No region set
Customise for: No role selected

If you choose to customise the site it will help you to find the most relevant content for your needs. You will still be able to access all content on the site.

General practice Consultant or specialist FY or training grade Hospital doctor Medical student No customisation

Medico-legal helpline

0800 716 646

MDU advice on NHS cyberattack

Protecting data

12 May 2017

In response to news of a cyber attack on some NHS systems, we offer some advice.

We have been made aware of an IT problem in the NHS which may affect access to electronic record systems in some primary care practices. Some of our members have told us this means they are having to consult with patients without having access to patients' records.

We do not know the extent of the problem, but if your practice is affected, the following questions may arise. 

Q: Should I agree to see the patients, or is that too risky without access to their records?

A: All doctors must act in the best interests of patients. It may be more difficult to consult effectively without access to records, but patients may be put at risk if they cannot access the care they need, particularly if they have urgent problems.

GPs will need to put themselves in a position to decide whether it is safer to assess the patient without records, or whether it may be possible to take some other action (such as to offer to re-book the patient's appointment). Whatever you decide, keep a record of your actions and reasons.

Q: How should I keep records of any consultations I undertake?

A: The GMC expects doctors to make records at the same time as the events or as soon as possible afterwards. If you don't have access to your usual system and need to make notes on paper, remember that notes must be clear, accurate and legible.

Clinical records should include relevant clinical findings, the decisions made and actions agreed, the information given to patients, any drugs prescribed or other investigation or treatment, and who is making the record and when ('Good medical practice' (2013), paras 19-21).

The National Cyber Security Centre has published some advice on how to protect your organisation from ransomware

This guidance was correct at publication 12/05/2017. It is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.


Login to comment

Be the first to comment

We have detected you are in and some website content may have been personalised to be more relevant to you.
You can change your region setting here or at the top of the page.

change now Close