This site is intended for health professionals only


GPs ‘not required to share sensitive records’ despite contract requirements

Recovery plan template letter

GPs do not have to allow patients to access their full records if they contain sensitive information that can’t be redacted, despite contractual requirements, NHS England has said. 

The BMA and NHS England have clarified that access to records does not have to be offered to patients if GPs deem they contain any ‘harmful’ information, and if GPs do not have the sytems in place to redact the information.

However, GPs have argued this will increase their workload significantly because they will still have to spend time assessing records to decide whether information should be redacted, and that they also may be at a risk of legal action from patients. 

Under the new five-year GP contract, patients are expected to have digital access to their ‘full records from 2020, with new registrants having full online access to prospective data from April 2019’.

In a recent statement, NHS England said GPs should use their clinical judgement before considering the sharing of ‘harmful’ records with patients.

The statement said: ‘If based on clinical judgement, it is considered that some information could be harmful to the patient, this information should not be shared with them. This information can be redacted from the patient view and must not be deleted from the record.

‘If system functionality to redact information is not available, the record should not be shared with the patient.’

On third party data, the statement said: ‘Legal confidentiality requirements require that where the information is not already known to the patient, any information contained must be redacted, but not deleted from the record. If system functionality to redact information is not available, the record should not be shared with the patient.’

But East London GP Dr Nick Mann said this will still have a significant impact on GP workload. 

He said: ‘Any form of redaction or consideration of what might be harmful for a patient to read are significant additions to workload.

‘How long do I consider what might prove harmful to a patient, or whether the patient might sue me for withholding information they feel is essential?

‘Do I read every one of 1,400 pages before I can decide whether there is in fact any harmful information in this patient’s notes? Does my subjective judgement about what is harmful concur with other GPs’ judgement?’

He added: ‘Information gained today may not become “harmful” for some time, and the definition of harmful is open to wide interpretation. This leaves GPs worryingly vulnerable to legal action by patients, in a number of ways.’

Dr Neil Bhatia, GP and IT lead at Oakley Health Group, agreed this will generate a ‘huge amount of work’ but also stressed refusing full disclosure is rarely used at the moment. 

He said: ‘Part of the hesitation from many practices is that by doing that you generate vast amounts of work. You have to spend a long time reading through these records and some of these patients have got enormous records.

‘Serious harm is a tall bar though. It’s rarely used as an exemption. One example might be where a patient is genuinely unaware of a diagnosis or prognosis, e.g. terminal cancer. Again, a very rare situation nowadays. There might be communication between a consultant and a GP that the patient has not been cc’d in on, for example.

‘Genuinely, it would help us as practices if patients can look up their own results and save us time so it’s definitely an investment for GP practices to do this but there’s always hesitation about giving full access because you think “hang on, every patient I give full access to I’ve got to then read their record on a Saturday morning, in the evening or in my lunch time and check there’s nothing in there I shouldn’t be disclosing” and you end up creating work for yourself.

‘You have to do it outside of your clinical surgery because you can’t really block off your surgery to do this and you don’t get paid for it.’

A BMA survey of 1,500 GPs showed that patients request for information have increased over a third since the implementation of GDPR data protection regulations

The BMA previously criticised the NHS’s integrated patient records system, saying it has led to secondary care services redirecting patients to practices to explain their hospital test results.