Patients with access to online records - your questions answered

All GP surgeries in England are required to allow patients online access to new information as it's added to their GP clinical record. This includes free text for those patients who have the NHS App. It doesn't, however, apply to historic data.

More than 80% of practices have enabled online record access, according to NHS Digital. Here, we answer common questions about this new development.

Will patients have to ask for access to new entries in their records?

For existing patients already using online access or the NHS app, they will automatically see new information entered in their records. Clinicians and other practice staff therefore need to bear in mind that patients can see what is written in new entries. NHS Digital has more information on the new access arrangement.

What information will patients have access to?

Patients have access to their GP health records, including free text, letters, prescribed medications, vaccinations, and test results, but not administrative tasks or communications between practice staff. Information kept by other services, such as hospitals and dentists, won’t be available unless they have been sent to the GP surgery.

Should we amend the amount of information we record in the notes?

Patients have long been able to access their records under data protection legislation, so this amendment should not alter the amount of information you record in the notes. You can read our advice on online access to records.

For those involved in creating the record, think carefully about the purpose and content of the records and the impact they may have on patients reading them. The clinical record needs to contain relevant information to allow safe ongoing care of the patient.

Will patients also have access to historic records?

Currently, patients will not be able to access historic records unless they have been given access to it by their GP practice. Patients wishing to access historic records are advised to either email or call their GP surgery or mention it to the receptionist. This will give practices the chance to review records to ensure access is appropriate and does not give rise to any data protection issues, such as a risk of putting the patient or someone else at the risk of harm.

Can online access be withheld?

Yes – where a practice believes that online access would not be appropriate, they can make a decision to withhold information, for example, where access may cause serious harm or in some circumstances where safeguarding concerns exist, access can be customised or removed.

Guidance from NHS England explains the steps practices can take to do this, including the following.

• Exclude individual patients before the change is made by adding the appropriate SNOMED code to their records. The code can also be applied to groups of at-risk patients by using reports.
• Hide certain elements from patient view.
• Disable the record access functionality, by updating organisational settings.
• Disable access to components of the record that may be of concern – for example, if practices have not yet implemented processes to ensure screening of documents, access to documents can be disabled.

Will patients be able to see test results?

Yes, but these can only be accessed by the patient once they have been checked and filed. This is to allow clinicians an opportunity to contact patients and discuss their results with them first.

Will there be any benefits to the practice?

Yes. It's hoped that it will support patients in managing their own health, and will reduce queries to practices where test results are negative as well as queries about referral letters.

What about proxy access?

The change does not apply to proxy access. It only applies to competent people accessing their own record through their own online account.

Can information in the notes be redacted (eg, third-party information) in the same way as for a subject access request?

Yes, documents containing information provided by someone other than the patient which is about, or capable of identifying, a third-party should be hidden from view. NHS digital has a suite of videos explaining when to consider hiding certain information in medical records. It includes guidance on redactions specific to each IT system. 

What about sensitive information in the records, such as child or adult safeguarding concerns?

It may be necessary to hide certain documents from view or to remove online access. Examples include sensitive information or third-party information such as reference to family members.

NHS digital has further information on how to safeguard vulnerable patients from harm or distress when making online records available. It links to further resources such as the RCGP patient online toolkit.

Risk of harm to a patient can arise or change at any time and, therefore, safeguarding must be considered for each patient. It is important that this is considered by anyone entering new information in patients’ records or arranging online access for patients, including locums and temporary staff.

What if patients request a record is amended?

Patients accessing new entries in their records may get in touch to query their content.

Any corrections will usually need your agreement and it is your responsibility to make sure records are complete and accurate. If factual corrections are agreed, it should be obvious who made the amendment and when and that there is an audit trail.

Patients should not be able to alter the content of records, if accurate. If a patient disagrees with the content of their record but the GP considers it to be accurate, a note can be added to highlight the patient's disagreement.

NHS England has advice on this topic. If you're not sure, members can contact us for advice.

This page was correct at publication on 26/01/2024. Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.