We’ve put some small files called cookies on your device to make our site work.
We’d also like to use analytics cookies. These send information about how our site is used to a service called Google Analytics. We use this information to improve our site.
Let us know if this is OK. We’ll use a cookie to save your choice. You can read more about our cookies before you choose.
Change my preferences I'm OK with analytics cookies
Date published : 22 June, 2023 Date last updated : 16 August, 2024 Download as a PDFVersion 1.3 27 June 2023
‘ …protecting a person’s health, wellbeing, and human rights, and enabling them to live free from harm, abuse and neglect’
All patients are potentially at risk of safeguarding issues, but some groups of patients are particularly vulnerable to harm and exploitation.
Vulnerable groups include but are not limited to:
Identifying and managing safeguarding risk is crucial in a digitally enabled primary care system. The Royal College of General Practitioners (RCGP) has developed an adult safeguarding toolkit and a child safeguarding toolkit which provide useful and comprehensive coverage of the roles and responsibilities of all staff in general practice, as well as information about identifying and managing the different types of safeguarding risk.
Once the safeguarding risk is identified, digitally enabled primary care services can help facilitate more effective information sharing, ongoing care, and safe record keeping generally.
Information sharing is essential for the effective safeguarding of adults and children. In many serious-case reviews, poor information sharing has been identified as a key factor resulting in poor care and missed opportunities to act.
A full set of resources around information sharing and safeguarding is listed as the end of this article.
HM Government has produced a useful guide to information sharing during the transition to the General Data Protection Regulation (GDPR) being implemented (The ICO published further guidance in 2021 in its Data sharing code of practice). Its seven golden rules set out below (in full) are a valuable tool to aid decisions around data sharing especially for safeguarding issues.
Digitally enabled primary care can provide opportunities to improve the care of patients with safeguarding risks. This can be through both accurate and detailed GP records, and the sharing of information within and across organisational boundaries. There are, however, risks associated with how information relating to safeguarding issues are recorded, how information is shared, and how sensitive information may become visible to the patient who has online record access.
Understanding what we mean by ‘sensitive information’ is important in identifying the safeguarding issues associated with disclosing information. Examples of sensitive information are:
The definition of ‘serious harm’ is subjective and will vary from case to case. It is, therefore, a matter of clinical judgement as to what can be considered serious harm. Broadly, it can be considered as the risk of possible serious physical harm, sexual harm and exploitation, psychological and emotional harm, neglect, discrimination, or financial harm.
Careful consideration of requests for record access therefore needs to be given by patients thought to be at risk of ‘serious harm’.
These issues are also important to consider in providing online access to new GP health record information.
These are data items or codes that can be considered potentially harmful to a patient and some commercial tools use this code list to automatically screen records and provide prompts to and suggestions for redaction (which are actioned manually by the person screening. There are codes that are likely to be particularly sensitive. Examples include, but are not limited to:
Again, the risk of patients having access to this information very much depends on how the information is disclosed, whether the patient is already aware of what is in their record, and if there are any other safeguarding risks such as coercion or abuse.
The example below highlights how coded information can be particularly sensitive if the patient is not aware of the diagnosis, in this case Huntington’s Chorea.
John Brown is an 18-year-old student who has just started university. He registers with the university practice and hears that his friends are accessing their records online. He decides to request access as well. His records have been received via GP2GP. The staff at the practice review his records and see that there is a coded record of ‘Family History of Huntington’s Chorea’. It is not clear from the record whether John is aware of this history, so they elect to hide this code from online viewing until John has been seen and the doctor can ascertain whether he is aware of this.
There are a number of different aspects of safeguarding in a modern digital general practice.
They are broadly broken into three areas:
At a national level the NHS Safeguarding app provides access up to date legislation and guidance across the safeguarding spectrum. It also provides information on how to report a safeguarding concern and has an up-to-date directory of every local authority in England.
The RCGP also has a wealth of information related to both adult and child safeguarding. It provides resources that embed safeguarding into the role of every practice member. Good practice safeguarding in general practice includes:
These are in addition to the adult and child safeguarding toolkits mentioned above.
All primary care staff have a role in ensuring that safeguarding information is stored correctly in medical records. It is, therefore, important that all primary care staff are aware of the following basic principles with regard to how safeguarding information is recorded, processed, and stored on the GP IT systems:
The RCGP adult safeguarding toolkit has useful guidance when coding and recording any safeguarding information and also adding appropriate codes in specific situations such as child (born or unborn) on a child protection plan, parents/step-parents of children on a child protection plan, or child in need. It also has more specific guidance around coding of domestic violence and abuse.
Alerts are routinely applied to primary care electronic medical records to highlight important issues such as allergies, ownership of weapons, or whether the individual is subject to community treatment orders. In this respect, safeguarding alerts highlight concerns that the individual is at risk of abuse or neglect, or that they pose a risk to others or themselves.
There are no statutory guidelines for applying and managing these alerts and this can pose challenges and risks in ensuring the delivery of safe clinical care.
There are a number of issues related to alerts:
The way alerts are applied varies from system to system. Please contact your clinical system provider for practical guidance on how to use and apply alerts/warnings in your practice.
This is a system that helps health and social care professionals share information securely to better protect children and expectant women. It links health IT systems across health and social care and covers 100% of local authorities in England. This includes all GP IT system providers.
When a child is known to social care and is a ‘child looked after’ or on a child protection plan, basic information about that plan is shared securely with the NHS. If that child attends an NHS unscheduled care setting, the responsible GP/ healthcare team is alerted and the social care team is automatically notified. Both parties can see details of the child’s previous visits to unscheduled care settings in England. The same applies when the mother of an unborn child is subject to an unborn child protection plan.
This system is implemented in slightly different ways depending on the GP system provider. Contact your provider for specific information on how to use cross organisational warnings within the system.
There is a clear connection between safeguarding and coercion. Online access to general practice health services and individual patient records can provide an opportunity for perpetrators of coercive and controlling behaviour to use these tools to extend their control. The online record can be intrinsically insecure within a coercive relationship. Anyone who is willing to coerce a patient can obtain complete access to the patient’s record as they only need their login details.
Careful consideration needs to be given to the safeguarding issues involved when there is any suggestion or suspicion of coercion. Where this is the case there may be a need to limit or withdraw patient-facing online services. There is more detailed guidance on coercion and online access in general practice in another article in this series as well as guidance from the RCGP.
Patients who have capacity can allow a proxy, typically another family member or carer, to have access to their record. The patient needs to be made aware that the those with proxy access may have access to the records and may come to know sensitive details which could harm the relationship with the patient or others, and possibly lead to safeguarding concerns if this access granted led to harm.
Proxy access in itself also provides the additional risk of coercion. This risk needs to be assessed on a case-by-case basis and balanced against the possible benefits of proxy access. Restricting the level of record access can be useful in mitigating some of the risks.
Issues associated with proxy access and the safeguarding of children and young people are discussed in another article in this series.
Although the contractual requirement is now to offer all patients prospective record access on request, for individual patients it may be necessary to limit the level of access to reduce safeguarding risks.
The figure below gives some of the risks associated with each level of access. The highest levels of access are associated with the highest level of risk due to the detail included within the records. It is important to understand that the full record access includes the risks associated with lower levels of access. Risks associated with coercion and proxy access need to be considered at all levels.
Please contact us if you have any issues reading the above diagram: england.dpc.goodpracticeguidelines@nhs.net
Anyone entering information into the patient record needs to consider the impact of each entry in regard to possible safeguarding issues. If there are concerns, it may be possible to redact the information or deny or remove online access, even on a temporary basis.
The patient’s online GP record reflects the information contained within the practice’s clinical system. Information comes from an increasing number of sources. Once reviewed and approved, the information can be visible in the online record.
The diagram below shows the different sources of patient information that come into the GP system. Whilst most of these flows will not contain sensitive information or present safeguarding concerns, there is that potential. For that reason, it is vital that the practice is aware of their own data flows and how to manage sensitive or safeguarding information as it enters the GP IT system.
The red flows in the diagram are examples of where practices need to minimise the risks of sensitive information being entered into the GP system in a form that is visible to the patient online. An example would be the need to redact safeguarding team reports when they are checked in though the document management system, so they are not visible online.
Please contact us if you have any issues reading the above diagram: england.dpc.goodpracticeguidelines@nhs.net
Similarly, disclosures made via an online consultation or text message which may give rise to a safeguarding concerns would need to be redacted to prevent the information being visible online through patient facing services.
Access by a third party other than an approved proxy also requires consideration of the risk of disclosure. There is detailed guidance on SARs in another article in this series.
Redaction is a key component in reducing the safeguarding risks associated with online access. There is a full article on redaction elsewhere in this series.
All staff entering information into the clinical record need to be aware of what, when how and why to redact information. Different GP IT systems have different ways of redacting content, so ensure all staff can use the functionality in your local system.
There is, however, the need to be aware that redaction alone may not be able to mitigate all risks.
There will be situations where redaction alone is not enough to ensure there are no safeguarding issues.
Ella is a 28-year-old who presented to the practice with depressive symptoms and disclosed to you that her husband has been verbally abusing her and very controlling. She asks the GP not to write anything in her notes as she is worried that her husband will see the record as he has access to her online record. The GP redacts the consultation so there is no record of the discussion and no record of the coding of depression in the online record.
In this case the GP acknowledges the safeguarding risk and redacts the consultation. This does, however, expose several risks:
This case highlights one of the deficiencies of redaction, i.e. information provided by inference. In this case the husband may infer that the patient has disclosed information about the abuse as there is no consultation in the online record.
This may have been the first time that the practice had any reason to believe there were any safeguarding issues. Having identified a potentially coercive relationship, the immediate solution may be to reduce the level of access, but this leads to placing the patient at risk if the husband infers access has been restricted due to the disclosure of abuse.
Although this sort of situation is likely to be rare, it could become more likely as more patients get full record access (which could be both prospective and retrospective). These situations must be considered on a case-by-case basis, looking at the potential ramifications of each decision and minimising risk.
Communicating with the patient is crucial in order that both parties understand the risks. It may be useful to discuss concerns with the practice or local safeguarding lead, Caldicott Guardian, or medical defence organisation. A plan can then be agreed about how to safely limit online access in the future while the safeguarding issues are being addressed.
Online visibility settings and markers of redacted content are currently not part of a GP2GP transfer. If a patient has some entries restricted for online viewing and leaves the practice, the current guidance is to only allow access to the prospective records from the date they move to the new practice. This avoids the need to clinically assure the patient’s historic record with the associated workload implications. This doesn’t, however, remove all the risks, so it is recommended that an individual assessment of the appropriateness of record access is considered for all new patients.
There is ongoing work by the GP IT providers to transfer visibility and redaction settings during the GP2GP transfer. You should contact your GP IT provider for further details.
The UK General Data Protection Regulations (GDPR) and Data Protection Act 2018 provide a number of exemptions in respect of information falling within the scope of a subject access request. The same exemptions also apply to providing information though access to the online record. Once again these are mainly due to the risk of serious physical or mental harm, safeguarding risks and third-party disclosures. Full details of exemptions are described in the BMA Access to health records guidance.
The circumstances in which records need to be withheld on safeguarding grounds should be rare. Record access should not be withheld on the grounds that the patient may find information upsetting. There must be a reasonable case that it would cause harm. This is clearly subjective and if there are doubts about whether disclosure would cause serious harm, the health professional should discuss with an experienced colleague, area Data Protection Officer, or a medical defence/professional body.
Health professionals need to be reassured, however, that both the UK GDPR and Data Protection Act 2018 offer considerable protection, not only to patient data, but also to the health professional themselves to redact or decline access confidently if there is a safeguarding risk.
Your practice will have a safeguarding policy. This should be reviewed to ensure it includes reference to the implications on safeguarding of having digital records. All staff should be made aware of the content.
Ideally this needs to be reviewed, perhaps annually, as clinical systems evolve, and contractual requirements change.
The diagram below describes the process of safeguarding using electronic health records. These processes need to be included in the practice safeguarding policy.
As shown in the diagram, the consultation itself is only one aspect of safeguarding and there are a number of prerequisites and steps needed before any clinical consultation can begin.
It is important to note that this process needs to occur for all consultations not just those with known or possible safeguarding risks. Practices should ensure that staff (including temporary staff such as locum GPs) are aware of the process as part of the safeguarding policy.
Please contact us if you have any issues reading the above diagram: england.dpc.goodpracticeguidelines@nhs.net
Safeguarding may lead to contradictory or conflicting obligations, such as confidentiality and disclosure, the need protect the interests of the patient and the need to protect other individuals who may be at risk such as children or vulnerable adults. It can also have far-reaching consequences, as high-profile cases have highlighted. For these reasons it’s important to discuss any difficult situations with the practice or local safeguarding lead, Caldicott Guardian or medical defence organisation.
The GP digital record is a live system and is updated in real time. This means that as an entry is made on the GP clinical system, the data is accessible by the patient through access to their GP record online. Redaction and risk mitigation must be done at the time of entry to avoid possible safeguarding issues.
The training requirements are, therefore, to:
Training and practice policy is fundamental to ensure effective use of the GP IT system to enable safeguarding.
