Patient consent now at team rather than individual level

We have been upgrading the privacy features of Patients Know Best to more closely match standard professional practice as well as patients’ abilities to understand medical data.

For example, back in July 2015 we switched to the privacy labels model of data sharing – each data point in the record is classified as general, mental, sexual and social care privacy, and the patient chooses which teams get access to which combination of data. Patients understand this privacy model well without needing medical training, and the functionality scales to cover the vast majority of clinical scenarios. For professionals dealing with children, earlier this year we switched on record freezing functionality so that they can temporarily prevent access of non-professionals to a child’s record while they investigate the safety of the child.

This month we migrated all our customers to the full privacy labels functionality. This will save time for coordinators who were previously manually adding individual professionals in the team to each patient’s record to grant access. Now the whole team gets access to the patient’s record – with the patient’s consent through a relationship of care – and the team decides who its members are.

We made these changes after requests from and testing with several customers. This mirrors standard clinical practice. In clinic, a patient does not consent separately to every single employee of the clinic, rather they consent to receive treatment by the clinic and the clinic has its own clinical governance for which staff can access medical records. These staff are clinical professionals like doctors and nurses but also supporting staff like secretaries who answer calls from patients and type letters on behalf of doctors.

Patient control allows better safeguards than standard practice. Since the start of the year PKB software tracks every access by every user into a patient’s record. Later on this year the patient, their carers, and any professionals looking at the patient’s record will see this log of who accessed the patient’s record when. This allows the patient to know about and query any inappropriate access, something internal medical records procedures currently do not allow. Any emergency access to the record will also be reported to the Caldicott Guardian of an institution, again functionality that goes beyond standard clinical practice.

Patients are still able to manually invite individual professionals outside of teams e.g. inviting a private doctor who is not a user of PKB to see the full medical records of the patient.

All these features help professionals look after patients faster and better while allowing patients to understand their health more. We hope you like these features. Do contact us with your comments and questions.


  1. That is excellent news, thank you.

    Will teams have view/sight of access logs? I’m a professional user, a coordinator and also CCIO. I would value this primarily as a business intelligence and secondly (if required) for our Caldicot guardian.

    1. Thanks for asking!

      The professional users (e.g. doctors and nurses) and the team coordinator can see the full access log when they click into a patient’s record. (The data are being tracked in the back-end on production but for the front-end we are only showing this on our test server.)

      The organisation administrator (not the team coordinator) will see break-the-glass entries. If they want the full access log they will need to ask a user who has access to the patient’s record to show them the full logs.

      I hope this makes sense and do let us know your next round of questions.

Leave a Reply