This site is intended for health professionals only

At the heart of general practice since 1960

Read the latest issue online

CAMHS won't see you now

GPs 'not required to share sensitive records' despite contract requirements

GPs do not have to allow patients to access their full records if they contain sensitive information that can't be redacted, despite contractual requirements, NHS England has said. 

The BMA and NHS England have clarified that access to records does not have to be offered to patients if GPs deem they contain any 'harmful' information, and if GPs do not have the sytems in place to redact the information.

However, GPs have argued this will increase their workload significantly because they will still have to spend time assessing records to decide whether information should be redacted, and that they also may be at a risk of legal action from patients. 

Under the new five-year GP contract, patients are expected to have digital access to their 'full records from 2020, with new registrants having full online access to prospective data from April 2019'.

In a recent statement, NHS England said GPs should use their clinical judgement before considering the sharing of 'harmful' records with patients.

The statement said: 'If based on clinical judgement, it is considered that some information could be harmful to the patient, this information should not be shared with them. This information can be redacted from the patient view and must not be deleted from the record.

'If system functionality to redact information is not available, the record should not be shared with the patient.'

On third party data, the statement said: 'Legal confidentiality requirements require that where the information is not already known to the patient, any information contained must be redacted, but not deleted from the record. If system functionality to redact information is not available, the record should not be shared with the patient.'

But East London GP Dr Nick Mann said this will still have a significant impact on GP workload. 

He said: 'Any form of redaction or consideration of what might be harmful for a patient to read are significant additions to workload.

'How long do I consider what might prove harmful to a patient, or whether the patient might sue me for withholding information they feel is essential?

'Do I read every one of 1,400 pages before I can decide whether there is in fact any harmful information in this patient's notes? Does my subjective judgement about what is harmful concur with other GPs' judgement?'

He added: 'Information gained today may not become "harmful" for some time, and the definition of harmful is open to wide interpretation. This leaves GPs worryingly vulnerable to legal action by patients, in a number of ways.'

Dr Neil Bhatia, GP and IT lead at Oakley Health Group, agreed this will generate a 'huge amount of work' but also stressed refusing full disclosure is rarely used at the moment. 

He said: 'Part of the hesitation from many practices is that by doing that you generate vast amounts of work. You have to spend a long time reading through these records and some of these patients have got enormous records.

'Serious harm is a tall bar though. It's rarely used as an exemption. One example might be where a patient is genuinely unaware of a diagnosis or prognosis, e.g. terminal cancer. Again, a very rare situation nowadays. There might be communication between a consultant and a GP that the patient has not been cc’d in on, for example.

'Genuinely, it would help us as practices if patients can look up their own results and save us time so it’s definitely an investment for GP practices to do this but there’s always hesitation about giving full access because you think “hang on, every patient I give full access to I’ve got to then read their record on a Saturday morning, in the evening or in my lunch time and check there’s nothing in there I shouldn’t be disclosing" and you end up creating work for yourself.

'You have to do it outside of your clinical surgery because you can’t really block off your surgery to do this and you don’t get paid for it.'

A BMA survey of 1,500 GPs showed that patients request for information have increased over a third since the implementation of GDPR data protection regulations

The BMA previously criticised the NHS's integrated patient records system, saying it has led to secondary care services redirecting patients to practices to explain their hospital test results.   

Readers' comments (2)

  • A Doctor or Nurse is permitted to give a medical opinion e.g. that a patient is fit for work. The patient may disagree but should NOT be permitted to change the entry by the Dr or nurse. Another example would be patients wanting to deny that they had an MI in 2012 so that their Life Insurance premium is less.

    It seems that patients will have access to their medical records but will often misunderstand them. So we need to write polite and correct records to practice defensively.

    I personally think there should be a charge to patients of £10 to £50 to cover the cost of staff time and copying costs. They do not want to take responsibility for anything or pay for anything these days.

    Unsuitable or offensive? Report this comment

  • For GDPR we almost at the point of automating it. We cannot be paternalistic. If a patient wants their notes for personal use or insurance use or a claim of some kind they can have them as is their right. The only thing we check for is third party references. So we have software that removes all names except the patients and all words like father mother son etc. Then an admin person does a quick scan to make sure they are the right notes to the right person and they are emailed. Admin job 10 minutes. We realised it is humanly impossible to asses notes some of which are over 500 pages long so we let the computer do it and we have discharged our duty.

    Unsuitable or offensive? Report this comment

Have your say