Access to the MECR is on an individual bases and each user is assigned an appropriate and legitimate role, according to their position and place of work, otherwise known as Role Based Access Control (RBAC).
In accessing the MECR, the member of staff is required to enter a unique user name and password, only known to them, and all activity, including just searching for a patient, is recorded and fully auditable.
By law, everyone working for or on behalf of the Health Service must respect your confidentiality and keep all information secure.
All health records are private and personal so it is our top priority to make the process of accessing your electronic information secure.
Viewing an MECR record is only normally allowed with explicit consent from the patient. This means that the patient will have to give permission for each clinician to access the record. This can be given for a once only view or for a specific period of time, i.e. 3 months.
The only exception being in the event that consent is not available, i.e. if the patient happens to be unconscious, the health professional can still access their record but in doing so, they are required to enter a reason why access is required and again any activity is recorded and fully auditable.