How does the IG work?
When GPs enable Record View, they remain the Data Controller of their patients' medical records
The organisation employing the health and care professional when they request to view the record is a separate Data Controller for the information the professional employee sees through Record View
Why no data sharing agreements?
Record View removes the need for separate data sharing agreements between GP practices and secondary care organisations
Data sharing agreements aren't legally required and are typically only used for continuous data sharing, compared to the Record View model of ad hoc sharing with patient permission provided each time
This approach meets the IG standards of national bodies - see below 👇
Why healthcare providers trust Record View?
Meets the IG standards of national bodies
GPs are in control
GPs are always in control as they must enable Record View.
Live audit trail enables GPs to track who requests to view their patients' records and the status of those requests
Secure method of patient permission
Patients approve each request from a health and care professional to view their record via multi-factor authentication
Patient's contact number is retrieved from the PDS and non-editable
SMS sent to patients with the code includes the name of the requesting health and care professional and a link to an accuRx webpage informing them how their record will be viewed and what to do if they weren't expecting the request
How will accuRx regulate Record View?
Health and care professionals can only access Record View with an approved accuRx account and to provide direct care to patients
The record summary is only available for 24 hours. After this elapses, the health and care professional must initiate another request to view and the patient must provide permission again
Audit trail for GPs
Live audit trail for GPs to to track who requests to view their patients' records and the status of those requests
Only GPs can see this viewing history and it's not recorded in the record
Audit trail shows the name of the requesting health and care professional requesting, when the request was made, their employer and whether the request was successfully authorised
We'll investigate instances of misuse and take remedial action, including disabling Record View, for any offending health and care professionals
We'll also report evidence of serious and frequent misuse to relevant authorities and regulators as required
What does accuRx do with data in the medical record?
All data is encrypted in transit via HTTPS and encrypted at rest via Transparent Data Encryption in accuRx’s secure cloud servers for up to 7 days only.
When a record is successfully requested, we retrieve the record from the GP system in the background, to prepare it for prompt viewing. However, the summary view of the record is only provided when the code is entered. If the code isn't provided after a minimum time period, the data is securely deleted.
The only data stored after the request is made is metadata to provide an audit trail for GPs. The contents of the patient’s medical record are always securely deleted from our servers after the viewing period.
How often is the record updated?
We pull the medical record at the point the health and care professional enters the correct code in accuRx web, so this ensures the latest version of the record in the clinical system is pulled each time
What happens if there's missing or incorrect data in the record?
We're aware that Data Controllers must uphold data subjects' right to rectification under the UK GDPR.
If we're notified directly of any inaccuracy in a record shown in Record View, and we confirm the inaccuracy isn't from a technical error, we'll advise the patient or the health and care professional involved in their care to direct this to the patient's GP and we'll give them reasonable assistance to help them do this.
Is the record redacted for any third party information?
Third party information isn't redacted from the record by default because Record View is only accessible to health and care professionals involved in the patient's care.
However, third party information is usually only contained in the consultation notes section of the record summary which is only available for GPs viewing their own patients' records.