This site is intended for health professionals only


Practices fear safeguarding risk of staff names within patient records

by Beth Gault
17 November 2022

Share this article

There is concern among practices over the safeguarding risk posed by staff names being included in patient records, as automatic access is due to be switched on this month.

However, practices have been advised by a GP expert that information – including staff names – can be redacted if there is a risk of harm to team members.

Automatic access to records is now due to happen by 30 November, according to a new target date set by NHS England following delays to suppliers switching on the capabilities because of concerns voiced by practices.

But there are still questions over the safeguarding consequences of the changes, including for staff members.

Dr Ralph Sullivan, a retired GP and ex-chair of the health informatics group at RCGP, speaking in a personal capacity, said that he knew of colleagues who were worried.

‘I know GPs who are very concerned about this. It’s mainly the safeguarding risk when it comes to healthcare workers or social care professionals’ names,’ he added.

He explained it would be possible to redact records that included staff names in the case of a patient with a history being aggressive and if there was a significant risk of harm to practice staff.

‘If you knew, or had a good reason to suspect, that somebody who’d written something in the record would be at risk because the patient could read it, then you could redact it,’ said Dr Sullivan.

‘I don’t think anybody’s ever tested that in law. But that would be my advice.’

But, in principle, the practice would need to remove the whole consultation or action from the record, and not just the name, according to Dr Sullivan.

‘On principle, I think you’d have to redact the whole document, the whole consultation, or a free standing read/SNOMED code with the attached staff name,’ he said.

In practice, it will depend on the IT system a surgery uses as to how this is done.

Record the justification

Practices who redact records on the basis of safeguarding staff would need to justify their decision in order to uphold it from a medical legal point of view, advises Dr Sullivan. They would also need to include the reasons for redacting the record in the notes, and then also redact that record.

The reason for this alteration would be on the basis of preventing harm to someone, not because the information is confidential, Dr Sullivan said.

‘Patients have a right to know who has been looking after them and what they’ve said and done, so that information typically should be in the public domain,’ he added.

However, patients may still be able to guess their record has been redacted.

‘The idea of redaction is that it’s meant to be invisible, so there would be no positive indication of redaction for the patient,’ said Dr Sullivan.

‘But they might assume something’s been redacted if you’ve been to see your practice nurse and you wait a week and there’s no consultation record.’

The RCGP’s tookit on access to records says practices could go one step further and refuse access to online records altogether.

It says: ‘Access should only be refused where there is a clear risk of serious harm to the safety of the patient or members of the practice team, or to the privacy of a third-party.

‘It may be possible to give them access to a reduced part of the record such as the Summary Care Record or restrict access to appointments and repeat prescriptions.’

It adds: ‘Record access should only be refused or restricted after discussion with the practice leads for GP Online Services and Safeguarding, or after seeking further professional advice from a local relevant agency or national medical indemnity organisation.’

‘Difficult process’

In situations where safeguarding concerns have not previously been flagged, there are still fears that patients can react badly to information presented in their record.

‘People in practices are used to talking to patients, but they can still cause upset in what they say,’ said Dr Sullivan. ‘I’m aware of examples where something has been put in a record that’s not been intended to cause offence or upset but has done so.’

He added: ‘We had a major complaint over something that was written in the notes – it was true, but the patient didn’t take it very well. And sometimes it’s not the patient, but the patient’s relatives or a partner that gets more upset.’

Managing partner at Alnwick Medical Group in Northumberland, Tony Brown, said access to records was ‘a difficult process’ because it leads to many queries from patients.

‘I had a patient two weeks ago accusing me of unlawful behaviour because they had a medication review on their record and denied any knowledge of it happening. The patient accused me of making things up to fraudulently claim targets and funding,’ he said.

‘It turns out they didn’t recall the flu session I organised in a remote community centre where I also had a team of social prescribers engaging with patients and two members of my dispensing team carrying out the very light touch Dispensing Review of the Use of Medication in order to complete our annual Dispensing Services Quality Scheme.’

The BMA has previously voiced concerns over the safety of implementing automatic access to records for patients and has several times called for a pause on the rollout.

Deputy chair of GPC England at the BMA, Dr David Wrigley, told Management in Practice there were ‘growing concerns’ that the redaction software practices are expected to use to review records is ‘not fit for purpose’.

He added: ‘This is another example of how ill-thought-through this programme is, and we urge NHS England and NHS Digital to address this as a matter of urgency, not only for the sake of practices, but also their patients.’

Earlier this week it was revealed that practices who opt all of their patients out of automatic access will not be in breach of their contract, as long as they manually offer access to each individual patient.