NHS App

Version 1.2, 17 March 2025

This guidance is part of the Online patient facing services section of the Good practice guidelines for GP electronic patient records.

The NHS App is available for use by anyone aged 13 or over who is registered with an NHS GP practice in England or the Isle of Man.  Users must set up an NHS login if they don’t already have one.  To do this they will need to prove their identity. 

You can find information about the features of the App, how to promote its use to patients and many other resources on the NHS App web pages.

A quick guide for GP practices can be found here.

 

Safeguarding

From the end of 2022 practices need to be mindful that patients may be able to see their prospective clinical records, including free text, letters and documents through the NHS App. 

In some circumstances this may not be beneficial to the patient. The record may contain information that is particularly confidential and/or sensitive, and which, if viewed by a third party, could become harmful to the patient in some way, e.g. where there is actual or suspected domestic abuse documented and there is a risk of coercion leading to the release of that record. The importance of safeguarding patients from harm is paramount. 

It may be appropriate to redact specific information entered into the GP medical record or to limit or prevent the patient (or their proxy) from having access, either temporarily or permanently. 

NHS Digital has produced guidance for practices to add an enhanced review code to patient records where there are safeguarding concerns.

Digital inclusion

As with any technology, there will be rural/geographical areas where patients may be disadvantaged because of network and connection problems. Whilst this is beyond the control of practices, those who operate in these localities need to mindful of the issues and make sure there are sufficient alternative ways for patients to access services.

There is another article in this series on digital inclusion.

Security and data protection

The NHS App has numerous links to other service providers. NHS Digital and a number of data controllers and processors are involved in providing the full service.

There is nothing specific that practices/staff need to do with regards to data security, and the App, other than the annual data security awareness training.  You can, however, find out more information on the relevant NHS App data protection and privacy policies at nhs.uk.

If patients have data security queries regarding the NHS App, practices can advise them to view the NHS account privacy policy on NHS.UK.

Patients also need to be made aware of their responsibility to keep their log-in information and health record information secure. NHS England has produced a booklet for patients called Keeping your online health and social care records safe and secure.

Related GPG content

Other helpful resources