Made Tech Investors

Strengthening privacy and security in patient records

Protecting sensitive and confidential information in the NHS as patients move between GP practices

Nurse discussing test results with patient
Go to:

Challenge

23.5 million patients are now able to access and view their health records online. The NHS has taken big steps forward in improving transparency and empowering patients. However, this shift has also introduced challenges for GP practices in managing sensitive and confidential information.

Some patient information needs to stay private for safeguarding, legal, or clinical reasons. This includes sensitive details about mental health, domestic abuse, or other personal circumstances.

With the expanded access to health records, questions arose about how to ensure such sensitive information is properly hidden from view or redacted.

Redaction doesn’t remove this information from the patient’s record – it simply restricts access to it or ‘hides’ it in the online viewer. This means that sensitive details remain private and aren’t unintentionally shared.

GP2GP allows healthcare workers to transfer patients’ electronic health records securely and quickly. This ensures seamless transitions between old and new practices when patients change GPs. However, the system lacked functionality to flag parts of the record restricted by the patients’ previous practice, creating a risk of sensitive information being inadvertently shared when patient records were transferred to a new practice. This could potentially breach confidentiality and undermine trust in the system.

Our approach

To tackle this, we worked with NHS England and key partners to update the GP2GP service. Our solution allowed GP2GP to include the restrictions put in place by previous GPs, to make sure that any sensitive details stay protected. This flag now sticks with the record during transfers, so the new practice knows what was previously limited from patient access. 

At the outset, we set up working groups that included clinicians, safeguarding leads, and technical experts to make sure that our solution would address everyone’s needs. Clinicians helped ensure that vital care information stayed accessible, while safeguarding leads made sure that sensitive details wouldn’t be seen by vulnerable patients who shouldn’t have access to them.

Because this was a high-priority project, we knew we had to move quickly. We gathered input from the right stakeholders to design the solution and, within just 2 weeks, we went from identifying the problem to recommending a solution that worked for everyone involved.

We also collaborated closely with primary care system suppliers to ensure the solution would integrate seamlessly with their existing systems. By updating messaging standards and working with all the right people, we made sure everything would be compatible across the NHS.

Throughout the project, we were in place to oversee the testing and offer our support, making sure that everything met the security and functionality requirements. We took on the role of the central point of coordination, working hand-in-hand with the suppliers to keep things moving smoothly.

Results

Built to work seamlessly with NHS systems, the solution now makes it easy for GP practices to manage restricted information without slowing down patient care or adding extra steps.

  • Less admin, more patient care: With streamlined record handling, GP practices can focus more on delivering patient care and spend less time working on administrative tasks.
  • Better patient safety: By ensuring sensitive details like safeguarding or mental health records are redacted, we’re helping protect patient confidentiality and prevent inappropriate sharing of information.
  • Stronger data protection compliance: GP practices now have a consistent and reliable way to manage sensitive incoming records, meeting data protection regulations and reducing risks.
  • Advancing NHS digitalisation goals: Our solution supports the NHS’s drive toward digital transformation, enabling faster and secure record transfers while safeguarding privacy.

Why Made Tech

With our NHS partnerships, data security expertise, and know-how in managing sensitive patient data, Made Tech was the right team for the job. By working closely with NHS stakeholders, we’ve delivered a secure and reliable solution that puts patient privacy and safety first.

Get monthly insights from our experts

Subscribe to our Insights newsletter for a round-up of our latest case studies, blog posts and upcoming events.

Case studies

A man working at a desk with two computer monitors and a laptop, focusing on data analysis or software development. The monitors display complex data and charts, suggesting he is engaged in technical or analytical work. He is wearing glasses and a light-colored shirt, with various office items, including a smartphone, keyboard, and coffee cup, on the desk.

Improving data reporting in adult social care

Enhancing social care data reporting accuracy and efficiency with machine learning at Skills for Care.

Read more

Laptop with Webpage for NHS Find help for your mental health

Making NHS Gloucestershire’s mental health services more accessible to children and young people

Made Tech worked closely with the NHS in Gloucester to digitalise access to over 100 mental health support services.

Read more

View all case studies

Made Tech logo

We provide Digital, Data and Technology services to help organisations make a positive impact

Made Tech Investors

Carbon Neutral Business stamp Crown Commercial Service Supplier certification Cyber Essentials Plus certification SOCOTEC International certification for ISO 9001 - ISO IEC 27001 AWS partner certification