Unauthorised viewing of patient records (FOI)
Unauthorised viewing of patient records (FOI)Produced by the Freedom of Information office
Authored by Government of Jersey and published on 02 August 2022.
Prepared internally, no external costs.
General Practitioners and Health and Community Services (HCS) allows patient records to be viewed and shared electronically via a Jersey Summary Care Record (JSCR) - it is accessible to clinicians in the Jersey General Hospital.
Given access to core information held within the Primary Care record of patients is available (via a portal called EMIS) please confirm
The controls and / or audits that are in place to ensure there is no unauthorised (or unnecessary) viewing of patient records,
The number of attempts (successful or otherwise) to unlawfully access patient records via hospital clinicians (or otherwise) and
The number of investigations and instances of disciplinary action by clinicians (or otherwise) relating to unauthorised access.
Clinicians working in acute areas of the Jersey General Hospital, such as the Emergency Department, as well as Hospital Pharmacists, have access to the Jersey Summary Care Record, which is made available via the EMIS platform.
The facility provides basic information relating to the patient as recorded within their primary care provider's record. The record is limited to patient demographic and information relating to prescribed medications and known allergies.
Access is provided via Role Based Access Controls. Profiles that enable access to information according to the role of the healthcare professional are provided and administered by the Primary Care Governance Team.
Clinicians and Pharmacists have a professional responsibility to access information only when necessary. EMIS functionality forces the user to advise for what reason they are accessing a record prior to making it available to them to view.
Access to the Jersey Summary Care Record is a significant step in increasing patient safety by enabling access to core data that can enhance decision-making.
Users are on-boarded with Role Based Access Controls that are appropriate for the limited view of the record that is afforded to HCS clinicians and healthcare professionals. EMIS functionality forces the user to record the reason they are accessing a record prior to making it available to them to view. Users of the SCR are healthcare professionals, bound by regulations and their professional bodies. Regular reviews of activity are conducted and unused accounts are de-activated. No attempts to access EMIS unlawfully have been identified.
There have been no investigations relating to unauthorised access of the Jersey Summary Care Record nor any disciplinary action resulting from such.