The GP practice can give patients access to their GP health records through the NHS Wales App. The level of access GPs can provide is the same as was possible for My Health Online.
Practices should already have summary care records (SCRs) enabled for all patients as standard. This level of access provides details of allergies that are recorded on their GP health record and medicines that are, or have been, prescribed by the practice. This can be enabled or disabled by the practice and is shown in the practice global settings, or EMAS Manager.
GP practices are encouraged to provide patient access to elements of the detailed coded record (DCR), where this is possible and appropriate. Configurable options include:
The practice should have a process in place for handling DCR requests that takes account of any risks that may need to be addressed, including whether there are any safeguarding issues or whether the patient has been coerced into providing access.
The process should consider:
When switching on Investigations at a Patient level, be mindful of the way results are displayed to patients within their account.
Laboratory results will become visible as soon as these are processed and filed in the GP system. If DCR access is provided, it may be necessary consider the workflow within a practice to ensure that test results are only filed after these have been explained to the patient.
A delay of 3 working days is in place before results are made available for display by the Vision system. This may not be enough time to explain to the patient what the result means, and this could impact the practice’s decision to enable or disable access to test results in the app.
Practice staff should be aware:
If your practice uses EMIS, your staff should also be aware that:
While functionality enabling documents and free text to be displayed is made available by your GP system supplier, Digital Health and Care Wales (DHCW) recommends that this option should not be activated at a practice or patient level at this time. Such information would need reviewing to ensure that there is no information relating to third parties or other information that may cause harm to the patient. Options that can be configured can be activated at a practice and patient level.
While enabling patients to view their health records through the NHS Wales App will help most patients, there may be challenges for some, particularly where access to information could cause serious mental or physical harm to the patient or a third party.
Safeguarding patients or any third party who may be affected by making information available from any harm is extremely important. You may need to redact specific information entered into the GP health record or prevent the patient from having access.
In some cases, a vulnerable patient's record may contain information that could cause them physical or mental harm, so it’s in their interest that they do not see it.
In some circumstances there may be safeguarding plans in place and known to the practice. You should consider switching off access to parts of the record where you consider a patient vulnerable to coercion, where giving access to the record to them is likely to cause harm to their physical or mental health or that of others. This functionality already exists in GP systems.
There may be other circumstances where, in the opinion of the GP practice, access to information from detailed coded records would not be in the patient's best interest.
For example:
Guidance on coercion and other considerations can be found in RGCP guidance on GP online services.
The Royal College of General Practitioners have also produced a Child Safeguarding Toolkit and an Adult Safeguarding Toolkit that can be consulted when considering general safeguarding issues.
Some sensitive situations might need a stricter approach to access, for example:
As the NHS Wales App uses NHS login, most patients can get access to the GP online services available through the App without the practice having any involvement.
If patients do not already have a GP online services account, when they create one online, they will get the practice's default level of access to these services.
Generally, that means they can book appointments and request repeat prescriptions as well as view their Summary Care Record.
To stop a patient having access to the default services, you will need to adjust the settings within their patient record online services details in your clinical system.
If you need to revoke patient access to appointment booking or record access, it’s important to do it this in the individual patient's online account settings. If you simply delete their whole online access account, the default access settings will not have been altered, and a new account will automatically be generated the next time they use the NHS Wales App.
You may be concerned about conflict with a patient when you make the decision to restrict or deny their access.
Where a patient is refused access or given significantly restricted access, consider whether a face-to-face discussion between the clinician and the patient is necessary. Early involvement and transparency with the patient can help to avoid conflict and complaints.
In response to safeguarding concerns, the Royal College of General Practitioners is updating its GP Online Services toolkit, in collaboration with safeguarding experts. This will cover situations where concerns may arise, and the steps clinicians could take to mitigate these risks.
The GP Practice will be the Controller of Personal Data processed in relation to the delivery of GP services provided by the NHS Wales App within the meaning of the UK General Data Protection Regulation and the Data Protection Act 2018. The practice will therefore have overall responsibility for ensuring that all data processing is undertaken in accordance with the Act.
Policies and procedures used by the GP practice for offering patients access to their Detailed Coded Record should be approved by the Data Controller before the service is implemented by the practice.
Practices should:
You can check standards against the Welsh Information Governance Toolkit self-assessment tool.