Musings on the Summary Care Record

So – who can see my Summary Care Record – and when?

The Summary Care Record (SCR) is now well established in England. It is undoubtedly a good idea, in principle. Given the complex web of organisations that deliver healthcare anything which ensures those treating have access to key information about the medicines you are taking, allergies you suffer from and any adverse reactions to medicines you have had in the past has to be a good idea. Opt-out at your potential peril.

But as ever data protection, choice and information governance must be respected. The basic SCR model is simple. GP data is uploaded to a central repository and anyone treating you (in SCR terms they have a “legitimate interest”) can access the SCR (a) with your permission or (b) in an “emergency”. Access is auditable and audited. NHS Digital publish guidance for the NHS (link 1) and for patients (link 2)

Data protection etc. requires that this must be done with full transparency. The current model however seems to fall woefully short in the area of “emergency” access.

Guidance for the NHS (link 1 above) does not define “emergency”. The specific guidance on viewing the SCR simply says “choose the emergency access option if the patient is unconscious or can’t answer, and add a note”. I have seen some organisations define emergency as “the patient is unable to give consent AND there is a threat to life”. On the other hand PSNC guidance (and pharmacists are an obvious user of the SCR) has an apparently much less restrictive “there is a possibility that without accessing the patient’s SCR the quality or safety of the decision would be compromised”.

So how does a GP tell a patient about such usage if the circumstances are so unclear – and of course the GP will have no idea which part of the HNS or elsewhere the patient may end up.

Worse than that the NHS model sign up form makes no mention at all of Emergency Access. It simply says: “Authorised healthcare staff can only view your SCR with your permission.” This hardly meets the requirements of transparency including notifying the legal basis of processing. It is actually misleading.

The patient guidance (link 2 above) is not much better. “Staff will ask your permission to look at your SCR (except in an emergency where you are unconscious, for example)… ” – without in any way defining “emergency”.

And a random trawl of GP and Hospital Trust Privacy Notices shows that few if add any more clarity. Many fail to even mention the SCR.

This entry was posted in GDPR. Bookmark the permalink.

Leave a Reply