Audit
A PHR should offer citizens the ability to see a record of who has accessed data in their Personal Health Record.
This should give the citizen confidence that their data has been used appropriately. Citizens can remove access from those they no longer want to share their information with.
This audit data should include:
Authentication
Citizen authentication
Citizens need to prove their identity, to access and contribute to their records securely.
NHS login is a service that offers citizens a way to prove who they are and to create a secure digital identity.
This identity can then be used to access any digital NHS services which use NHS login, including PHRs.
A PHR should use NHS login. Email [email protected] to register your interest in using NHS login in your PHR.
Health and care professional authentication
Health and Care Professionals (HCPs) might directly access the citizen data in the PHR, with the citizen’s permission.
Each HCP’s identity needs to be verified to securely access this citizen data.
NHS Identity is a service being created to prove the digital identity for HCPs and should be used by your PHR once available.
Registration
The citizen needs to register onto your PHR platform, to have an account on it.
This registration process is simplified for PHRs that use NHS login, as most of it is completed when the citizen registers for it.
An NHS login digital identity might not be enough alone to grant a citizen access to a PHR. That access might need to be authorised by clinicians.
The PHR provider will need to develop a way for that access to be authorised.
Access authorisation
The PHR should also provide the citizen with a way to choose:
-
to share all or some aspects of the information in their PHR, with others that they choose to authorise
-
the level of access that others will be granted, like read-only access or write access
Health and care professional should be identified by their NHS Identity, when granting them access.
Family, friends and carers gain access differently, such as by an email invitation.