Skip to main content

Safeguarding and managing inappropriate use

Guidance on when to adjust settings in patient accounts in your clinical system.

Page contents

As the NHS App uses NHS login, most patients can get access to the GP online services available through the app without the practice having any involvement.  If they don't already have a GP online services account, they will get the practice's default level of access to these services, generally: appointment booking, repeat prescription requests and summary record level access to their medical records, which includes personal information, recent medications and allergy information.

To prevent a patient from having access to this level of access, you need to adjust the settings within their account.

Safeguarding reasons for restricting access include where the patient:

  • cancels appointments they need, for example if they have dementia - all appointments can be cancelled through the app, even if they were booked in person
  • is at risk of coercion through online access

Appointment booking also has the potential to be misused.

Your practice should already have a procedure in place for managing this issue with other online services, but if your procedure has been simply to delete the online account, this needs to be amended.

Guidance on coercion and other considerations can be found in RGCP guidance on GP online services.

Stop patients accessing services

If you need to revoke patient access to appointment booking or record access, it is important to do it within the individual patient's online account settings. If you simply delete their whole online access account, a new one will automatically be created the next time they use the NHS App.

Last edited: 23 November 2020 3:38 pm