How to find out when your GP records have been accessed

None of the below will tell you about uses beyond your direct care, e.g. research or commercial sale or “re-use”. This is the beginning of accountability, not the end. But it is the beginning…

Whichever IT provider your GP practice uses, all you need to be able to find out when your GP record has been accessed is a username and password for your GP website.

If you order your repeat prescriptions or book GP appointments online, you will already have the required username/password. If you don’t, you may wish to register – follow the link above – as booking online, for example, lets you avoid the phone queue when making an appointment.

If you are a patient of a practice that uses EMIS Web, unless you have chosen to have sharing functionality disabled, you can look at your “GP Shared Record History”.

This only covers instances where your record has been accessed outside your GP practice for direct care purposes, i.e. it does not cover accesses by your own GP, and it does not cover the data that gets copied for research and to NHS Digital.

If you are a patient of a practice that uses TPP SystmOne (or SystmOnline), you should be able to access a page named “record audit” (or something similar) via your GP’s website.

If your practice has chosen to enable this feature, you will see details of when your record has been accessed. (We believe this will include accesses by your own GP practice as well as other care providers.) The page does not include data that gets copied for research and to NHS Digital.

If your practice has not yet enabled this feature for you, the SystmOne menu page should show you – and you can write to your GP practice manager to ask them to switch it on.

For patients of the smaller number of practices that use either INPS Vision or Microtest Evolution, this page will be updated shortly when we receive more details.