This site is intended for health professionals only

NHS England instructs system suppliers to switch on automatic records access by 30 November

NHS England instructs system suppliers to switch on automatic records access by 30 November

GP practices which have opted their patients out of automatic NHS app records access will still see the functionality switched on later this month, NHS England has confirmed.

Practices which meet a deadline of opting out by 5pm on 4 November by asking their system supplier not to enable the functionality will see the delay applied.

Practices which have done nothing will see the introduction of the ‘citizen access’ programme earlier, in a phased manner.

It follows chaos and confusion over the scheme, which was due to enable all patients to view their prospective GP record via the NHS app from yesterday.

Both EMIS and TPP had said in recent days they would not be making any practice-level system changes, after ‘requests from many GP practices’ with ‘GDPR and/or patient safety concerns’.

But Pulse yesterday revealed that the BMA had learned that the functionality would be switched on this month after all, despite the assurances otherwise.

This plan was also mentioned in brief in Parliament by health secretary Steve Barclay.

NHS England remained silent on the issue yesterday, leaving the profession in the dark about what action they would need to take.

But guidance updated last night revealed that NHS England has instructed EMIS and TPP to ‘pause’ the rollout until the end of the month for practices that ask them to do so by a set deadline.

NHS England said: ‘For those practices that ask EMIS and TPP by 5pm on 4 November 2022 to not enable the change, we have instructed both suppliers to pause.

‘These practices must use this time to engage with their local commissioners should they need additional support and agree plans to prepare before their systems are automatically enabled from 30 November 2022.’

All practices that do not meet the deadline will have the change introduced ‘in a phased way’, it added.

It said: ‘For all other practices that will not have informed EMIS and TPP to pause by 5pm on 4 November we will continue to work with EMIS and TPP to implement the change as planned, with prospective data entered into patient records from 1 November 2022 automatically becoming visible in a phased way.’

However, NHS England added that all practices ‘can locally disable the functionality’ and/ or ‘deny individual patient access’ if they ‘deem such action necessary’.

They can do this by:

  • Adding exclusion SNOMED codes to individual patients’ records or those of groups of ‘at-risk patients’ ahead of the switch on;
  • Amending an ‘individual patient configuration’ or redact the records after the switch on;
  • Updating the practices’ organisational settings to ‘disable the record access functionality’;
  • Disabling access to ‘components of the record that may be of concern’ such as documents, ‘depending on the clinical system being used’

Speaking during health questions in Parliament yesterday, health secretary Steve Barclay said that ‘all GP practices will soon be able to automatically provide patients aged 16 and over with access to the latest information in their health records via the NHS app’.

He added: ‘We are switching on that ability from today in a process that we expect to be completed by the end of this month and that is an important milestone for patient empowerment and part of a process that is seeing patients play an even more active role in managing their health and care’.

Dr David Wrigley, deputy chair of GPC England at the BMA, said: ‘These day-by-day changes to the Citizens’ Access programme are incredibly concerning. It is absolutely not the way to handle such an important issue. The Health Secretary’s announcement has brought little clarity to the situation, and practices are understandably worried about what this means for them and their patients.

‘Fundamentally, the issue of safety remains. Safety for patients and safety for practices. The profession, as well as the BMA, has repeatedly raised concerns that practices that are not yet ready, need time to properly prepare and carefully review data in order to protect patients.

‘We need safe deployment when it comes to a system-wide change like this, not just high-level announcements with no detail for those actually involved in doing it. Implementing technical changes within live clinical environments in a way that could negatively impact patients’ lives is unacceptable. We urge NHS England to not only communicate, in detail, with the profession, about what is happening, but also to seriously reconsider the patient safety implications of hurrying out a programme like this.

‘In the meantime, the BMA is committed to supporting practices and has compiled guidance on what to do.’

The BMA has advised practices to bulk opt-out patients out of the automatic access until sufficient safety checks are completed.

It last week suggested that system suppliers who turn on automatic patient access to their records without the explicit consent of practices may be acting illegally.



Please note, only GPs are permitted to add comments to articles

Darren Tymens 2 November, 2022 10:58 am

Except, legally the data processor cannot accept instruction from anyone apart from the data controller, and that instruction has to be explicit and not assumed. So NHSE appear to be instructing EMIS et al. to break the law.
Consider: is your data really safe in NHSE’s hands? Does NHSE really know what it is doing?

Iain Chalmers 2 November, 2022 2:41 pm

Absolutely DT

Should be interesting stand off

Lucy Marchand 2 November, 2022 2:45 pm

I’m sure they know exactly what they’re doing. Just another link in the chain for the government trying to destroy general practice by inundating it with so much extra risk, safeguarding complaints and work that it collapses.

neo 99 2 November, 2022 5:58 pm

I think if NHSE go ahead with this, it would be illegal and makes a mockery of the role of GPs as data controllers. We have never really been in control of primary care data anyway. What the BMA should do is agree that GP practices are absolved from being data controllers delegated to NHSE as we don’t seem to have control anyway and any risks, data processing workload impact, secondary complaints are directly borne by NHSE. Any issues then signpost to NHSE. I think most GPs would be glad to absolve themselves of this responsibility.

Richard Greenway 2 November, 2022 7:09 pm

Looks like the new Health Secretary wants confrontation with the GPs.

GP partners are being saddled with an unsafe system, lots of work / complaints, and unlimted fines as data controller during a very busy winter.
BMA we need your support here.

Paul Richards 2 November, 2022 8:55 pm

if this is forced upon us in spite of genuine concerns and a patient makes a complaint/legal action for breach of information etc etc then surely it is NHSE who is responsible. Could it not be argued in court that the GP did not want access granted until been able to properly screen/assess/redact the recrod but NHSE granted access not the GP hence NHSE is culpable?

Paul Richards 2 November, 2022 8:57 pm

I know its only prospective records from 1stnovemmber AT THE MOMENT but have read that from next year NHSE wants FULL patient record access. Has anyone estimated the time required to screen each patient record for full disclosure? even at 20mins per record (optimistic given the way S1 hides information all over the place) that will mean 3000 hours of work for my practice. Just not possible in my available lifetime

Penny McEvoy 3 November, 2022 8:57 am

Either we, that is GP partners, are the data controllers, making the decision about what records can be released, to whom and when, taking responsibility for the redaction and the consequential financial hit if we are sued for getting the redaction wrong, or NHSE is, in which case they have the responsibility for redaction and mistakes in that process not us.
They can’t have it both ways.

Finola ONeill 3 November, 2022 12:03 pm

I think this is a rerun of all the issues from last summer with the GP summary records fiasco.
The App has loads of 3rd partiy companies that use its data.
As data controllers GPs are still legally liable for how data they obtain and Input is shared thereafter. NHSE will be jointly liable but that doesn’t matter; the relevant bit is GPs are directly liable as joint data controllers and patients can sue us.
This is not informed consent as we have no idea how their data will be shared or with whom so that’s our professional duty impacted also, and its questionable as to whether this data sharing should be informed consent rather than implied consent anyway. Under GDPR there are duties of transparency, etc that are part of the validity of implied consent that is part of the underlying legal basis for data sharing here, ie direct care.
So. If I had liability, I would be signing whatever was needed for my practice to stall this, and get legal advice.

Link below is the info about NHS App’s integration with 3rd parties; and we have no idea who these are.

Samir Shah 5 November, 2022 9:54 am

Thank you, Finola.
BMA might need to instruct lawyers to challenge NHSE stance on how they are attempting to implement it.
Hopefully Emis and system one have more commonsense and realise that the implications of NHSE’s ‘ instructions’.

Andrew Jackson 7 November, 2022 10:23 am

This is just another example of bullying the profession.
If there are genuine long term benefits that are proven let’s go ahead sometime in the future when we have the headspace and staff to think and deal with all the issues it will throw up but now just before the busiest winter ever with the NHS in the point of falling over it just another Tory experiment and we know how the last one worked out.