Skip to main content

Safeguarding your patients

Find out about record access for vulnerable patients. This guidance also provides information on refusing, reviewing and revoking proxy access.

Page contents

If your patient is aged 15 and under

This page has general information on safeguarding.

Our guidance on safeguarding young people and children has information specifically about safeguarding patients aged 15 and under.

Overview of safeguarding

Adult safeguarding in primary care is: 

  • identifying, supporting, and empowering vulnerable people 
  • giving a voice to people who are not being heard 
  • protecting the basic human rights of everyone in our communities 

The Royal College of General Practitioners (RCGP) Safeguarding toolkit has safeguarding guidance for different roles in your practice.

Record access for vulnerable patients

It's important to balance the benefits of record access with the risks for vulnerable patients.

Patients with care and support needs, for example older people or people with disabilities, are more likely to be abused. They can be seen as an easy target and may be less likely to know they're being abused or to report it.

Patients who have difficulty communicating can be particularly vulnerable. They may be unable to tell someone what they're experiencing.

Access to patient data should only be given when it's safe to do so. This decision should be made in the patient's best interests.

You may need to check an authoritative source for safeguarding concerns. This could be your local authority safeguarding database.

Safeguarding vulnerable groups (Word doc, 838KB) from the RCGP GP online services toolkit has more information on protecting vulnerable patients.

Redacting information

Having a detailed GP record can provide support for a patient who has experienced abuse. But if the abuser can access the same information, the patient can be put at risk.

It's important that you recognise and act on evidence of safeguarding risks. You can hide any potentially harmful information in the record from the patient's online view. This process is called redaction.

Potentially harmful data in the RCGP GP online services toolkit has guidance on managing potentially harmful information.

Refusing, reviewing and revoking proxy access

When to refuse an application

A proxy application should be declined if:

  • you suspect that the patient consenting to proxy access is not doing so willingly
  • you believe a patient aged 15 or under is competent to make a decision on access and does not give their consent for proxy access
  • you suspect that proxy access will create a risk to the security and privacy of the patient
  • you assess that the proxy access being requested is not in the best interests of the patient
  • the patient, who has previously stated that they do not want to grant proxy access to a specific person, loses capacity (either permanently or temporarily) and this person then requests proxy access – the advance decision should always be recorded in the patient's record
When to review proxy access for adults

Proxy access should be reviewed when:

  • the patient requests this, when proxy access has been granted with the patient's consent

  • any situation happens that would have led you to decline this access after granting it

  • the patient loses capacity to give consent, unless consent was given beforehand for proxy access to continue after they lose capacity

  • proxy access has been set up for an adult patient who lacks capacity, and there is a change in this that means the patient now has capacity to consent – proxy access should only continue with the patient's consent

  • a change is made to the patient's record, as this lowers the risk of sharing harmful information 

Review any access granted to proxies on a regular basis. 

Safeguarding young people and children has information on reviewing proxy access for patients aged 15 and under.

When to revoke proxy access for adults

 Proxy access should be revoked: 

  • if new safeguarding concerns may mean that access will no longer be safe – revoke access as soon as you are aware of the safeguarding concern, and record the reason why access was revoked in the patient's medical record 

  • when the patient reaches the age of 16 – if the proxy wants their access to continue, the patient must consent to this. If they do not consent, access must be revoked 

  • if the proxy dies – revoke access to the patient’s medical record and services 

  • if the patient dies – revoke all access for the patient and all proxies. Follow local protocols and procedures for access to historic records 

Managing conflicting actions between proxies

Sometimes when a patient has more than one proxy, there can be conflicts between actions. For example, a parent can keep trying to book an appointment for their child, but the other parent keeps cancelling it. This could also be adult children acting as proxies for their elderly parent.

If you notice one proxy repeatedly counteracting another proxy's actions, this access must be reviewed by a clinician. A proxy can only have this access continued if they're acting in the patient's best interests. This decision is based on clinical judgement.

Discussing changes to access with patients and proxies

If you discuss changes made to access with patients and proxies, make sure that doing this does not risk patient safety.

For example, telling a proxy about their access stopping could lead to patient harm. Especially if the proxy has coerced the patient to ask for this access in the first place.

How coercive control can affect patients

By gaining access to the patient's GP online services, abusers can:

  • read what the patient has told a healthcare professional, to see if they have mentioned their abuse

  • find out if the patient has accessed healthcare that the abuser may not want them to access

  • think the patient has discussed their abuse, if a consultation has been redacted from online view

This can lead to:

  • an increased risk that the abuser will harm the patient, as "punishment"
  • the abuser not allowing the patient to access healthcare services
  • the abuser insisting on attending appointments
  • the patient not feeling safe to speak about their abuse with a healthcare professional, so they stop getting help and support
  • the patient not seeing healthcare settings as safe places

Coercion (Word doc, 154KB) from the RCGP GP online services toolkit has more information on how coercion can affect patients.

Identifying coercive control

Think about possible coercive control if:

  • the patient is always accompanied to an appointment
  • someone always speaks for the patient
  • the practice gets information about a patient from someone else, especially information that tries to undermine the patient in some way
  • someone demands full or proxy access to the patient's record
  • someone contacts the practice to ask why the patient's online access has been blocked or switched off or why documents are hidden
  • the patient always has to check with someone before they agree to anything

This is not a complete list and, on their own, these examples do not show that the patient is a victim of coercive control. There may be valid, non-abusive reasons for these situations to happen.

However, they can be signs of abuse or coercion, especially if you notice several examples or already suspect abuse.

Coercion (Word doc, 154KB) from the RCGP GP online services toolkit has more information on identifying coercive control.

Suspecting abuse or coercion

If you suspect that a patient is a victim of abuse or coercion, shared record access can put them at risk.  

The RCGP Safeguarding toolkit part 3A: Responding to abuse and neglect has information on how to respond to suspected abuse.

Last edited: 11 December 2024 9:23 am