Patient Record

Sharing Information - Your Medical Record

Each time that you use or visit an NHS or social care service they record information about your health, care or treatment. These records are normally held electronically. 

These records are held by GP surgeries, hospitals, local authority social care services and other health and care services including pharmacies, opticians, dentists and care homes. Each NHS or social care service that you use keeps its own record about you. 

NHS and social care services share information from your records with each other to provide you with care and treatment. Only health and care staff who are providing this care can see the confidential information in your records. 

Read more here  - Sharing your information :: Hampshire and Isle of Wight ICS (

Easy to read guide on Sharing your InformationCLICK HERE!  



Online Access


What information is in my GP record?

A GP health record contains information about the care you have received from your GP surgery. It includes information on:

  • Medicines your GP has prescribed
  • Allergies you have
  • Vaccinations you have received
  • Conditions you have been diagnosed with
  • Results of tests that your GP surgery has requested
  • Notes from appointments
  • Letters that hospitals and specialists have sent to your GP

How can I access my online GP record?

You can view their GP record by logging into your account on the NHS website or NHS app.

To view your record online, you must be registered with a GP surgery and aged 16 or over.  

Will I have to pay to access my GP health record?

There is no cost to accessing your GP records through the NHS App or the NHS website, aside from using the internet.

The NHS will never charge you to download an app or use services within the app.

Will I be able to view my hospital and social care records?

No - you can only view information filed on your GP health record.

When hospitals send letters from specialists to GPs – for instance, letters about discharge or information on your referral – you can see these. 

Can I remove access to my record?

If you do not want to be able to access your record, you can speak to your GP surgery who can remove online access.

Will sensitive test results be automatically uploaded to my record?

A GP will review results from a test before uploading them to your health record.

If results are sensitive or potentially upsetting, the GP should try to speak to you before uploading them onto your record.

Will people under the age of 16 be able to view their records?

Changes to record access will only apply to people over the age of 16.

If a young person is believed to have enough intelligence, competence and understanding to fully appreciate what’s involved in their treatment (being Gillick competent), they may request access to their records. Their GP will grant access.  

Can I access the records for a family member or someone I care for?

Proxy access lets people access medical services for someone in their care.

Please see further details on Proxy Access below.

GPs will be decide whether proxy access is in the patient’s best interests. 

What can I do if there is incorrect information on my record?

You can speak to your practice to correct information on your record.

For factual changes (incorrect allergy or medication), GPs can amend your record.

If you disagree with information on your record (for example, how a mental health concern has been described), there is an option for the GP to note your disagreement.

Will it be possible to view records of a deceased person?

No - viewing a deceased person’s records is not possible. If you want to access a deceased person’s records, you must apply in writing to the record holder under the Access to Health Records Act (1990).

What actions can I take if I can’t access to my records?

There are several reasons why a GP might decide you should not have access to their records. This is usually because the practice believes there is a safeguarding risk to you or another individual if you have access.

You can contact your GP if you feel you should have access to your records.

If you disagree with your GP’s decision, you can complain through your practice’s complaints process.

What support will be given to understand technical language?

NHS England is working with GPs to help them understand these changes and be aware that patients can read information that has been put into the health record.

Where possible, GPs have been encouraged by NHS England to use terminology and language that can be understood by everyone.

What safeguarding procedures are in place to protect victims and survivors of domestic or sexual abuse?

People who have experienced, or are experiencing, domestic violence or sexual abuse are potentially at risk from changes to patient record access. A coercive partner may force an individual to show their health records when they do not want to.

Where a GP suspects domestic violence, they can hide or ‘redact’ sensitive information. Where possible, a GP will speak to you about this. If a conversation isn’t possible, they can switch off access.

When patients get treatment for sexual abuse or trauma, NHS England encourages GPs to discuss whether or not they would like this information included on their online health record. This redacted information would be visible to the GP but not to the patient.

The NHS App has security protocols, including user identification when the app is installed. Users will usually have to log in with a password and thumbprint, and advisory messages pop up before patients access their records. 

Proxy Access

Please contact the Practice for further information on proxy access regarding close family members, carers, parents or nursing home staff, and if we provide this service.
  • Online systems may allow proxy access where a third party, who may or may not be registered with the practice, to be given login details to have online access to the patients’ transactional services and/or record. This can be very useful in certain circumstances
  • If the patient chooses to share access to their online GP account with someone else (their proxy), there are advantages for the patient if the practice gives the proxy their own login credentials including a separate password
  • The GP record may contain very sensitive information that they wish to keep private. Even the prescribing record may reveal confidential information about them. The patient should check through their entire online record to ensure that there is nothing there that they would not want their proxy to see. Patients must have complete trust in anyone who they allow to have access to their online account. If they are in any doubt they should not share, or they should ask the practice to redact any sensitive data where it is possible
  • The practice will also be able to ensure that the proxy has all the information about how make good use of online access, including how to keep it secure, the implications of data quality and for parents, the practice policy about parental responsibility and the competence of young people to make their own decisions about who can access their record
  • There are many circumstances where this can be helpful. It may be convenient for someone else to book appointments or request prescriptions for them. It may help a carer understand and help to manage their health
  • Online access for the proxy to allow a proxy to do one or more of the following: Book and cancel appointments, Order repeat prescriptions, *access test results (*please check with your Practice regarding this facility).


  • Patients must protect their login details so that nobody else can gain access to their record
  • Passwords should be easy to remember or stored in a safe place, such as an encrypted password app. They should not be based on something that is easy to guess
  • If you lose the details or suspect that someone else has seen them, you should change their password immediately and inform the practice
  • Use a password, PIN or fingerprint or face recognition system to protect access to a private computer, tablet or smartphone that they use to access their online access
  • Log out of their browser when they have finished using online access, especially if they have used a public computer
  • Ensure that nobody can see your record on the screen over their shoulder while they are accessing their GP online account
  • Take precautions to avoid cyberattack, using antivirus software, an effective firewall and safe internet browsing whenever possible
  • The patient must keep and dispose of all information that they download or print from their record securely
  • People with visual impairment, who use audio electronic readers need to be careful to avoid being overheard, especially in public places

Your Record

  • Your record may contain things that the you are not expecting. There are several reasons why this may happen. You should inform the practice if there is any information in your record that you think is wrong or find upsetting
  • This may happen if you have forgotten the event in your record, if there is an error in the record, if you fail to recognise a medical term that is synonymous with a lay term that they know (e.g. acute myocardial infarction instead of heart attack), if you disagree with a diagnosis or if incorrect information has been added to the record by the practice, or your previous practice and has persisted through GP2GP record transfer
  • The record may also contain confidential third party information that has not been spotted and redacted in the check carried out before you registered
  • If any of these situations arise, you should let the practice know about it. The practice will be keen to listen and discuss the matter with you as soon it is possible to arrange an appointment. The practice may explain the information, redact or remove the data; however, patients cannot demand that an item they disagree with is removed from the record
  • If the patient has been able to see confidential information about another person, the practice will inform the other person as soon as possible.


  • Patients may be coerced unwillingly into allowing other people to have access to their online records. Even when they have shared their login details willingly or arranged for formal proxy access where the other person has their own personal log in details, online access may be misused or abused
  • If the practice suspects that you have been coerced to allow another person to access their online record against your wishes, it is best refuse to allow proxy access until the suspicion has been clarified
  • If you are worried that this might happen in the future or have experienced coercion, a failure to respect your privacy or misuse of the system, you should discuss it with the practice immediately. The practice may switch off access until the matter is resolved if that isa safe option. The practice may redact data if there is something that the patient is keen to keep private.


If the patient has employed a carer and wants to remove their access when they no longer employ them, proxy access can be easily withdrawn. The patient may also limit the online access to just booking appointments or requesting prescriptions, even if the patient has full record access. There may also be an audit trail accessible to the practice or the patient of who has accessed the patient’s record if the GP system has this functionality. It is safer to restrict proxy access to specific individuals, rather than a group or organisation. If an individual with their own login details leaves the organisation their access will be switched off without interfering with others’ access and the audit trail will always be clear about who has had access to the patient’s records.


Some patients lack the capacity to choose or consent to a third person acting as their proxy, but the practice may agree to a carer having proxy access in the absence of informed consent by the patient if it is clearly in the patients best interest. An example is a close family member with Power of Attorney for Health and Welfare or a guardianship.

Emergency Care Summary

There is a Central NHS Computer System called the Emergency Care Summary (ECS). The Emergency Care Summary is meant to help emergency doctors and nurses help you when you contact them when the surgery is closed. It will contain information on your medications and allergies.

Your information will be extracted from practices such as ours and held securely on central NHS databases.   

As with all systems there are pros and cons to think about. When you speak to an emergency doctor you might overlook something that is important and if they have access to your medical record it might avoid mistakes or problems, although even then, you should be asked to give your consent each time a member of NHS Staff wishes to access your record, unless you are medically unable to do so.

On the other hand, you may have strong views about sharing your personal information and wish to keep your information at the level of this practice. If you don’t want an Emergency Care Summary to be made for you, tell your GP surgery. Don’t forget that if you do have an Emergency Care Summary, you will be asked if staff can look at it every time they need to. You don’t have to agree to this.