Skip to main content

Set up proxy access with our service

Once you get an application email from our service, you can use our step-by-step guidance to help you set up proxy access. Continue to use your standard practice process if this is more suitable for your patient.

Page contents

Step 1: Find out who made the application

Either the proxy or the patient can use our service to apply for proxy access.

We say who has applied in the subject line and throughout the email that you get sent.

Step 2: Check who we've told about the application

Check if we've told the patient or the proxy about the application being made. We contact the applicant by using their NHS login contact details.

We only contact the person named in the application if their contact details are stored on the Personal Demographics Service (PDS).

If we have not contacted them, we'll let you know in the application email.

If the application is for access to a child's services, we do not contact the child.

Step 3: Verify identity

We only verify the identity of the person that makes the application. We do this by using the highest level of verification through NHS login. You can find out how applicants prove their identity on getting patients started with NHS login (NHS Digital).

If the patient makes the application, you need to verify the proxy's identity.

If the proxy makes the application, you need to verify the patient's identity.

Use your standard practice process to verify this and to update your clinical system with this information.

If a proxy is applying for access to the services of someone aged 15 and under, check that the proxy has legal parental responsibility for them. 

We do not verify legal parental responsibility through our service. Use your standard practice process to do this.

If you've verified proof of parental responsibility before, this may already be recorded in your clinical system. 

Supporting information in the application email

In some cases, we can confirm a birth mother to child relationship from PDS. This confirmation gives you the same information as viewing the birth certificate would.  

We also ask what document the applicant has that may help to show their legal parental responsibility for the child.  

This supporting information is shown in the application email we send you. 

This may help verify legal parental responsibility and the identity of the child. 

Use your standard practice process to confirm this and to update your clinical system with this information. 

On its own, this information is not proof of parental responsibility, but it can help support your duty to verify parental responsibility before granting access.  

Documents may not reflect the current situation, and you should also check for any safeguarding issues as part of reviewing the application. 

How we check for birth mother to child relationships

Every child’s PDS record has their birth mother’s NHS number stored in it, if the child was born after 2011 in the UK. This is added by a clinician, as part of the birth notification process. 
 
We only check for this on PDS if both: 

  • the child was born in or after 2011 
  • the proxy’s gender is stored in PDS as female 
If we've confirmed the birth mother to child relationship

If we've confirmed a birth mother to child relationship, seeing a birth certificate will not give you any more information about this relationship.  

If the applicant says they have been named on another document, you may need to check this. 

Not all birth mothers have parental responsibility. You should check for any safeguarding issues to make sure you're aware of the current situation. 

If we've not confirmed the birth mother to child relationship

If we've run the check, and we’ve not been able to confirm a birth mother to child relationship through PDS, the applicant may still be the parent that gave birth to them. This does not stop an application being made.

We cannot confirm a birth mother to child relationship for:  

  • birth mothers of children born before 2011 
  • birth mothers of children who were born outside the UK  
  • parents who gave birth and later changed their gender on PDS from female, as they will have been given a new NHS number 

We currently only check for birth mother to child relationships. This will be expanded in the future. 

This means we cannot currently confirm a relationship for adoptive parents or second parents. 

How we check the adult's and child's addresses

Our service checks if the adult's and child's addresses match on PDS. Whether they match or not, we ask the adult what their address is and if this is the child's main address. 

We send you this information in the application email. You can check this against what is in your clinical system.

We do not check any addresses if the application is for access to an adults services. 

Step 5: Check for any safeguarding concerns

It's your responsibility to check for any safeguarding concerns before granting proxy access to someone else's medical records and services.

You can check for safeguarding concerns by:

  • checking notes on the patient's medical record

  • checking an authoritative source of safeguarding information – for example, you can use the Child Protection - Information Sharing (CP-IS) service to check if a child is on a child protection plan

  • checking local safeguarding information – for example, you can check for safeguarding flags recorded in their medical record

You may need to check for concerns about other family members too.

When the patient is aged 15 and under, it's usually best for a GP that knows them well to make the decision on granting proxy access. Consider if this access could be used by someone to abuse the child.

The RCGP Safeguarding toolkit has detailed guidance on safeguarding adult and child patients.

If the patient is aged 16 or over

For a patient who is aged 16 or over, you must assume capacity to consent to proxy access, unless you have evidence that they lack capacity.   

If you have evidence that they lack capacity, a clinical professional must assess capacity to consent before granting proxy access. This is to make sure that the access granted is done with the patient's changing capacity and their best interests in mind. 

The clinical professional must be experienced in assessing mental capacity.  

The Mental Capacity Act (MCA) code of practice (GOV.UK) has more guidance on this. 

When the patient doesn't have capacity, record in the patient's record:   

  • the patient's lack of capacity  

  • the date capacity was assessed  

  • the basis for granting proxy access and evidence provided  

  • the details of the proxy  

  • the level of access the proxy was granted 

If the patient is aged 11 to 15

When using our service for this age group, the proxy is asked if they think the child patient has capacity to make an informed decision on proxy access. We tell the proxy to speak to the patient about the application, if this is suitable.

If they choose the option no to the child having capacity, the proxy can enter a reason why they think this. The proxy may use this to let you know about a medical condition or learning disability that the child has.

Use a Gillick competency assessment to determine if the patient is mature enough to understand and consent to proxy access.

This assessment must be done by a clinical professional who is skilled and experienced in assessing competence.

The BMA children and young people ethics toolkit has further guidance on checking for capacity to consent.

If the patient is aged 10 or under

Patients aged 10 and under are assumed to not have capacity to consent.

We make the proxy aware that children will usually be asked for their consent from age 11.

We tell the proxy to contact you if they feel continued access is needed, when the child is nearly 11.

What the patient needs to understand

The patient must understand:

  • what proxy access is

  • who they're giving access to

  • what the proxy will be able to see and do on their behalf – ask the patient if there's any information they want redacted from their record

  • how long the access will be given for

  • how to revoke this access

What to record in the patient's record

When getting consent, record in the patient's record: 

  • the patient's informed consent

  • the date the patient gave informed consent

  • the details of the proxy

  • the way they consented – for example, in writing

  • the level of access they consented to

If the patient is aged between 11 and 15, you may want to tell them how they can withdraw consent and switch off access. You may also want to tell the child that they can access their online services through the NHS App if they're aged 13 or over, or when they turn 13.

You can send them our guidance on Information for under-16s on parents and guardians accessing your doctor's services (NHS website).

If an adult patient wants more information on proxy access, you can send them a link to our guidance on Accessing GP services for someone else, with proxy access.

Step 8: Decide whether to grant or deny access

You can get this decision authorised by a clinical lead in your practice.

The application email has information that may be useful when deciding to grant proxy access.

You can see the information we collect for each application in our guidance on the differences between our service and the standard proxy process.

Our guidance on safeguarding your patients explains when you may need to deny proxy access. This may help you when making a decision on an application.

Step 9: Redact from medical record

If the proxy needs access to the patient's medical record, you may be able to restrict access to parts of it. This means the proxy can only see information the patient wants them to see. 

Check that the record contains no information that might be harmful for the patient. Redact any information that the proxy should not have access to. 

Make sure the record does not contain third-party information. 

Safeguarding your patients has guidance on managing potentially harmful information. 

Redaction (NHS England) has more detailed guidance on the redaction process. 

Storing the application email

The application email from our service includes the proxy's personal information.

If the application is for access to a child's GP services, store the application email for audit purposes but redact third party information before you do this.

We do not keep copies of applications centrally.

Step 10: Set up proxy access in your clinical system

If the proxy asks for help

We've created guidance for the public to help them understand how proxy access works. You can send your patients guidance on Accessing GP services for someone else, with proxy access (NHS website) to help answer their questions.

Once this access has been set up, the proxy may ask for help on how to use their access in the NHS App. You can send them a link to the guidance on how to manage health services for others (NHS website).

Last edited: 28 January 2025 2:51 pm