Call to rethink citizen access programme

by David Wrigley

Access to patients' records set to become instant but BMA issues warning of duty of care threat

Location: England
Published: Friday 28 October 2022
david wrigley

The wellbeing of our patients is at the centre of everything we do as doctors.

Our commitment to this principle means that when we believe something does not serve the best interests of those we care for, we have a moral duty to speak out and make our concerns and reservations clearly known.

At midnight on 1 November millions of medical records for patients aged 16 and over are due to become instantly accessible through the NHS App as part of NHS England’s citizens’ access programme.

While the aim of the programme, that of informing and giving patients greater control over managing their health, is one that the BMA wholeheartedly supports in principle, we, along with thousands of GPs around the country, have huge reservations over the manner, timing and implementation of this roll-out.

First and foremost, among our concerns, is that of patient safety. 

With millions of records such as test results, immunisation history, hospital letters and consultation notes set automatically to go live, it is critical that adequate safeguards exist to ensure that sensitive personal information is not abused.

This is particularly true of our more vulnerable patients such as those with mental health issues or who are in abusive and coercive relationships. Evidence shows around 1 in 20 citizens are living in abusive and coercive relationships. (Crime in England and Wales - Office for National Statistics (

Under the Data Protection Act, GPs bear responsibility for this information as data controllers, and the BMA GPs committee has already heard from many practices worried that they are not in a position to be able to safely assess patient records that are being added to at the rate of 1.3 million consultations a day, nor keep track of all the different data sources inputting into the GP record. 

At a time when general practice is under huge pressure and struggling to prepare for the coming winter along with the flu and COVID immunisation season, many GPs simply do not have the resources required to identify, review and if necessary redact sensitive data within patient records.

This is not even taking into account the fact that the redaction software used for patient records frequently takes an ‘all or nothing’ approach and is simply not fit for purpose. 

GPC England is clear in its belief that this is the wrong approach at the wrong time. Clinician time needs to be focused on delivering direct clinical care to our patients and not redacting records. 

Given the fast-approaching imposed deadline to another poorly designed central programme, the BMA continues to remain in dialogue with NHS England over delaying and rethinking the roll-out of this initiative. 

It is crucial GPs do not feel pressured into participating in a process they are unready for, and we would encourage practices in this position to contact their IT system supplier advising they do not proceed with the programme as designed, on 1 November.

To this end, we have produced guidance and a template letter clearly and simply expressing this request, emphasising that GPs will continue to receive and action record access requests from individual patients where appropriate.

While patients are already able to gain access to their medical records, the BMA recognises that further enhancing this access has the potential to improve transparency and empower patients. However, progress and innovation cannot come at the expense of doctors’ legal duties and their patients’ safety.


David Wrigley is deputy chair of the BMA GPs committee