Sharing Patient Records for Direct Care – No. 20

Sharing Patient Records for Direct Care – No. 20

A new NWL Information Sharing Agreement the ISS for Direct Care (in the new terminology) replaces the “MoU” for sharing data between primary secondary and acute care for organisations using SystmOne or EMIS clinical systems. We will shortly be sending out communications to GP practices to confirm when this has been ratified by the NWL IG Board (where there is also LMC representation). The ISS will be made available on the Data Controller Console and all practices across NWL are expected to sign up as will our community and acute trusts who use those clinical systems.

Allowing access to clinical records in Primary Care Networks

The emergence of PCNs and their inclusion within the GP contract has paved the way for them to become the organisations through which future primary care health services will be provided.  Increasingly PCN staff need to be able to access to clinical records to support the delivery of patient care.

The organisational unit of data controller-ship remains with General Practice. PCNs despite their pivotal nature have no legal status and are not data controllers.

The new ISS for direct care outlines the governance requirements for healthcare organisations using TPP or EMIS clinical systems when sharing data for direct care and now states that

Primary Care Networks (PCNs) are now a vehicle through which health care services are delivered. Trained staff from PCNs and their GP practices will now form part of each GP practice team and will have supervised and audited access to patient records when this is required to deliver patient care.”

and also, in relation to TPP (with equivalent arrangements in EMIS)

  • Only health care organisations who have a legitimate relationship to provide care obtained through a registration process can access the full patient record by ‘sharing in’ the full SystmOne patient record from the virtual pool.
  • At all new registrations, consent is required to ‘share in’ the full SystmOne patient record from the virtual pool. For existing registrations in Primary Care consent is not required.

This significant change will allow PCN staff to see the GP record without requiring consent and in effect this policy change provides them with a Legitimate Relationship where there is clinical need. Existing GP staff will also have a legitimate relationship to access the records of all patients within their PCN in the same way that they currently have access to patients in their own practice.

In order to access clinical records PCN staff must:

  • Have a Legitimate Relationship (LR) to provide care for the patient (or be working with or accountable to an organisation who has that LR)
  • Have completed training and be able to demonstrate that they understand their legal and professional responsibilities to protect patient confidence (IG training)
  • Have completed training and be able to demonstrate competence in the use of the clinical system
  • Have access to clinical records controlled with Role Based Access Control mediated through a smart card or similar method of authentication
  • Have a contractual link to a Caldicott Guardian whose role would be to oversee 1) 2) 3), sign an RA02 for 4) and provide accountability in the event of a breach in relation to data access or malpractice.
x

Informing Patients

The new ISS allowing sharing of records across PCNs is a significant change and practices can and should ensure that they have communicated these changes to their patients through a variety of media. There has already been public engagement via some PPG groups at practice, PCN and CCG level, also at the NWL IG board, and through other workshops. You should discuss the changes at your local Patient Participation Groups (PPGs) and direct them to a new section in your FPNs. You may wish to use the wording below as a basis for SMS, Email, website pages or practice noticeboards:

“We are working closely with neighbouring practices within our Primary Care Network (PCN) to support your care. PCNs and their constituent GP practices are now the organisations through which primary care health services will be delivered and when providing you with care their trained staff form part of our team and will have access to your NHS GP record. Please see our Privacy Notice [include url link to your FPN] for more details or discuss at your patient participation group”

Fair Process Notices should contain clauses explaining how their information is shared and below is the suggested wording to insert into the existing section under Local Information Sharing:

Local Information Sharing

Your GP electronic patient record is held securely and confidentially on an electronic system managed by your registered GP practice. In order to provide you with health and social care services Your GP practice works in close collaboration with [insert your CCG / PCN name] a group of  [Insert the number of local practices in your PCN] geographically local practices. The organisational boundary within which professionally trained staff can access your health record without consent has extended from your GP practice to this Primary Care Network. Staff are trained to understand their legal and professional responsibilities of confidence to their patients and will only access your records when they are required to do so to support you care. They will identify themselves and their role using a smart card and access to your PCN record is recorded, monitored, and audited.

As your local PCN functionality extends they are likely to provide GP HUB and Out of Hours services directly in which case your records would be available without consent. If you require attention from a local health or care professional outside of your usual PCN services, through an Emergency Department, Minor Injury Unit or other Out Of Hours service, the professionals treating you are better able to give you safe and effective care if some of the information from your GP record is available to them. If those services use a TPP clinical system your full SystmOne medical record will only be shared with your express consent. 

Where available, this information can be shared electronically with other local healthcare providers via a secure system designed for this purpose. Depending on the service you are using and your health needs, this may involve the healthcare professional accessing a secure system that enables them to view either parts of your GP electronic patient record (e.g. your Summary Care Record) or a secure system that enables them to view your full GP electronic patient record (e.g. TPP SystmOne medical records or EMIS remote consulting system).

In all cases, your information is only accessed and used by authorised staff who are involved in providing or supporting your direct care. Aside from your registered provider your permission will be asked before the information is accessed, other than in exceptional circumstances (e.g. emergencies) if the healthcare professional is unable to ask you and this is deemed to be in your best interests (which will then be logged).

The use of honorary contracts

These are not standard contracts of employment. They provide a contractual link to a primary care organisation and Caldicott Guardian with the intention of:

  1. Creating a legitimate relationship
  2. Establish accountability in the event of malpractice or a breach

Those links are already in place within GP practice staff and additional contracts will only be required for PCN staff who need to access identifiable patient data. Because of the change in the boundary allowing access to patient records, only one PCN practice needs an honorary contract to allow a PCN staff member to access patient records across the whole PCN. Because there is risk involved in taking on a contract it makes sense for them to be shared out between the practices in a PCN.

It is not possible to share medical records without risk and the balance is between keeping records in silos which are secure but have poor data sharing, as opposed to open access where there is a high risk of breach but effective sharing of information. It follows that more staff accessing a larger number of patient records poses a potential increase in risk. It is essential that staff understand that whilst they may be able to access many records, they should only do so when their job requires it.

Responsibility and liability in the event of malpractice or a breach could be shouldered by the practice who signs the contract, but this needs to be discussed and agreed between the constituent PCN practices. Practices and PCNs are strongly advised to take part in written risk sharing agreement, the nature of which is beyond the scope of this ISS.

Examples of Honorary Contracts

See attached documents

which are 1-2 pages only, which gives an indication of their intended scope. The variation in infrastructure between the 8 CCGs makes it an impractical proposition for us to provide a standard honorary contract across NWL.  For this reason we are providing PCNs principle-based advice about their IG requirements as detailed above. Each PCN will need to construct their contracts according to their specific needs.

Shared employment

PCNs may employment staff by themselves or may use staff employed by another organisations (e.g. a community trust). In one or other of those settings there needs to a standard employment contract which will also include registration on the ESR system to monitor and audit standards set by the NHS Litigation Authority and the CQC, including:

  • including maintenance of professional registration
  • pre-appointment clearances
  • DBS certification
  • induction and mandatory training

With shared employment a written agreement should detail which responsibilities lie with which organisation. For example, a community trust working with a PCN may be able to provide training.

Required Training

NWL IT services have developed module based clinical system and IG training which can be used by HCOs for their staff. GP practices who have signed honorary contracts may be happy to delegate the scheduling and documentation to their PCN.

To book your required training please access the NWL learning Hub

The Role of Federations

Federations/Confederations have different function across NWL. In a setting where they are providing services and in that role are data controllers in their own right and are hosting a clinical system, they may be able to take on the role of sharing records without the needs for honorary contracts. However, this is likely to be the exception rather than the rule.


Comments are closed.