Feature-specific data processing

Record View

Overview

This page describes the data processing involved in accuRx’s Record View feature, the relationships between the organisations involved in using it, and what happens when a GP practice enables the feature. It’s designed to provide you with a comprehensive description of what’s involved when you switch on Record View for your practice, and is therefore slightly technical in nature. 

It should be read in conjunction with the accuRx Data Processing Agreement (the “Agreement”). Capitalised terms in this appendix shall take their meaning from the Agreement, unless otherwise defined herein.

Record View Summary

accuRx’s GP Record View product ("Record View") enables GPs to easily and securely let health and social care professionals providing direct care to a patient ("Health and Care Professionals") view that patient’s GP Medical Record (the “Record”).

Record View will only be available for a GP practice’s patient records if that GP practice elects to enable the functionality. When the Feature is enabled, Health and Care Professionals can use their accuRx Web accounts to securely view the patient’s Record, only when they have received explicit patient permission from the patient.

Health and Care Professionals request to view the Record through accuRx Web. The patient will confirm permission by providing a unique code sent to them by SMS (using the number registered on the NHS Personal Demographic Service). If the Health and Care Professional enters the code provided by the patient, they will receive a 24-hour, read-only, view of the patient’s Record. 

If the patient chooses not to give them the code, the view will not be provided.

Participants

The roles of the different systems, individuals and organisations involved in using Record View are set out below.

Electronic Patient Record System - Data Source
These are the systems the data in Record View (presented as View-only) is drawn from; it is also data for which the GP practice acts as the Data Controller.

GP Practice - Data Controller ("Primary Data Controller")
Enables Record View functionality and in doing so instructs accuRx to permit Health and Care Professionals to view the Record when security conditions are met

Patient - Data Subject
Grants access to their Record by providing a code for 2 factor authentication

Health and Care Professional - Data Recipient
Delivering direct care to the patient and seeking to view the Record for that purpose

Health and Care Professional’s Employer - Data Controller (“Secondary Data Controller”)
The organisation that employs the Health and Care Professional at the time they request to view the Record. This organisation becomes a separate data controller (“Secondary Data Controller”). for the information its employee obtained through Record View. accuRx continues to act as its Data Processor for the time-limited Record View period

accuRx - Data Processor
Instructed by the GP practice (Primary Data Controller) to provide time-limited Record View when security conditions are fulfilled for a specific time-limited period

What’s shown in Record View when permission is granted?

Record View will provide Health and Care Professionals with the information they need to effectively treat patients from the Record.

This will include:

  • Patient details (Name, DOB, Address, NHS number)
  • GP registration details
  • Problem list (current and significant past problems)
  • Medications (current, repeat, recent acute medications)
  • Allergies
  • Investigations during the last two years
  • Immunisations
  • Health status (smoking, alcohol, BMI)

Information not necessary for this purpose will be excluded from Record View: 

  • Patients with records set to sensitive status (referred to as “S” flagged) on the NHS Personal Demographic Service will not be available to view and will not be returned or requested.

How does a health and care professional get access to Record View?

Health and Care Professionals search for patients and request to view their Record in the accuRx Web platform through the following steps:

  • Log in to the accuRx Web platform with an approved accuRx account
  • Search for a patient by NHS number and date-of-birth via the accuRx integration with the PDS
  • Receive a return of the patient’s name, gender, and the last three digits of their mobile number if the PDS search is an exact match
  • Verify that the patient details returned are correct
  • Request permission to view the Record from the patient via SMS
  • Patient receives an SMS including a unique 6-digit code and a link to an accuRx-supported webpage explaining what data will be shared
  • Receive confirmation of the code from the patient, input the code and select "Confirm" to view the patient's Record. If the code is not input within a minimum time period, it expires and a new request must be initiated.
  • View the patient's Record for 24 hours from when the Record is first viewed

How is the data shown in Record View secured?

Record View shares GP Medical Records on a time-limited ad hoc basis, with patient permission provided each time, not continually. 

Healthcare Organisations access Record View on the basis of the Agreement, the details set out here and our Terms and Conditions.

Record View ensures security through multiple safeguards:

  • GPs are always in control of Record View functionality
  • Health and Care Professionals must log in with an approved accuRx account 
  • Patients must provide explicit permission each time a Health and Care Professional requests to view their record via multi-factor authentication
  • The contact number for the patient is retrieved from the PDS and non editable
  • A live audit trail allows GPs to track who has requested records, when, and if they were successfully viewed
  • SMS sent to patients notifying them of the request include the name of the Health and Care Professional requesting the Record and a link to an accuRx-hosted webpage informing them how their record will be viewed and what to do if they were not expecting the request
  • Time-limited access to view the Record for 24 hours only - after which time, the Health and Care Professional must initiate another request to view and the patient must provide their permission again

All data processed from the Record is encrypted in transit via HTTPS and encrypted at rest via Transparent Data Encryption in accuRx’s secure cloud servers for up to 7 days only.

When a Record is successfully requested, accuRx retrieves the record from the GP system in the background, to prepare it for prompt viewing. However, the view of the record is only provided when the code is entered. If the permission code is not provided after a minimum time period, the record is securely deleted.

The only data stored after a request is metadata to provide the audit trail for GPs; the contents of the patient’s medical record are always securely deleted.

What are the conditions for using Record View

Health and Care Professionals’ use of Record View is subject to the following conditions (collectively, “Use Conditions”):

  • The Health and Care Professional requests and uses the GP Medical Record for the purpose of providing direct care to a patient
  • The Health and Care Professional makes the request from an NHS Mail SSO via accuRx Web
  • The patient willingly and independently grants permission for the Health and Care Professional to view their Record by providing the Health and Care Professional with the secure authorisation code sent via SMS to their mobile number
  • The Health and Care Professional complies with the accuRx Terms and Conditions

What will accuRx do to ensure Record View is not misused?

Misuse

If the Health and Care Professional breaches the Use Conditions, this shall constitute a breach of the Agreement and the accuRx Terms and Conditions by the Health and Care Professional and Secondary Data Controller. 

accuRx is not responsible for any misuse of Record View.

Oversight

Record View includes an audit function for GPs to oversee all requests for their patients Records by Health and Care Professionals. GPs can access this log through the “Manage my Practice” section of the accuRx desktop platform.

The audit function shows the name of the Health and Care Professional requesting to view the Record, the time the request was made, the identity of the Secondary Data Controller and whether the request was successfully authorised.

By using Record View, the Health and Care Professional (on behalf of themselves and the Secondary Data Controller) agrees to this information being provided to the patient’s GP and the Primary Data Controller.

Enforcement

Should any GP identify potential misuse of Record View by a Health and Care Professional, they shall notify accuRx. Upon receiving notification of misuse, accuRx will investigate the issue and notify the reported Health and Care Professional.

If misuse reports are received for a Health and Care Professional or Secondary Data Controller, accuRx reserves the right to take enforcement action, at its full discretion, including disabling Record View for the individual Health and Care Professional or the Secondary Data Controller.

accuRx will report any evidence of serious and frequent misuse to relevant authorities and regulators as required.

Missing or incorrect data

accuRx is aware that Data Controllers must uphold data subjects' right to rectification under the UK GDPR. If accuRx is notified directly of any inaccuracy in a Record shown in Record View, and it confirms the inaccuracy is not as a result of a technical error, it shall advise the patient or the Health and Care Professional involved in their care that this should be directed to the GP, and will offer reasonable assistance to them in doing so.