CLICSIG - Patient Record Access - a response to the RCGP Roadmap

7 December 2013, Adelphi Hotel, Liverpool

Discussions held under the Chatham House Rule
PDF version

CLICSIG Objectives

As one of the informal series of BCS PHCSG Clinical Computing Specialist Interest Group meetings, eight people met to review the RCGP “Patient Online - The Roadmap”, the College’s recommended path to patient Access to Records. This document is available online at

The debate was wide ranging, and this paper records the outcome of those discussions, with recommendations where appropriate.

The document was produced by the Royal College of General Practitioners in response to the Department of Health’s information technology strategy paper ‘The Power of Information’, which said that by 2015 the NHS Commissioning Board (NHS CB) expects all general practices in England to offer Patient Online. This they define as online transactions such as booking appointments and ordering repeat prescriptions, online messaging, and patient access to their medical records. The information technology to provide Patient Online will need to be mandated through the GP Systems of Choice (GPSoC) and local service providers (LSP) contract processes.

The document was produced as the result of involving stakeholders such as the Royal Colleges, the RCN and the Royal College of Midwives, amongst others, trying to turn a political statement into reality. It was a rapid piece of work done over the past 5 months. We suspect the delay in release was due to alignment behind the scenes with Caldicott 2. The delivery side is still being worked on, and finding the necessary resources is work still in progress.

Excerpt from appendix 2 of the RCGP Document ‘Patient Online: The Roadmap’

“There are many different definitions of Patient Online, depending on the IT system in use, and varying from the ability to log on and view appointment options and repeat medication, to full access to the entire record, both current and past. Proponents of ‘full records access’ (usually meaning access to all parts of the medical records, both current and past, and without prior checking of the record by the clinician) point out the benefits in terms of sharing clinical decision making and responsibility with patients, possibly improved medication concordance, and a reduced need for certain types of consultation.

Other groups have wide-ranging concerns about the difficulties, risks and potential legal Implications of record access, including leakage of third-party information, and the additional clinical workload that would be generated by records access”

When patients are under coercion to reveal their records, it has been suggested there should be the facility to select & show a dummy record

Demand for Record Access

90% of the population has no reason to want to use access to their records. Of those requesting and going through the process and given access, 60% didn’t use it. It is important not to underestimate the simple technical barriers. Don’t underestimate either the requirement for first line technical support, which is currently imposed on the practice receptionists.

Recommendation 1: There is a definite requirement for national patient record access technical support. This will have to be funded.

GMC view of the cut off age for parental viewing is that the GP must decide. Fraser (aka Gillick) competence assessment is up to the GP. Where the mother’s record is linked to the child’s through PDS, there will become a need to break the link at a certain age.

We need to state that this is an evolutionary process. Politicians work to different timescales, but the stages have to be worked through. The services will sell themselves, e.g. ordering repeat scripts and booking appointments. The patients can say no, they don’t want access; the GPs may or may not have this option.

The April 2015 Target is just for ‘online access’. This can be taken as just transactional, as full access, or just as having given patients a password. According to the roadmap, practices are asked to look at how they can move this forward, but must not be forced into this before they can cope with it.

There is no evidence yet that patient access to records per se actually improves patient care. Involving the patients in their care pathway is another matter, and record access can be a part of this.

The last thing we want is a target system with penalties. To meet a tick box on providing appointments, you could make a small % of your appointments available electronically, but the facility would then not be available to the majority of the patients requiring appointments (q.v. some consultant’s use of Choose and Book). The political interest in patient access is part of the current Government’s obsession with the open data and the transparency agenda.

What can we add to the work done by the College? We decided this report should be a critique of what has been proposed, from the wider experience of our members. Just because it is technically possible doesn’t mean it should be part of the political agenda. Kaiser research (see note 1) shows that those who have access require more clinical encounters. Simon de Lusignan and others have been commissioned to do a large literature review of the impact of record access, due out this May.

This is a very important journey to make, but needs experimentation and innovation rather than dictat: forcing implementation through targets could do more harm than good.

System suppliers will have to have the full functionality in place by April 2015, (one month before the next election) even though the take up of all parts by practices is not part of the target. The test results module is being delivered this year. Targets such as these will inevitably divert system suppliers from satisfying expressed customer needs.

A view was expressed that all that patients require is that clinicians do their job properly and don’t harm them. Ordering scripts online, and online appointments, are nice to have, not the most important from the patient’s point of view. Clinicians use records is as an aide memoire, they put in notes to help them and their colleagues with the next consultation. The record also serves legal purposes. Kaiser don’t release free text under their access system, only coded data.

How suitable is this record for the patient, given the need for translation? If this translation takes time, it would be a serious problem if a large number of patients take this up, but this is not likely to be the case. Patients are not all the same. What suits one won’t suit another, some will understand more than others. There need to be links to look up e.g. standard ranges of results, and a plain English explanation of clinical terms.

Patients will have access to the audit trail, i.e. they can see who has viewed their record and when? This is not mentioned in the RCGP roadmap. How does this square with the rights of people working in the practice having their name pumped out to patients?

Recommendation 2: There is no nationally defined specification of an audit trail. There should be.

If you log everything (including who saw what) in the audit trail, you will end up with a record that is ten times the original record size.

Access to the whole record?

Access to records is fine, but it does not have to be to the full record? Our advice is on how to make patient access work. Our opinion is that perhaps access to the full record is not required or helpful. On the other hand, the patient has the DPA right to view the full record unless this is deemed to be harmful to the patient or a third party, and someone has to make that decision. Are we making a cottage industry for solicitors, redacting information etc.? Do we need a code ‘photocopy check for harmful & unconsented third party data done’? Also we will need the metadata for ‘this is third party data and the third party data is happy for this to be shared’.

Who will give guidance to third party providers about third party data, e.g. child protection? Letters say at the top, “Must not be revealed to anyone without permission of chair of the committee” How do you store this, do you put the letter in all records of those named? Children will see this when they are old enough. When a patient leaves the practice, the practice will still have access to the records for the audit trail. If the practice is changing clinical systems, it will only be on a CD.

Viewing of Test Results

Initially this is test results after they have been viewed by the GP. Suppliers are seeking to implement this this year. This will mean having the full authentication in place for this as well. This might not be the same authentication as for record access; you might want your husband to order scripts for you, but not view your record.

Recommendation 3: Pharmacies should have separate access to records, where the patient has agreed, to order scripts on their behalf. EPS2 does not give this; it puts the work back onto the GP.

Opening up Clinical Systems.
GPSoc suppliers need the ability to innovate, the new GPSoC is now opening up, and with open APIs, third parties will come in that want to use it to access GP record data. Data controllers need to be aware when adding third party applications to their system, or allowing them to use patient data. Practices may choose a third partly supplier to deliver access. How can data controllers be assured where the data will go after agreeing third party access? GPSoC approved suppliers must be accredited somehow. System suppliers surely need the final say into who has access to their system, a third party system, or a large number of them, might grind GP systems they are accessing to a halt.

Bear in mind that the N3 or even N4 connections have limited bandwidth, especially on upload, regularly recording consultations on video on enterprise systems would not be achievable!

Online appointments.
There will need to be some control built in as to how many appointments can be booked, and what limitations should be put on appointments made available. Nowhere is there a requirement to make all appointments available on line, and we do not advocate this.

Reviewing the Roadmap by section

Different groups of the RCGP reviewers worked on different topics in separate rooms (named after trees)

Ash Room (Page 45)
The comments from the Ash room were on the basics to be implemented, and there is no dispute over these.

Birch Room (Page 46)
These recommendations will take more effort to implement and have time implications for the practices. Practices will implement these in different ways. Is the Care Quality Commission expecting all results, even normal ones, to be actively communicated to patients? It is understood that they will. This will involve the regulation of consent to use SMS messages.

Patient Record Access was commissioned by an English government for an English roll out, but we need to look at the needs of all four countries

As part of a core information requirement, how far back do you give access to medication history? Where medication is variable, eg insulin, you will be unable to put in a fixed dose.

Scanned documents and third party issues.
Hospitals send out a copy of the letter to the patient (or should do). But what do you do with the child at risk letter, or the mental health report? Currently some practices photocopy and redact parts before storing it in the electronic record: seems like the only way to deal with unconsented third party data in documents, but time-consuming to do in scanned documents.. Should you tell the patient that you have done that? When a solicitor asks for the entire record, do you have a responsibility to warn the patient about any possible consequences? There is a need for informed consent here. By default we believe these sensitive documents should not be included in patient record access. It should be born in mind that when the GP gets a child at risk letter, they become the data controller of the copy.

Cedar Room

Discussed the difficult challenges.
How do you manage data that should not be known to the patient, even though it should be in the record? This came up in the so called physician sealed envelope, seen by the physician, but not the. It has never been possible to create this sealed envelope functionality.

The NHS apps store
will endorse apps that have been examined and deemed safe. But if insertion in the NHS apps store is mandatory before a practice or patient can purchase it, you will hinder innovation. The patient does have a role in their own information governance.

A lot of consent in primary care is implied, and it works. For example passing on relevant data in a referral to secondary care is taken for granted by all. If the patient asks for something not to be shared, that should be respected. With the opening up of all care provision to private providers, provision needs to be made so that an NHS care provider can send its record of a patient to a private provider. The provider may also, with patient consent, be able to download the data. AQPs (a supplier approved under the Any Qualified Provider scheme) need to be bound by the same registration authority requirements as the rest of the NHS.

Patient Access to Records.
Coded data can be filtered; you can do something with it and make it useful for the patient. Where there is associated free text, this could fundamentally change the meaning, so needs to be included where it is linked to the code: as do any associated findings values (e.g. blood pressures).

Dates in the record.
There is a difference of opinion, and different standards, on which dates should appear in the record. GP systems automatically log the date the information was entered into the record, as it’s required for the audit trail. Entry of other dates, e.g. when something was done, started or stopped, a finding observed or a history item true of the patient, is the responsibility of the author, and this is sometimes not done as consistently and comprehensively as it should be. The systems also need to make it clear to record viewers what the dates shown mean. Where external data reaches the system electronically, the date it was added to the record is usually logged automatically, as may the date when it was first seen/approved by the GP.

Samples and their results are a case in point, with several sub-events that could have their dates recorded–

(1) when the sample was taken (which is when the result is considered to have applied to the patient),
(2) when it was despatched to the lab (unlikely),
(3) when it reached the lab (unlikely),
(4) when the result was created in the lab,
(5) when it was signed off as OK by the lab staff,
(6) when the result reached the practice, and
(7) when it was seen by a GP in the practice, i.e. the GP becomes aware of it.

Different dates will be required for different purposes by the lab and the practice. The most significant for care are (1) and (7), but the others may be significant when care is audited. If the sample result date is given as (1) and no other date is logged, then someone reading the record may think that the GP was aware of the result sometime earlier that was actually the case. On the other hand using (6) or (7) as the sample date may occasionally lead to misinterpretation of the significance of a result.
No-one cares about the dates until they get sued, this fear has driven record keeping for years. Most patients won’t care unless an issue over the representation of dates arises.

Access to test results before the GP sees them.
This should be a matter for patient choice at the time they sign up to access to their records. Either they understand it may contain distressing news, or they will opt to wait for their GP to view it and advise them. Kaiser started with a 24 hour delay on revealing results, but later turned it off. Some practices may feel happier initially with a delay. This group would advocate the default being full access as soon as arrive, but it is an issue for practices to choose.

Recommendation 4: There should be the ability to delay access to test results, should this be desirable on behalf of the patient or the practice.

It is inevitable that this will change the style of consulting. When sending for the test, patients will need to be advised of the possibility of viewing an abnormal result, what it means, and what they should do next.

Date dealt with suggested items deemed not to be in the current scope or on the roadmap.

Access to the SCR
this is an extract or part of the record, the whole of which is already viewable under patient access. Patient record access will supersede the SCR. It is an old technology which is going to die. The enriched data, mentioned here under risks, has not been implemented. My HealthSpace has gone, so there is technically no way a patient can see what is on their SCR, but they would be better viewing their GP record anyway. How1ever hat is not to say that a summary of the record would not be useful to patients, e.g. current care plan, problems and meds, advanced directives, latest test results.

Past records
Viewing what has been entered before the date the access was initially granted has been deemed out of scope at present, as it will require the removal of material provided by third parties where their consent for further sharing has not been given and the clinician considers the third party’s privacy is not trumped by the public interest (or consent has been actively refused), and items that the clinician considers might harm the patient.

Patient editing of records
Patients should be able to change their address, telephone numbers, and email addresses. But this needs to be managed to prevent fraud. It should be done by completing a form, not remotely on-line. But until really good on-line authentication is available, this should be done via form or in person rather than on-line.
Patients own additions to their records is the thin end of a very big wedge, which will significantly change business processes in a practice, e.g. need to ensure that the data entered is seen promptly by the clinician(s). It could be very valuable, but again requires really good on-line authentication. There is a need to identify what it would be useful to permit.

Examples include

  • changes of personal contact details (see above)
  • online health assessments e.g. by completion of a questionnaire provided by the practice,
  • the provision of a patient history prior to a face to face or or remote consultation,
  • the entry of observations made by the patient (e.g. BPs, blood sugars, urine tests, peak flows).

Norway has done some work on asynchronous messaging electronic messaging between patients and clinicians


The BMA have concerns about patient access to records, and how to manage the workload implications safely. They have not identified any benefits of this yet. Patient Online project has commissioned a review of the literature on the subject, to see what benefits / dis-benefits have been suggested and/or observed.
It is important to screen out any risky use of asynchronous email messaging by patients for conditions which should go to NHS Direct, 111, Oohrs, etc.

Patient record access will happen naturally eventually, but even enthusiasts recognise there are problems with it now that it has become a political target. Some practices still have unconfigured appointment books for example. We need to identify the risks that have to be worked through.

It needs to be born in mind that a large number of GPs are very wary of this. Not so much of the transactional services, but the access to medical records itself. We need to split this into two separate discussions. Evidence is that by far the majority of patients are not interested in seeing their record (particularly those who are fit). After 10 years of active and expert encouragement and support, only 14% of patients at Thornley Houghton Practice use it.

There is the need to vet records for harmful and third party data before implementing access to past data. We also need to manage expectations of clinician & patients. Editing of details that help identify patient (name, address, etc) by patients / carers should not be implemented until strong authentication of the person doing the editing is available and used.
Patients should have access to audit trail details of who has seen their record, updated it and of any data exports (e.g. for use by apps, including those that retain the data outside the source system).

API for record access.
may e.g. seek access to meds from all provider records to generate a single (virtual or physical) patient medication record.. Scots palliative care addition has consent to view on each viewing, but may be better to ask once for consent for all (subsequent) views or at least offer this as an option for patients

While the transactional services are really a no brainer, Two-way messaging is different and a big one Should it be synchronous, asynchronous or either? Two way asynchronous communication on-line is the big one. How to you cover the clinician being away or ill?. A generic mailbox checked by a receptionist might not be something the patient would want to use. In the States, messaging is only patient initiated; the clinician does not initiate message exchanges. Patients are perceived to be more in control in the States, seeking value from their treatments.

One CLICSIG attendee does some asynchronous email consultation, but their partners don’t like it, because they think it’s too risky. It tends to be used with patients who are busy professionals with long term issues, who probably wouldn’t otherwise access care. The problem is controlling it, using secure communications, and ensuring cover if the clinician concerned isn’t available - it can be very disruptive and time consuming for a GP to have to continually monitor/channel / process alerts. It gives the patient the initiative. However one English pilot at scale of remote form based asynchronous consultations is likely to be completed this year, with the intention to use it routinely and more extensively from 2014 onwards.