GP IT system suppliers who turn on automatic patient access to their records without the explicit consent of practices may be acting illegally, the BMA has said.
In new guidance published yesterday, the BMA suggested that doing so would mean breaking data protection laws.
From 1 November, patients are set to be given automatic access to their patient records through the NHS app but the RCGP has advised GP practices to consider opting patients out of the programme on the grounds of patient safety.
The BMA has issued similar advice, but has gone further than the college by issuing guidance that suggests there are potential legal ramifications of rolling out the access without practices’ consent.
The guidance explains that in order to roll out access through the NHS app, IT suppliers such as EMIS and TTP will have to allow this through practices’ systems.
It said that GPs are the data controllers for their patients’ current and previous records, while the IT system suppliers are their data processors.
The guidance added: ‘Under the Data Protection Act 2018, data processors cannot be instructed by anyone other than their data controller to change record access settings. It is therefore unclear on what legal basis NHS England/Improvement will be relying to direct the suppliers to turn on this functionality.’
The BMA also called on GP practices who are ‘not ready’ to roll out automatic access for patients to ‘delay the programme until it is safe’ – with the launch date looming next week.
It said that ‘while many practices will be able to facilitate this change before the deadline, some may not be ready to roll it out safely and in line with their obligations under the Data Protection Act’ – which include responsibilities to their patients in terms of information governance as well as clinical safety.
The BMA said: ‘Based on feedback received from members, GPC England is not confident that all practices can uphold these obligations if they allow automatic prospective (future) access to the full electronic medical record to go live on 1 November 2022.’
The BMA has published a template letter for practices to send to system suppliers – who have control over centrally switching on default record access – asking them ‘not to convert them to the new system until they are fully prepared’.
The letter said: ‘We would view your ignoring this instruction as a breach of the data controller and processor relationship. We view the interference by other agencies as acting ultra vires and inconsistent with data protection law.’
BMA England GP Committee deputy chair Dr David Wrigley said patients should have access to their GP-held medical records, but ‘this must be done carefully’.
He added: ‘The current timeline of activating this new programme on 1 November is just too soon for some practices to do safely, which is why the BMA is advising those surgeries to write to their system supplier and request that activation is temporarily delayed.
‘This will give them the extra time they need to make sure that any potentially harmful or sensitive data is reviewed and, if necessary, redacted, in the interests of the patient. We also feel additional support is needed for practices to implement this change.’
The BMA advised that instead of asking their IT supplier not to switch on automatic access, practices can also apply exemption codes to the records of patients where there are ‘safeguarding concerns’ or to their whole practice list.
The guidance also said:
- It is ‘good practice to consider everyone vulnerable until proven otherwise and ensure sufficient safeguards are in place for everyone’
- There is a ‘growing feeling that the safest and most effective way of providing access for patients to their online records is through a consent-driven or shared-decision-making process where each patient chooses to opt-in allowing practices to check the records carefully before the request for access is granted’
- It is ‘questionable as to whether the existing redaction provision fulfils the requirements of the regulations’, with software that is ‘not fit for purpose as too much material will be hidden from the patient view’
- The fact that redaction ‘does not remain in place following a GP2GP transfer is particularly worrying’ and will ‘lead to duplicated efforts in reviewing medical records’ when patients move practice – so the GPC believes there should ‘at the very least be a flag alerting the newly registered GP to the fact the previous GP redacted elements of the record’
- There has been no public campaign ‘warning patients that the NHS app may suddenly become a portal to their detailed health records’
- NHS England’s letter announcing the 1 November switch-on date itself advised that ‘practices and commissioners must be confident that the service can be provided safely’
Former GPC IT policy lead Dr Paul Cundy told Pulse that any IT supplier switching on automatic records access without express permission from their GP practice will be ‘in breach of the law’ and could face hefty fines.
He said: ‘If the suppliers turn on access to the 56-odd million English patient records because they’ve been told to by NHSE and the GPs have not separately given the same instruction, the suppliers will be in breach of the law and open to fines of up to 10% of their global income.’
Practices will need to make sure patients who are vulnerable, underage, have some disabilities or are potentially at risk of abuse have to be protected, he said.
He added: ‘Placing those protections in place is a major task… We cannot possibly turn on access for everyone at midnight on 31 October. We can however consider individual requests which we will process on a first come first served and when able basis.’
An NHS England spokesperson reiterated that it continues to engage with the professional bodies, patient groups, safeguarding leads and early adopter sites to prepare for 1 November 2022, when the automatic rollout will go ahead.
And they said that there is a range of tools and technical capabilities available to support the safe management of patient records, which have been successfully applied in early adopter sites.
Practices should contact their commissioner if they see challenges with providing the necessary safeguards so that commissioners can continue to work supportively to help practices be ready, they added.
They said: ‘Giving patients greater access to their health data gives them the tools they need to better manage their own health and reduces pressure on practices, with patients able to access information such as test results at a touch of a button without having to contact their GP.
‘The NHS wrote to general practices in July outlining the actions needed to safeguard their patients during this move, alongside a package of support developed in partnership with the RCGP and patient groups to help them prepare, and this support will continue to be available to all practices.’
BMA guidance on automatic access to patient records
Some GP practices may already feel they are fully prepared for this change having worked their way through the GP readiness checklist. In that scenario, the most appropriate option may be to follow NHS Digital’s advice in ensuring the system configurations are as described in system-supplier guidance and then simply to await the rollout proceeding as planned.
Other GP practices may not be ready for the automatic switch-on of prospective (future) access to the full GP-held electronic medical record on 1 November 2022. In lieu of a delay to the programme (which may yet be announced), we provide the following options for GP practices, relying on their rights as Data Controllers, to consider when responding to the planned central automated switch-on.
Of note, only TPP (SystmOne) and EMIS practices are able to provide prospective (future) full record access at this time. The advice below is therefore only for TPP (SystmOne) and EMIS practices.
Possible options for TPP (SystmOne) and EMIS practices (and more than one option may be applicable):
- Write to your system supplier (the Data Processor) before 31 October 2022 using its preferred contact email address (recordaccess@tpp-uk.com for TPP (SystmOne) practices and aapostpone@emishealth.com for EMIS practices) requesting, as Data Controller, that automatic access not be switched on.
- Run a focused search and subsequently apply batch exemption coding to those patients identified through the search using SNOMED code 1364731000000104 (“Enhanced review indicated before granting access to own health record”).
- Apply batch exemption coding for the full practice list using SNOMED code 1364731000000104 (“Enhanced review indicated before granting access to own health record”). Note: this will not revoke access to patients who already have online access but it will prevent any of those patients getting prospective (future) full record access if they do not already have it.
A delay at practice level would allow practices to undertake the necessary preparation and training to facilitate a safe implementation of the programme with practices able to work through the GP readiness checklist at a pace that fits with business continuity whilst maintaining delivery of essential services. It is for practices to decide the best course of action for themselves and their patients, being ever mindful of their responsibilities as Data Controllers.
It remains a contractual requirement to offer and promote online access, and this offer will continue, with access being granted on request subject to practices being confident there will be no adverse impact on their provision of essential services .
READERS' COMMENTS [1]
Please note, only GPs are permitted to add comments to articles
have comments been blocked ?