Skip to main content
PMC home page
The British Journal of General Practice logoLink to The British Journal of General Practice
. 2007 Jun 1;57(539):507–511.

Patient record access — the time has come!

Brian Fisher, Richard Fitton, Charline Poirier, David Stables
PMCID: PMC2078176  PMID: 17550687

By next year a likely scenario is this:

June 2007, the consultant sighs. The letter from the GP is tantalisingly brief: the reason for referral seems unclear and no test results are included. The 70-year-old patient, seeing the GP's confusion, offers to show him her records. She moves closer to the screen, taps her pin and personal password into his computer, and uses a token to generate random numbers that will ensure she is securely identified. Seconds later, all her recent consultations appear on screen, followed by all the correspondence and all test results.

On the same day in A&E, a patient admitted with chest pain shows a junior doctor the reports of the last chest X-rays and ECGs ordered through his general practice. He displays this on his handheld organiser.

In Leeds, the pensioner, confused by the last consultation with her GP, logs on to her records. She sees what the GP was thinking and the results on which the conversation was based. She can also see, linked with the problem title of hyperlipidaemia, a short list of weblinks that offer further information. These include a patient information leaflet, a link with patient-centred NICE guidance, and a decision aid that enables her to decide whether she should take statins or not, based on the results that she can easily access in her notes.

In Valencia, the tourist shows the doctor his latest 24-hour tape results by accessing them via the Spanish desktop computer.

These scenarios are likely as a result of developments in the field of record access. This paper outlines the current situation in this ongoing process, and discusses the possible impact of record access.

The principle of patients having access to their own electronic health records is established. Despite some delays, NHS Connecting for Health is delivering ‘HealthSpace’. From May 2007, people will be able to see a summary of their health records on a home computer using a protected web service. At first, they will be able to access medications and allergies, and later other summary information about care and treatment. They will also be able to add information, such as access needs, treatment preferences, and eventually self-monitoring information. Record access has the potential for:

  • improving care and safety,

  • affecting the way care is delivered, and

  • enhancing patients' self-efficacy.

While the outcome of HealthSpace is awaited, in the UK and worldwide alternative systems exist that enable patients to access their full GP electronic record in the surgery. Similar access on the internet, which would enable the scenarios described above, is currently being piloted.

Different approaches to record access

In the UK, kiosks (see picture below), designed by independents outside the NHS Connecting for Health programme, offer access to the full GP electronic records with linked health-related information. Read codes in the records are linked to patient information leaflets which can be read on screen or printed. Access is authenticated by fingerprint and pin. A touch screen and reformatted records, designed with patient input, make content and navigation easier to understand. Patients can see their consultations, demographic details, letters, investigation results, and allergies.1 As of June 2006, there were 11 practices in England using the system, with a total of about 5000 patients registered with their fingerprints. Inline graphic

Some surgeries allow patients to take away their records on a memory stick or a CD. In others, patients can insert health data, such as blood pressure and peak flow, directly into their record (R Fitton, personal communication, 2006). In the US a number of health maintenance organisations offer record access.2

A web-based service is also being piloted which is different from the NHS Connecting for Health, national ‘Spine’ database of information about patients' health. The information is not placed on the Spine, but remains in the practices, being called up each time it is needed. As a result, the system:

  • enables patients to keep control over who sees their record,

  • keeps the record in the surgery, so its ownership is clear, and

  • allows patients, if they wish, to share their data with clinicians anywhere in the world.

In all situations, security and legal protection are imperative.

What the law says

The Data Protection Act 1998 and Access to Medical Reports Act 1988 state that a patient or anyone authorised by the patient, parents of children under 16 years of age, or a ‘Gillick competent’ child are entitled to access their medical records. Access can only be denied where the information may:

  • cause serious harm to the physical health, mental health, or condition of the patient or any other person, or

  • relate to or be provided by a third person who had not consented to the disclosure.

The Freedom of Information Act 2000 gives people a general right of access to information held by or on behalf of public authorities, unless that information would, or is likely to:

  • endanger the physical or mental health of any individual (including the applicant, the supplier of the information, or anyone else), or

  • endanger the safety of any individual.

The Copying Letters to Patients initiative,3 enabling patients to see all letters written about them, is advisory only. However, this initiative is being adopted across the NHS, with general acceptance by patients and clinicians.

What is known about record access?

Who looks at their notes?

Of patients who have been registered to use the electronic kiosk access system, 75% have looked at their notes: the same proportion as those who used to look at their paper records. Some patients access their records repeatedly; most only do so occasionally for specific purposes. Patients with long-term conditions use it more than others.

Clinicians' reactions

Clinicians are often initially sceptical and worried about the impact of record access.4 They fear that mistakes and confusion will be exposed and that litigation may increase. However, there is no evidence for this.5 On the contrary, evidence is clear that record access improves relationships between clinicians and patients. Experience with record access tends to convince clinicians that its benefits outnumber its potential problems.6

Benefits of record access

The benefits of record access appear to be substantial. Patients describe improved trust and confidence in their clinicians,5 and they feel more informed and in control of their condition and its management.7 There is some evidence for improved health practices by patients. For example, improved compliance in heart failure8 and improved cigarette quit rates have been demonstrated.9

In general, patients are keen on record access in principle10 and in practice.11 Record access can increase safety by alerting the practice to any recording errors. Furthermore, patients can save time for practices and themselves by looking in their records for information rather than asking reception.

Duration of consultations

Patients using record access do not appear to take more time with clinicians.12 This coincides with experience with the kiosks in general practice. Record access seems to help patients focus their medical agenda and, ultimately, record access may end up saving time and foster compliance (M Cauldwell et al, unpublished data, 2005).

Risks

There are potential risks if the process is not handled carefully. If, for example, patients see frightening information before it has been discussed with them or if they are able to access third party information. Simple precautions in letter- and result-handling, however, can virtually eliminate these risks.

An investigation revealed that 10% of patients were upset by what they read, although the vast majority of those were still pleased that they had seen their notes. Patients with cancer, in particular, were pleased to have read their full GP records. Evidence suggests that patients with psychiatric problems can find seeing their notes more distressing than those without mental health problems.5 However, the experience can be harnessed therapeutically.

Experience of record access so far has been with enthusiastic committed practices, and it may be that such safety precautions may not be so strictly adhered to when the majority of practices will be able to offer access.

Confidentiality

Confidentiality is well-maintained in the waiting room kiosk-based approach. The system uses both fingerprint and pin identification, and there are simple and effective ways of ensuring that it is only with the patient's permission that the record may be seen by anyone else. A web-based approach may be more prone to abuse, despite secure authentication and access. It is possible that members of the family, for instance, will be able to see records, perhaps by glancing over patients' shoulders or by coercing them. As with internet banking and other protected sites, once the record has been delivered, we can assume that the patient becomes fully responsible for its security.

Authentication

Ensuring that each patient sees his/her own records and no-one else's is essential. The kiosks' fingerprinting is robust, but can be difficult for older people whose prints are less defined. Net-based access requires ‘two-factor authentication’: pin and password plus another approach such as a token. An example of the approach taken by the online EMIS/PAERS project is shown in .

Box 1. Record access approach of the online EMIS/PAERS project

A key part of the system is user authentication. There are several steps that a user must follow to ensure that they are as secure as possible.

  • An initial sign-up document has a once-only PIN number. Without this number the user cannot create an account and so no-one can set up an account in someone else's name.

  • The user needs to enter their practice ID number, to tell the system which practice they are registered with, and an access ID to identify them individually.

  • Users set their own password, not known even to practice staff, and will soon be able to change it online if required.

  • For medical record viewing they have to enter selected digits/letters from a second ‘pass phrase’, which is different each time. This ensures that no one can easily steal their passwords by filming them or installing key-logging software on their computer.

Although some patients initially find these awkward, almost all soon become adept at logging in and using the website. None of these stages can be removed without the risk of harming security. In a later phase of the project a token-based system will be offered and this is expected to provide a significantly higher level of protection for a user's account login.

The main risk to security in the current system is that an attacker could guess or steal a patient's account login information and use it to login themselves. This risk is higher if patients use weak passwords, fail to keep their passwords secret, use public computers, or do not keep their home systems up-to-date and protected from viral and trojan software. Token-based two-factor authentication will mitigate much of this risk.

It will be important that, if different systems are developed for record access in the UK, access and authentication is not only of the highest standard, but should be similar in all systems to avoid confusion.

Standards and guidelines

To ensure high standards and avoid some of the risks listed above, standards and guidelines need to be written prior to the launch of record access on a national level. These standards and guidelines will best be created by national agencies, such as the Royal Colleges, patient groups and NHS Connecting for Health.

How do patients use record access?

Current research suggests that patients use record access to prepare for consultations and recap after them; for finding information that they would otherwise have to ask the practice for, such as immunisation history; it helps patients understand the history of a particular condition; improves awareness of their condition; and enables them to pass on information obtained when visiting hospitals or when caring for sick relatives, with the latters' permission. In general, patients say that they feel more of a partner in their health care. Qualitative evidence suggests that patients use record access to understand information about which they are confused as a result of a poor face-to-face consultation. (NHS Connecting for Health, unpublished data, 2006). Access to records can compensate for poor communication.

What impact could record access have on daily clinical life?

The shared record, if we get it right, offers a new dialogue in which clinician and patient can learn from each other. Thus, the task is not only to foster ease of use for the clinician, it is also to make the record useful for the patient. The electronic record could change from a repository of recorded clinical information for clinicians to a tool of communication and health management used by patients and health professionals. This could affect the structure, processes and outcomes of records in a number of ways.

Reading the record

GPs' notes are full of abbreviations, technical terms, and other impediments to lay understanding. Patients tell us that they understand on average 60% of the record as it is currently written. If patients start relying on the record to make sense of their health and to participate in their own care, recording may have to change. For instance, the record might need to show ‘heart attack’, instead of the standard abbreviation ‘MI’, for the patient's benefit which would be automatically generated. One system currently enables patients to see information about most of the Read codes by touching the screen to reveal a patient information leaflet on the topic. Web-based plans include automatic translation of technical terms.

Making sense of data

For patients to understand clinical data, record access will need to make sense of these data for them. For example, results could be displayed as charts with normal ranges instead of simple numerical values. These results can include clinicians' comments on their significance as well as information about the tests.

Issues of equity and design

The design of record access will also need to ensure equality of care. Ethnographic studies suggest that people have different mental models of health which structure their health behaviour (C Poirier, unpublished data, 2000). Although design needs to be universal to ensure basic equity of access, it would also make sense to design the planned ‘Common User Interface’ so that it can be customised by patients and clinicians. Different groups of patients and clinicians will want data presented in different ways.

Patients correcting errors in the record

Experience has shown that record access can aid the correction of recording errors.13 Such errors often involve patient identification. They may also pertain to aspects of a consultation, for example, to a description of conditions or symptoms described by the patient, or outcomes. When patients use the PAERS system, for example, they sometimes identify when results are changing in an unexpected direction, when the wrong tests have been taken, or when test results are missing. Studies are being conducted to quantify error reduction outcomes in records provided by record access.

Patients entering their own data

A number of practices have experience of patients adding data directly to their record by email through a system called GePmail. Peak flow and blood pressure are the most common entries. The design may need to ensure that data are viewed by the clinician before being entered into the notes so that any relevant clinical response could be made.

Enhancing self-care

The system could be designed to recognise, for example, someone with diabetes whose blood pressure and sugar control are inadequately controlled. The patient would be reminded of this, with associated advice, when they looked at the records. They could be reminded of relevant appointments, automatically. HealthSpace is designing this for its future deployment.

Conclusion

Record access is increasingly being adopted around the world by clinicians and patients. We recognise the risks and potential pitfalls associated with this trend. Yet, we see record access as significantly improving shared care and improving not only trust in and respect of clinicians by patients, but also trust in and respect of patients by clinicians.

Record access will result in a closer relationship between GPs and their patients. Access enables patients to participate in their own care, find out relevant information, and ask about their disease and health. It could enable GPs to improve patient safety. Patients can include their own recorded values and their own care management in the record, for the benefit of both clinician and patient. Record access also facilitates education as it can frame results and medical information directly from patients' concerns. It appears safe when used with simple precautions, and is likely to form the basis of future choice and shared decision-making.

Competing interests

David Stables is the medical director of EMIS which is a commercial limited company that has developed implemented clinical management systems for primary care. Richard Fitton is a director of Foldercare Health Systems Ltd which is owned by staff, patients and families. Its objectives are to develop patient-accessed records to support patient self-care. The company is currently discussing conversion to a community interest company. Brian Fisher is a director of PAERS which has developed a system that enable patients to see their own records. He is paid both by PAERS and by Connecting for Health for consultancy. Brian Fisher is funded by Connecting for Health for research into patients' experiences of record access.

REFERENCES

  • 1.PAERS. Lincs: PAERS Ltd; 2004. Patient access to electronic medical record and automatic arrival system. http://www.paers.net (accessed 4 May 2007) [Google Scholar]
  • 2.Eklund B. SUSTAIN — Direct access for the patients to the medical record over the internet. In: Iakovidis I, editor. E-Health: current situation and examples of implemented and beneficial e-health applications. Amsterdam: Ios Press; 2004. [Google Scholar]
  • 3.Department of Health. Copying letters to patients: good practice guidelines. London: The Stationery Office; 2003. [Google Scholar]
  • 4.Fisher B. Patient access to records: expectations of hospital doctors and experiences of cancer patients. Br J Gen Pract. 1993;43(367):52–56. [PMC free article] [PubMed] [Google Scholar]
  • 5.Baldry M, et al. Giving patients their own records in general practice: experience of patients and staff. Br Med J (Clin Res Ed) 1986;292(6520):596–598. doi: 10.1136/bmj.292.6520.596. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 6.Protti D. Personal health records and sharing patient information. http://www.connectingforhealth.nhs.uk/worldview/protti7 (accessed 4 May 2007)
  • 7.Pyper C. Patients' experiences when accessing their on-line electronic patient records in primary care. Br J Gen Pract. 2004;54(498):38–43. [PMC free article] [PubMed] [Google Scholar]
  • 8.Ross SE, et al. Providing a web-based online medical record with electronic communication capabilities to patients with congestive heart failure: randomized trial. J Med Internet Res. 2004;6(2):e12. doi: 10.2196/jmir.6.2.e12. (May 2004) [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 9.Bronson DL. The impact of shared medical records on smoking awareness and behavior in ambulatory care. J Gen Intern Med. 1986;1(1):34–37. doi: 10.1007/BF02596322. [DOI] [PubMed] [Google Scholar]
  • 10.National Programme for Information Technology. The public view on electronic health records. 2003 http://www.dh.gov.uk/assetRoot/04/05/50/46/04055046.pdf (accessed 4 May 2007)
  • 11.Pyper C, et al. Access to electronic health records in primary care — a survey of patients' views. Med Sci Monit. 2004;10(11):SR17–22. [PubMed] [Google Scholar]
  • 12.Maly RC. A randomized controlled trial of facilitating information giving to patients with chronic medical conditions: effects on outcomes of care. J Fam Pract. 1999;48(5):356–363. [PubMed] [Google Scholar]
  • 13.Powell J. Sharing electronic health records: the patient view. Inform Prim Care. 2006;14(1):55–57. doi: 10.14236/jhi.v14i1.614. [DOI] [PubMed] [Google Scholar]
Br J Gen Pract. 2007 Jun 1;57(539):510.

Commentary

Paul Thornton

‘You can't buy happiness, but thankfully you can sell it.’1

Let's explore the nirvana in the ‘scenarios that will be taking place next year’.

Despite an excellent computer system, we have an inadequate referral letter. The older patient, like so many who are ill, has welcomed Microsoft Vista™, memorised the web address, and learned to access the records remotely using a secure token and password. Having rubbed the cyber lamp, the information genie that was missing becomes apparent, even though the referral letter was generated automatically from the same consultation records. The patient is, of course, unconcerned that the orthopaedic surgeon now knows all about her recent dystrophic dyspareunia. They all had a giggle about the curious 1960 episode of the Taiwan conference, the sales director, and the unusual cigarette.

The patient admitted with chest pain interrupts the A&E doctor in his urgent duties with the display of the previous X-rays and ECGs. Intrigued, but realising these are currently as influential in management as the mp3 recording of the grandson's trombone concert on the same PDA, our hapless F2 cracks on with acquiring the contemporaneous information upon which true emergency care is based.

Crisis resolved, the retrospective data may fine tune care. If NHS Connecting for Health hadn't interfered we might now have had messaging systems for requesting and transferring relevant and necessary information between excellent small discrete and discreet databases using technology that has been established throughout the lifetime of your average Pentagon hacker.

In Leeds, another GP has confused another pensioner. This quack has failed to use his silver tongue, omitted the information sheet he might have printed — jargon minimised and reading age-adjusted — and missed the opportunity to print the cholesterol graph. And yet, this same GP has managed to document a few good words so fluent that his very thoughts are revealed as though from a mind map, erupting with all the relevant web links.

In Valencia, the tourist recovers despite the doctors being able to see his previous 24-hour ECG tape. Having similarly discovered that the tourist knew of his benign palpitations before booking the holiday, his insurers decline to fund his repatriation. In resolving that little misunderstanding, his wife discovered from the printout that, just before departure, our holiday maker told his GP that ‘………

Few people enjoy true autonomy outside the consultation. Patients with the greatest health needs, who have the greatest need of privacy, would be least able to protect their own records.

Many patients would be obliged by peer, social, familial, and financial pressures or intimidation to provide copies of, or access to, their internet record if the possession of a ‘HealthSpace’ record were to become standard. Parents of adolescents, employers of their staff, ‘friends’ of the elderly, and abusers in domestic violence will all want access. ‘HealthSpace’, as proposed, is a major threat to patient privacy. The creation of an internet record should require patient consent in the first instance and the HealthSpace record must be invisibly editable at the request of the patient by clinicians before it is placed on the internet, and at any subsequent stage.

Computer multinationals sold happiness to Tony Blair. What will the NHS end up buying?

REFERENCES

  • 1. Caption from a cartoon distributed some years ago by Action on Smoking and Health featuring a tobacco salesman in front of his escalating sales chart. If anyone has a copy of the original we would be delighted to give full credit.
  • 2.Thornton P. The NHS Database: Lord Warner's opt out decoy. A review of persisting privacy and confidentiality issues. 2007 http://www.ardenhoe.demon.co.uk/privacy/decoy.pdf (accessed 4 May 2007)

Articles from The British Journal of General Practice are provided here courtesy of Royal College of General Practitioners

RESOURCES