This page describes the data processing involved in accuRx’s Record View feature, the relationships between the organisations involved in using it, and what happens when a GP practice enables the feature. It’s designed to provide you with a comprehensive description of what’s involved when you switch on Record View for your practice, and is therefore slightly technical in nature.
It should be read in conjunction with the accuRx Data Processing Agreement (the “Agreement”). Capitalised terms in this appendix shall take their meaning from the Agreement, unless otherwise defined herein.
Record View Summary
accuRx’s GP Record View product ("Record View") enables GPs to easily and securely let health and social care professionals providing direct care to a patient ("Health and Care Professionals") view that patient’s GP Medical Record (the “Record”).
Record View will only be available for a GP practice’s patient records if that GP practice elects to enable the functionality. When the Feature is enabled, Health and Care Professionals can use their accuRx Web accounts to securely view the patient’s Record, only when they have received explicit patient permission from the patient.
Health and Care Professionals request to view the Record through accuRx Web. The patient will confirm permission by providing a unique code sent to them by SMS (using the number registered on the NHS Personal Demographic Service). If the Health and Care Professional enters the code provided by the patient, they will receive a 24-hour, read-only, view of the patient’s Record.
If the patient chooses not to give them the code, the view will not be provided.
The roles of the different systems, individuals and organisations involved in using Record View are set out below.
Electronic Patient Record System - Data Source
These are the systems the data in Record View (presented as View-only) is drawn from; it is also data for which the GP practice acts as the Data Controller.
GP Practice - Data Controller ("Primary Data Controller")
Enables Record View functionality and in doing so instructs accuRx to permit Health and Care Professionals to view the Record when security conditions are met
Patient - Data Subject
Grants access to their Record by providing a code for 2 factor authentication
Health and Care Professional - Data Recipient
Delivering direct care to the patient and seeking to view the Record for that purpose
Health and Care Professional’s Employer - Data Controller (“Secondary Data Controller”)
The organisation that employs the Health and Care Professional at the time they request to view the Record. This organisation becomes a separate data controller (“Secondary Data Controller”). for the information its employee obtained through Record View. accuRx continues to act as its Data Processor for the time-limited Record View period
accuRx - Data Processor
Instructed by the GP practice (Primary Data Controller) to provide time-limited Record View when security conditions are fulfilled for a specific time-limited period
What’s shown in Record View when permission is granted?
Record View will provide Health and Care Professionals with the information they need to effectively treat patients from the Record.
This will include:
Information not necessary for this purpose will be excluded from Record View:
How does a health and care professional get access to Record View?
Health and Care Professionals search for patients and request to view their Record in the accuRx Web platform through the following steps:
How is the data shown in Record View secured?
Record View shares GP Medical Records on a time-limited ad hoc basis, with patient permission provided each time, not continually.
Healthcare Organisations access Record View on the basis of the Agreement, the details set out here and our Terms and Conditions.
Record View ensures security through multiple safeguards:
All data processed from the Record is encrypted in transit via HTTPS and encrypted at rest via Transparent Data Encryption in accuRx’s secure cloud servers for up to 7 days only.
When a Record is successfully requested, accuRx retrieves the record from the GP system in the background, to prepare it for prompt viewing. However, the view of the record is only provided when the code is entered. If the permission code is not provided after a minimum time period, the record is securely deleted.
The only data stored after a request is metadata to provide the audit trail for GPs; the contents of the patient’s medical record are always securely deleted.
What are the conditions for using Record View
Health and Care Professionals’ use of Record View is subject to the following conditions (collectively, “Use Conditions”):
What will accuRx do to ensure Record View is not misused?
If the Health and Care Professional breaches the Use Conditions, this shall constitute a breach of the Agreement and the accuRx Terms and Conditions by the Health and Care Professional and Secondary Data Controller.
accuRx is not responsible for any misuse of Record View.
Record View includes an audit function for GPs to oversee all requests for their patients Records by Health and Care Professionals. GPs can access this log through the “Manage my Practice” section of the accuRx desktop platform.
The audit function shows the name of the Health and Care Professional requesting to view the Record, the time the request was made, the identity of the Secondary Data Controller and whether the request was successfully authorised.
By using Record View, the Health and Care Professional (on behalf of themselves and the Secondary Data Controller) agrees to this information being provided to the patient’s GP and the Primary Data Controller.
Should any GP identify potential misuse of Record View by a Health and Care Professional, they shall notify accuRx. Upon receiving notification of misuse, accuRx will investigate the issue and notify the reported Health and Care Professional.
If misuse reports are received for a Health and Care Professional or Secondary Data Controller, accuRx reserves the right to take enforcement action, at its full discretion, including disabling Record View for the individual Health and Care Professional or the Secondary Data Controller.
accuRx will report any evidence of serious and frequent misuse to relevant authorities and regulators as required.
Missing or incorrect data
accuRx is aware that Data Controllers must uphold data subjects' right to rectification under the UK GDPR. If accuRx is notified directly of any inaccuracy in a Record shown in Record View, and it confirms the inaccuracy is not as a result of a technical error, it shall advise the patient or the Health and Care Professional involved in their care that this should be directed to the GP, and will offer reasonable assistance to them in doing so.