For patients
1. Your SCR is created automatically when registered with a GP practice in England. 98% of practices are currently using the system.
2. You can talk to your practice about opting out of including Additional Information about long term conditions, care preferences or specific communication needs.
For more information for patients, see Summary Care Records - information for patients.
GP information on creating SCRs and including additional information
1. SCR is created automatically through clinical systems in GP practices and uploaded to Spine.
2. It is then updated automatically.
3. When new patients are registered, the practice must check if the patient consents to a SCR.
4. Additional information will be added to the SCR, unless a patient wishes to opt out, which they can do by filling out a SCR patient consent preference form.
5. If a health care professional already has access to view SCRs, they will not require further RBAC activities or smartcard changes to view the additional information included on the SCR.
How to record medicines prescribed elsewhere into the GP practice record
This guidance explains why medicines prescribed separate to a patient’s GP practice must be recorded and the implications on the SCR when this has not been done. It also explains what steps GP practices can take to ensure that this information is recorded correctly.
Viewing SCRs
1. SCR can be viewed by health and care staff and is also available to community pharmacies.
2. SCRs can be viewed through clinical systems, the Summary Care Record application (SCRa) on the Spine web portal, and the National Care Records Service.
3. When viewing an SCR, the user must be using a machine logged in to the secure NHS network, using a smartcard with the appropriate Role Based Access Control codes set.
To learn about viewing an SCR, see View Summary Care Records (SCR)
To learn about the benefits of using SCR in community pharmacies, see Summary Care Record in community pharmacies.
Security and the SCR
1. Data within the SCR is protected by secure technology.
2. Users must have a smartcard with the correct codes set and each use is recorded.
3. A patient can make a Subject Access Request to find out the organisation that accessed their SCR and the date/time of the access.
4. A report is produced and sent to the requester which details Business Message Types including SCR views via SCRa and SCR retrievals via 3rd party viewing systems.
5. The requester is directed to the organisations that accessed their SCR, in case they have any questions or concerns. They can also request information to see if an end user viewed their SCR via a third party viewing system.
6. Patient data is protected by strict information governance rules and procedures.
7. Each organisation using the SCR has at least one privacy officer who is responsible for monitoring access and can generate audits and reports.