Exam Pass Notes

Download (Word)

Core Rule

• Being involved in a patient's care does not automatically give someone the right to receive their information.
• Distinguish between accepting information from a third party and disclosing information to them.
• Before sharing, confirm identity, consent, legal authority and the exact scope of the request.
• If you are unsure, escalate the request rather than guessing or making assumptions.

Common Third-Party Requests

• Relatives and carers may offer safety or contextual information that should be recorded, but this does not equal permission to view all records.
• Proxy access should match the permissions recorded on the patient record and should not be extended beyond those limits.
• Requests from employers, schools, police, solicitors and insurers usually require formal documentation or a specific legal route.
• Parents and guardians do not automatically have full access to young people's sensitive information; follow age, consent and safeguarding guidance.

Safe Disclosure Habits

• Share only the minimum information necessary and only where you are authorised to do so.
• Do not casually confirm patient attendance, registration status or test results without proper authority.
• Watch for signs of coercion, domestic abuse or other safeguarding risks and follow local escalation procedures.
• Use your practice's processes for legal requests, police enquiries, subject access requests and safeguarding concerns.

Records

• Log who asked, what they requested and which checks of identity, consent or authority you made.
• Record precisely what was disclosed, refused, redirected or escalated.
• Stick to factual language in notes; avoid labels or judgemental terms.
• If a concern remains, make clear who is responsible for next steps and ensure ownership is recorded.