HP038 Subject Access Status SAR

Subject Access Requests Status (HP038)

Subject Access Requests Status (HP038)


Overview/Purpose

The HP038 Subject Access Request (SAR) Status Protocol assists GP practices and administrative teams in tracking, managing, and ensuring compliance with patient SARs. The protocol helps validate identity verification, record SAR history, and streamline processing workflows, ensuring GDPR compliance and data security.

What does it do?

Guides identity verification before releasing data.
Provides a structured SAR workflow, ensuring correct logging, tracking, and completion.
Flags overdue SARs and prevents duplicate requests from being processed incorrectly.
Supports verification for solicitor-led SARs, ensuring legal documentation is checked.
Introduces keyboard shortcuts for quick navigation in MCQ selection.

Why is it important?

  • Ensures GDPR compliance & Data Protection Act 2018 standards.
  • Reduces the risk of unauthorised access to patient records.
  • Enhances practice efficiency and reduces administrative burden.
  • Improves auditability of SAR processing, reducing disputes and ensuring correct charges for duplicates.
  • What does it look like?

    Step 1: Identity Verification for SAR

    Before proceeding, confirm how the patient’s identity was verified
    . The system will display a multiple-choice selection:

    Identity Checking for a SAR

    Before proceeding, confirm how the patient’s identity was verified for this SAR.

    Important: Duplicate SARs are chargeable.

    🔹 Previous SAR Activity (if any): (Automatically displayed)

    • Latest patient record request by solicitor
    • Latest patient record request by patient
    • Latest SAR reviewed by GP
    • Latest SAR completed
    • Latest SAR refused (including reason)

    Available Verification Methods

    A - Photo ID provided (passport, driving licence, national ID)
    B - Proof of address provided (utility bill, bank statement)
    C - Face-to-face verification (ID checked in person)
    D - Verified via secure patient portal (NHS App, online access system)
    E - Third-party authority confirmed (Solicitor, Power of Attorney)
    F - Clinician vouches for identity
    G - Other verification method used (Details recorded in notes)
    H - Identity not verified

    Step 1a: If "Identity Not Verified" is Selected

    🔴 System Prompt:
    "Identity Verification Required – Before proceeding with this SAR, patient identity must be verified. Please select a valid verification method to ensure compliance with data protection regulations."

    User must select an accepted verification method before proceeding.




    Step 2: SAR Status Selection

    Once identity verification is complete, users select the next action from the SAR Status Menu:

    SAR Status Options:
    📌 Solicitor Requesting Notes Access
    📌 Patient Requesting Notes Access
    📌 Subject Access Request Reviewed by GP
    📌 Subject Access Request Completed (Sent)
    📌 Subject Access Request Refused
    📌 Lloyd George notes scanned to electronic record

    🔹 Keyboard Shortcuts: Each status option has been assigned a shortcut key (e.g., Alt + S for Solicitor, Alt + P for Patient).

    The system ensures only verified requests are processed.

    The next panel also shows the administrative journey for the latest SAR request:




    System Dependencies

    This protocol relies on accurate recording and coding of Subject Access Requests in your system.
    1. Required codes: SAR request initiation, SAR status updates, SAR completion.
    2. Staff training: Clinicians and administrative staff must understand the importance of correct coding and use of this protocol to ensure compliance.

    System Triggers

    System trigger: Manually launched


    Change management considerations

    Fitting your practice 
    Staff need to be made aware that this protocol exists and how to access it. The protocol can be found in the OneLauncher Admin under the "Coding Team Tools" option.
    Best Practices
    To integrate this protocol effectively:
    1. Review existing SAR workflows before implementing the updated protocol.
    2. Train staff on identity verification and solicitor SAR procedures.
    3. Inform team members about new keyboard shortcuts for quicker navigation.


    How to get it

    This protocol is automatically installed in your system. 



      • Related Articles

      • Occupation and Armed Forces Status

        ? Occupation and Armed Forces Status This shared component supports documentation of employment status and Armed Forces affiliation. It ensures that social, occupational, and veteran-related factors are recorded as part of holistic care. ? When ...
      • Carer status [HP014]

        Type: Protocol Alert Purpose To drive awareness of carer status - both if the patient has a carer, and if they are a care themselves. What does it actually do? The protocol performs the following functions: On loading the patient record the system is ...
      • Smoking Status Handling

        ? Smoking Status Handling ? This component is used across multiple clinical areas, including Asthma, COPD, Heart Failure, and COPD templates. Smoking is a critical factor in long-term condition management. This shared template component dynamically ...
      • Frailty Status and Assessment (HP345)

        Purpose: This protocol will: help to ensure that frailty awareness is optimised within your practice What does it actually do? If a patient is over 65, the protocol looks to see if the patient has had a code of mild, moderate or severe frailty ...
      • How to access the Referral Tree

        Once the PCIT Referral Tree has been installed into your site, you'll be able to access it through the OneLaunchers. The option should be available on either the OneLauncher Prescriber, OneLauncher NonPrescriber, OneLauncher Admin or OneLauncher ...