A movement of patients, carers and relatives

Harnessing the patient voice to build confidence in the use of patient data to save lives and improve outcomes

Privacy policy

Show me my data!

Wednesday, 03 March 2021 

The webinar focused on the topic of patients being able to see, interact and even make corrections to their own health records.  The webinar explored the reality about patient accessible, and/or patient-held records, across the UK, together with constraints, blockers and enablers.

We heard from organisations who already provide patient access or patient portals and we explored how these organisations fit together, and whether the NHS App is a solution.

We explored some fundamental points in the webinar, including what benefits are there for patients to hold, or have easy access to, their data? 


A Call to Action     

All use MY data webinars are designed not just to explore a specific topic, but also to uncover areas where action (patient action!) is needed to drive improvements.

Following the webinar, we polled the delegates to ascertain their priorities for use MY data’s follow-up Call to Action.  Delegates were given a short-list of four actions, all of which were raised during or after the webinar and asked to rank these. 

The results of the poll clearly highlighted the main action which delegates felt should be taken:

Compose a resource for patients informing them how to access their patient data and how to overcome any barriers in accessing them.

The amalgamated poll results:


Our next steps:

  • We will invite all webinar delegates to provide information about any barriers they have encountered in trying to access their health records, and indeed if they have overcome these barriers.
  • We will write to the use MY data Membership to ask the same.
  • This will inform a proposal for a resource which highlights the barriers, but also suggests ways in which the barriers can be overcome, whether that is something that an individual can do or whether this needs to be raised at a policy level (or both).




The webinar panel  
  • Patients Know Best - Sally Rennison, Vice President of Sales

  • TPP - John Parry, Medical Director

  • use MY data - David Snelson, Advisory Group Member

The webinar can be watched by clicking the video box to the right. 



Understanding the use of the NHS AppPatient views
At the start of the webinar we asked delegates to indicate whether they had downloaded the NHS App.   
We asked delegates whether they had used the NHS App to access their medical records.  The results showed a fairly even split between those who have used the NHS App to access their medical records, those who haven’t and those who have not downloaded the App.


A patient view about being able to access health data

Five Safes
David is a patient with a number of chronic conditions and illustrated the problem from his perspective in trying to deal with health data on two fronts.
He needs regular routine blood tests to monitor the disease development and for convenience he has these blood tests done in his local GP surgery.  The consultant for one of his conditions is based in a hospital which is in different county and which is not allied with either his GP surgery or his local CCG.  Because of this his consultant cannot see his blood test results, so David has to take his own iPad (logged into the Patient Access system), and show the consultant the results.

David also reflected that this had become more difficult during the pandemic, requiring a series of telephone conversations with his GP's secretary, his consultant's secretary and via email, which seemed the only process for him to communicate his results.

In his second example David talked about a more worrying issue, again related to the lack of access to his health data.  He had telephoned the NHS 111 service late one night about a deteriorating eye condition.  After an initial triage the doctor rang back in the small hours, made an interim diagnosis and advised on the next steps.

As David had joined use MY data and thus had more awareness of patient data, he asked the doctor whether he (the doctor) could see David's patient record as he had a number of chronic conditions and variety of medications which were possibly relevant.  The doctor replied that it was very limited access and anyway they were discouraged from this due to patient confidentiality and data protection concerns.
Five minutes later, the doctor rang back.  He had accessed David's patient record and noticed a potentially serious and related condition in his record. He needed to check as matter of urgency whether David's current problem was in the same eye. Happily it was not, but had it been same eye and therefore the diagnosis made incorrectly, this could have had serious consequences for patient safety.  This would have been directly caused by lack of joined up data sharing.
David ended by noting that the direction of travel that he had discovered within the NHS, since he had joined use MY data, was actually encouraging.  But he commented that we need to build on the experience and benefits of COVID-19 data sharing and potentially support enabling legislation, if the experts believe that is required.
The views from the provider of a Primary Care IT system and Patient Portal

John Parry gave an overview of SystemOne, the GP Practice IT system developed by TPP. 

John demonstrated the scale of GP data by highlighting that SystemOne has approximately 52 million patient records, sending over 100,000 million messages per day, all linking data across the NHS.

John had been heavily involved in developments to supply a way for a citizen to have access to their GP records.  As with the other GP IT System providers, TPP had developed a portal that people could use on their laptops, but also had developed a new App which could be downloaded to provide similar functionality. 

John raised the question - what do we want to achieve through citizen access?  He noted that care needs to be transparent and monitored to make sure there are no poor areas of care. 

He reflected that this was a slightly confusing landscape for clinicians, as data in the NHS is used for many reasons.  “Patient data can be used for direct patient care – the General Data Protection Regulations (GDPR) are an enabler of that...”

Poll: Do delegates have access to their own data?

We polled the delegates to understand their access to their own data held by the GP Practice and by their hospital provider, with the results shown below.  Whilst the numbers who have access to their GP record were encouraging, a substantial number reflected that they wanted access but that they didn't yet have it.  This is an area which we should consider in developing our Call to Action, which could provide information (or signposting) for patients wanting to gain access.

The levels of access to hospital records were far less than GP records, but there was clearly an appetite from delegates to make greater access happen.  Again, this is something that could be picked up in a Call to Action



"It shouldn’t take a patient to have a bad experience, for them to understand the power of their data!"





Patients Know Best - an example of software solution
Sally gave an overview of Patients Know Best (PKB), which was founded 12 years ago by Mohammed.  He has an auto-immune disease and was frustrated that he had to keep repeatedly retelling his story to clinicians.  He felt that he was an expert patient who had to understand his condition so that he could take a more active part in his care.  He established Patients Know Best to help to do that, making it his mission to connect people with their health and care information.

Their software solution can combine your patient information from any organisation which subscribes to take part, which could include GP practices and hospitals.  

Reflecting on David's experience of his healthcare data not being shared across geographical boundaries, Sally thought that interoperability and cross boundary care can be better facilitated.  Current initiatives by the NHS to share data on a geographical/organisational basis do not recognise the role of the patient in having access to their data so that they can help to better manage their health. 

As an organisation, Patients Know Best is trying to get as much data into the hands of patients as possible.  In Sally's view “it’s not a lack of available systems, it’s a cultural change that’s needed…”




“Don’t shelter patients – they need the data and the tools”




Questions and discussion

"It shouldn’t take a patient to have a bad experience, for them to understand the power of their data!" 

Thanking the speakers for their contributions, Chris opened up the webinar to delegate questions and panel discussion. A selection of the questions are shown below, with the full list at the foot of this summary.  


"I very much agree with the point about data sharing, but this has been government policy for many years but progress has been incredibly slow. GDPR has become an excuse for inaction. Why is there so little effective leadership on this?"

John referenced the work of the National Data Guardian in England, in particular the principles that there should be no surprises to the citizen, there must be the option to dissent, but also to understand what the dissent means for the provider.  As David has said – the story is a clear and honest one, the need is there to be delivered.

"Data controllers need to publish their interpretation of the law when they share (or don't share) data" 

David said that he had assumed that GDPR is a blocker, so good to be reassured by John that it is an enabler.  If that is the case, the data controllers need to perhaps publish their interpretation of the law when they share (or don't share) data, as it is to be applied, in health and social care, in order to be able to challenge data controllers, where they are incorrectly applying GDPR.  The pandemic has led the Government to enable sharing of healthcare data, for good reasons, but that won’t be widely known.

John said that there is information in GP records that needs to be checked (as with a subject access request) for instance for the inclusion of comments about a 3rd party, which could be damaging to the individual.  Young people may want to hide information from their relatives.  The GP record is the richest record we have available to us, a cradle to grave record (or lust to dust!)  Patient support groups at a practice level are an important part of any solutions – delegates could join and support their local practice group, and get the message of data sharing across – ground level support is really important. 

"Should Subject Access Requests really be the way that patients are forced to use, if they want to see their healthcare records?"

"Technically, can everything in the GP record be shared?"

John said yes, everything can be shared (subject to the point about potential harm to the individual or to others).  Under GDPR, there is no longer a charge for Subject Access Requests.  John feels a Subject Access Request is the same as asking for a patient record.  Chris questioned whether this mechanism should really be the way that patients are encouraged to see their record, and that more emphasis should be placed on opening up access to patients, particularly to their hospital records. 


Poll: If you have viewed your GP record, did you find any errors?

We asked delegates who had accessed their GP record to feedback on whether they had found any errors in the record and if so, had these been corrected?

Whilst most delegates reported that their data had been correct, a number reported that they had found errors, but that they had also been able to have these errors corrected.  However a surprisingly high number (nearly a third) had found errors in their records but had not been able to have these errors corrected.


Nearly a third of delegates had found errors in their records but had not been able to have these errors corrected


"I think if patients had access to their own records they may take greater responsibility for their health and self-manage better. Now, I feel many patients give the power/feel the GP/consultant is in charge and they just take the tablets for their condition but do not change things like their lifestyle."

"Would David like to see his entire record?"

David said that he doesn't think he can see the entire record.  What he can see is sufficient for him to manage/monitor his chronic conditions and if the record was more widely shared, it would be helpful for his care e.g. the local ambulance trust. He noted “I know I am the only person, who has all of the relevant data…in my own Excel spreadsheet” as my care is across several Trusts.

“I know I am the only person, who has all of the relevant data…in my own Excel spreadsheet....”

Sally highlighted that the more information or access that you have before an appointment, the more effective the appointment could be.  For instance if you have been able to access blood test results before your appointment.  Whilst there has been some work done in localities to connect hospital data and GP data, this is not commonly available to a patient, particularly where a patient receives treatment across boundaries.  In such a case the patient is a critical integrator of being able to share information across these boundaries. 


"As a patient do we have to give permission for our data to be shared across primary, secondary and other health providers, or does it automatically happen?"

Data will be shared as part of your routine care, and members of the care team should have access to data about you where they have a legitimate reason - in this case, looking after you.  David said that there is clearly wariness about having a digital footprint.  Knowing when your record has been accessed, every time, engenders trust.


"Should we move from the GP being the default custodian of the data, to the patient being the custodian?  Acknowledging that there is a small percentage where this is not appropriate, but for the majority it is."

Sally said she would like to see more available to patients – but noted that we would have to have a way to do that, and to do it safely, which would need support from many organisations.

John highlighted that the right to have access to your information is already there, but that we need the cultural change to support that.  There is a place for contentious things to be written down in the clinical record, but with the knowledge that it will be shared with the patient.  


"What would David like to see in a year’s time?"

David said that he would like NHSX to fix the better joining up of hospital and GP data – so that when he gets access via his GP surgery, he sees both hospital and GP generated data in one place.  He also wants it enabled to other organisations e.g. ambulance service, dentist, care home, so that they can get hold of it.  It will need GDPR policy and information governance requirements to be articulated. David also acknowledged that there are people who do not want digital access or are incapable – there needs to be a fall back too.

"I would like NHSX to fix the better joining up of hospital & GP data..."




Summary and close

Highlighting the key points which had arisen during the webinar, Chris brought it to a close, thanking speakers and delegates for their time and contributions. 

Although the NHS across the UK has made strides to integrate healthcare records, very little of this can be seen by patients, and some of the integration is still not available to certain parts of the NHS.  In particular, examples had been given about national services (such as NHS 111) and across NHS geographical boundaries.

Chris informed delegates that the webinar would result in a Call to Action to be developed and publicised after the webinar.



Useful links 

Several delegates supplied links during the webinar which they hoped other delegates would find useful.  


Full list of questions from the delegates

The following is the full list of questions which were raised by delegates in the Q&A function.  Only a few of these could be answered during the webinar.  They are shown below in the format in which they were posted:

  • Maybe patients are scared to use IT as it leaves a digital footprint?
  • I very much agree with the point about data sharing, but this has been government policy for many years but progress has been incredibly slow. GDPR has become an excuse for inaction. Why is there so little effective leadership on this?
  • Do GPs using SystmOne have the capability to share *everything* in the record online with patients, including free text entries, scanned in hospital letters, etc. When I log in using SystmOne online, I can only see very limited parts of my GP record.
  • If you are away from home e.g. on holiday and may be not as well informed or understand it could be catastrophic.  Many assume the data is available to all until you find out differently
  • If GPs can share everything in my record with me, including free text entries, how do I go about convincing them to do this?
  • Are there benefits to my continuity of care to download NHS App? Are there problems/criticisms of it?
  • I check my data since I found several mistakes on mine. Information and results which must be some other patients results including my age but my name is right.
  • I have been informed that the data your refer to is the property of the Health Board. The National Insurance Numbers tell one that one is the property of the UK Government.
  • The risk of third party mentions is being used to refuse patients' access to their own records. I have been viewing my records for some years. It was particularly useful to be able to see hospital letters about my care via the GP record because the hospital hardly ever copies me into these. However, my practice has now removed that facility on the grounds that these might include mention of a third party - an unlikely eventuality. This is an example of GDPR being used to block progress.
  • How do I get access to my historical data? My GP don't have them, for instance they asked me what my childhood vaccinations were - they should be in their system. How do I find where the data were lost (digitally at least)?
  • Much of my personal NHS Data NEEDS to be erased. It is incorrect, dangerous and holds INCORRECT “Confirmatory Biases” which has led to my feeling that doctors ought to be reported to the General Medical Council, in the least. Relocating General Practices three years ago, within locality, seems to be overwriting the data to my just benefit.  Misleading data, chaos, harm potential.
  • Primary Care access is not safe....If you use econsult....great.....but patients who do not have IT it is a huge problem.
  • Having a background in Primary Care Management I am still surprised that patient data does not go on to a system where records can be accessed by dentist/opticians/ etc......
  • I’m often told that the £10b+ that we spent on the National Programme For IT (NPfIT) wasn’t wasted monies. What benefits has NPfIT give to the NHS IT systems that we can use now?
  • We need to think about good change management given to  clinicians as they can be wary of change especially sharing patient data......My patient groups haven’t got a clue if their data is shared .....neither if the certain data is repressed. I have managed to get some approval forms for them to complete......
  • Change in ethos maybe where patient holds data rather than an organisation(s). They decide how it is used not only for care but for secondary uses.
  • Patient record access has been possible in several countries for many years. In the US it is about to become law following the success of the Open Notes project. We're lagging behind in the UK, and are now only able to see very limited parts of our records online. It's sometimes useful to view vaccination records and lab tests, but why not the whole record? Why aren't patients seen as custodians of their own records?
  • What I want to do, as well as access records, is to be able to add to them. I've got my hospital records from them, and have found some very biased reports (which are effectively minutes of meetings) - I want to be able to defend myself. How can this be enabled? Much easier with technology these days.
  • I think if patients had access to their own records they may take greater responsibility for their health and self manage better. Now, I feel many patients give the power/feel the GP/consultant is in charge and they just take the tablets for their condition but do not change things like their lifestyle.
  • Also how do we make sure this isn't a postcode lottery? My GP don't seem to have signed up to many online services, I expect due to ability or capacity. If others can get this I should be able to, should be a national policy not just at the decision of individual practices.
  • Do patients have a right to have access to their data? Can they insist on this?
  • We should not need to adapt GDPR in the UK for the data accesses the panel have been discussing. We need better education of DPOs, clinical staff and others so they know how to comply whilst giving patients and caregivers access to their EHR data.
  • There is already Coordinate My Care available. However this appears not to be accessible/or is not accessed by those who are supposed to use to improve patient care. It therefore means that different users (ambulance/therapists/A/E docs) request the history again instead of reading the record.
  • GDPR: I would question whether this is ONLY another source of idle gossip for those who gain access to healthcare records in their communities (presuming that news continues to spread by word of mouth) which holds limited, ever changing, error ridden codes.
  • Requesting access does, certainly, raise a form of assertion with doctors and their staff ——> requesting a “case conference” establishes the same.
  • The approach to patient access requests is horrendously paternalistic. We definitely need a culture change here!
  • Discussion on the local area's (regions) My Care records that link local primary care, secondary care and other services data together in a portal.
  • As more delivery and follow up of care for patients with long term incurable conditions is being 'shifted' to GPs, including patient reviews, access to data is crucial for a meaningful 2-way discussion and resulting in a fully informed and agreed pathway of care.
  • Another point is about who can add to these records, and to be informed if it is going to be. Obvious with GP. But I was shocked to find what I thought was a private conversation with a Macmillan employee (she took me to a private room and never mentioned recording it), this was then added to my (hospital) record, with my private feelings and thoughts. Which loads of people can access. Presume others from Macmillan can too.
  • Joining systems - I can access most of my hospital records via MyChart, but they're not on the NHS app. Can these be joined up?
  • I often ask "what is a record?" since not all of what is recorded is digital - obviously a subject access request would open this but I'm unlikely to ask
  • Fully agree with Sally's comments.  And I get data of my hospital appointments and what is shared with my GP through PKB
  • My summary record only contains my vaccinations. I have a complexity of conditions similar to David and in different trusts private hospitals and may require an emergency injection. I also carry my records around with me! Unfortunately my health is compromised by not having an interested or engaged GP. It is crucial for me to take charge of my own information.
  • As a patient do we have to give permission for our data to be shared across primary, secondary and other health providers, or does it automatically happen?
  • Although there are a few comments about data access should be appropriate to patient needs I have sense that a lot this discussion is actually creating a hierarchy of "good" patients and  "bad" patients who are active and those are not - I fear for this as it will only add to the health inequalities.
  • The legal problem is who hold the Powers of Attorney; financial and welfare
  • @David, well that's stupid!! Any plans to fix that? Yes I've made spreadsheets too.
  • Why is the GP database separate from hospital database(s) like PKB??????
  • My worry about all these apps is the unknown data sharing with the app, a quick look does show a far amount of hidden sharing with google and other "companies" for adtech tracking. Talk of openness and transparency needs to flow with such apps as well.
  • Hospital records are vast - the local hospital cannot integrate its own records - it would be very difficult for me to have access
  • Sally is absolutely right - patients must be seen as owners of their data with the right to share it with whomsoever they wish.
  • I think that requests for tests made by GPs are transferred directly into the GP record. Tests requested in the hospital (in/out patient) do not get transferred to the GP electronically
  • Practice Managers and their staff a propose to the actual GP Partners and their GP LOCUMS.
  • I had a head MRI at Royal Brompton (due to pacemaker).  I had to TRAVEL to Harefield to get the radiologist's report, but was unable to obtain a copy of MRI which was supposed to be compared with previous head MRI at Charing Cross (pre-pacemaker).  I notified cardiologist, neurologist, imaging departments at both hospitals and PALS at all 4 hospitals (Royal Brompton, Harefield, Charing Cross and Western Eye) and still unable to resolve.  BUT IF my image were available in the system....
  • Poll there as would be dependant on person - to share or not to share - and share some but not all - back to the patient being in "control" and "hold" the record.
  • Can lead to an alternative form of “Lacks Capacity” —-> obsessional, hypochondriacal, “Functional” diagnoses, even if they are, at the moment “early onset.”
  • Can lead people to LOSE confidence and a sense of control; which is, possibly, more true in general; such is life.
  • There's a lot of complex info being discussed and terms reports, legislation or other relevant data to look at. Could PKB give a summary of key documents or gov reports etc for interested people to look at after the webinar?
  • Whilst I welcome patients having greater access and ownership of their data, I am concerned about those people who do not have the capacity to manage their records and health.  How can this vulnerable group be protected to ensure that their care is not compromised?
  • I did not know that I could access my patient record. However I have recently had diagnosis and treatment information sent to me via my email address
  • Please suggest some initial steps we can take to working towards empowering ourselves with access to data. This is especially important for rare conditions.
  • I seem to be a very different person to David since I prefer not to know everything about my conditions and prefer to let my professionals  tell me what to do.
  • My greater concern is that the Police do not keep much of a database about the countries’ population; every body. This is even where there are “Incident Numbers” and “Crime Reference Numbers.” The Department for Work and Pensions unconnected databases are equally alarming.
  • LOOK to connecting Local Council, Police, General Practice and Hospital databases. How would administration staff trigger relevant updates and deletions?
  • Personality types need to be documented; integrity included.
  • Sadly we live at a time  we cannot trust anyone and anything. The time a patient could trust their doctor has long gone. There is also a curtesy involved when asking for access to their health record. Some patients are very "rude"





Thank you

use MY data would like to thank all the delegates and speakers for their time and contributions.  Thank you to Trish Gray for the graphics.