We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
There are strict rules about viewing a patient's care records set out in the Care Record Guarantee
SCR uses the following controls to make sure access is in line with the Care Record Guarantee:
- Authentication and Role Based Access Control (RBAC) - use of smartcards
- Legitimate Relationships (LR) - the viewer has a reason to view the SCR because they are directly involved in the patient's care at that point
- Permission to View (PTV) - a viewer must ask the patient if they are comfortable with the SCR being viewed. (Emergency access is allowed if it's in the patient's best interest, if they are unconscious or can't communicate.) Permission to view can be gained each time, or it can cover future use as long as the question asked makes this clear to the patient and there is a clear system for recording this. Download the sample permission to view form to use in your pharmacy.
Every time a pharmacy professional accesses an SCR, they will be asked to confirm that they have a legitimate relationship with the patient. This means they have a good reason to view it based on clinical need. The process for accessing a patient's SCR, including claiming a legitimate relationship and recording permission to view or emergency access, can be found in this downloadable leaflet on permission to view.
Each time an SCR is viewed, an alert will be generated on a system database called the alert viewer. The alerts will then be looked at by an appointed privacy officer, who will cross check them, or some of them, against other records, such as pharmacy opening hours or records of which patients were served prescriptions. This means patients can be confident that their SCRs will only be looked at for good reason, and any unauthorised access will be noticed and acted upon.
Every pharmacy organisation must have at least one SCR governance person (formerly privacy officer). They should also have their policy on viewing SCRs and auditing access written up into a formal Standard Operating Procedure. You can download a Standard Operating Procedure template document for SCR in community pharmacy.