Cluster practice governance protocol for sharing or viewing of records –

Rationale for its development

**This subject is a little dry but please do read as it is very very important**

 

Why was this developed?

  • It was developed after GPC Wales became aware that many practices and clusters were either actively engaging in or considering work that involved access to the GP record across a wide range of people. This could potentially put a practice at risk of a significant fine should the patient complain / the Information Commissioners Officer (ICO) find the practice had not complied with its requirements to protect patient data. You will no doubt have been aware of issues in England with one of their IT systems (System TPP) which the ICO is investigating.
  • Secondly, apologies for its title – it is actually a “Top Tips” document and not a formal protocol – lost in translation / excitement of getting this out to practice.

A full formal comprehensive protocol / guidance document is in development with NWIS (incorporating much of this document) and will hopefully be with practices soon.

Don’t all practices know about importance of consent and confidentiality of the patient record?

  • Most practices are fantastic at training all staff in their roles and responsibilities wrt gaining patient consent before releasing / allowing access to records and maintaining confidentiality.
  • Most practices are excellent at training staff in importance of not sharing passwords and logging out when they leave their workstation.

However, regular reminders are always worth doing as sometime the nature of the request or person requesting could mean that an individual breaches their duties of care (unfortunately breaches, even when well meaning, don’t wash with the ICO).

Sharing the GP record – the benefits

  • Sharing access to the record when involved in the direct clinical care of the patient is to the benefit of the patient – it is safer (as doesn’t rely on patient recall of information) and allows ready access to important information for the treating clinician (e.g. medication / allergies / test results / past medical history etc).

Sharing the GP record – the problems

  • One of the key roles of GPs is to protect patient’s records and only allow access or release information when the patient has given direct consent (i.e. they formally consent to the clinician looking at their record e.g. as happens in Out of Hours and are formally asked) OR they give implied consent (i.e. they are having a dressing by a wound nurse or engaging in a medication review with a cluster pharmacist based in the practice).
  • GPC Wales has become aware that there have been proposals to view or use records across a cluster with a wide range of health and social care professionals and Health Board non clinical staff to plan services or engage in research without gaining patient consent – this is where problems can arise as to whether this requires patient consent or not.

Isn’t there a process already in place for these non-practice employed clinicians to view the GP record?

  • The key here is how the professional is viewing the record – is it via the Welsh Clinical Portal OR is it simply IT systems in practices being viewed outside of the Welsh Clinical Portal…….. told you it was complicated…..
  • GPC Wales has enabled access to the GP Medical Record (old IHR) via the Welsh Clinical Portal to all secondary care staff involved in the direct clinical care of the patient (acute in take teams, Emergency Departments, out patient settings) and paramedics. Extension to nurses on the clinical desk in WAST and community pharmacists doing GMS work (not community pharmacy technicians or staff) shortly.

By viewing the record through the Welsh Clinical Portal, then those with access can view any record across the whole of Wales BUT this access will be monitored by the National Intelligence Audit Solution (NIIAS).

There are set and strict protocols in place for monitoring and managing alerts in secondary care settings and a protocol for similar in primary and community care settings is shortly going to be rolled out.

  • However, the above is very different to where IT systems are being accessed / shared / used outside of the Welsh Clinical Portal.
  • Therefore, whilst the formal full guidance is being developed then we wanted to give practices and clusters the opportunity to consider whether the suggestions in the document applied to them – many won’t be needed but some clusters are ploughing ahead quickly with some developments that could potentially put them at risk if they haven’t considered consent issued.

Should a problem arise and the ICO be involved, they will consider what reasonable attempts the practice have made to protect patient identifiable material and this is behind our getting our document out quickly whilst the wider more comprehensive detail comes later.

Should I just not allow access to the record to anyone outside of the practice?

  • Absolutely not, what practices need to do is be cogniscent of their responsibilities and enable sharing or access t the record where it is appropriate to do so with the consent (direct or implied) of the patient for safe effective clinical care.
  • The GPC Wales “protocol” should not be used to inhibit or stop access where appropriate.
  • If you have any questions / feedback then please email This email address is being protected from spambots. You need JavaScript enabled to view it.