Comprehensive, accurate, health records are central to a modern healthcare system.
A patient record may contain information in any number of formats but in primary care, the core of a record is held in digital form. This article focusses on the nature and uses of GP electronic health records in primary care, and the wider NHS. It should be noted that their primary purpose is, however, to support direct patient care. Understanding the various purposes of GP records can help to appreciate the importance of the quality of the record and how this may influence its use for other/secondary purposes.
As part of the Five-year framework for GP contract reform to implement the NHS Long Term Plan, the ambition was the digitisation of all Lloyd-George paper records. NHS England continues to work towards this goal although this is a considerable project. Eventually this will mean that the entire patient record will be held in electronic form.
Definitions of a health record
The health record can be defined in several ways. The NHS Records Management Code of Practice 2021 suggests two possible definitions, which are closely aligned:
- ISO standard 15489 -1:2016 | ‘Information created, received, and maintained as evidence and as an asset by an organisation or person, in pursuance of legal obligations or in the transaction of business’
- Section 205 of the Data Protection Act 2018 | A health record: ‘consists of data concerning health and has been made by or on behalf of a health professional in connection with the diagnosis, care or treatment of the individual to whom the data relates’
These definitions are helpful in setting the legal context in which records are normally created, retained and for the associated data protection requirements.
Data controllers and responsibilities
As data controllers for the information they hold about their patients, practices retain responsibility for handling all requests for access to the data, for example, subject access requests made by patients or requests from third parties such as insurance companies and solicitors. GP data controllers may delegate these activities but remain responsible for the final output.
Practices retain responsibility for ensuring that access to confidential data in the practice is subject to appropriate controls so that it can be accessed only by staff who are providing direct care to an individual patient. All practice staff who have access to medical records as part of their role in providing direct care must have confidentiality clauses in their employment contracts. This is an important element of data controllers’ general obligation to ensure the appropriate security of the data they hold and protect data against unlawful access.
Other healthcare professionals who are not employed by the practice, such as community nurses or physiotherapists, can legitimately access or enter information into patients’ medical records for direct care purposes. Individuals who have been given an honorary contract to provide direct patient care can also access confidential data for this specific purpose.
For further guidance please see the related article in this series on information governance and data protection.
The importance of electronic health records to primary care and general practice
Electronic health records are important because they provide a platform to deliver care in line with NHS Long Term Plan, five year framework for GP contract reform and the Digital, Data and Technology Vision.
Systems are increasingly allowing patient information to be shared safely and securely across care settings. The rapid evolution of technology over recent years has transformed primary care, improving patient care, quality, safety, and efficiency.
Practices need to understand how digital services can be used to provide care to their practice population. They can then build on existing models of care by embracing new approaches such as digital first primary care and other new technologies.
By understanding these new approaches to service delivery, practices can then select appropriate digital solutions, e.g. finding the right online consultation solution for the general practice.
As practices move to more collaborative working in primary care networks, it becomes more important to understand electronic health records and how cross- organisational/practice data sharing occurs to enable such collaborative working and is facilitated by electronic health record systems.
Electronic health records can be used for clinical, non-clinical, administrative, and other increasingly novel and emerging purposes. It is important to remember that the term ‘health record’ includes all records associated with providing care to a patient.
Electronic health record systems themselves have become increasingly complex. In primary care they include as a minimum:
- maintenance of patient information, which includes the registration of patients, maintenance of all their personal information, and configuration of related records
- facilitating the standardised recording of consultations and other patient-related activity
- prescribing activity related to medication, medical products, and appliances
- referral management including recording, reviewing, sending, and reporting of patient referrals
- support for the administration and scheduling of patients’ appointments
Content of electronic health records
Electronic health records should be a complete record of interactions with, and actions relating to, a patient. Here, the focus is on the primary GP record, created during a consultation between a health professional and patient in a primary care setting. They should include, but are not limited to, details such as:
- relevant findings/history
- decisions made (by whom and with whom)
- actions taken
- information given to the patient
- investigations
- medication prescribed
- treatments
- the nature of the interaction e.g. telephone or face-to-face consultation
- the name of the chaperone if present
- any refusals of treatment, medication, or action by the patient
- the name of the consulting professional with the date and time of the entry
Information stored in a record may be in a number of formats, including:
- handwritten notes (until Lloyd George envelopes are no longer in use)
- digital notes (unstructured or text primarily aimed at clinicians containing possible conditions or differentials)
- correspondence between health professionals/providers/patients/carers
- laboratory reports
- imaging or imaging reports
- photos
- videos
- printouts from monitoring equipment
- emails or text messages with the patient
Uses of electronic health records
Electronic health records are used for direct care, non-clinical purposes, and a number of novel/new purposes.
For direct care
Electronic health record systems facilitate the clinical care of patients by:
- facilitating basic data recording and providing a record for every consultation with a patient, whether planned or unplanned
- providing the ability to record patient characteristics and interventions carried out to investigate or treat a patient including, for example:
- signs symptoms and observations
- medical family and social history
- diagnosis and problems
- allergies and sensitivities
- surgical, diagnostic, and preventative procedures
- access to services, counselling, and education
- prescribing medicines and medical devices
- referrals
- allowing episodes of care to be viewed in a structured manner (by viewing records chronologically or grouped by condition, etc.) by all involved in their care
- supporting electronic requests to other healthcare organisations so that test results can be ordered, received, reviewed, and stored against the patient record
- acting as a repository for associated documents such as referrals, medical reports, correspondence, laboratory reports, and requests for further investigation
- enabling the transfer of records between general practices when a patient moves to a new house or chooses a new practice
- providing a platform that supports the effective and safe prescribing of medicines and appliances to patients, which are then accurately recorded in the patient’s electronic record
- allowing the use of standardised coding systems like SNOMED CT, which provide a consistent vocabulary for recording patient clinical information
- providing remote consultations and remote healthcare to patients, allowing them to communicate with their practice remotely in a way that suits their lifestyle, and healthcare needs
- enabling patients to interact with clinical decision support systems and digital triage systems, which in turn can form part of the patient’s health record and care
Electronic health record systems also support the local practice population by:
- allowing targeted interventions based on characteristics identified by assessing the needs of the local population, reliant on well-structured electronic health record systems containing accurately coded information
- monitoring specific groups of patients such as those with chronic disease within the practice, e.g. at-risk populations like those with diabetes, to ensure adequate treatment, recall, and monitoring
- targeting cohorts of patients for health promotion activity, also enabling health promotion activities to be monitored
- supporting quality improvement activities such as audit
- identifying at risk patients when there are particular threats such as the Covid-19 pandemic, allowing personal risk scores based on a patient’s health profile through interrogation of their clinical record and additional safeguards for individual patients
Non-clinical uses
GP practices and health organisations now use electronic patient health record systems to support governance, administrative, and contractual obligations. They do this by:
- providing medicolegal evidence in the form of patient records for various uses, including insurance claims, social care and benefits claims, and occupational enquiries
- allowing practices to analyse and manage workload (and engage in workforce planning) from different perspectives, including numbers of appointments, complexity of patient conditions, and high service users
- facilitating the right of access to records by patients, and other data subject rights, under current data protection legislation
- allowing practices to monitor the use of services and resources (e.g. other community services, prescribing activity, referral activity)
- providing data to support commissioners in understanding the local population to provide adequate community and secondary healthcare services
- enabling patients to view their own patient record (or the online record(s) of patients they are proxies for) supporting the accurate recording of personal information, reducing the need to contact the practice to view information resulting in time saved, and enabling self-care
- facilitating quality assurance of, and payment for, indicators such as the Quality and Outcomes Framework (QOF)
Additional and novel uses of the electronic health record
Health organisations are increasingly using electronic health records to facilitate other capabilities and support new ways of working. Examples of these capabilities are:
- facilitating the collection of data on a national scale to support research and quality improvement which can be in the form of identifiable, or pseudonymised, data, e.g. the General Practice Extraction Service (GPES), QResearch, OpenSAFELY, the Clinical Practice Research Datalink or CPRD
- risk stratification of patients based on tools specifically designed to identify those individuals who are at high risk of experiencing a future adverse event, such as readmission to hospital or unplanned hospital admission, or an acute event such as a heart attack, e.g. QRISK®2, QDiabetes®, QFracture®, QCancer®
- shared care or unified care records so that healthcare professionals in different organisations who are involved in the direct care of the patient can see the data from the GP electronic health record, where there is the relevant data sharing agreement in place, including the summary care record or more complex systems, commercially available integrated care solutions
- implementing shared care plans which can have complex interactions with the GP record, allowing health professionals to view and maintain a single plan rather than holding separate and disconnected plans, e.g. end-of-life care plans, urgent care plans, advanced care plans
- population health management which can support practices by gathering health data from various sources to allow them to perform risk stratification of their population to support targeted interventions
Retention and deletion of electronic health records
The UK GDPR introduces rights for individuals (patients) to have personal data rectified, erased and restricted, as well as the right to data portability. Further information about an individual’s rights can be found on the Information Commissioners Office website.
The retention of health records is governed by the NHS Records Management Code of Practice 2021, reviewed by the Health and Care Information Governance Panel, including the Information Commissioner’s Office (ICO) and National Data Guardian (NDG).
Health data cannot generally be deleted outside of set retention periods as this guidance takes precedence over the ‘right to be forgotten / right to erasure’.
In short, the right to erasure does not apply if processing is necessary for one of the following reasons:
- to exercise the right of freedom of expression and information
- to comply with a legal obligation
- for the performance of a task carried out in the public interest or in the exercise of official authority
- for archiving purposes in the public interest, scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
- for the establishment, exercise or defence of legal claims
Summary
The GP electronic health record forms the core of the GP IT system and electronic health records in the NHS. As the complexity and functionality of these systems grow, they need to be clinically safe and provide useful digital services and data services for patients and general practice.
These requirements are currently met through the GP IT Future programme and it is useful for practices to be aware of the programme as technology advances and new models of care are brought in. Having this awareness will enable practices to understand, embrace and use these new services more easily.
Related GPG articles
- Clinical coding – SNOMED CT
- Information governance and data protection
- Data and clinical record sharing
- Calculating Quality Reporting Service (CQRS) and Quality Outcomes Framework (QOF)
- High quality patient records
- Video consultation tools
- Digitisation of Lloyd George records
- Subject access requests (SAR)
Other helpful resources
- NHS Digital, GP IT Futures systems
- NHS Digital, GP IT Futures capabilities & standards
- British Medical Association, GPs as data controllers under GDPR
- Information Commissioner’s Office, Rights of access