NHS: Concerns mount over 'prospective medical records' access from 31st October
'This process is a mess', say campaign groups
The British Medical Association (BMA), charity group Refuge, and 20 other organisations have issued a strong warning regarding the potential risks that remote access to medical records may pose to domestic abuse survivors and victims of stalking.
The changes to the GP contract, which came into effect on 1st April, mandate that GP practices in England offer patients automatic access to prospective medical records through the NHS app and other online systems by 31st October 2023.
From that date, any correspondence about a patient sent to their GP by other doctors and specialists will be available to the patient on the NHS app, and later on the NHS website.
The change will enable patients to access new information unless they have chosen to opt out or specific exceptions are in place.
Initially, patients were slated to receive automatic access to their prospective medical records through the NHS App, starting from 1st November 2022, beginning with EMIS and TPP systems.
However, NHS England had to abandon these plans due to worries regarding the protection of patient data. Since then, the organisation has been working on implementing a gradual rollout of the records access programme.
More than 20 campaign groups and organisations have now joined the BMA in expressing their reservations about the proposal, sounding the alarm regarding the safety of domestic abuse survivors and individuals who have been victims of stalking.
These organisations fear that perpetrators of domestic abuse may exploit this new access to coerce survivors into sharing their records.
They further emphasise the need for NHS England to respond promptly to requests to turn off access and to consider the safety and privacy of patients as a top priority.
Some survivors may have already been made exempt or have specific information redacted by their surgeries, but the groups highlight that this will not be the case for everyone.
While these changes were intended to apply only to "prospective" medical record entries made after access is enabled, experts have identified inconsistencies that could grant some patients access to unredacted medical records spanning several years.
The campaign groups are urging survivors to contact their GPs to request the removal of access to their information, consider deleting the NHS App until better safeguarding measures are in place, and review the security of any other medical apps installed on their devices.
Ellen Miller, interim CEO of Refuge, voiced her concerns, saying, "It is really disappointing and saddening that the Government and NHS England have not fully addressed the real risk to survivors that these changes will create."
Data privacy campaign group medConfidential said that while access to their medical records will be useful for a majority of people, the impact on those it could harm have not been thought through. There is also no system in place to warn patients that other parties might have accessed the details it noted.
"This process is a mess, and patients and GPs pick up the pieces. Again," the group said in a blog post. "With the usual lack of attention to detail, Government and NHS England have not told anyone other than GPs that this is happening."
Earlier this month, the BMA recommended that GP practices conduct a data protection impact assessment before enabling patient records access and consider an opt-in model if risks are identified. Previously, the union had contemplated a legal challenge to the mandated contractual obligation to provide patients with access to medical records, but backed out in July citing insufficient financial resources and legal support.
In May, an Integrated Care Board (ICB) in London explicitly recommended that GP practices refrain from enabling automatic patient access to upcoming records prior to the 31st October deadline.