Please check with the Practice if this service is available.

Giving another person access to your GP online services

Did you know that you can choose to give another person access to your GP online services on your behalf? You don’t need to know how to use these services or have a computer yourself to give another person access.

Who can have access?

You choose who you want to give access to. This could be your carer, partner, parent or another family member. You can also give access to more than one person. Giving access to another person is your choice. No-one can go to your GP surgery and ask for access to your online services without your permission.

You also choose which online services you want each person to use. These are booking appointments, ordering repeat prescriptions and looking at your GP record. You decide whether to let them use one, two or all of the services on your behalf.

Why you may want to give another person access

You may wish to allow another person to use your online services for different reasons. For example:

• You are very unwell or just need help managing your health
• You have a long term condition ,for example diabetes, heart disease, asthma or high blood pressure and would like support with checking test results, ordering repeat prescriptions and understanding your treatment
• You are finding it more difficult to look after yourself, for example due to memory issues or speech difficulties
• You have learning difficulties and want someone else to help you understand your health
• You have a carer who can help you manage your health
• You may be planning for the future or choosing someone to hold lasting power of attorney for health and social care for you
• You are a young person and would like your parent or guardian to look after your health. Some surgeries only allow this for children under the age of 12
• You work away from home or are just busy and need help with booking appointments or ordering repeat prescriptions.
• You are not comfortable with using computers, smart phones, or tablets

For more information on GP online services for carers, see our leaflets ‘GP online services for carers including young carers’ and ‘Giving employed carers access to your GP online services’. These can be found at Getting started with GP online services.

Benefits

Before giving another person access, you should think about what the benefits will be for you. If you cannot think of any, then you should think very carefully whether allowing them access is the right thing to do. Some of the benefits are:

• You have peace of mind that someone is supporting you with managing your health
• The person you choose can help you make sure the information your surgery has about you is correct, for example your medication and allergies.
• You know that someone else understands your medical information and can provide information when you are unable to. This could be when you are unconscious or too unwell to speak or when you need help explaining or understanding something
• You can benefit from the convenience of using GP online services even if you do not use a computer or do not have access to the internet
• One member of the family can book appointments for everyone in the household and make sure the appointments fit with your family activities

If you have a carer, using GP online services can save them time allowing them to spend more time looking after your needs.

What other patients who use this service had to say

‘I access my son’s online services to order his repeat prescriptions, it is definitely worthwhile and saves a trip to the surgery. As long as I can remember my login details, it is easy to use. I use this service every couple of months when prescriptions are due.’

Andy, Street Lane Practice.

‘My daughter having access to my GP records gives me peace of mind and the knowledge that I am being cared for.’

Freda, Rotherham Road Medical Centre.

‘This online system is brilliant and means I do not have to waste valuable doctors’ time phoning the practice, which is beneficial for all patients at the practice. I can login once a week to see if we have any issues with my three children. The system is secure with passwords and usernames which can be changed at any time for security purposes. I would recommend to all parents and patients that this is the best system to use for all
GP records of your children. A must have item for all parents and patients.’

Mr Thomas, Street Lane Practice.

How it works

The recommended and safest way to give another person access to your online services is for them to have their own username and password. If you use online services yourself, you should not share your username and password with anyone. If you share your username and password, your surgery cannot tell whether you or someone else accessed your online services. This may be a problem if someone else misuses your login details and your surgery has to look into this.

How to sign up

The steps below show how you can give another person access:

1. You contact your surgery to let them know you would like to give your chosen person access to your GP online services.You may also choose to register for online services for yourself if you do not already use them
2. The Practice will give your chosen person a short form to fill in. You will also need to sign to confirm you agree with the information on the form. You can also choose whether you only want them to book appointments or order prescriptions or use all the services on your behalf. It is up to you
3. Your chosen person will need to show your surgery their photo ID and proof of address, for example, a passport or photo driving licence and a bank statement or council tax statement. If they don’t have the required ID, speak to staff at the surgery, who may be able to help confirm their identity in another way
4. Staff at the Practice will make a decision on whether to give your chosen person access to your GP online services. If we decide not to give them access, we will discuss their reasons with you
5. The staff will give your chosen person their own username and password to use to login to your GP online services.

Things to consider before giving another person access

• Is there any information in your records you would not like anyone to see or know about?
• Can you trust the person to keep your information safe and not share it with others or use it without your permission?
• Is any one forcing you into sharing your online services with them or do you think someone could force you to share it with them? If so, we would advise that you do not give them access. If you have any concerns that someone has access to your online records without your permission, speak to your surgery and they can change your password or stop your online services
• How long would you like your chosen person to have access for? This can be for a short time, for example when you are suffering from a certain illness and you need support with managing your health during that time. It can also be ongoing so they can help you for a long period of time. You can discuss this with the Practice.

Lasting power of attorney for health and welfare or court appointed deputy

When a person is unable to make decisions for themselves, another person, usually a partner or close family member can be given legal responsibility over decisions concerning their life by the courts. This is called Health and Welfare Lasting Power of Attorney. A person with lasting power of attorney can ask the patient’s surgery for access to their online services. The GP will make a decision whether this should be allowed.

If you know that you would never want a particular person to have access to your online services if you become unable to make your own decisions, you should tell your GP and they will never share them with that person.

Why your surgery may refuse to give your chosen person access

On rare occasions, your GP could refuse to allow your chosen person to use GP online services on your behalf. If this happens, your GP will discuss their reasons with you. Some of the reasons your GP could have are:

• Your GP does not think it is in your best interest for your chosen person to use these services on your behalf
• You or your chosen people have misused online services in the past
• The Practice is concerned that your chosen person will not keep your information safe
• The Practice suspects someone is forcing you to give them permission to use your online services
• You are not able to make decisions for yourself.

Why your surgery can stop the service

• We believe your chosen person is forcing you to share your GP records with them or with another person.
• Your chosen person has misused your GP information
• You are no longer able to understand or remember that you gave your chosen person permission to use online services on your behalf
• You have told the Practice in the past that if you become unable to make decisions for yourself, you do not wish for your chosen person or anyone to have permission to your online services
• You have died.

How you can stop the service

You can choose to take away access to your GP online services from your chosen person at any time.To end the service, you need to let your surgery know you would like them to switch off online access for your chosen person and give them the reason.Your surgery will then stop the service and your chosen person will not be able to use their login details to look at your information.

Why you may want to stop access

Some of the reasons you can choose to end the service are:

• You only needed your chosen person to support you for a short time, for example when you were suffering from a certain illness and you needed help with managing your health during that time
• You want to give this responsibility to another person, for example, if you have a new carer or personal assistant
• Your relationship with your chosen person has broken down
• Your chosen person has misused information in your GP records, for example, they have collected medication in your name or they have shared your private information with someone without your permission.

The practice complies with the Data Protection Act.  All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the surgery or being registered at the Practice. All patients can expect that their personal information will not be disclosed without their permission except in the most exceptional of circumstances, when somebody is at grave risk of serious harm.

All members of the primary health care team (from reception to doctors) in the course of their duties will have access to your medical records. They all adhere to the highest standards of maintaining confidentiality.

You have a right to know who holds personal information about you. This person or organisation is called the Data Controller. In the NHS, the Data Controller is usually your local NHS Health Authority and/or your GP Surgery. The NHS must keep your personal health information confidential. It is your right.

Please be aware that our staff are bound to the NHS code of confidentiality; they are therefore not permitted to discuss any of our patient’s medical history, including their registration status, without their written consent to do so.

Once written consent has been received and verified with the patient we can provide you with information as required; this includes communicating with you on behalf of the patient with regards to any complaints, but excludes patients who are unable to act on their own behalf and already have a designated person or carer responsible for their medical care.

Under 16s:

The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person. Young people aged under 16 years can choose to see health professionals, without informing their parents or carers. If a GP considers that the young person is competent to make decisions about their health, then the GP can give advice, prescribe and treat the young person without seeking further consent.

However, in terms of good practice, health professionals will encourage young people to discuss issues with a parent or carer. As with older people, sometimes the law requires us to report information to appropriate authorities in order to protect young people or members of the public.

Useful Websites:

• Confidentiality and Mental Health
• Confidentiality Guidance

We therefore respectfully ask parents, relatives and guardians not to request information regarding their relatives/friends or to complain on their behalf unless we have their written consent that you may do so. If consent is required we advise that the person concerned attends the Practice to complete the required form.

Subject Access Requests

A request by a patient, or a request by a third party who has been authorised by the patient, for access under the GDPR (and DPA 2018) is called a Subject Access Request (SAR). If you want to see your health records, or wish a copy, please complete a Practice Subject Access Request Form which you can complete online or please contact the Practice and we will provide you with our paper format. Contact will, subsequently, be made by the Practice to arrange a time for you to come in and collect or read them. You don’t have to give a reason for wanting to see your records and there is no charge for this service. You will however be required to produce proof of identity before being allowed to read them.

The Practice has up to 28 days to respond to your request. If additional information is needed before copies can be supplied, the 28-day time limit will begin as soon as the additional information has been received.

The 28 day time limit can be extended for two months for complex or numerous requests where the data controller (usually your Practice) needs more time to collate and supply the data. You will be informed about this within 28 days and provided with an explanation of why the extension is necessary.

When writing/calling, you should say if you:

• want a copy of your healthcare records as well as to see them (if you wish to see them your Doctor or member of staff will be present to assist you and explain any medical terms to you)
• want all or just part of them
• would like your records to be given to you in a specific format that meets your needs, and we will endeavour to accommodate your request
• If you request your records to be emailed, then we will secure you or your representative’s agreement (in writing or by email) that they accept the risk of sending unencrypted information to a non-NHS email address

You may also need to fill in an Application Form and give proof of your identity. The Practice has an obligation under the GDPR and DPA2018 to ensure that any information provided for the patient can be verified.

Please note we never send original medical records because of the potential detriment to patient care should these be lost

Who may apply for access?

1(1) Patients with capacity

Subject to the exemptions listed in paragraph 1(6) (below) patients with capacity have a right to access their own health records via a SAR. You may also authorise a third party such as a Solicitor to do so on your behalf. Competent young people may also seek access to their own records. It is not necessary for them to give reasons as to why they wish to access their records.

1(2) Children and young people under 18

Where a child is competent, they are entitled to make or consent to a SAR to access their record.

Children aged over 16 years are presumed to be competent. Children under 16 in England, Wales and Northern Ireland must demonstrate that they have sufficient understanding of what is proposed in order to be entitled to make or consent to an SAR.However, children who are aged 12 or over are generally expected to have the competence to give or withhold their consent to the release of information from their health records. In Scotland, anyone aged 12 or over is legally presumed to have such competence. Where, in the view of the appropriate health professional, a child lacks competency to understand the nature of his or her SAR application, the holder of the record is entitled to refuse to comply with the SAR. Where a child is considered capable of making decisions about access to his or her medical record, the consent of the child must be sought before a parent or other third party can be given access via a SAR (see paragraph 1 (3) below)

1(3) Next of kin

Despite the widespread use of the phrase ‘next of kin’, this is not defined, nor does it have formal legal status. A next of kin cannot give or withhold their consent to the sharing of information on a patient’s behalf. As next of kin they have no rights of access to medical records. For parental rights of access, see the information above.

1(4) Solicitors

You can authorise a Solicitor acting on your behalf to make a SAR. We must have your written consent before releasing your medical records to your acting Solicitors. The consent must cover the nature and extent of the information to be disclosed under the SAR (for example, past medical history), and who might have access to it as part of the legal proceedings. Where there is any doubt, we may contact you before disclosing the information. (England and Wales only – should you refuse, your Solicitor may apply for a court order requiring disclosure of the information. A standard consent form has been issued by the BMA and the Law Society of England and Wales. While it is not compulsory for Solicitors to use the form, it is hoped it will improve the process of seeking consent).

The Practice may also contact you to let you know when your medical records are ready. If your Solicitor is based within our area, then we may ask you to uplift them and deliver them to your Solicitor. This is because we can no longer charge for copying and postage, so we would appreciate your help if you can do this, or alternatively ask your Solicitor if they can uplift your medical records.

1(5) Supplementary Information under SAR requests

The purposes for processing data

The purpose for which data is processed is for the delivery of healthcare to individual patients. In addition, the data is also processed for other non-direct healthcare purposes such as medical research, public health or health planning purposes when the law allows.

The categories of personal data

The category of your personal data is healthcare data.

The organisations with which the data has been shared

Your health records are shared with the appropriate organisations which are involved in the provision of healthcare and treatment to the individual. Other organisations will receive your confidential health information, for example Digital or the Scottish Primary Care Information Resource (SPIRE) or research bodies such as the Secure Anonymised Linkage Databank (SAIL). (This information is already available to patients in our Practice privacy notices).

The existence of rights to have inaccurate data corrected and any rights of objection

For example, a national ‘opt-out’ model such as SPIRE etc.

Any automated decision including the significance and envisaged consequences for the data subject

For example, risk stratification.

The right to make a complaint to the Information Commissioner’s Office (ICO)

1(6) Information that should not be disclosed

The GDPR and Data Protection Act 2018 provides for a number of exemptions in respect of information falling within the scope of a SAR. If we are unable to disclose information to you, we will inform you and discuss this with you.

1(7) Individuals on behalf of adults who lack capacity

Both the Mental Capacity Act in England and Wales and the Adults with Incapacity (Scotland) Act contain powers to nominate individuals to make health and welfare decisions on behalf of incapacitated adults. The Court of Protection in England and Wales, and the Sheriff’s Court in Scotland, can also appoint Deputies to do so. This may entail giving access to relevant parts of the incapacitated person’s medical record, unless health professionals can demonstrate that it would not be in the patient’s best interests. These individuals can also be asked to consent to requests for access to records from third parties.

Where there are no nominated individuals, requests for access to information relating to incapacitated adults should be granted if it is in the best interests of the patient. In all cases, only information relevant to the purposes for which it is requested should be provided.

1(8) Deceased records

The law allows you to see records of a patient that has died as long as they were made after 1st November 1991.

Records are usually only kept for three years after death (in England and Wales GP records are generally retained for 10 years after the patient’s death before they are destroyed).

Who can access deceased records?

You can only see that person’s records if you are their personal representative, administrator or executor.

You won’t be able to see the records of someone who made it clear that they didn’t want other people to see their records after their death.

Accessing deceased records

Before you get access to these records, you may be asked for:

• proof of your identity
• proof of your relationship to the person who has died

Viewing deceased records

You won’t be able to see information that could:

• cause serious harm to your or someone else’s physical or mental health
• identify another person (except members of NHS staff who have treated the patient), unless that person gives their permission
• If you have a claim as a result of that person’s death, you can only see information that is relevant to the claim.

1(9) Hospital Records

To see your Hospital records, you will have to contact your local Hospital.

1(10) Power of attorney

Your health records are confidential, and members of your family are not allowed to see them, unless you give them written permission, or they have power of attorney.

A lasting power of attorney is a legal document that allows you to appoint someone to make decisions for you, should you become incapable of making decisions yourself.

The person you appoint is known as your attorney. An attorney can make decisions about your finances, property, and welfare. It is very important that you trust the person you appoint so that they do not abuse their responsibility. A legal power of attorney must be registered with the Office of the Public Guardian before it can be used.

If you wish to see the health records of someone who has died, you will have to apply under the Access to Medical Records Act 1990. You can only apply if you:

• are that person’s next of kin, are their legal executor (the person named in a will who is in charge of dealing with the property and finances of the deceased person),
• have the permission of the next of kin or have obtained written permission from the deceased person before they died.
• To access the records of a deceased person, you must go through the same process as a living patient. This means either contacting the Practice or the Hospital where the records are stored.

If you think that information in your health records is incorrect, or you need to update your personal details (name, address, phone number), approach the relevant health professional informally and ask to have the record amended. Some Hospitals and GP Surgeries have online forms for updating your details. If this doesn’t work, you can formally request that the information be amended under the NHS complaints procedure.

All NHS trusts, NHS England, CCGs, GPs, Dentists, Opticians and Pharmacists have a complaints procedure. If you want to make a complaint, go to the organisation concerned and ask for a copy of their complaints procedure.

Alternatively, you can complain to the Information Commissioner (the person responsible for regulating and enforcing the Data Protection Act), at:

The Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 01625 545745

If your request to have your records amended is refused, the record holder must attach a statement of your views to the record.

Consent to Share Information

Giving someone power of attorney

A note about Medical Records

Sometimes when people view their medical records they see things recorded in ways that they don’t understand or in which don’t fully record the medical problems that they have or have had.

There are a number of reasons that may account for this:

1. It may have been incorrectly recorded or dated. If you are viewing your medical records and something is clearly wrong, please let us know so we can investigate and correct it. If possible, let us know of problems in writing rather than by telephone. Please do not book an appointment just to raise concerns about details in your medical record.
2. It may not be able to be exactly recorded due to the limitations of the system used to “code” medical information. Much of the information in medical records is recorded using medical terms that the computer system recognises. Unfortunately the number of computer recognised terms is not as extensive as enormous variety of medical conditions that people have. Rare, very detailed and newly described conditions or procedures are often not available on the coding system so we have to use approximations. We have to accept and work with this.
3. Remember that medical terminology does not always have exactly the same meaning as when the words are used in day to day conversation.

Your Data Matters to the NHS

Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments. The NHS is committed to keeping patient information safe, and will always be clear about how it is used.

How your data is used

Information about your individual care such as treatment and diagnoses is collected about you whenever you use health and care services. It is also used to help both the Practice and other organisations for research and planning, for example research into new treatments, deciding where to put GP clinics and planning for the number of Doctors and Nurses in your local Hospital.  It is only used in this way when there is a clear legal basis to use the information to help improve health and care for you, your family and future generations.

Wherever possible we try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.

You have a choice

You do not need to do anything if you are happy about how your information is used. However, if you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely, either online or through a telephone service. You can change your mind about your choice at any time.

Will choosing this opt-out affect your care and treatment?

No, choosing to opt out will not affect how information is used to support your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.

What do you need to do?

If you are happy for your confidential patient information to be used for research and planning, you do not need to do anything.

To find out more about the benefits of data sharing, how data is protected, or to make/change your opt-out choice visit Your NHS data matters.

You can also view/download the leaflet below for your information.

General Practice Extraction Service (GPES) is a centrally managed, primary care, data extraction service being introduced across England, and is managed by the Health and Social Care Information Centre (HSCIC).

The purpose of GPES is to extract and compare data from across the NHS, allowing data to be turned into accurate and usable management information; this in turn leads to improvements in patient care and greater efficiency across the service as a whole. The data extracted is also used to support QOF, although GPES does not calculate or make these payments, that task is carried out by the Calculating Quality Reporting Service (CQRS).

Click on the link below to be redirected to a more in depth review of how ‘Care Data’ is being managed.

For further information please access this LINK.

The Freedom of Information Act creates a right of access to recorded information and obliges a public authority to:

• Have a publication scheme in place
• Allow public access to information held by public authorities.

The Act covers any recorded organisational information such as reports, policies or strategies, that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland, however it does not cover personal information such as patient records which are covered by the Data Protection Act.

Public authorities include government departments, local authorities, the NHS, state schools and police forces.

The Act is enforced by the Information Commissioner who regulates both the Freedom of Information Act and the Data Protection Act.

The Surgery publication scheme

A publication scheme requires an authority to make information available to the public as part of its normal business activities. The scheme lists information under seven broad classes, which are:

• who we are and what we do
• what we spend and how we spend it
• what our priorities are and how we are doing it
• how we make decisions
• our policies and procedures
• lists and registers
• the services we offer

You can request our publication scheme leaflet at the surgery.

Who can request information?

Under the Act, any individual, anywhere in the world, is able to make a request to a practice for information. An applicant is entitled to be informed in writing, by the practice, whether the practice holds information of the description specified in the request and if that is the case, have the information communicated to him. An individual can request information, regardless of whether he/she is the subject of the information or affected by its use.

How should requests be made?

Requests must:

• be made in writing (this can be electronically e.g. email/fax)
• state the name of the applicant and an address for correspondence
• describe the information requested.

What cannot be requested?

Personal data about staff and patients covered under Data Protection Act.

For more information see these websites:

• Legislation GOV.UK
• Information Commissioners 

NHS England is currently involved in developing a modern information system, to help improve health services.

To discover how information about you helps us to provide better care you can visit the NHS England website or download the leaflets shown below.

Health and Social Care Act 2012

Collection of your personal data under the Health and Social Care Act 2012.

The NHS operate a Zero Tolerance Policy with regard to violence and abuse and the Practice has the right to remove violent patients from their list with immediate effect, in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.

Where patients are disruptive and display aggressive and/or intimidating behaviour and refuse to leave the premises, staff are instructed to dial 999 for Police assistance, and charges may then be brought against these individuals.