Re: What GP?
Okay, so it may be a partnership or it may, in the case of multi-practice company, be an Ltd, possibly wholly owned by a Plc. Tomato, tomato. Anyone with more authority in an organisation of this sort has the same access as all those with less, otherwise said minions - doctors or admin - find themselves sidelined, passed over or 'let go' and possibly black-balled if they refuse or blow the whistle.
When I registered back when, I registered with a specific doctor and would almost always be seen by said doctor. This still shows on my record which, yes, I know is held by TPP - I access it via SystmOnline and wouldn't expect the practice to have its own on-site servers and IT department.
The point is, there is no longer a single GP who has sole access to my record. That's not necessarily a bad thing but the press and BMA and so on still try to act as if there is a cosy and private relationship with some sort of continuity of care, whereas the idea of 'your GP' is long gone.
Within a single Practice there should be a difference in access permissions between medical staff and admin staff
With emphasis on 'should'. The reality is that staff always share access 'to speed things up'. There have been a number of cases where admin staff have been caught doing nasty things with the records of patients they've taken a dislike to in or out of work. If caught, the staff member gets fired, fined and/or maybe a suspended sentence. The owners do not get any penalties in the cases I've seen.
That's a different matter from whether they actually start looking at a particular patient's record without good reason - that's something that, in theory, occasional/random audits of the records system's logs should show up, assuming the Practice actually bother to do any audits.
I think this is rather the point. My - singular - GP no longer has my record in a filing cabinet to which he or she has the only key. But there appears to be no visible or mandatory third-party policing of access to the virtual one that has replaced it.
I am in two minds as a result of all this. The NHS has an extremely bad record regarding misuse of patient data with repeated behaviour later judged to have been unlawful yet with no individuals being prosecuted. On the other hand, the fact that there is no longer such a thing as 'my GP' suggests to me that all handsomely-NHS-funded practices should be replaced with publicly-owned ones and the profits reaped from them ploughed back into the public healthcare system.
The argument for doing this with dental practices is even more compelling, but that's a whole other rant!