Skip to main content

Set up proxy access with our service

Once you get an application email from our service, you can use our step-by-step guidance to help you set up proxy access. Continue to use your standard practice process if this is more suitable for your patient.

Page contents

Step 1: Find out who made the application

Either the proxy or the patient can use our service to apply for proxy access.

We say who has applied in the subject line and throughout the email that you get sent.

Step 2: Check who we've told about the application

Check if we've told the patient or the proxy about the application being made. We contact the applicant by using their NHS login contact details.

We only contact the person named in the application if their contact details are stored on the Personal Demographics Service (PDS).

If we have not contacted them, we'll let you know in the application email.

If the application is for access to a child's services, we do not contact the child.

Step 3: Check if access is appropriate and for any safeguarding concerns

Make sure you have a conversation to check if the patient is being coerced into sharing access. If you have a concern about possible coercion, follow your organisation's safeguarding procedures, and do not proceed any further with considering proxy access. 

You should check whether access is:

  • necessary. Is access necessary to improve the quality of the patient's care?
  • relevant. Is proxy access the best way to support the patient in their care? Is it necessary to review the access after a time period?
  • safe. Is it safe for the proxy to have access to the patient's information?

Access could be considered necessary if the patient:

  • currently relies on someone else to access health and care services at your organisation
  • does not access digital services for themselves because of an obstacle such as their digital literacy, complex needs, or lack of Gillick competence or mental capacity
  • has health and care needs which were not successfully met by supported self-access, but are likely to be met through providing proxy access 

Check the records of the patient and the proxy for any safeguarding concerns.

You may need to check for concerns about other family members too.

You can check for safeguarding concerns by:

  • checking notes on the patient's medical record and local safeguarding information
  • checking an authoritative source of safeguarding information, for example you can use the Child Protection- Information Sharing (CP-IS) service to check whether a child is on a child protection plan

The RCGP Safeguarding toolkit has detailed guidance on safeguarding patients. 

Our guidance on safeguarding your patients explains when you may need to deny proxy access. This may help you when making a decision on an application.

If the patient is aged 16 or over

For a patient who is aged 16 or over, you should assume capacity to consent to proxy access, unless you have information that suggests they lack capacity. 

If information suggests they might have an impairment or disturbance in the functioning of their mind, a clinical professional must undertake a mental capacity assessment in relation to the decision on whether to grant proxy access, in line with your organisational policy on capacity assessment. This is to make sure that the access granted is done with the patient's changing capacity and their best interests in mind.

The clinical professional must be experienced in assessing mental capacity.

The Mental Capacity Act (MCA) code of practice (GOV.UK) has more guidance on this. 

When the patient doesn't have capacity, record in the patient's record:

  • the patient's lack of capacity
  • the date capacity was assessed
  • the basis for granting proxy access and evidence provided
  • the details of the proxy
  • the level of access the proxy was granted 
  • if the patient is aged 11-15

If the patient is granted time-bound access, consider setting a reminder to schedule a review of this access. 

If the patient is aged 11 to 15

When using our service for this age group, the proxy is asked whether they think the child patient has capacity to make an informed decision on proxy access. We tell the proxy to speak to the patient about the application, if this is suitable. For patients aged 13 or over, self-access should be promoted as an alternative or addition to proxy access. 

If they choose the option 'no' to the child having capacity, the proxy can enter a reason why they think this. The proxy may use this to let you know about a medical condition or learning disability that the child has. 

Use a Gillick competency assessment to determine whether the patient is mature enough to understand and consent to proxy access. 

This assessment must be done by a clinical professional who is skilled and experienced in assessing competence. 

The BMA children and young people ethics toolkit has further guidance on checking for capacity to consent. 

If the patient is aged 10 or under

Patients aged 10 and under are assumed to not have capacity to consent.

We make the proxy aware that children will usually be asked for their consent from age 11.

We tell the proxy to contact you if they feel continued access is needed, when the child is nearly 11. 

We do not get the patient's consent through our service. Use your standard practice process for this. 

What the patient needs to understand

The patient must understand:

  • the option of self-access as an alternative or addition to proxy access
  • what proxy access is
  • the risks and benefits of proxy access
  • who they're giving access to
  • what the proxy will be able to see and do on their behalf. Ask the patient if there's any information they want redacted from their record
  • how long the access will be given for
  • how to revoke this access
  • the fact that proxy access means that the proxy may be able to see their medical information online and on the NHS App
What to record in the patient's record

When getting consent, record in the patient's record:

  • the patient's informed consent
  • the date the patient gave consent
  • the details of the proxy
  • they way they consented, for example, in writing
  • the level of access they consented to

Understanding what the proxy will be able to see and do on their behalf

For EMIS

You should only give access to detailed record options from the date you process the application. If the patient indicates that historical access is needed, you can discuss whether this is appropriate and when this should start from. Keep a record of what is agreed in the conversation so that you can use it to set up access in your clinical system later. 

For TPP

Check which options the patient has chosen before you contact them.

If the patient has not requested any detailed record options (TPP)

If the patient has not chosen any of the detailed record options, you just need to check they understand what services they are giving access to. 

If the patient has requested all the detailed record options (TPP)

You should only give access to detailed record options from the date you process the application. You will need to change the patient's own online access review date, to make sure this is the case, and this will limit the patient's access as well. 

You may wish to discuss with them that giving access will limit their own access.

The patient may decide that giving their proxy historical access is more appropriate if they want to maintain access to their own historical record. If they decide this, you need to make sure they understand it, agree on a start date and get their consent before setting it up. Keep a record of what is agreed in the conversation so that you can use it to set up access in your clinical system later. 

If the patient has chosen some but not all of the detailed record options (TPP)

In TPP you can only give access to all or none of the detailed medical record choices we offer in the application, by giving access to the full record.

If the patient has chosen some but not all of the options in the detailed record, you should have a discussion with them before you set up access, to decide what is made available. 

You will need to get their consent to share their detailed record if they need the proxy to have access to one or more services. 

For example, as it's not possible for you to give access to test results without giving full access, if they have requested test results only, you should have a discussion with them to help them decide if full access is appropriate and get consent. 

You should only give access to detailed record options from the date you process the application. You will need to change the patient's own online access review date, to make sure this is the case, and this will limit the patient's access as well. 

The patient may decide that giving their proxy historical access is more appropriate if they want to maintain access to their own historical record. If they decide this, you need to make sure they understand it, agree on a start date and get their consent before setting it up. Keep a record of what is agreed in the conversation so that you can use it to set up access in your clinical system later. 

You may wish to discuss with them that giving access will limit their own access.

If you are granting proxy access based on a proxy being a court appointed deputy

Check a valid court order that confirms that the proxy is a court-appointed deputy. You should consider whether access needs to be time-bound and record this. 

If you are granting access based on a proxy holding a health and welfare Lasting Power of Attorney (LPA)

You should check to make sure that the LPA is both registered with the Court of Protection and activated. An LPA is activated when the patient is unable to make the decision regarding proxy access for themselves. This should be supported by your assessment of the patient's capacity in step 4. 

If you are granting access based on the patient's best interests

You should be sure that granting proxy access to the proxy will be in the patient's best interests and record this as the basis for proxy access. 

If a proxy is applying for access to the services of someone aged 15 and under, check that the proxy has legal parental responsibility for them. 

We do not verify legal parental responsibility through our service. Use your standard practice process to do this. 

If you've verified proof of parental responsibility before, this may already be recorded in your clinical system. 

Supporting information in the application email

In some cases, we can confirm a birth mother to child relationship from PDS. This confirmation gives you the same information as viewing the birth certificate would. 

We also ask what document the applicant has that may help to show their legal parental responsibility for the child. 

This supporting information is shown in the application email we send you. 

This may help verify legal parental responsibility and the identity of the child.

Use your standard practice process to confirm this and to update your clinical system with this information. 

On its own, this information is not proof of parental responsibility, but it can help support your duty to verify parental responsibility before granting access. 

Documents may not reflect the current situation, and you should also check for any safeguarding issues as part of reviewing the application.

How we check for birth mother to child relationships

Every child's PDS record has their birth mother's NHS number stored in it, if the child was born after 2011 in the UK. This is added by a clinician, as part of the birth notification process. 

We only check for this on PDS if both:

  • the child was born in or after 2011, and
  • the proxy's gender is stored in PDS as female
If we've confirmed the birth mother to child relationship

If we've confirmed a birth mother to child relationship, seeing a birth certificate will not give you any more information about this relationship.

If the applicant says they have been named on another document, you may need to check this. 

Not all birth mothers have parental responsibility. You should check for any safeguarding issues to make sure you're aware of the current situation. 

If we've not confirmed the birth mother to child relationship

If we've run the check, and we've not been able to confirm a birth mother to child relationship through PDS, the applicant may still be the parent that gave birth to them. 

This does not stop an application being made.

We cannot confirm a birth mother to child relationship for:

  • birth mothers of children born before 2011
  • birth mothers of children who were born outside the UK
  • parents who gave birth and later changed their gender on PDS from female, as they will have been given a new NHS number

We currently only check for birth mother to child relationships. This will be expanded in the future. 

This means we cannot currently confirm a relationship for adoptive parents or second parents.

How we check the adult's and child's addresses

Our service checks if the adult's and child's addresses match on PDS. Whether they match or not, we ask the adult what their address is and if this is the child's main address.

We send you this information in the application email. You can check this against what is in your clinical system.

We do not check any addresses if the application is for access to an adult's services.

Parents who live at a different address to their child should not be disadvantaged when applying for proxy access.

Step 7: Decide whether to grant or deny access

You must get this decision authorised by a clinical lead in your practice.

The application email has information that may be useful when deciding to grant proxy access, including the relationship between the proxy and the patient and the reason for requesting access.

Step 8: Verify their identity

We only verify the identity of the person that makes the application. We do this by using the highest level of verification through NHS login. You can find out how applicants prove their identity, see the Getting patients started with NHS login page.

If the patient makes the application, you may need the proxy to verify their identity to access online services if they haven't already done so. 

You can tell the proxy to verify their identity online, or at your practice, or vouch for their identity if they are known to you.

If the proxy makes the application, you need to ensure you gather informed consent directly from the patient, where this is the basis for access.

Step 9: Redact from medical record

Check that the record contains no information that might be harmful to the patient if disclosed to the proxy. Redact any information that the proxy should not have access to.

Make sure the record does not contain third-party information. 

Safeguarding your patients has guidance on managing potentially harmful information. 

Redaction (NHS ENGLAND) has more detailed guidance on the redaction process. 

Make sure any redactions are completed before access is granted.

Step 10: Set up access in your clinical system

If the proxy asks for help

We've created guidance for the public to help them understand how proxy access works. You can send your patients guidance on Accessing GP services for someone else, with proxy access (NHS website) to help answer their questions.

Once this access has been set up, the proxy may ask for help on how to use their access in the NHS App. You can send them a link to the guidance on how to manage health services for others (NHS website).

Last edited: 8 September 2025 11:53 am