The BMA has been urging GPs to protect vulnerable patients by adopting an opt-in model for online access to records ahead of an NHS England deadline.

Practices are obliged to allow patients remote access to their prospective medical records via the NHS app and website from 31 October 2023, as part of the changes imposed by government within the GP contract. 

But the BMA and domestic abuse charities are warning that accessibility to these records may have implications for survivors of domestic abuse, putting them at greater risk.

Katie Bramall-Stainer, chair of the BMA GPs committee for England, warned: ‘This could be a woman who tells her abusive partner she has a GP appointment when in fact she is seeking support with her domestic situation, a parent whose abusive spouse may use sensitive clinical information to undermine legal cases of custody of dependents in the family courts, patients requesting covert contraception forbidden in their home or relationship, or those disclosing abuse from others who may have access to their smartphone.’

The BMA has suggested GPs initially move forward on an opt-in basis if they have any anxieties about patient safety following the completion of a Data Protection Impact Assessment.

BRAMALL-STAINER

Survivors of abuse who may be put at risk are urged to contact their GPs and request to be opted out of access or if access has already been provided, request it be removed, which should not require an appointment. 

Dr Bramall-Stainer said: ‘For the majority of patients, access to their GP record on their smartphone will be a welcome development.

‘However, for a significant number of patients, especially those members of our society who are most vulnerable – women, children and those lacking capacity – the forced implementation of this process is a cause for concern for us as GPs.’

She encouraged any vulnerable patient to let their GP practice teams know if they wish to opt-out at the present time, or to not install the NHS app, until ‘safe and practical agreements’ are reached with government and NHS leaders.

The BMA’s call is backed by domestic abuse charity Refuge.

Refuge interim chief executive Ellen Miller said: ‘These changes will allow perpetrators to gain access to survivors' personal health records, including details on medications, sexual, reproductive, and mental health records, and disclosures of domestic abuse.

‘The lack of publicity around these changes means that some survivors' records may already be available in the NHS app, and they do not even know it.

‘It is essential that these changes are publicised widely, so that survivors know to take the necessary precautions to improve their safety and privacy.’

Warnings follow guidance published by the BMA earlier this month for GPs concerned about online record sharing and come after two years of work between the association, the Department of Health and NHS England to make records available online.

The BMA guidance includes template letters to send to ICO (Information Commissioner’s Office) and ICB commissioners requesting to move to an opt-in system and answers to frequently asked questions including from practices who have already ‘gone live’ with online access to patient records.

Last month, the ICO issued a statement saying: ‘Organisations should be doing everything necessary to protect the personal information in their care.’

NHS England says patients can decline access and has established a safeguarding group to monitor implementation of online records access and ensure any concerns are acted on, which includes the National Safeguarding Network, IRISi and Women’s Aid among others.

A spokesperson said: ‘The NHS takes patient safety seriously, which is why we have worked with organisations representing victims and survivors of domestic abuse over the last 18 months to develop guidance for GP practices on how to deal with these cases, with patients able to decline access.’