Following on from the additional guidance that the BMA shared with practices last Friday about the imminent contractual requirement to give all patients online access to their prospective records from 31 October 2023, they have updated and published some further resources. 

Practices are strongly advised to carry out a Data Protection Impact Assessment (DPIA) if they have not already done so, and may wish to use the BMA’s DPIA as a template. If your DPIA suggests there may be a high risk to patients, then the BMA advise you to separately inform the Information Commissioner’s Office (ICO) and your ICB commissioner. 

The BMA have provided a template letter for the ICO which you can use to flag high risks associated with providing prospective online access and therefore stating that the GP, as data controller, is unable to go ahead with processing. 

They have also provided a template letter for your ICB team which includes questions that you may wish to ask your commissioner based around your potential concerns. 

If you have not ‘gone live’ and wish to make use of EMIS’ offer to bulk provision access at a later date, the BMA recommend you contact your ICB primary care IT team ahead of 31 October 2023. 

They strongly recommend that you inform your patients regarding the provision of access to let them know it is happening (guidelines on how to do this in ‘Reference A’ within the FAQs). 

They encourage practices to engage with and agree a way forward with your local commissioning team to ensure they are fully informed and updated of the practice plan, including any bulk communications you may plan to send to patients. 

They have also issued a joint statement with Violence Against Women and Girls organisations, including Refuge, Women’s Aid, and EVAW (End Violence Against Women Coalition), highlighting outstanding concerns we have around the implications of automatic prospective online access for domestic abuse survivors. Read more here. 

Read the full guidance here.