Skip Navigation

Information governance for SCR

There are strict rules about viewing a patient's care records set out in the Care Record Guarantee

SCR uses the following controls to make sure access is in line with the Care Record Guarantee:

  • Authentication and Role Based Access Control (RBAC) - use of smartcards
  • Legitimate Relationships (LR) - The viewer has a good reason to view the patient's SCR as they are involved in their care.
  • Permission to View (PTV)  - the patient is asked for their consent before the SCR is viewed. (Emergency access is allowed if it's in the patient's best interest, if they are unconscious or can't communicate.) Permission to view can be gained each time, or it can cover future use as long as the question asked makes this clear to the patient and there is a clear system for recording this.

Legitimate relationships and permission to view (or emergency access, with explanation noted) can be recorded by a member of staff such as a receptionist, or by the clinician themselves. Self-claiming a legitimate relationship, or selecting emergency access, will generate an alert. These alerts will be audited by each organisation's privacy officer to make sure there was a valid reason for the view.

Privacy officers

Every organisation that views SCRs must appoint a privacy officer. The privacy officer has codes added to their smartcard so that they can access the Alert Viewer on the Spine and check whether SCR views were legitimate. For alerts where the clinician has self-claimed a legitimate relationship, the privacy officer will confirm that the patient was being treated at the organisation by looking at the Patient Administration System or another record of patient attendance. A icon reconciliation tool [14.72MB] , a spreadsheet which helps you check alerts against patient records, is available to help with this. Emergency access alerts are monitored to look for any unusual patterns. Reports can also be run to check patterns of SCR access. If there is any inappropriate access suspected, the privacy officer will investigate it in line with the usual processes for protecting patient information.

Training for privacy officers - downloadable resources.

icon SCR Privacy Officer training presentation [2.38MB]

icon SCRa alert viewer user guide [1.27MB]

icon Reconciliation tool user guide [680.08KB]

icon Alert preferences user guide [196.78KB]

Summary Care Records in community pharmacy

There are different processes for information governance in community pharmacy.

Read more on information governance for SCR in community pharmacy

Have a question? Call us on 0300 303 5678 or contact enquiries@nhsdigital.nhs.uk.

Tell us what you think of the new website beta.

We use cookies to provide you with a better service. Carry on browsing if you're happy with this, or find out how to manage cookies. Find out more