Over recent weeks, a number of Data Protection Impact Assessments (DPIAs) have been submitted by GP Practices. The subject of the DPIAs is the implementation of the Accelerated Access to GP Records (AAGPR) program developed by NHS England as a method for individuals to obtain their medical records from GPs. As the DPIAs submitted are largely similar in style and content, the ICO has chosen to make the contents of the response publicly available so GPs affected are aware of the ICO’s views on the matter. Read the advice here

The ICO is content that ‘potential data protection risks have been identified, and that sufficient mitigations are in place.’ Practices that haven’t completed a DPIA are encouraged to do so and make their commissioners aware.  If practices identify particular data protection risks associated with providing online access, which they do not consider to be mitigated, they should consult and engage with the ICO and their commissioner to find a way forward.