New NHS remote medical records endanger domestic abuse and stalking victims, warn campaign groups
More than twenty Violence Against Women and Girls organisations, including Refuge, Women’s Aid, and End Violence Against Women Coalition, and the British Medical Association have expressed concern about the safety of domestic abuse survivors and victims of stalking as GPs in England fulfil their contractual requirement to provide patients with remote access to their medical records via the NHS app and website by the end of the month. There is alarm that perpetrators of domestic abuse may be able to gain access to a survivor’s records by coercing the survivor to share access or other means.
Since the 1 April this year, GP practices across England have been instructed to grant access to patients’ medical records through the NHS app and other online portals. By the 31 October, all surgeries in the country are contractually obligated to have provided this remote access to patients.
The organisations note that one in four women will experience domestic abuse in their lifetime with one in five women likely to experience stalking and the group are deeply concerned about the implications that accessibility to these records will have on survivors of domestic abuse and stalking. There is concern that making medical records easy to access will put survivors at greater risk.
While the changes only have to apply to prospective medical records made from the date of access, the specialist Technology-Facilitated Abuse Team at Refuge have found that, owing to historical local decisions and patients previously opting in when joining practices, there are inconsistencies in the information available to patients. Some are only able to access new, or recent, medical records, while others can see as far back as the 1970s and some have full information while for others sensitive information has been redacted.
While some survivors may find that they have already been made exempt, or that specific information has been redacted, by their surgeries, this will not be the case for everyone.
Survivors are urged to contact their GPs and request that access to their information is removed. There is no need for an appointment with a GP to do this; the reception team or any other member of staff at the practice with access to records can do this.
The organisations are advising that if it is safe to do so, survivors should consider deleting the NHS App from their device until better safeguarding and protections are in place. VAWG organisations such as Women’s Aid and Refuge have been engaging with NHS England to raise safety concerns for survivors over the past few years, and IRISi has developed specific guidance for GPs on how the app should be used in domestic abuse cases. Organisations will continue to work with NHS England to ensure the risks for survivors using the app are mitigated as much as possible.
Survivors are also advised to review any other medical apps they have downloaded on their devices, as they may lack adequate security measures if they were installed historically.