Principles for Sharing Local Electronic Patient Records Across Organizations


The new General Practice (GP) system in the UK allows healthcare professionals across different organizations access detailed information of patient consultations directly. Until recently, data recorded in GP system was not accessible to other organizations or shared only via referral letter.

The British Medical Association has provided high-level principles to support GP practices record sharing systems. The new data sharing system facilitates better patient care while maintaining a high level of confidentiality. Now, all data providers must meet the following principals standard set by the BMA.

1. Patient aware of new arrangements

Patient must be made aware of the new arrangements for their health information. General Practitioners can discuss about the new arrangements with the patient while consultation. GPS can also send information leaflet, inform through posters in the practice, websites or local media. Doctor should know if their patients are aware of the arrangements.

2. Organisations in the sharing

General Practitioners will decide which organization accesses their patient records. The GP have to consider organizations involved in the patient care and whether patient information sharing would improve and is necessary for patient care.

As data controllers, GP must understand the formal sharing agreement between those two organizations to ensure a clear documented worsening of records. Under the Data Protection Act 1998, the Department of Health (DoH) has explained that participating organizations on shared records will become data controllers in common shared environment.

3. Restricting sharing and tailoring information options

Patients must be made informed of all the options of restricting sharing on shared records systems. Those restricting sharing options are:

— Patient can apply for blanket dissent. They can say that they do not want to share their record with other organizations.

— Make decisions on sharing data to selected organizations.

— Patient can give full consent to information viewing at out of hour's time.

— Patients must be able to mark specific information as sensitive or private. They can withhold any particular information to specific organizations.

4. If a patient is unconscious

If a patient is unconscious and unable to provide consent for immediate necessity, organization or the GP may view the record but must provide a relevant reason. If a patient has dissected from sharing a record, overriding it will be offensive.

5. Full consent

If only the patient has given a full consent to full record, healthcare professionals can view all his / her information. If not, healthcare professionals can only view relevant and allowed information.

6. Legitimate relationships

Healthcare professionals must only view the records of the patient with what they have a direct clinical relationship and has registered with the same organization.

GPS can view information recorded by other healthcare professionals when caring for their patients with the patient's dissents.

7. Audit trail

Systems must track who has accessed and edited the records and when. A mechanism should notify to a third-party for an unauthorized access. Also, a review is a must to all entries to identify appropriate access and responses if necessary.

Mathew Mickle