Skip to main content

Part of DAPB3051 Identity Verification and Authentication Standard for Health and Care, Authorisation Use Case: Proxy

2.1 Types of proxy access: formal and informal proxy access

Previous Chapter

1.4 Compatibility with other standards and guidelines

Current Chapter

Current chapter – 2.1 Types of proxy access: formal and informal proxy access

View all

Next Chapter

2.2 Types of proxy access: Records access by a clinical professional

Proxy access may be formal or informal.  

Informal access is when a proxy accesses a patient's medical information using a system that was set up for the patient as if the proxy were the patient. For example, by using the patient's username and password or an authorised device. When this is done, there is no means of controlling and auditing the proxy's access, increasing risk of misuse and harm. This standard discourages informal access. 

Conversely, when proxy access is formal, the proxy's access is subject to: 

  • establishment of a relevant basis for proxy access 

  • appropriate access controls, based on clinical authorisation, which can be amended 

  • an audit trail of what the proxy does 

  • controls within the clinical system that enable proxy access to be managed safely 

Formal proxy access is safer and more effective than informal proxy access. Patients must be informed of the opportunity for formal proxy access, and strongly discouraged from sharing their password or devices with others. 

Formal proxy access falls into two categories which are further elaborated on below:

  • Proxy access on behalf of a patient who can provide informed consent.  

  • Proxy access on behalf of a patient who cannot provide informed consent. 

Last edited: 6 May 2026 1:55 pm

Previous Chapter

1.4 Compatibility with other standards and guidelines

Next Chapter

2.2 Types of proxy access: Records access by a clinical professional

Chapters

  1. DAPB3051 Identity Verification and Authentication Standard for Health and Care, Authorisation Use Case: Proxy
  2. Glossary
  3. Use of the terms "must" and "should" in this guidance
  4. 1.0 Overview
  5. 1.1 Purpose of this standard
  6. 1.2 Who this standard applies to
  7. 1.3 What this standard does not cover
  8. 1.4 Compatibility with other standards and guidelines
  9. 2.1 Types of proxy access: formal and informal proxy access
  10. 2.2 Types of proxy access: Records access by a clinical professional
  11. 3.0 Roles and responsibilities
  12. 4.0 Grant proxy access
  13. 4.1 Assess if access is appropriate
  14. 4.1.1 Establish whether access is necessary
  15. 4.1.2 Establish whether access is relevant
  16. 4.1.3 Establish whether access is safe
  17. 4.2 Establish a basis for access
  18. 4.3 Check evidence relevant to the basis for access
  19. 4.3.1 Verify the proxy and patient’s identity
  20. 4.3.2 Understand if the patient has the ability to consent
  21. 4.3.3 Obtain the patient’s informed consent to proxy access, if appropriate
  22. 4.3.4 Verify evidence of a basis for access if the patient cannot consent
  23. 4.4 Redact sensitive information based on what is being shared
  24. 4.5 Audit decisions about proxy access
  25. 4.6 Communicate the outcome of a decision to grant or deny proxy access
  26. 5.0 The scope of proxy access
  27. 6.0 System audit of proxy access
  28. 7.0 Managing proxy access
  29. 7.1 Ongoing reviews of proxy access
  30. 7.2 Age and development based reviews of access
  31. 7.3 Time-bound reviews of access
  32. 7.4 Wider events that materially affect proxy access
  33. Appendix A: Ways to evidence a basis for access if the patient is not capable of providing informed consent
  34. Appendix B: Driver diagram articulating the strategic aims of this information standard