Purpose
This article explains how Medicus handles access to inactive patient records and how your practice's privacy officer can review and acknowledge access alerts. These features include:
Inactive patient access restrictions: When a staff member attempts to view an inactive patient's record, Medicus restricts access and requires a reason before allowing entry. An alert is automatically sent to the nominated privacy officer.
Privacy officer alert tasks: A dedicated task type that allows your privacy officer to review, audit, and acknowledge instances of inactive patient record access.
Inactive patient records
What is an inactive patient?
A patient is considered active in Medicus if they have an active registration at your organisation (permanent, temporary, or immediate necessary treatment), or if they have an open clinical case (for Community Providers) or safeguarding case (for Safeguarding teams). Any patient who does not meet these criteria is treated as inactive.
When a patient becomes inactive, their record is retained but access to it is restricted. This supports good information governance by ensuring that inactive records are only opened when there is a legitimate reason to do so.
Accessing an inactive patient's record
If you attempt to open an inactive patient's record, Medicus will display an Inactive Patient - Access Restricted modal before allowing you to open the record. You will need to select a reason for access and provide a short justification. The available reasons are:
- Patient consent
- Legal
- Emergency
Once you submit, a privacy officer alert task is created and you will be able to view the record. Access is then permitted for the following 24 hours without needing to submit another reason.
Note: If your organisation is a safeguarding service, the reason is automatically set to Legal and you only need to provide a free text justification.
What access is and is not restricted
The restriction applies to the main patient record pages, any task tab that displays the detailed patient record, and starting, editing, or viewing a consultation for that patient.
Access is not restricted for patient search results, clinical audit reports, or viewing tasks about the patient (except the patient record tab itself). Inactive patients will still appear by name in search results.
Privacy officer alerts
What is a privacy officer?
A privacy officer is the staff member responsible for reviewing instances of inactive patient record access. They receive a task each time a staff member accesses an inactive patient's record, allowing the practice to audit and uphold information governance standards.
Assigning a privacy officer
A privacy officer is assigned by setting a staff member as the default task assignee for privacy officer alert tasks. See here for information on how to assign tasks to teams or specific team members.
Reviewing privacy officer alert tasks
Privacy officer alert tasks appear in Workflow > Data Privacy > Privacy Officer Alerts, as well as on the homepage if the task is assigned to you. Each task includes the patient whose record was accessed, the staff member who accessed it, the date and time of access, the type of access, the reason given, and the free text justification provided.
You can filter the task list by status, access type, date and time range, the staff member who accessed the record, or the patient accessed.
Acknowledging a task
To review an alert, select it from the list. Once you have reviewed, select Acknowledge to mark it as complete.