Access delegated to a proxy
Please contact the Practice for further information on proxy access regarding close family members, carers, parents or nursing home staff, and if we provide this service.
- Online systems may allow proxy access where a third party, who may or may not be registered with the practice, to be given login details to have online access to the patients’ transactional services and/or record. This can be very useful in certain circumstances
- If the patient chooses to share access to their online GP account with someone else (their proxy), there are advantages for the patient if the practice gives the proxy their own login credentials including a separate password
- The GP record may contain very sensitive information that they wish to keep private. Even the prescribing record may reveal confidential information about them. The patient should check through their entire online record to ensure that there is nothing there that they would not want their proxy to see. Patients must have complete trust in anyone who they allow to have access to their online account. If they are in any doubt they should not share, or they should ask the practice to redact any sensitive data where it is possible
- The practice will also be able to ensure that the proxy has all the information about how make good use of online access, including how to keep it secure, the implications of data quality and for parents, the practice policy about parental responsibility and the competence of young people to make their own decisions about who can access their record
- There are many circumstances where this can be helpful. It may be convenient for someone else to book appointments or request prescriptions for them. It may help a carer understand and help to manage their health
- Online access for the proxy to allow a proxy to do one or more of the following: Book and cancel appointments, Order repeat prescriptions, *access test results (*please check with your Practice regarding this facility).
- Patients must protect their login details so that nobody else can gain access to their record
- Passwords should be easy to remember orstored in a safe place, such as an encrypted password app. They should not be based on something that is easy to guess
- If you lose the details or suspect that someone else has seen them, you should change their password immediately and inform the practice
- Use a password, PIN or fingerprint or face recognition system to protect access to a private computer, tablet or smartphone that they use to access their online access
- Log out of their browser when they have finished using online access, especially if they have used a public computer
- Ensure that nobody can see your record on the screen over their shoulder while they are accessing their GP online account
- Take precautions to avoid cyberattack, using antivirus software, an effective firewall and safe internet browsing whenever possible
- The patient must keep and dispose of all information that they download or print from their record securely
- People with visual impairment, who use audio electronic readers need to be careful to avoid being overheard, especially in public places
- Your record may contain things that the you are not expecting. There are several reasons why this may happen. You should inform the practice if there is any information in your record that you think is wrong or find upsetting
- This may happen if you have forgotten the event in your record, if there is an error in the record, if you fail to recognise a medical term that is synonymous with a lay term that they know (e.g. acute myocardial infarction instead of heart attack), if you disagree with a diagnosis or if incorrect information has been added to the record by the practice, or your previous practice and has persisted through GP2GP record transfer
- The record may also contain confidential third party information that has not been spotted and redacted in the check carried out before you registered
- If any of these situations arise, you should let the practice know about it. The practice will be keen to listen and discuss the matter with you as soon it is possible to arrange an appointment. The practice may explain the information, redact or remove the data; however, patients cannot demand that an item they disagree with is removed from the record
- If the patient has been able to see confidential information about another person, the practice will inform the other person as soon as possible.
- Patients may be coerced unwillingly into allowing other people to have access to their online records. Even when they have shared their login details willingly or arranged for formal proxy access where the other person has their own personal log in details, online access may be misused or abused
- If the practice suspects that you have been coerced to allow another person to access their online record against your wishes, it is best refuse to allow proxy access until the suspicion has been clarified
- If you are worried that this might happen in the future or have experienced coercion, a failure to respect your privacy or misuse of the system, you should discuss it with the practice immediately. The practice may switch off access until the matter is resolved if that isa safe option. The practice may redact data if there is something that the patient is keen to keep private.
If the patient has employed a carer and wants to remove their access when they no longer employ them, proxy access can be easily withdrawn. The patient may also limit the online access to just booking appointments or requesting prescriptions, even if the patient has full record access. There may also be an audit trail accessible to the practice or the patient of who has accessed the patient’s record if the GP system has this functionality. It is safer to restrict proxy access to specific individuals, rather than a group or organisation. If an individual with their own login details leaves the organisation their access will be switched off without interfering with others’ access and the audit trail will always be clear about who has had access to the patient’s records.
Some patients lack the capacity to choose or consent to a third person acting as their proxy, but the practice may agree to a carer having proxy access in the absence of informed consent by the patient if it is clearly in the patients best interest. An example is a close family member with Power of Attorney for Health and Welfare or a guardianship.