Skip to content

Ch 5 shared eprs

Chapter 5 -- Shared electronic patient records

5.1 Introduction

In this chapter we will describe relevant guidelines for the governance, medico-legal and patient safety consequences of shared electronic clinical record systems in the primary care domain. We will consider the implications of sharing health data and records between health professionals in different settings and with patients.

5.2 Shared electronic patient records - background

There has been considerable development of multi-disciplinary care in the GP and community settings over the last ten years, It is now crucial to maintaining and improving health, particularly for those with chronic illness, rehabilitation and palliative care needs. Developing models of information sharing and record systems to support these requirements has been patchy, and not uniformly led by common principles of clinical communication and governance. It was against this background that the RCGP published its Shared Record Professional Guidance (SRPG) report in 2009[^1]. This report, underpinned by sound research, is likely to guide and accelerate the processes of information sharing that are crucial for improving care.

5.2.1 The SRPG report

The purpose of the Shared Record Professional Guidance (SRPG) project was to develop a set of professionally-led guidelines that would consider the governance, medico-legal and patient safety consequences of Shared Electronic Patient Record (SEPR) systems in the primary care domain. NHS CFH commissioned this project. The SRPG report outlined a governance framework within which Shared Electronic Patient Record (SEPR) systems should operate and drafted governance principles for such systems.

The original objective was for an NHS Care Record Service (NHS CRS) in England with a single record for an individual patient that was to be accessible by the GP and by community and local hospital care settings. The vision for the NHS therefore was of a patient-centred secure electronic patient record, linked and accessible across (health) organisational boundaries, with patients able to make choices about sharing some or all of the content of their detailed (care) records with health professionals involved in their care.

Computerisation of health records offers the prospect of rapid sharing of data and information in ways that are not possible with paper records. The potential benefits of this in terms of patient safety, and efficiency and flexibility of healthcare provision have been widely promoted. However there is disagreement about just what should be shared and by what mechanism. The SRPG report literature review found that the main health benefits of shared records are probably improvements in the quality and safety of care, in access to care or in cost effectiveness. However, these anticipated improvements in efficiency, safety, equity and cost-effectiveness of care have not been realised in the few rigorous studies on a large scale anywhere in the world.

In England, the National Programme for IT (NPfIT) set out to establish a single, centralised, detailed record that can be used in hospitals, primary care and other settings. This policy has been modified as a consequence of experience of early use of the Summary Care Record and deployment of Local Service Provider (LSP) solutions. Concerns about privacy and consent have been heightened by security lapses in other national IT projects. This has increased interest in other models of sharing clinical information.

In Scotland, the Emergency Care Summary (ECS) shares clinical information differently. In Europe and the Americas, Kaiser Permanente, shares detailed records in a decentralised way. Existing suppliers in England offer different models of sharing records: these models range from "one patient one record" (which mirrored the NHS Connecting For Health ambition) to models that rely on interoperability of dispersed systems.

Against this background the SRPG project aimed to examine record sharing in a generic way that was not related to particular systems or architectures. The SRPG report was concerned with records of prime entry that were shared by two or more (probably many more) legal entities. It is important to differentiate this from shared records (usually summary records) created by an act of publication from the records of prime entry of one or more individual organisations.

The key questions for the SRPG project to address were:

  • What are the purposes of shared detailed care records?

  • How can these requirements be delivered safely?

  • What are the principles and practice that ensure clarity, safety and continuity?

  • *At what level does responsibility for shared detailed care record governance lie? *

The SRPG report provided evidence and principles to inform generic guidance for consideration and implementation by primary care and community professional groups who use existing and future shared, multi-contributory electronic record systems.

5.2.2 What are the purposes of shared detailed care records?

The objective for the NHS CRS is a single record for an individual patient that is accessible by the GP and by community and local hospital care settings. So the vision for the NHS CRS is of a patient-centred secure electronic patient record, linked and accessible across (health) organisational boundaries, with patients able to make choices about sharing some or all of the content of their detailed (care) records with health professionals involved in their care.

See Principle 1

(see 5.2.6 below)

5.2.3 How can these requirements be delivered safely?

Good clinical and information governance practice is essential for the safe use of SEPR/sDCR systems. Health organisations and health professionals need to be familiar with relevant legislation, common law, acceptable ethical practice and relevant DH policy and standards. Professional regulatory bodies and representative organisations produce useful guidance for their members but there are areas where guidance is unclear or incomplete and will require interpretation.

See Principles 2, 3, 4, 5, 6

(see 5.2.6 below)

5.2.4 What are the principles and practice that ensure clarity, safety and continuity?

It is desirable for errors to be corrected by the originator but where they are unable to do so it should be possible for others to make corrections. Systems need to be able to clearly mark errors as such, point to corrected information and ensure future processing is based solely on the corrected data. The audit trail should be easily accessible so that users can understand how others may have acted on erroneous data they believed to be correct at that time.

See Principles 7, 8, 9, 10, 11, 12, 13

(see 5.2.6 below)

5.2.5 At what level does responsibility for shared electronic patient record/detailed care record governance lie?

See Principles 14, 15 and 16

(see 5.2.6 below)

It is essential to offer patients the opportunity to engage as full partners in these sharing decisions, to inform professional practice and maintain patient confidence in both health professionals and the information systems used to support the care process.

However, patients must not be put under any pressure or coercion to engage in these decisions if they do not wish to do so.

The very nature of a "shared" record complicates the issues of responsibility. However, it is clear from the contents of the report so far that responsibility for safe and effective governance of sDCR systems exists at many levels and includes:

  • Government

    • To understand the business requirements of the service and commission systems that are fit for purpose.

    • To provide an appropriate legal framework within which good clinical practice can be established.

  • Clinical professions

    • To ensure that professional guidance is developed and delivered to health professionals working with shared record systems and that this is reflected in professional requirements for registration, training and Continued Professional Development.

  • Health organisations

    • To ensure that high quality clinical and information governance practices are followed.

    • To provide an appropriate education and training framework for staff

  • Health professionals

    • To ensure they understand and follow best practice in relation to clinical record keeping and are aware of the particular issues and challenges presented by shared health records.

  • Patients

    • Patients are key stakeholders and should participate as full partners in these matters.

The Data Protection Act (see also Chapter 4.2.4) requires that patients are informed about how and why information about them is used and who will have access to their information. It does not prevent information being used for healthcare purposes providing the principles are satisfied but may prevent health information being used for non-healthcare purposes without a patient's explicit consent. The key points are that the processing (use) of sensitive personal information has to be:

  • For a legitimate purpose
  • No more than is necessary for the purpose, and
  • In the case of use for a medical purpose, processed by health professionals or other people under the same duty of confidence

The proper use (and sharing) of sensitive personal information for medical purposes depends:

  • *First on using it to the extent necessary for the purpose, and *

  • Second on limiting the use to people who will keep it confidential

+-----------------------------------------------------------------------+ | Suggested wording for health professionals to open a discussion | | with patients regarding the sharing of records: | | | | Everyone looking at your record, whether on paper or computer, must | | keep the information confidential. We will aim to share only as much | | information as people need to know to play their part in your | | healthcare. When we provide healthcare, we will share your record | | with the people providing and supporting your care or checking its | | quality (unless you have asked that we limit how we share your | | record). | | | | We will not share health information that identifies you for any | | reason other than providing your care, unless: | | | | - You ask us to do so; | | | | - We ask and you give us specific permission; | | | | - We have to do this by law; | | | | - We have special permission for health or research purposes; | | | | | | > or | | | | - We have special permission because the public good is thought | | to be of greater importance than your confidentiality. | +-----------------------------------------------------------------------+

The NHS CRS that is being implemented by NHS CFH will change the pattern of data controllers across the service. The concept of locally held data will probably gradually disappear and there will be a number of data controllers sharing responsibility in common for each data subject.

The Secretary of State for Health is the data controller for the Summary Care Record in England. However, it is not clear who the data controller is for shared detailed electronic patient records. It would seem that the data controller of each participating organisation has a role and the idea of a "data controller in common" has been proposed, where the data controllers of each participating organisation have a shared responsibility for the total contents of the shared electronic health record. It is not clear how current legislation supports this concept or how it could be organised in practice. This area is currently under government review.

5.2.6 SRPG Principles for record sharing

In the SRPG report the terms Shared Electronic Patient Record (SEPR) and Shared Detailed Care Record (sDCR) are used interchangeably. Here the term Shared Electronic Patient Record is preferred as a generic description for electronic records of prime entry that are shared by two or more legal entities.

Principle 1.

The success of Shared Electronic Patient Record (SEPR) programmes should be measured alongside the operational characteristics of these programmes allowing evaluation of such systems in a wider context.

Principle 2.

Joint guidance on record sharing should be produced and maintained collaboratively by professional regulatory bodies and representative organisations to ensure a multi-professional approach to record quality, consistency and clarity.

Principle 3.

A community using a SEPR system should establish governance rules and processes that ensure the clear allocation of responsibility and define the rules and mechanisms for its transfer. The rules need to be clear on who has responsibility for content and for action based on the record content within and between organisations.

Principle 4.

*SEPR systems should be designed to support the governance principles outlined in Principle 3 (above). *

Principle 5.

Health professionals should have a shared responsibility for maintaining and assuring data quality in SEPR systems.

Principle 6.

Health professionals should be properly educated and trained to meet their legal, ethical and professional responsibilities for using and managing SEPR systems. This should form part of their ongoing professional development.

Principle 7.

Semantic issues should be considered in the design and implementation of SEPR systems so that meaning is preserved and must be sensitive to issues of language, interpretation and context.

Principle 8.

Governance arrangements should be in place to deal with errors and differences of opinion in SEPR systems.

Principle 9.

Organisations should have the facility to update/correct erroneous information added to their Organisational/Detailed Care Records from other sources, (with the original information retained in the audit trail).

Principle 10.

Content and provenance data should identify unambiguously the originator or editor of each entry in the SEPR.

Principle 11.

SEPRs should to be able to store and present information in styles that meet the particular user's needs.

Principle 12.

*SEPR systems should improve the quality and safety of care by facilitating communication and coordination between health professionals and informing best clinical practice. *

Principle 13.

SEPR systems should support structured communications between users (e.g. referrals).

Principle 14.

Health organisations should be able to explain to patients who will have access to their SEPR and must make information available to patients about such disclosures.

Principle 15.

Health professionals should respect the wishes of those patients who object to particular information being shared with others providing care through a SEPR system, except where disclosure is in the public interest or a legal requirement.

Principle 16.

There should be an organisational (or team) guardian with clinical and information governance responsibilities for that organisation's shared and organisational Detailed Care Records, in order to assure best practice is followed.

Under Principle 9, the audit trail must be easily visible in such cases, as it can be vital in understanding the patient's past treatment and/or healthcare journey.

Under Principle 15, this can be very difficult in practice. Whether disclosure is "in the public interest" can only be decided at the time and in context. 5.3 Sharing records with patients (Record Access)

Patients have had a right to access copies of their health records made available, for many years though few have chosen to do so. However, the more widespread use of electronic health records, increasing public use and familiarity with new technologies and changing public culture are likely to increase this demand in future.

It was against this background that the RCGP published its report "Enabling patients to access electronic health records: Guidance for health professionals" in 2010[^2].

Record Access may provide most benefit if used as an integral part of the care process. If patients access their records, particularly in the context of joint decision making in partnership with their health professional, the result can lead to improvements in their care.

It is important that all health professionals understand that new ways of working with patients become possible with electronic records but it is essential to apply these safely and effectively. This document offers sound principles, developed in conjunction with lessons learned, to underpin such changes in clinical practice.

Many health professionals have concerns about Record Access raising questions such as the impact it will have on the length of consultations, the way in which records are written, the potential for inappropriate patient access to third party information and the potential for litigation. The RCGP patient record access report addresses these concerns and should provide health professionals with confidence in the process and ways of managing any risks.

5.3.1 Principles of Record Access for patients

"You have the right of access to your own health records.

These will always be used to manage your treatment in your best interests."

NHS Constitution[^3]

  1. Patients should be given appropriate information and opportunities to exercise control over the health care decisions that affect them[^4].

  2. Giving patients direct electronic access to their health records is one method of sharing relevant information to help them make informed decisions about their health care.

  3. Patients should be encouraged to access their own health records and use them to improve their health and care[^5].

  4. Record access for patients is likely to improve their care and their safety.

  5. Where record access is implemented, it should be at no cost to the patient.

  6. Health organisations should strive to provide a secure mechanism enabling direct record access by patients and when available, inform patients of the facility and how to use it.

  7. Health professionals should encourage patients to access their records, withholding information only in exceptional cases allowed by law.

  8. Health professionals use health records as a tool to provide care, and patient access, or input, must not impact adversely upon the effectiveness or quality of that tool.

  9. Health professionals should withhold confidential third party information from patients before enabling record access.

  10. Computer systems suppliers should develop tools to provide patients with secure access to their records.

5.3.2 Record Access benefits

Record Access should enable patients to understand the information in their records, help them make use of that information and be linked to targeted health information and decision support. Patients will find access to their records more rewarding and beneficial if they can use it to learn more about their condition or tests. For example - by linking information to appropriate sites the record can offer patients a portal to a range of facilities with advice on improving health, managing disease and evaluating the care they receive.

Record Access should be considered as an additional way of supplying patients with the information they may require to manage their care. It should not be a substitute for information communicated by health professionals when caring for patients[^6] and should not be compulsory. Some patients may not be able to, or may not wish to, access their records.

Record Access has the potential to improve discussions between patients and health professionals, encouraging a more open and honest relationship[^7]. If a patient does feel that they do not understand something or that something has gone wrong, they have easy access to their data and there is no evidence of increased litigation[^8]^,^[^9]. Patients can also share their record with family members or carers as they choose.

Access to medical records may be most beneficial when accompanied by information to improve patients' understanding of the data. In general, self-care and shared decision-making have been shown to improve outcomes and to reduce the use of health services.

5.3.3 Record Access governance

In the UK, under the Data Protection Act 1998[^10] and Access to Medical Reports Act 1988[^11] patients (including "Gillick competent" children), or anyone authorised by the patient, are entitled to access their health records. The GMC advises doctors to let parents access their children's records if the child consents or lacks capacity and access does not go against the child's interests There are provisions under the Mental Capacity Act 2005 in England and Wales for access to records of patients that lack capacity.

The Information Commissioner has made it clear that having online access to medical records does not replace formal rights of access under the Data Protection Act (DPA) and patients can still make subject access requests in the usual way.

The two key exceptions for access to information are where it:

  • Is likely to cause serious harm to the physical or mental health, or condition of the patient or any other person;

  • *May relate to, or be provided by, a third person who can be identified from the information and has not consented to the disclosure. *

The General Medical Council (GMC) summarises the situation in the following way[^12]:

"Section 7 of the Data Protection Act 1998 gives patients the right to have access to their personal information; but there are some exceptions. For example, you do not have to supply a patient with information about another person or that identifies another person as the source of the information, unless that other person consents or it is reasonable in the circumstances to supply the information without their consent. See the Information Commissioner\'s technical guidance note on dealing with subject access requests involving other people\'s information[^13]*." *

There is no formal definition of serious harm. The GMC has offered advice in the context of withholding information when seeking consent to treatment[^14]:

"You should not withhold information necessary for decision making unless you judge that disclosure...would cause the patient serious harm. In this context serious harm does not mean the patient would become upset, or decide to refuse treatment".

There is some evidence that doctors may be more likely to consider data to be damaging to a patient than the patients might themselves. Health professionals experienced in Record Access suggest that there are very few items that will need to be withheld. Occasionally it could be the health professional themselves who might come to serious harm if the patient had Record Access. The final decision on whether to grant access should rest with the patient's health professional, who should consider consulting others who have contributed to the record for help in assessing the nature and extent of any risk.

5.3.4 Record Access -- copying letters to patients

The Copying Letters to Patients initiative^15, which enables patients to have a copy of all letters written about them, is included as a pledge in the NHS Constitution 2009:

*"The NHS commits to share with you any letters sent between clinicians about your care." *

This initiative is gradually being adopted across the NHS and is generally accepted by patients and health professionals, with a few exceptions. The Central Consultants and Specialists Committee of the BMA has published guidance for its members on copying letters to patients[^16]. The guidance states that although copying letters to patients is not a contractual obligation for doctors, it can bring benefits for example:

  • Providing reassurance that clinical correspondence has taken place;

  • Ensuring that misunderstandings can be corrected or explained;

  • Providing a valuable written point of reference for patients who are unable to Remember more complex important information;

  • Having a therapeutic potential for patients with mental illness

5.3.5 Record Access -- other issues

The RCGP patient record access report[^17] provides further detailed guidance in the following areas;

  • Preparing for Record Access

    • Security, registration and authentication

    • Informing patients of the implications of records access

    • Training

  • Making healthcare records accessible to patients

    • Language and interpretation

    • Including speculation in the record

  • Patient contributions to the health record

The report goes on to provide a number of use cases to illustrate the issues that may arise from Record Access in a number of scenarios.

\ 5.3.6 Record Access -- Informing Patients of the implications of Record Access

Patients should be given information about the benefits and risks of accessing their records. They should understand, for example, it could include test results together with an explanation of results, if this information is available. Some of the issues outlined in this paper should be explained simply but fully in information sheets. An agreement that the patient has read and understood the processes necessary to take part in Record Access should be obtained from each patient and kept in the patient's record. There must also be a mechanism for patients to change their mind about having access, the parts they access or the access rights granted to others.

5.3.7 Training

The process of sharing records requires new knowledge, attitudes, skills and practices from health professionals, patients and the wider public. Record Access requires a culture change, which could be a barrier to implementation. Training would be beneficial as part of ongoing professional development. Patients and the public may also benefit from advice on how to best make use of record access.

[^1]: SRPG report http://www.rcgp.org.uk/news_and_events/news_room/news_2009/rcgp_shared_record_professiona.aspx

[^2]: RCGP Health Informatics Group website http://www.rcgp.org.uk/get_involved/informatics_group.aspx

[^3]: The NHS Constitution for England, published January 2009, is available at: http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_093419 The NHS Care Record Guarantee is available at http://www.nigb.nhs.uk/guarantee

[^4]: See General Medical Council's Duties of a Doctor at: http://www.gmck.org/guidance/good_medical_practice/duties_of_a_doctor.asp

[^5]: This is consistent with the General Medical Council's Duties of a Doctor, and specifically the statement "support patients in caring for themselves to improve and maintain their health"., but is not in itself a GMC requirement.

[^6]: Fisher B.  Bhavnani V.  Winfield M. How patients use access to their full health records: a qualitative study of patients in general practice. Journal of the Royal Society of Medicine.  102(12):539-44, 2009 Dec.

[^7]: Pagliari C, Demter D, Singelton P. Potential of electronic personal health records. BMJ. 2007;335:330-333.

[^8]: Bernstein RA, Andrews EM, Weaver LA. 1981 Physicians' attitudes towards patients' requests to read their hospital record. Medical care 19: 118-21

[^9]: Cimino JJ, Patel VL, Kushniruk AW., 2002. 'The patient clinical information system (PatCIS): technical solutions for and experience with giving patients access to their electronic medical records', Int J Med Inform. Dec 18;68(1-3):113-27.

[^10]: Available at: http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_1

[^11]: Available at: www.opsi.gov.uk/acts/acts1988/Ukpga_19880028_en_1.htm

[^12]: See paragraph 27 of Confidentiality Guidance: Endnotes, available at: http://www.gmc-uk.org/guidance/ethical_guidance/confidentiality_endnotes.asp

[^13]: Available at: http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/dealing_with_subject_access_requests_involving_other_peoples_information.pdf

[^14]: See paragraph 16 of Confidentiality Guidance: Endnotes, available at: http://www.gmc-uk.org/guidance/ethical_guidance/confidentiality_endnotes.asp

<http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4008765>

[^16]: Available at: http://www.bma.org.uk/images/consultantscopyingletterstopatients_tcm41-190155.doc

[^17]: RCGP Health Informatics Group website http://www.rcgp.org.uk/get_involved/informatics_group.aspx

Back to top