We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
There are strict rules about viewing a patient's care records set out in the Care Record Guarantee
SCR uses the following controls to make sure access is in line with the Care Record Guarantee:
- Authentication and Role Based Access Control (RBAC) - use of smartcards
- Legitimate Relationships (LR) - The viewer has a good reason to view the patient's SCR as they are involved in their care
- Permission to View (PTV) - the patient is asked for their consent before the SCR is viewed. (Emergency access is allowed if it's in the patient's best interest, if they are unconscious or can't communicate.) Permission to view can be gained each time, or it can cover future use as long as the question asked makes this clear to the patient and there is a clear system for recording this
Legitimate relationships and permission to view (or emergency access, with explanation noted) can be recorded by a member of staff such as a receptionist, or by the clinician themselves. Self-claiming a legitimate relationship, or selecting emergency access, will generate an alert. These alerts will be audited by each organisation's privacy officer to make sure there was a valid reason for the view.