How to monitor SCR usage? Role of SCR Governance Person (SGP)

How to monitor SCR usage? Role of SCR Governance Person (SGP)

HSCIC SCR image - Patient, Ali visits pharmacy (use in relation to SCR only)SCR usage is encouraged where the pharmacist or technician determines it useful and with appropriate consent having been obtained. A person for each pharmacy will be able to view alerts about SCR activity, and take action to investigate only where needed. This person is called the ‘Governance Person’ (SGP), previously sometimes referred to as Privacy Officer within older documentation. Further information about the monitoring function is outlined to assist those who can view the alerts.

Who will access SCR and when?

Once a pharmacy has become ‘SCR live’, SCRs will only be accessed within that pharmacy:

What measures are taken to protect patient data?

Security measures include:

  • Smartcard users have agreed to use their cards in line with the user policy;
  • Standard Operating Procedures (SOPs) for SCR use must be in place;
  • the professional code of conduct, and employment contracts must be adhered to; and
  • contractors complete the Information Governance (IG) toolkit each year.

How are SCR accesses auditable?

  • Every SCR-access is fully auditable and linked with the Smartcard ‘logged in’ at that time.
  • Privacy alerts are generated by accessing SCR. These also indicate when the emergency access option is used.
  • Reports are available to show every record accessed by every Smartcard.
  • Patients can request to see who has accessed their SCR at any time.

Who will audit SCR access?

Each pharmacy organisation that has access to SCR must have a nominated person who is responsible for monitoring the SCR usage of the pharmacy’s SCR users – the SGP.

This person will audit SCR accesses and manage privacy alerts.

How will the SGP audit SCR access?

Privacy alert notifications (if you have NHSmail) can provide prompts for the SGP to investigate SCR access and to check that the accesses have been appropriate. Use of the Alert Viewer tool is also an option.

The SGP will review the pattern of privacy alerts at regular intervals to spot anomalies.

Example scenarios in which the SGPs may investigate include:

  • an unexpectedly high number of emergency accesses;
  • recurring access to the same patient’s SCR;
  • access during closing hours;
  • no record of the reason for access;
  • apparent access by a branch before it has gone live with SCR;
  • disproportionate accesses being made by one member of staff; or
  • unusual patterns are spotted.

Where the access is legitimate than the privacy alert is closed and no further action is required.

In the event that any illegitimate access is confirmed during the investigative process, local guidelines will apply. The ‘Care Record Guarantee’ document says that: “If we find that someone has deliberately accessed records about you without permission or good reason, we will tell you and take action. This can include disciplinary action, which could include ending a contract, firing an employee or bringing criminal charges.”


SGP = Governance Person in regards to SCR. Older documention refers to ‘Privacy Officer’, but this has been re-described to better describe the role.

Frequently asked questions

Q. How many SGPs need to be appointed?

A. The number of individuals undertaking the role of the SGP will vary amongst different community pharmacy organisations. Organisations may take into account the frequency of usage, number of staff accessing, and the number of branches live with SCR, when assigning the SGP role(s). SGPs are responsible for checking appropriate use across the organisation.

Q. How much time is required to undertake the GL role? How many alerts require checking?

A. There is no mandated number of privacy alerts which require investigation. Initially some pharmacies may decide to check around 10% of privacy alerts each month, although this will depend on the circumstances of the pharmacy, the total number of SCRs being accessed, and the trends being identified. One pharmacy team may decide to take a few minutes each week for checks, another pharmacy team may use more time, but check each quarter. The regularity of the checks may be reviewed and adjusted as processes become embedded into practice, or in the event of evidence of inappropriate usage.

Q. Who can be a GL in community pharmacy?

A. Every pharmacy has a nominated SGP prior to accessing SCR. It is useful for at least two people to have SGP role – a primary SGP, and somebody to cover for sick/annual leave. The designated SGPs ideally should not have access to SCR for the pharmacy branch they work in. However, this may not be feasible in small pharmacies, and pharmacy professionals with access to SCR may also have the SGP role. In this setting, the support SGP will monitor the primary SGP’s access and vice versa.

Related resources



Return to IT and SCR sub-section: Using SCR

Return to the IT section: SCR home

Return to the IT section: Electronic Health Records & SCR home

Return to the Pharmacy IT hub page

Latest Contract & IT news

View more Contract & IT news >