Access to patient records: Responses to commonly asked questions

Patients are being given online account access to their future, or prospective, full general practice health record including free text, letters and documents.

Patients will see new information once it is entered, or filed, onto their record in the clinical system. Patients will not see their historic, or past, health record information unless they have already been given access to it by their general practice.

Patients whose general practice uses the TPP or EMIS system will see new general practice records entered. This will be made visible to patients through the NHS App or existing GP online services apps that already securely provide patients with access to this health information.

Full records access can include coded information, free text, consultations and documents. Patients with full record access will not see any change.

If you already provide detailed coded records (DCRs) access, patients will now be able to see their future free text and documents, in addition to their existing detailed coded records. 

We are not changing the need for a patient to request access to their historic information, and plan to digitise this process so that it is easier for patients and general practice. This will be phased in carefully, using the NHS App, to ensure that general practice is not overloaded with requests.

If you have already provided historic access to a patient, they will now be able to see their future free text, consultations and documents in addition to any historic access they already have. 

Future (prospective) records access means access to information and data added to the patient record from a set date onwards. This may be the date that a patient joined the practice or from a date when access has previously been granted.

Patients who have had future (prospective) assets set up before the change will continue to be able to view this information.

If a patient moves general practice the data previously disclosed will no longer be visible. Once registered with the new practice, the patient will be able to access all future/prospective information entered onto the new general practice system. The new general practice is able to manually provide access to historic information if this is appropriate. 

There are no changes to proxy access.  

This change to records access will only apply to people aged 16 years or older. If a young person is Gillick competent they may already have access to their records so it is still necessary to screen information for these patients.

People with online accounts set up before their 16th birthday will receive access to records entered after their 16th birthday when they turn 16.

These changes will not change the status of general practice as a data controller. General practices are already obligated to provide access to all future information unless there are exceptional circumstances. The practice decides on the information to be made available to patients by entering the information onto the clinical system, or by reviewing and responding to digital requests for historic coded data.

It is the responsibility of each general practice, as the sole data controllers, to undertake a data protection impact assessment (DPIA) to identify and minimise data protection risks. This needs to reflect the individual service provision, system configuration and processes that are in place within the organisation.

For the provision of access to future information, patients will access the same personal information as they do currently via the NHS App and other existing record access apps. There is no change to the category of personal information being processed, the organisations involved or how that information is being processed and secured. These changes alone are not sufficient to necessitate an update to general practices’ DPIAs. However, as data controllers each general practice should make an individual assessment of whether their DPIA needs to be reviewed and updated.

NHSEI is currently undertaking a DPIA to provide a template for use by local practices.

It is important to note that although patients have a right to rectification and a right to erasure, all diagnoses should remain in the record. Incorrect records and other matters of fact should be indicated as such and rectified.

The responsibility for information lies with the creator of the document. The patient may disagree with the content held on the record and this may be recorded. If information held within the record is agreed to be incorrect this should be recorded and remedied.

Further information:

• Right to rectification
• When a patient wants to amend their medical records

General practice obligations are aligned to the UK General Data Protection Regulations (GDPR) for Subject Access Requests (SAR). Information should be disclosed unless it would be likely to cause serious harm to the physical or mental health of any individual. This is known as the ‘serious harm test’ for health data.

When entering information relating to a third party into the patient’s record, you will also need to decide whether it is appropriate for this to be disclosed.

GP practices will continue to be able to redact individual free-text consultation notes, clinical codes and documents from patient view, or amend a patient's access after the changes have been made. This functionality already exists and is available in general practice systems as part of the current record access functionality.

It will also be possible for practices to identify individual at-risk patients to be excluded from these changes by adding a Systemised Nomenclature of Medicine (SNOMED CT) code to their record. These patients will then require an individual review and have their settings manually applied if access can be provided without a risk of serious harm.

Further information and guidance on the use of this SNOMED CT code.

Prospective access to full records is subject to the same safeguarding requirements and management of third-party information as applied when patients have access to their DCR. When recording third party information, that is unknown to the patient, GP practices will need to ensure that this information becomes hidden from patient view.

GP practices should ensure that information is recorded in a way which is accessible to patients. Guidance on safeguarding, sensitive data and data recording is available within the records access section of the Royal College of General Practitioners (RCGP) toolkit. 

An individual’s right to access their information that is held by an organisation is a legal right enshrined in law, and general practice requirements for a patient's digital access comply with those rights under Article 15 of GDPR. The decision to withhold information should take into account the guidance issued by the Information Commissioner’s Office (ICO), the UK data regulator. The practice must consider whether disclosure would be likely to cause serious harm to the physical or mental health of the data subject or another individual (Paragraph 2(1) of Schedule 3, Part 2 of the DPA 2018). BMA guidance on the Serious Harm Test states circumstances in which information may be withheld on the grounds of serious harm are extremely rare. Not every patient who has safeguarding concerns is at risk of serious harm from access to their record information.

General practice is required to provide patient access “if its computerised clinical systems and redaction software allow”. Both EMIS and TPP have an established ability to make information invisible from patient view (redact) as it is being entered into the general practice clinical systems, before it becomes available for patient view. This applies to information entered directly into the clinical system, such as consultation information and test results or documents received by general practice. Vision (Cegedim Healthcare Solutions) are not yet fully compliant with the NHSD GPIT Futures requirements for provision of citizen access to records and are working with them to achieve this.

Within EMIS and TPP it is only possible to make invisible the entire consultation entry or document attachment from patient view. This is a limitation of the current redaction software, and we therefore do not expect general practice to provide patient access to part-entries should a component require redaction.

Making records available for all patients requires general practice to consider if redaction is required as information is entered onto the system, in real time. Some people already have ongoing access to their records and whilst clinical judgement would have been exercised when access was initially given, a patient can subsequently develop a safeguarding concern. All staff entering information into the record must have an awareness that the patient may be able to see it and know when and how to hide information from patient view.

We are therefore not requiring general practice to review every patient's entire record before future access is given, but to ensure that an awareness of the patient's ability to view their information is integrated within their existing processes. Those patients most at risk of serious harm will already have safeguarding plans in place and should already be known to general practice. As this is a specific concern, we will undertake some focused work with the profession to provide clearer direction in this area.

Through the GPIT Futures framework we have submitted requirements to the GPIT suppliers who have subsequently interpreted how best to implement changes within their software. 

The following provides more information on the technical delivery approach being adopted.

TPP already supports provision of records access, including the ability to redact information before it becomes available for patient view. TPP has identified that it is already possible to change existing user settings for groups of existing users to provide access to future information and change system defaults to provide this access for new users. No functional change is required to their software, and the requirements will be delivered through an SQL script.

EMIS already supports provision of records access, including the ability to redact information before it becomes available for patient view. While they support the concept of providing access to future information, this is provided alongside historic coded problems and consultation data. Their system therefore requires changes to support the concept of providing only future information, with additional related changes to the record access configuration screen. The requirements can then be delivered through an SQL script.

Vision does not support patient view of free text or documents. They are not currently fully compliant with the existing mandatory requirements of the GP IT Futures framework. Further work is required to identify an appropriate technical delivery plan that delivers benefit to general practice and patients.

There is an existing professional responsibility to ensure that records are legible and patients understand and are informed about the care that is being provided. Clinicians will, therefore, need to write notes bearing in mind that patients may see them. While this is a common concern, our engagement with practices where record access is routinely available, and as wide international experience suggests, this is not a significant issue for patients.

Within the NHS App there is currently a ‘help with abbreviations section’ that supports users with abbreviations commonly found in medical records. We are continuing to improve our national resources to support patients to become more actively involved in their care, and as more people have access to their information this will help justify further investment into improving services and systems to improve the record access experience.