Protecting patient privacy

Audit trails

An audit trail is kept in the GP system when a proxy user accesses a patient’s record. It includes:

  • who accessed the record and when
  • what information was accessed
  • what medication was ordered
  • who authorised or rejected the medication request and when

Reducing the risk of security breaches

It is essential that resident/patient privacy is respected and protected.  To reduce the risk of a breach of privacy or confidentiality it is important that:

  • a data sharing agreement between the care home and the GP practice has been agreed for the purpose of sharing information
  • all authorised care home staff are up to date with information governance (IG) training and IG requirements
  • a process is in place to manage any breach of confidentiality or misuse of proxy access to the GP record
  • a Data Protection Impact Assessment (DPIA) has been completed locally

The Royal College of General Practitioners (RCGP) has developed guidance for GP online services. There is a section on proxy access issues and the safeguards that might be helpful.

A carer’s access to these other elements can have benefits for patients, such as better communication between different care providers.

There are, however, security and confidentiality risks that need to be considered from a patient, GP, and care home point of view before any level of proxy access is set up. These are discussed in the RCGP guidance section on proxy access issues and safeguards.

View the next sections in this guide: