant and may be considered sensitive. Practices must ensure that careful consideration is given to what third-party information which is unknown to the patient is redacted from the patient’s view (the ICO provides some guidance on this here). It is therefore essential to review how entries are made and also to consider how third-party information (as well as information which could cause serious harm) is identified and redacted at the point of entry into the records.
Practice staff entering data into patient records must be able to recognise the circumstances in which information should be hidden from patient view – and how this done. Additional training may be necessary in this regard and staff should be encouraged to ask senior staff when in doubt.
One particular area of concern is redacting information contained in letters from hospitals, as this could be overlooked without clinical checks taking place.
What is sensitive data?
Particular examples of sensitive data might include third-party identifiers in child protection reports or clinic letters received by the practice, where the status of other family members is being discussed.
Another example would be information that has been provided to a clinician by a family member or other acquaintance about a patient which is considered to be clinically significant, and where the third party has an expectation of confidentiality. For example, a patient’s wife might raise concerns with the GP about her husband’s increased alcohol consumption.
A practice might also receive information about a patient that raises concern about a vulnerability or safeguarding issue, which might need to be recorded and followed up to establish veracity. In such cases, the identity of informants should be redacted from patient view.
Retrospective redaction of records: responding to SARs
GP practices in England redacting third-party information from records in real-time will mean that future data subject access requests should become more straightforward.
Understanding responsibilities in relation to third-party information is important when dealing with a subject access request for retrospective records. Many practices use redaction software to assist in the process of complying with a SAR. In other practices, administrative staff undertake this process. It is important that records subject to a SAR are clinically reviewed to be certain no third-party sensitive information and/or harmful information has been missed.
Other healthcare professionals
Third-party identifiers do not include other healthcare professionals, who must remain identifiable, and anything they have written in a patient’s record regarded as personal information can be legitimately disclosed. This comes with the usual exception of information that could cause serious harm (for example, information about a possible mental illness diagnosis contained in a psychiatrists letter, where a clinical decision was made to withhold this from the patient).
NHS England are running online awareness sessions (Microsoft Teams) for GP and operational staff on getting ready for patients to have access to their future data.
- Be aware that patients will be able to see their future records and ensure that practice systems have been updated to comply with the new online access arrangements.
- Consider if additional training will be required for all staff who make entries within patient records.
- Ensure that unconsented third-party identifiers and information have been redacted from prospective clinical record entries before access is provided to eligible patients, or when responding to a SAR for retrospective access to records.
Alan Frame, risk adviser, MDDUS
This page was correct at the time of publication. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.