Menu Close

Online health records may increase risks for victims of abuse

In a final wave of “modernisation”, NHS England wants to give all patients online access to their GP medical records. On the surface, this may seem like a good idea. NHS England says the public will be more informed and have more control over their healthcare. They say this will lead to better outcomes for patients and greater efficiency for GP practices. But the proposal hasn’t been properly thought through. Making detailed electronic health records available in this way could lead to exploitation of some of the most vulnerable people in society.

Online services already exist allowing you to order prescriptions, book appointments, view some test results and see a summary of your health records. This is what I would want as a patient, and this has been championed by patient groups around the country. The final step is to allow you to see exactly what your GP has written about you. But little consideration has been given to the potential unintended consequences of online access to what your GP has written. Most concerning is the risk that vulnerable patients may be coerced into giving away their login details to abusive relatives.

Many abusers gain access to and control their partner’s mobile phones and email accounts. It is not a huge leap to assume abusers will be able to access their partner’s and children’s online records. This is worrying as GPs are often the first professional victims of abuse will confide in. As a result, victims might stop reporting domestic violence to their GP, reducing their opportunities to get help. Or the abuser may discover the disclosure, putting both the victim and their children at risk.

What if an abusive partner gets hold of the login details? Monkey Business Images/

First, do no harm

In a recent study, we interviewed GPs about how and why they record information in families affected by domestic abuse. The GPs described struggling to know what to write because they were trying to balance conflicting demands. These included needing to make a full legal record of the abuse, reminding themselves about the abuse their patient had endured, and sharing information about the abuse with other professionals to reduce harm for the victim and their children. No one discussed recording information to empower patients. Many GPs were concerned that online access might allow the abuser to see what they had written, making the situation worse.

There are two potential solutions. One is to train GPs to record differently for a public audience. This needs to happen, but it will need a change in culture, which will take time. In the meantime, GPs may try to protect vulnerable victims by not recording sensitive information. But this potentially increases risks to children, by missing opportunities to share information with other professionals.

The second is a technological solution – to have part of the patient record that is only visible by healthcare professionals. This allows doctors to record sensitive information that can be shared with other professionals in the best interest of the patient and their children. This is starting to happen, but it blurs the line of whether people truly have the right to access their whole record.

I don’t want to be a paternalistic GP, I want to see patients empowered to take control of their health. But more importantly, I want vulnerable patients to be able to talk to me, as a doctor, feeling safe that this information will not be shared with the wrong people. On balance, the risk of doing harm to the vulnerable, which could be catastrophic, outweighs the benefits of making healthcare more empowering by seeing exactly what your GP has written about you.

Want to write?

Write an article and join a growing community of more than 170,900 academics and researchers from 4,738 institutions.

Register now