Concerns mount over GP medical record access for abuse survivors

More than twenty Violence Against Women and Girls organisations, including Refuge, Women’s Aid, and End Violence Against Women Coalition, and the British Medical Association are concerned about the safety of domestic abuse survivors and victims of stalking as GPs in England fulfil their contractual requirement to provide patients with remote access to their medical records via the NHS app and website by the end of the month.

There is alarm that perpetrators of domestic abuse may be able to gain access to a survivor’s records by coercing the survivor to share access or other means. Since the 1^st of April this year, GP practices across England have been instructed to grant access to patients’ medical records through the NHS app and other online portals. By the 31^st of October, all surgeries in the country are contractually obligated to have provided this remote access to patients.  

one in four women will experience domestic abuse in their lifetime with one in five women likely to experience stalking and the group are deeply concerned about the implications that accessibility to these records will have on survivors of domestic abuse and stalking. There is a real potential that making medical records easy to access will put survivors at greater risk.

While the changes only have to apply to prospective medical records made from the date of access, the specialist Technology-Facilitated Abuse Team at Refuge have found owing to historical local decisions and patients previously opting in when joining practices, there are inconsistencies in the information available to patients. Some are only able to access new, or recent, medical records, while others can see as far back as the 1970’s and some have full information while for others sensitive information has been redacted.   

While some survivors may find that they have already been made exempt, or that specific information has been redacted, by their surgeries, this will not be the case for everyone. Survivors are urged to contact their GPs and request that access to their information is removed.

If it is safe to do so, survivors should consider deleting the NHS App from their device until better safeguarding and protections are in place. VAWG organisations such as Women’s Aid and Refuge have been engaging with NHS England to raise safety concerns for survivors over the past few years, and IRISi has developed specific guidance for GPs on how the app should be used in domestic abuse cases. 

Ellen Miller, Interim CEO of Refuge, said:

“It is really disappointing and saddening that the Government and NHS England have not fully addressed the real risk to survivors that these changes will create. These changes will allow perpetrators to gain access to survivors’ personal health records, including details on medications, sexual, reproductive, and mental health records, and disclosures of domestic abuse.  

The lack of publicity around these changes means that some survivors records may already be available in the NHS app, and they do not even know it. It is essential that these changes are publicised widely, so that survivors know to take the necessary precautions to improve their safety and privacy.  

Our message to survivors is simple. Call your GP surgery and ask that access to your records be switched off, so that they cannot be viewed in the app. If you are concerned, and it is safe for you to do so, please also consider deleting the NHS app from your device.”

Dr Katie Bramall-Stainer, Chair of the BMA GP Committee for England, said:

“For the majority of patients, access to their GP record on their smartphone will be a welcome development. However, for a significant number of patients, especially those members of our society who are most vulnerable – women, children and those lacking capacity – the forced implementation of this process is a cause for concern for us as GPs.  

For almost two years we have been engaged with the Department of Health and NHS England in highlighting GP’s anxieties. I worry for patients we frequently see, a parent whose abusive spouse may use sensitive clinical information to undermine legal cases of custody of dependents in the family courts, patients requesting covert contraception forbidden in their home or relationship, or those disclosing abuse from others who may have access to their smartphone. These are but a few examples causing GPs as data controllers to raise concerns about this flawed implementation.”