What is proxy access?
In the context of online services, proxy access means access to online services by somebody acting on behalf of a patient, for example the patient’s parent or carer. To obtain proxy access a person must be registered for online access at the practice where the patient they are acting for is registered.
Patients may choose to use online services such as appointment booking, ordering repeat prescriptions or access to their records. They may choose to share their account credentials with family, friends and carers (including a care home) but as part of their access application they must be advised of the risks associated with doing this. Proxy access is the recommended alternative to sharing login details.
What is Coercion?
Coercion is the act of governing the actions of another by force or by threat, in order to overwhelm and compel that individual to act against their will.
Online services of all types are vulnerable to coercion. In the context of online services coercion might result in patients being forced into sharing information from their record, including login details, medical history, repeat prescription orders, GP appointment booking details and other private, personal information.
This is not a new issue. Practices will already have processes in place to manage instances of suspected coercion related to paper-based and face-to-face services. But online services provide new and additional opportunities for coercive behaviour that need to be managed.
What is identity verification?
Most general practice services rely on varying levels and methods of identity verification. But access to online services demands a more consistent and robust approach to ensure patient confidentiality while providing them with secure access to personal and sensitive data.
Patients may book an initial appointment online as soon as they have completed a simple online registration process. However, a more secure identity verification process is required before full access to appointment, repeat prescription ordering or record access services may be enabled for a patient.
Every practice is required to verify patient identity documentation, or individually vouch for each patient requesting access to online services. These processes need to be simple, quick, patient-friendly and not overly demanding for the practice. Please see NHS England guide Patient Online Services in Primary Care | Good Practice Guidance on Identity Verification (EXTERNAL PDF LINK), and links below for an overview of the process within the guidance and material.
What is information governance and how to protect the safety of patients and the practice in regards to sensitive data?
Information governance
Information governance (IG) is the term used to describe how organisations manage the way personal confidential information is handled and protected. It covers the behaviour and standards needed to ensure that confidential information is handled legally, securely, efficiently, effectively and in a way, which maintains public trust. It is based on the balance established in law between privacy and sharing of confidential data, which are fundamental to health and social care.
This section aims to support GP practices and particularly their information governance leads, to meet the challenges that will arise from Patient Online and consider the implications of what it might mean to practices and their patients.
Downloads
Patient Online Proxy consent form (DOCX, 30KB)
Patient Online Proxy Access Guidance (PDF, 303KB)