Creating a new NHS England: NHS Digital and NHS England have now merged. Health Education England will join us in April 2023. Learn more.
Access to patient records through the NHS App
The NHS App is changing to make it easier for patients to read new entries in their GP record. This guidance focuses on what this change, or “switch on”, will mean for information governance (IG), and the key things that patients, GPs and IG professionals should know.
Please note that only data entries which are added to GP records after the switch on will be viewable. Data recorded before that date (i.e. previous medical history) will not be made available through the NHS App at this time. The only individuals who will be able to see historic record entries through the NHS App are those who were previously granted full or partial record online access by their GP practice, which was down to a decision made locally. It is also possible for some patients to see summary information about themselves such as their name, date of birth and allergies: this will not be affected by the switch on.
Our guidance will focus on how to manage IG for new entries after the switch on, and we will update this guidance accordingly when arrangements for widening access changes.
- I'm a patient/service user - what do I need to know?
- I work in a health and care organisation - what do I need to know?
- I'm an IG Professional - what do I need to know?
Guidance for patients and service users
You have a legal right to access the personal information held about you by health and care organisations. You can already obtain this information at any time you choose by making a Subject Access Request (SAR), however, it takes up to one calendar month for your GP practice to provide the information.
Once your GP practice has switched on access to new record entries, you will be able to use the NHS App to read new entries made in your GP record. This avoids the need to contact your GP practice to see this information. The entries will include:
- name, age and address
- allergies and adverse reactions
- treatments and medications
- test results
- notes made in your GP record
However, please be aware that GP practices use different computer systems, so the date the GP practice will switch on will differ depending on the system they use. GP practices will raise awareness when the switch on is due to happen. Please also be aware that GPs can manually turn off access to records via the NHS App, either partially or fully, if there is a risk of harm to you or someone else.
To access this service via the NHS App, you will need to register for an NHS account:
- if you are 16 or over and already registered on the NHS App, you will automatically be granted access when the service is switched on
- if you are below the age of 16 and registered on the NHS App, you will automatically be granted access when you reach the age of 16
- if you are aged 11 - 16, you can apply to your GP practice for access to your health record, but it will not be granted automatically
- if you are aged 11 - 13 and your GP practice agrees, your access will be limited to the web version of the app
If you have access to health and care services on someone else’s behalf, for example, a child or a family member (also known as proxy access), you will still have the same level of access to their account when the change comes into effect. If you presently have full record access, you will keep full record access. However, if you only have proxy access for things like ordering medications, you will need to apply to the GP practice in order to see new record entries for the person. The GP practice will consider your request. Once you are registered for proxy access, you will see a linked profile for your family member in the NHS App.
If you move to a new GP practice, you will not be able to see the entries which were made at your previous practice on the NHS App. You will begin afresh and only see entries made by your new GP practice, which will be displayed automatically on the NHS App. This does not mean that any previous information is lost. To see your previous entries, you would need to make a request for access to historic records at your new practice.
You may come across abbreviations in your record which are unfamiliar. You can access a ‘Help with Abbreviations’ section in the NHS App that provides definitions for abbreviations commonly used in medical records to help you understand them. There is also an abbreviations information page online.
If you think a record entry is inaccurate, please see our guidance on amending records to find out what you can do about this.
Your GP records are important. Although the NHS App and other approved apps that they are stored on are secure, you should keep your account details safe, just like your bank account details. If you have any concerns, for example, that a family member might log into your account without your permission, you should inform your GP and they will be able to manually turn off access. Turning off access in the NHS App does not stop you from requesting access to your full record at any time via Subject Access Request (SAR).
Use of the NHS App is optional, and you can still access services in other ways if you are not registered for an NHS account.
Guidance for healthcare workers
This IG guidance is targeted at GP practices to support them with changes to how patients see their record via the NHS App. The changes set out in this guidance will also apply if information in GP records is accessed through another approved app.
For general information about the background to this change and what it means for GP practices, please refer to the information page on NHS Digital.
All individuals have the legal right to access information held about them by health and care organisations. Presently the majority of patients access this right through making a Subject Access Request (SAR). Additionally, some GP practices have already enabled their patients to access their information online.
Patients of all GP practices where TPP or EMIS systems are used will be able to see new entries on their GP record automatically via the NHS App and other approved apps. Arrangements with practices using Vision as the clinical system are under discussion.
Information patients will be able to see on their records
The information which individuals will be able to see on their GP record following the switch on includes coded information, free text, letters and documents. Individuals will not be able to see administrative tasks or communications between practice staff.
Historic health record information which was on file prior to the switch on will not automatically be made available, unless the GP practice has already granted full or partial access to the record. Individuals can still obtain this information at any time they choose by making a Subject Access Request (SAR).
Recording information with access in mind
All staff entering information into the record must have an awareness that the patient may be able to see it.
You must ensure that records are clear, accurate and legible. This is a requirement set out by professional bodies including the General Medical Council and the Nursing and Midwifery Council. It is also a legal requirement to hold accurate information.
Abbreviations are commonly used to save time and space whilst writing in the patients' records. However, there is a risk that abbreviations could be misinterpreted by patients and also other health and care professionals in certain situations, for example, when using shared care records. The use of abbreviations should therefore be limited to accommodate the change in patient access and multidisciplinary ways of working. A list of abbreviations is available in the NHS App.
Information that is exempt from disclosure
There are several exemptions that are set out under data protection legislation which allow entries to be redacted from an individual that has requested access to their record. These apply for online access, just as they would when dealing with a SAR.
One of these exemptions is where the disclosure of or access to the information is likely to cause serious harm to the physical or mental health of the individual or another person. Cases where health and care data is considered to be exempt from patient access on the basis of serious physical or mental harm are rare.
Examples of situations where access could cause serious harm to mental or physical health are where there are allegations of abuse, particularly if the alleged perpetrator has proxy access to the record, or where the record contains information about an ongoing police investigation.
Third party information which is unknown to the individual in your care and which it would not be reasonable to disclose to the individual without the third party’s consent also needs to be redacted from view. An example is an entry in the patient record about a relative, which might not be released under SAR as it would not be the patient’s own information. This changes if the patient was the one who provided the information for the entry: information can be disclosed if it is already known to the patient.
The patient has the right to see any information in the record which is written about them. This means that information provided by a third party, such as a carer or family member, may be disclosed even if it was provided in confidence. Information should not be disclosed if it would be likely to cause serious harm to the physical or mental health of the patient or someone else, such as the carer or family member who supplied the information. As a patient’s GP, you would need to be prepared to justify any decision not to disclose information.
Names of staff members at GP practices are generally not considered to be confidential information: you can lawfully disclose them when recording information. It is also important that there is an audit trail of staff members’ actions and decisions in a record.
If a member of staff believes that they may suffer serious harm or distress as a result of their name being released, they are entitled to raise an objection to their name being disclosed. They must submit their objection in writing, and specify why the disclosure would be harmful. Practices should consider each request on a case-by-case basis in consultation with their Data Protection Officer. It may not be technically possible to redact staff names. However in exceptional cases, for example if a staff member was at risk of harm by a particular patient, you should consider whether it would be appropriate to remove that patient’s access to their record via the NHS App in order to protect the staff member.
Redacting information from view
All staff should know when it is necessary to redact information from patient view and how to do this.
As new entries will be immediately visible to patients, you need to consider whether specific entries should be redacted whilst entering them into the clinical system. Importantly, when dealing with information which is likely to cause an individual distress, such as a positive test result, you should ensure that the appropriate health and care professional has spoken to the individual before adding it to their record. Patients will not be able to see the test result until you upload it.
Both EMIS and TPP have an established function for redacting entries from view, both during entry and after upload. Guidance on this functionality is available at your system supplier’s support section.
Any decision to redact information and the rationale for that decision should be recorded in the patient’s record.
Some systems may allow the automatic upload of items from other care settings into the GP record, such as discharge summaries, test results and letters. You must check with your supplier whether this applies to your system. If this is the case, you should review your options accordingly so that you check the information prior to disclosure to patients. Options may include:
- preventing items from being automatically uploaded into the GP record so that they go into the workflow for manual review before being entered onto the GP record and becoming visible to patients.
- allowing all items to be automatically uploaded into the GP record but hiding them from patient view by default so that they can be reviewed before subsequently changing the status of the item to be visible to the patient.
- making some items automatically visible to patients, such as vaccination events, whereas others will not be automatically visible prior to review
It is good practice to inform patients if there will be an impact on them, for example to let them know if their test result may not be initially visible through the NHS App in advance of a follow up consultation to discuss the results. GP practices must consider these options both from a perspective of preventing serious harm to patients, and also to ensure the confidentiality of third parties is not inadvertently breached.
Amending information at a patient’s request
Widening access to health records makes it more likely that patients will read the entries being made. Sometimes, an individual may believe that inaccurate information has been added to their record. For more information on responding to requests for amendment, please refer to our guidance on amending records.
Safeguarding vulnerable people
Patients who are at risk of serious mental or physical harm may already have safeguarding plans in place and be known to general practice. You should consider turning off access for any individual who you consider to be vulnerable to coercion, where giving access to their recorded information is likely to cause serious harm to their mental or physical health. This functionality already exists in general practice systems.
Ahead of the switch on, you can prevent any vulnerable individuals from having automatic access to new information by adding a Systematised Nomenclature of Medicine (SNOMED CT) code to their record: records with the code will be excluded from the changes. You will then have to review each individual’s record and consider their individual circumstances on a case-by-case basis and offer access if you are confident that it is not likely to cause serious physical or mental harm.
Access for young people
Only people aged 16 years or older will automatically have access to their GP record via the NHS App. People with online accounts set up before their 16th birthday will receive access to records entered after their 16th birthday when they turn 16.
If you judge a particular young person to be sufficiently competent to have access to their own records before they reach the age of 16, you can manually allow them to access information on the NHS App. The Royal College of GPs (RCGP) has produced specific guidance on online access for a range of patients including children and young people as part of their GP online services toolkit.
You should clearly explain to individuals how their information is obtained, used and shared via transparency information in the form of a privacy notice. This can be displayed on your website or in waiting areas. See the IG professionals section for more information on transparency requirements.
You should update your practice training policy and processes to ensure that GP practice staff are supported to understand these changes. From an IG perspective this training should include:
- ensuring staff understand that patients will see future entries made in the GP record
- knowing how and when to redact information as it is being entered in the GP record (refer to section on redacting information from view)
- identifying situations in which access to information is likely to cause serious harm to the physical or mental health of the individual or another person and knowing how to restrict access to information in those situations
If you need further information on recording data, safeguarding and dealing with sensitive data and redaction, please see the RCGP GP online services toolkit.
Guidance for IG professionals
GP practices are contractually required to offer online access to patient records.
UK GDPR gives individuals the right to access their record. A patient can still submit a Subject Access Request (SAR), and they are entitled to request a copy of their full record if they wish to have one. However, it is hoped that by proactively providing access to records via the NHS App, GP practices may satisfy many patients’ wishes to see information without them needing to submit a formal request.
Data Protection Impact Assessment (DPIA)
As data controller, the GP practices should assure themselves that their existing DPIA covers making information available via the NHS App or other existing approved applications. If this is the case, you should not need to conduct a separate DPIA or change your existing one. This is because there is no change in the category of personal data being processed, the organisations involved or how that data is being processed.
However, since only a small number of GP practices are currently making information available through the NHS App, it is much more likely that you will need to update your existing DPIA or put a new DPIA in place. This will help ensure that your practice has appropriately identified risks and taken steps to mitigate those risks by:
- making staff aware that patients can now access their records via the NHS App
- ensuring staff can identify situations in which information is likely to cause serious harm to the physical or mental health of the patient or another person if disclosed through the NHS App and ensuring staff know how to restrict access to information in those situations
- ensuring staff know how and when to redact information
A template DPIA has been provided if needed.
GP practices are controllers for the data they hold about their patients. Enabling online access via the app will not alter the status of general practice as a data controller. GP practices are still defining the purpose the data is used for and entering this onto the GP system as part of consultations. They will also control whether information received from other organisations, such as test results, will be visible. The only difference is that patients will be able to view the data more readily. GP practices, as controllers, will need to make patients aware of this change. For more information, see the section on transparency requirements.
The UK GDPR lawful basis for processing personal data in order to give individuals access to data about themselves is Article 6(1)(e) public task and Article 9(2)(h) provision of health care.
Record of Processing Activities (ROPA)
The GP practice is required under data protection legislation to maintain a ROPA, which may be captured within an information asset and data flows register. GP practices are likely to have a documented record around Patient Access through an app already.
If the ROPA does not already contain details of how you provide patients with online access to their records, you will have to update the ROPA to reflect the changes. This could mean, for example, adding that patients will have access to future information online by default.
You should clearly explain to individuals how their information is being obtained, used and shared via transparency information in the form of a privacy notice. This can be displayed on your website or in waiting areas.
Your privacy notice must be reviewed regularly and specifically every time there is a substantial change to the way you collect, use, store or share data. Although the relevant information for accessing health records may already be included in your privacy notice, you might want to add a link to the NHS Digital Access to Patient Records information page so that patients can access all relevant details about the programme.
The privacy notice should also inform them of their right to stop their health record entries being displayed in the NHS App and all requests to turn off access should be respected.