Skip to main content

Using Enhanced Review (SNOMED) codes when giving a patient access to their health record

From summer 2022, patients will be able to use the NHS App and other online services to read new entries in their health record.

Ahead of the change, where there may be safeguarding concerns, healthcare workers can prevent patients from having automatic access to new information by adding a Systematised Nomenclature of Medicine (SNOMED CT) code to their record. 

Records with this code will be excluded from the changes and will then need to be reviewed on a case-by-case basis to identify if access can be provided without a risk of serious harm.


SNOMED codes to be used by general practice

1364731000000104 Enhanced review indicated before granting access to your own health record 

Add this code to a patient's record in order to prevent them from automatically being able to see new entries. This will mean that you will have to undertake a review to determine if it is safe to offer records access.

1364751000000106 Enhanced review not indicated before granting access to your own health record

Should the patient be considered as being no longer at risk, adding this code into a patient’s record will override the SNOMED code 1364731000000104. This means the patient will automatically receive access to information should an online account be created, for example by registering for the NHS App.


Other considerations when using SNOMED codes

  1. Even when access has previously been denied, it is necessary to apply the 1364731000000104 Enhanced review code to prevent the patient from automatically receiving access to future information.
  2. When removing record access from someone who already has it the 1364731000000104 Enhanced review code will not change any access settings the patient already has. It is therefore important to also manually update the record settings. This code has no impact on pre-existing or historic record access.
  3. This code does not affect proxy access but when applied to those under 16 years old it will prevent them from automatically having access after their 16th birthday.
  4. A patient's circumstances will change and these codes should be updated and their record access settings reviewed when a risk is identified in order to mitigate any potential for harm. 

Patients transferring to a different general practice

These codes will transfer with the patient record via GP2GP and the same logic will apply at the receiving practice once the record has been received and accepted. 

Should GP2GP fail, or an online account be created before the transfer, the healthcare worker will need to manually update record access settings once the previous record has been received to ensure it is appropriate. Prospective access will recommence from the date the patient is registered at the new practice.


Information patients will be able to see following the change

The information patients will be able to see on their GP record from this summer includes free text, letters and documents concerning their care. Patients will not see information such as test results until they have been checked and filed, giving clinicians the chance to prevent information from being visible, or contact and speak to patients first. 

Historic health record information which was on file prior to the switch on will not automatically be made available, unless the GP practice has already granted full or partial access to the record. Individuals can still request full access via an Subject Access Request (SAR).


Information that is exempt from disclosure

There are several exemptions that are set out under data protection legislation which allow entries to be redacted from an individual that has requested access to their record. These apply for online access, just as they would when dealing with a Subject Access Request (SAR).  

One of these exemptions is that you should not disclose information that is likely to cause serious physical or mental harm to the patient or another person. Cases of this are rare, but examples include allegations of abuse, particularly if the individual concerned has proxy access to the record, information about an ongoing police investigation.


Safeguarding vulnerable people

The vast majority of individual patients who are at risk of serious harm will belong to known high risk groups, including known victims of domestic abuse, any adult with an adult safeguarding code on their record and where the individual may lack capacity. Many of these patients will already have safeguarding plans in place and should already be known to general practice, however this list of high risk groups is not exhaustive and the practice may have concerns about patients who do not fall within these groups and may choose to block their future automatic access as well. Specific guidance on providing safe patient online record access is available as part of the RCGP patient online toolkit.

Healthcare workers should consider turning off access for any individual considered to be vulnerable to coercion, whose recorded information may be harmful to them, or who is unable to keep it secure. This functionality already exists in general practice systems. 

When a patient is at risk or has had their access turned off, the 1364731000000104 Enhanced review code should be added to their record. This will prevent access to future health information being automatically given should the patient transfer to another general practice or create a new online account in the future. 


Patient Online Toolkit

Last edited: 16 May 2022 10:29 am