What is the difference between local sharing and Summary Care Records (SCR)?
The information we discuss in this guidance is referring to ‘local data’, the approach to how this data will be shared using the EMIS Web clinical system used by GP practices, community teams and the MDT Co-ordinators. Records will be shared using relevant job categories within EMIS Web, which ranges from full, minimal, partial or no sharing depending on their role. An Information Sharing Agreement, that all organisations involved sign up to, will support this. The Summary Care Record (SCR) is accessible system-wide across the NHS and can be accessed by any health professional that has appropriate access on their smartcard. It holds only key patient information currently, such as demographics, medication, sensitivities and allergies, however there are plans to expand this data set.
What is the Information Sharing Agreement (ISA)?
Because a range of services across Sunderland are now working together, in order to make the new care model work effectively, it is important that professionals can get access quickly and easily to accurate information about patients. However, at the same time it is vital that this information is secure and relevant case-by-case. Following multiple workshops, discussions and adhering to new national guidance a city-wide Information Sharing Agreement (ISA) has been drafted.
We now need all relevant organisations to sign up to the agreement and begin to share agreed information across all professionals working with community services, including the Community Integrated Teams and Recovery at Home services.
Initially this will be with NHS staff, such as district nurses; muscular skeletal team (doctors and physiotherapists); palliative care teams and other community based healthcare staff. Information will be shared between GP’s and community health professionals involved in the patient’s care.
Based on discussion with GP and practice representatives, the Trust and IT specialists we have agreed a system whereby community integrated teams can access the GP record through EMIS Web based on their job category. The level of sharing with each job category has been approved by a designated group which includes representation from each organisation involved.
In the future we plan to broaden that to other teams such as Sunderland Care and Support and the social care team. Any new job categories will be agreed at a nominated group before the sharing can be enabled. It was agreed that the default position for new job categories would be no sharing until a meeting can be convened.
What is the change?
We have been sharing information with nurses for some time
Historically, health and social care professionals have been sharing information to support patient care where necessary. This was usually in the form of paper documents including copies of case notes or summarised medical records which were shared through various methods including secure email or papers presented at a Multi Disciplinary Team meeting for example.
By all using the EMIS Web system we can make this process much more secure, effective and efficient for all those concerned. Instead of paper copies everyone can see the most up to date and appropriate information, live, all at the same time using a laptop, computer or tablet.
What are the legal duties of public organisations?
Health and Social Care Safety and Quality Act 2015
The sharing of information for direct care supports the change in legislation by the introduction of the Health and Social Care Safety and Quality Act 2015. This act, introduced in October 2015, outlined that health and social care professionals had a duty to share information to support the delivery of care to patients with other professionals involved in their care.
Data Protection Act 1998
The Data Protection Act (1998, S30) has specific information on health and social care data.
While information in the Act can seem complex the Information Commissioners Office has produced useful guidance on their website – including for General Practice. There is also a very useful Guide to Confidentiality in Health and Social Care.
How will it work in Sunderland?
Locally we aim to ensure that all health professionals understand the implications of information sharing across the health economy and alleviate any concerns you may have.
The information sharing agreement will provide a three-way viewing relationship between GP practices, Sunderland GP Alliance and Sunderland Community Services, accessed by all parties using EMIS Web as their clinical system.
It is important to note that a link can only be made if the patient is registered and set as “active” on both systems.
What information will be shared and with whom?
Within the new care model, we are initially looking at those people who need the most care – identified by practices and discussed at MDTs with relevant health and social care colleagues. As well as MDTs, professional out on call, in a community integrated team or at the Recovery at Home hub also need to be able to access information quickly and easily.
Users of the EMIS Web Community system will be able to view elements of the patient record depending on their job category, where they are involved in the patients care. GP practice staff will be able to see the full patient record of any of their patients receiving care by any of the Sunderland Community Services on EMIS Web. MDT Co-ordinators will have access to both the GP record and the community record in order to support the MDT meetings.
Practice staff will also be able to copy to their local record any read-coded item of information captured by the community teams through their templates. From the EMIS Web Community side of the sharing relationship, practice staff will be able to see the full patient record of any of their patients receiving care by any of the Sunderland Community Services on EMIS Web.
Practice staff will also be able to copy to their local record any read-coded item of information captured by the community teams through their templates.
What controls are in place?
There are lots of controls to make sure that information is secure. The data does not leave the source system, data is viewed through EMIS Web which conforms to the NHS standards such as N3 and legitimate relationship access.
What can staff actually see?
It is important to understand that staff cannot see all patients registered on either a practice’s system or on the community health system. Staff can only see the records of patients that are registered and active in their service. In order to access the GP records of a patient not receiving care by a community service, a member of staff would have to physically register the patient onto someone’s case load on the system themselves, which would make it possible to identify and prove inappropriate access.
Identifying any misuse of the information
It is the responsibility of the information controllers (each individual organisation) to monitor their own EMIS system to ensure there is no inappropriate access to their patients’ records.
There is no alert built into the system that would highlight any inappropriate access. Each information controller can easily audit their own system and quickly identify if someone has attempted to get information without the proper permissions or reason. It is recommended that practices identify one or more people to audit their system and have an audit process in place and monitor records regularly.
Can the practices audit who has accessed the EMIS Community information?
GP practices can undertake their own audit trails to see which member of their staff has viewed EMIS Community information. The audit trail allows the organisation to view who has accessed information externally or internal within their own organisation and who has viewed shared (external) information.
Does this mean the practice can audit the use by District nurses etc?
If, for example, a staff member accessed patient records inappropriately, who is legally responsible and how are any breaches dealt with?
Each organisation has ultimate responsibility for the actions of their staff and this is part of the indemnity cover. The proposed information sharing agreement will cover each organisation for misuse from external staff of their information. This means that should they be fined by the Information Commissioner for a breach of the legislation the party who’s staff committed the breach would meet this cost, i.e. if the Trust is fined for an action by a member of the GP Practice then the GP Practice indemnifies the Trust. At the moment, where practices currently allow community nurses to log on to their clinical system directly (via log-ins provided by the practice) then the practice is solely responsible for any breach made by the community staff.
What if a staff member accidently accessed the wrong person’s information?
Any breach of access to the wrong record will be investigated to confirm whether the breach was accidental or not. If it was, then this will be recorded as such. If it wasn’t found to be accidental then the situation will be dealt with as appropriate for the circumstance in accordance with the organisation’s policies and procedures.
What do we tell our patients?
It is important you inform your patients about the information sharing proposals. It is up to the individual practice if you choose to write to each patient. However, to help you keep patients informed we have produced some posters and leaflets and we will provide a supply free of charge.
We’ve produced some information you can use on your website and on practice TV screens. This describes why we are proposing information sharing; the benefits to them as patients and how their information will be protected. For example, stressing that it is only services in Sunderland and only those providing treatment or care to an individual. It will also be useful for your staff to read this information in case they get questions about information sharing. To help them we have also produced a summary ‘crib sheet’ of guidance for them. It is likely you will want to share this with your Patient Participation Groups.
If you haven’t received information or need a different format please email firstname.lastname@example.org
What if a patient objects?
Within the service, if a patient has asked for their records not to be shared, they don’t have to be.
The opting out of local information sharing is not controlled by read codes. Within the care summary ribbon in EMIS Web, there is a button for ‘sharing’ and in here is the option to flag that the patient does not want to participate in local sharing agreements. If this is checked, then external organisations on EMIS Web in Sunderland will not have any access to the patients’ GP record or community information. We would recommend that you explain the implications to those people who do want to opt out and stress the benefits of information sharing across EMIS community. If a patient still decides to opt out it is important you also inform each organisation so they can amend their records.
You should ask those wishing to opt out to sign two Patient Opt Out forms. Keep one for your records and give the other to the patient.
For more information and guidance
South Tyneside NHS Foundation Trust, South Tyneside District Hospital, Information Services, Harton Wing, Harton Lane, South Shields. NE34 0PL.
Download these FAQs as a factsheet: Info sharing in Sunderland a guide for professionals.