We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
As the SGP (formerly known as the privacy officer) you should follow your organisation's Standard Operating Procedure (SOP) to audit SCR use. This makes sure that records are only being looked at where there is a legitimate relationship and permission to view, or appropriate emergency access. (See information governance for more information.)
You do this by viewing alerts created when users look at a record, and cross checking this against other patient information.
The SOP will tell you:
- the percentage of alerts to check, for example 50 per cent
- how often to check alerts, for example weekly
- how you will select which alerts to check, for example every other alert
- what sources of information you should use to check the view was appropriate, for example:
- signed consent forms
- notes entered by the person who accessed the SCR
- pharmacy opening hours and staff records
- Patient medication records (PMR) information
- whether you need to run other audit reports, for example a random user's access or any out of hours access
- how you should escalate any issues if you can't find a reason for access
You use the SCR alert viewer to view alerts, and to close them after investigation.