Individuals from outside the general practitioner's practice will only be able to access a patient's detailed care record, where they are working within a local health community where patient records are managed through a shared detailed record system and where they have a smartcard and role profile that enables access to patient records and also have a legitimate relationship with the patient—for example, because they are providing healthcare or treatment in a different setting, or they have express consent from the patient for other reasons, such as clinical research, or there is a statutory basis or court order supporting disclosure.
Patients may also request that a flag within the system be set to prevent information being accessed by anyone outside of the practice without their express consent other than where there is a legal requirement to do so, or an overriding public interest such as serious crime.
A patient's wishes regarding a sealed envelope can only be overridden exceptionally by staff who have been specifically granted the ability to do so by their employing organisations as part of their assigned role profile. When they do override a seal they must record whether their action is justified by express patient consent, a legal requirement, or an overriding public interest, and this will subsequently be checked by the employing body.