GOC Standard 8: Maintaining Adequate Patient Records in Optical Practice

Enhancing patient safety through clear and reliable documentation

  • Reputation

    No token earned yet.

    Reach 50 points to earn the Peridot (Trainee Level).

  • CPD Certificates

    Certificates

    You have CPD Certificates for 0 courses.

  • Exam Cup

    No cup earned yet.

    Average at least 80% in exams to earn the Bronze Cup.

Launch offer: Certificates are currently free when you create a free account and log in. Log in for free access

Confidentiality, Security, and Access

Hand reaching for eyeglasses on display

Optical records contain sensitive health data that must be protected against unauthorised access, loss, or inappropriate disclosure. Security is both technical and behavioural: robust systems are ineffective if passwords are shared or screens are left unlocked. Patients also have rights to access their records, which need to be handled lawfully and efficiently.[4][7][1]

Technical and organisational safeguards

  • Access control: unique user accounts, least-privilege permissions, two-factor authentication where available, automatic screen locks.[4][3]
  • Secure transmission and storage: encryption in transit and at rest; approved NHSmail/portals for sharing; regular, tested backups.[5][7]
  • Operational discipline: clear desk/screen policies, device identity checks, breach reporting processes, and staff training with records of completion.[7][8]

[box]Data should be shared on a "minimum necessary" basis for direct care.[9]

For secondary uses (audit, teaching), it helps to de-identify where possible and document the lawful basis. Safeguarding may justify disclosure without consent; records must show the rationale and who authorised it.[6][9]

 
Optional: Not part of the course final assessment.
Another?

Handling Subject Access Requests (SAR) under UK GDPR

  • Verify identity and clarify scope; respond without undue delay and within one month.[1]
  • Provide copies in a commonly used format, including attachments (images, letters), redacting third-party data where appropriate.[1][6]
  • Document the request and actions taken, including the date supplied and any lawful extension or refusal (with reasons).[7]

Keeping patients informed of progress and providing a contact point for questions helps manage expectations. SARs should not alter the clinical record; any clarifications are best issued as separate explanatory notes, not edits to original entries.[8][2]

Ask Dr. Aiden

Rate this page

Course Snapshot

  • Not rated yet
  • Length: 60 minutes CPD (1.00 CE Credits)
  • Appropriate for: Optometrists, dispensing opticians, practice managers, practice nurses and administrative staff involved in record keeping and information governance in optical services.
  • 100% Online
  • Assessment requirements

    To receive a CPD certificate you must view all course pages while logged in, then take a MCQ assessment.

    • 10 questions, pass mark 80%.
    • You have unlimited attempts.
Course tools & details Study tools, course details, quality and recommendations

Study Tools

Personal Development Plan

Add this course to your Personal Development Plan.

Please log in to save this to your PDP.
View my course notes Open your saved notes for this course. Share this course Send the course link to a colleague or friend.

Course Details

Trust & Quality

Mecourse applies stringent Quality Controls to every course for the highest level of content integrity and accuracy in our educational resources.

Recommended Courses

Funding & COI Media Credits