Background

GP2GP allows Electronic Patient Records (EPRs) to be transferred directly, securely, and quickly between practices in England, when a Patient changes their registered GP Practice.

Where elements in the EPR are recorded as Restricted from View Record (see Epic E00174), these restrictions are not transferred when a Patient moves to a new GP Practice as this isn’t currently supported by GP2GP. The current work around is to withdraw Patient access to historic information, whilst the new GP Practice reviews the full Electronic Patient Record for restrictions before granting access to the Patient. This workaround introduces risk and increases the administrative burden for GP Practices.

As such, a tactical fix was suggested to update the existing GP2GP mechanism to allow View Record Citizen Service restrictions, that were applied by the existing GP Practice to be transferred alongside the EPR when a Patient is transferred to a new GP Practice.

This Roadmap Item intends to deliver the below business outcomes:

As a user in a Practice receiving a Patient Record for registration
I want to be made aware if a Patient Record contains restriction
So that as the new Data Controller, I can review the Patient Record and any restriction applied by the previous Data Controller (Practice) to ensure that only information appropriate to be viewed by a Patient is accessible when they are granted access to their Patient Record

As a user in a Practice receiving a Patient Record for registration
I want to understand which elements of the Patient Record a restriction applies to
So that as the new Data Controller, I can review those elements of the Patient Record to protect the safety of the Patient when they are granted access to their record

As a user in a Practice receiving a Patient Record for registration
I want to know what level the restriction applies to the respective element of the Patient Record
So that I know which elements of the Patient Record I need to review

Outline Plan

All Foundation Suppliers must be compliant against this specification by the Effective Date. Prior to go live Suppliers must have completed the Solution Assurance by NHSE.

Suppliers should contact the team when they are ready to start development. The team can be contacted at gp2gp@nhs.net

Summary of Change

Additional requirement added to GP2GP: Redactions Specification v1.01
ID	Description	Level
GP2GP06	Suppliers must meet the requirements for GP2GP Redactions v1.01 Open The new Schema definition file to be consistent with the following Schema version:	MUST

Full Specification

GP2GP Standard v5.0.1

Assurance Approach

• This Roadmap Item is specifically addressing View Record Citizen Service restrictions not passing when a Patient Record is transferred over GP2GP

• NHSE will apply a risk-based approach to Test & Assurance

• Suppliers will be asked to collaborate with the project team to identify risks (Clinical, Functional and Non-Functional) and demonstrate sufficient mitigations against those risks

• Collaborative workshops will be held between Suppliers and NHSE / Solutions Assurance to identify, agree and rate risks – there will also be ‘clinical’ involvement

• Risk Mitigations will be agreed between Supplier and NHSE

• Risk Mitigations will be evidenced and provided to NHSE for sign-off (eg. evidence, explanation, screenshots and/or demonstrations). The risk log will explicitly state the applicable risk mitigations for the respective risk(s)

• NHSE will review Supplier testing scope, coverage and risk mitigation evidence

• Some functional assurance may be performed by the NHSE Solutions Assurance team, where deemed appropriate

• NHSE will review Supplier's implementation delivers the expected business outcomes the expected business outcomes as stated in the supplied user stories

• Some Assurance and Test assistance may be provided by the NHSE Solutions Assurance team or the Redactions Fix project team (e.g., where data is required for testing or where other GP Foundation Supplier systems are required to support interoperable integration testing)