Another View: On seeing one person’s records

Another View: On seeing one person’s records

The difficulties surrounding looking at one person’s records is the theme of Neil Paul’s latest column for Digital Health. GP Neil delves into the complicated world of consent and who should have access to what when it comes to a patient’s record.

How difficult can it be to see one person’s records? By this I mean only one. We have a range of people who come into the practice; medicines management, pharmacy support, audit, researchers, monitors for research studies. They often only need / want access to one or a few people’s records, however there is no way to do this?

With the creation of PCNs we increasingly being told to take on staff at a PCN level to support the member practices, do these staff get automatic access to every patient in the PCN? Perhaps they do. Perhaps they need it, but they could have unfettered access to 100,000 patients. What about patient security?

Locally the district nurses and community staff have their own implementation of EMIS web – EMIS community. They can see the records of any patient on their case load and each time they see someone it asks consent reason. Ok this isn’t perfect as you can just click the person consents but it’s better than nothing. However it does mean they can’t get into someone notes who isn’t on their books.

You might say we can check the audit trail. At the moment we have resorted to doing a search on patient records accessed after a person is in, to check they haven’t accessed records they should not have. This perhaps is easier if they are looking at one person, however, a medicines management person can look at hundreds.

Why is any of this important? One of our GP registrars popped in the other day asking how to opt someone out of data sharing. Turns out it was a nurse from the local hospital, she admitted that she knew loads of her colleagues routinely looked up friends, neighbours and colleagues’ records and now she had something wrong, she didn’t want them seeing hers.

It then turns out that most of the data sharing agreements are out of date. In theory I should turn them off as we have repeatedly told the hospital to renew them but they haven’t. So, do I turn off the agreements and cause havoc on 26,000 patients?

Back to seeing one record. Locally we have implemented EMIS remote consult. It actually works quite well – if you want to be seen at a local PCN practice for extended hours.

You call the patient in and your version of EMIS disappears, and the home practice of the patient’s system pops up.

However, here it goes wrong as you are stuck with the practice’s templates/ macros/ protocols/ etc. You can’t use the ones you are familiar with. You can’t record anything in your own notes so, medicolegally, while what you have done is in the patient’s records, you have no record or easy audit trail. Also, you can’t see any letters.

I’ve worked out you might be able to access the remote patient then export any file you want to see to the desktop, then use the open with command to use a viewer (Microsoft paint is all most machines have!) to view the letter one by one. Then don’t forget to delete from my desktop. Hardly easy?

What about online? You can now access records through all sorts of apps and online portals. However all of these are aimed at patients. Most are limited in what you can see, and none allow data editing or entry.

What’s worse is this week everyone has been asking me about redacting info on what patients can see.

We are being pushed to offer full unrestricted access to whole records including free text and letters to patients, as opposed to coded only data from a certain date which is what we have now.

Great you say, and perhaps I agree, apart from the fact we are meant to redact any third-party information in some notes. Historically, there can be a lot of third party information, so how do we do this?

iGPR have a product that uses their excellent redaction engine to auto react letters and notes. However, you have to manually vet them. This takes a couple of minutes per notes.

We have 26,000 patients. That’s a lot of minutes.

And as soon as you do it, it’s out of date as there might be another entry or a new letter arrived.

Who is going to do this? I don’t have time. Is the software going to be built in? In which case it better be accurate or very cautious as get one wrong and you could find yourself being sued.

So, there is evidence that people are looking at records they should not be. There are complaints that people can’t see records when they can but the way they can that they don’t should be turned off. There are issues that people can see all of the data they need to and there are reasons not to show patients anything!

Are you confused yet? I am and I’m meant to understand some of this.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Another view: of age being a barrier to tech

Another view: of age being a barrier to tech

In his latest column, Neil Paul looks at if age really is a barrier to tech or whether it is down to user interface and…
Another view: of Covid-19 vaccination centres

Another view: of Covid-19 vaccination centres

Our GP columnist, Neil Paul, gives an insight into how the Covid-19 vaccination centres are being run at a local level via Primary Care Networks.
Another view: of Covid-19 vaccinations

Another view: of Covid-19 vaccinations

In his latest column for Digital Health, Dr Neil Paul explores all things Covid-19 vaccinations and how they will be carried out. 

16 Comments

  • Thinking of third party redactions.
    When I was in practice, we regularly received social service child at risk reports (titles changed frequently).
    These – being case conferences – included information about numerous individuals – index case, siblings, family members, possibly non-family members e.g. neighbours,teacheers & others.
    There was always a problem what to do with them, but one option was to scan them into the record of the index case & possibly siblings if they were also patients in the practice.
    The reason was to make people within the practice aware that *this* child needed handling slightly differently from other similar kids.
    Now: GP records are cradle-to-grave: social service records have a destruction regime.
    The fact of there being a report (& its contents) *will* alter the GP management of the child or children involved – & in the future, if that management is called into question, the GP involved needs to be able to justify his/her treatment.
    I’m retired: what should GPs do if all patients have an automatic right to full access to their entire record? & should outside reports with a delete by date be retained in the cradle-to-grave record?

  • The redaction of records is far from a red herring. GP records are too often disclosed without review and many assume all records I a shared care record isnpartnof that record. It isn’t and what is in there, needs review and redaction as necessary. Safeguarding information and contact details are too often in child’s records and real risk is caused when they are disclosed without review.

    • In a Shared Care Record, e.g. SystmOne or a LHCR (Local Health & Care Record), who is the Data Controller?
      If the Patient Record Access is activated in, say, EMIS, the patient gets access to the irecords held by the GP which includes everything in the GP record regardless of where it originated.
      In a shared record, the information may be “owned” by a number of different organisations, and have a number of different data controllers – but the management may not make sense if access is only to the records of one of the organisations using the record as a record of primme entry.
      Life isn’t simple – but would be helped by agreement – & guidance from ICO!

      • Having sight of a record in a shared care record isn’t sufficient to make it part of the GP record. Each data controller is responsible for their records. If it is shared, or sent to, another controller, it becomes part of that controller’s record too – joint controllers. If a provider looks at another organisation’s record, they should record the reason why, to show they had a need to know. If they then act on the information they have read, and base their judgement/action on it, they should add the salient part to the record they create, thereby becoming controller of that element of the data. This is assuming the patient’s common law consent is there of course.

        • thats interesting as i dont think the facility exists to record the shared data in my record. what if the shared data changes? how can i prove what the shared data showed at a particular time – all sorts of stuff get filed – and not necessarily contemporaneously.

    • Frances is absolutely right. It is not very long ago that a practice was fined ÂŁ40k for failure to redact appropriately for a SAR.

  • The redaction of third party information is something of a red herring. For the vast majority of patients, the only third party information in their records is likely to be stuff which involves them or which they already know (eg contact details of family, information about children / parents etc). There will be some cases where this is highly relevant (eg safeguarding cases, criminal matters etc) but for the vast majority the harm of releasing this stuff is negligible.

    MH trusts have had this issue for years, and we did used to ask consultants to go through reams and reams of old notes looking for the dreaded third party info. This is highly unlikely to have been accurate given the scale of the task, and yet in all that time I don’t think we have had a single complaint or issue arising from this being disclosed, accidentally or otherwise.

    We are moving towards a position where the default position is to release everything automatically unless the clinicians in the case know of a reason why there might be an issue, and in that case they will do manual screening / redaction. However, the numbers of such cases are low.

    Given the tight timescales for information release and the burden on clinical staff, then pragmatically it is better to give the patient the information they want rather than worry about a theoretical risk of some ‘third party’ information buried in the notes somewhere causing an issue.

    The same applies to what doctors may have written in the past. The notes are what they are, and in most cases patients should see them warts and all. Again, there might be a judgment to be made in some individual cases, perhaps if there are particular vulnerabilities etc. However if patients are asking to see their records then we should be just doing it. I have done this repeatedly over many years and I’ve never had an issue.

    Perhaps a trickier issue is what patients choose to do with their data after they get it. We had an interesting experience where a patient on a secure ward was given a full copy of their notes (thousands of pages) at their request. They glanced through it for about half and hour, and then dropped the whole lot of it in the ward waste bin. This was found shortly afterwards by the ward staff and there was a lot of consternation because the ICO was due to visit the following day! Fortunately they were watermarked to show that this was a patient’s copy but it did raise some interesting questions about how to advise people on handling their data.

    • Great article that outlines why data sharing is so complicated.

  • Unfortunately the idea of full record sharing is great, but historically no one expected a patient to read consultants letters which could have quite damaging comments in them, or illegible GP comments.
    The technology doesn’t allow practices to manage access by user – do you give all users, including the voluntary services access to every patient record, rather than be able to set them up with a list of the patients they need to see – so practices have to audit access – which takes more time in a very busy workload, and where is the funding to support the extra redaction work…………….

  • Dear Paul
    It’s a pleasure reading your articles, as ever, and you cover the critical points as usual.

    There are two easy solutions here:

    1. For data sharing, give the data to the patient before you give it to your colleagues. Patients Know Best is in your region so a patient – like that nurse – can switch off sharing of their records to any other party if they want. The vast majority do want their data shared, the ones who want more control over their privacy can do so without taking up your time and without preventing others from sharing. The problem is with the institutional approach to data sharing, not with the wishes for privacy, or the sharing with patient.

    2. The redacting of past records is easy to solve with what I call an amnesty.

    http://bmj.com/cgi/content/full/bmj.e5575?ijkey=NxpWzdCnU4KNPPL&keytype=ref

    You can prevent automated access to free-text records from (say) 2015 or before, as that’s the year when patients were supposed to have automatic online access to their notes (they still don’t have any such access to free text from GPs). A patient can still manually request access to written notes from before then, as has always been their right under data privacy laws, but at that point for that patient you can do manual redaction.

    From 2015 onwards, all GPs should have been writing on the assumption that what they write will be read by the patient. But the longer doctors think they can prevent the automated access to free text because of flagging the burden of checking notes from many years ago – which no one is suggesting – the more likely it is that one day all access will be granted and the GPs will have their worst nightmare come true unnecessarily. Ask for an amnesty from 2015 onwards rather than arguing that nothing can happen for 2019 data because of things that happened to data before 2015.

  • “We are being pushed to offer full unrestricted access to whole records including free text and letters to patients, as opposed to coded only data from a certain date which is what we have now.”

    My current understanding is that complete access will only come in in Ap[ril 2020 and the patient will only be able to see the records from April 2019. Access to anything further will have to be requested.

    • If thats true good.. but 1. ive had several enquiries from GPs who havent read it that way so there is confusion.. 2. so.. what.. the third party redaction problem still applies. whose notes are they? how do i keep notes about people inc info from third parties that want to keep things confidential.. this happens a lot…

      • From pulse:

        Patients must have full access to their medical records retrospectively from April 2020, according to the new GP contract.

        The five-year deal, agreed by the BMA GP Committee and NHS England, said patients must be able to see their full record, including past notes, in a change which will become a contractual requirement from 2020/21.

        • I trust there is some provision for redaction of contact details etc in cases of DV etc?

  • If one is involved in the DIRECT care of an individual there is no need for consent, in fact it is specifically stated that it is NOT required.
    If someone who is not in delivering direct care of an individual accesses a record for any reason then they should face punitive action up to and including imprisonment. ONLY when we as a civilisation take breaches of access right seriously can individuals expect proper use of their records and the associated benefits to both the services and the individuals.

    • i kind of agree. but for how long? so a hospital is caring for someone they can access the records but does that stop the moment they are discharged? what about the day after – the year after? to check what they did? how the pt turned out? My issue isnt about people with DIRECT care having issue – its making it easy for anyone AND NOT checking that they arent abusing the system. Part of my article is a lot of GPs are telling me – this is taking up a lot more time than any benefit they can see..

Comments are closed.