GPs could be liable for ‘abnormal or erroneous’ information entered by a third party into patient records following this year’s contract changes, the BMA has warned.
The union has raised GP liability concerns about third-party information being entered into the patient record once enabling the GP Connect Update Record function becomes mandatory in October.
As part of the 2025/26 GP contract, practices will be required to enable the function which allows community pharmacists to send consultation summaries from Pharmacy First into the GP record.
Ahead of the 1 October deadline, the union’s GP Committee England has put out new advice which emphasised that a GP ‘takes over responsibility’ for any information entered by a pharmacy ‘at the point at which that data becomes part of the GP record’.
The committee said it is in discussion with NHS England about this issue as it ‘clearly raises concerns for GPs as data controllers’.
It also suggested that it will be ‘difficult to determine’ who holds responsibility for ‘erroneous’ results entered into the record.
The guidance said: ‘The GP takes over responsibility at the point at which that data becomes part of the GP record. Abnormal results will need review and a decision will need to be made on any further action.
‘Where there is an error, the party that created the data must hold responsibility – however, in practice, if it will be more difficult to determine once the GP has filed the data. GPC will clarify this ahead of October 1st.’
In answer to a question on whether GPs are liable for information entered into the record by third parties, the BMA said: ‘Yes, after accepting (either automatically or by manually reviewing) any incoming information to the GP record you will become liable in just the same way as you are where patients’ letters, test results or information are received from colleagues in secondary care.
‘We are in further discussions with NHS England about this as it clearly raises concerns for GPs as data controllers.’
Last summer, GPs across England took urgent collective action to remove a GP Connect functionality from their systems, following instruction from the BMA.
This was due to concerns that GP Connect Update Record could ‘clog up the records and leave GPs with responsibility for other people’s decisions and prescriptions’.
From 1 October, GPs will also be obliged under the contract to allow read-only access to the patient record by other NHS providers and private providers, but only for the purposes of direct patient care.
In its new guidance, the BMA said it has ‘no concerns with colleagues viewing the GP record’ for ‘direct patient care’ via GP Connect Access Record.
It continued: ‘We will be discussing with NHS England and others around what this means and who exactly can have access and the extent of that access.’
The GP Connect Update Record API was rolled out in March 2024 to connect practices’ systems to community pharmacy and enable updates as part of the Pharmacy First scheme.
Dr Neil Bhatia, a GP and records access lead at his practice in Hampshire, told Pulse his practice has already enabled the Update Record functionality, and did not switch it off during collective action last year.
He said that the technology is ‘in many ways a good thing’ as information from pharmacies goes straight into the record which ‘saves a lot of admin time’.
He warned that the information should ‘aways be reviewed by a clinician’, but that there are only liability risks if GPs do not read what is written ‘carefully’.
‘There is liability in the sense it appears in the record and if those things aren’t acted on, there could be consequences – arguably as GPs we retain liability as we maintain the record,’ Dr Bhatia told Pulse.
But he said that the liability risks for GPs are no different to a situation where practices receive information from pharmacies via letters or emails. ‘Someone still has to read that and take any necessary action,’ he added.
In response to the BMA’s concerns, NHS England said GP Connect Update Record is a ‘secure system which helps improve patient safety by updating people’s records quicker to prevent issues such as over-subscribing’.
A spokesperson continued: ‘GP practices already receive, review, and save data into the patient’s record from other care settings but this will reduce admin for practices and improve patient care. We will continue to work with the BMA to support safe implementation.’
In another piece of guidance on the 2025/26 GP contract, the BMA sought to answer questions around the upcoming requirement for practices to keep their e-consult software open to patients during core hours.
The GPCE guidance said this new obligation from 1 October will likely cause a ‘temporary spike’ rather than a ‘sustained increase’ in demand.
“….technology is ‘in many ways a good thing’ as information from pharmacies goes straight into the record which ‘saves a lot of admin time’.
He warned that the information should ‘aways be reviewed by a clinician’,-Anyone thinks the 2 sentences contradicts? If a GP has to always review the works of others how can it save GP and admin time as admin has to pass it to the GP. Clearly not thinking it through and being responsible for someone else’s actions is plain wrong.
As the computer people put it GIGO. Garbage in, Garbage out.
Someone will have to review these third party additions to patients’ record and ensure a clinician is aware of anything that needs action. Yet more administrative workload.
In that case how do we block 3rd party source data going directly into the records?