Skip to main content

Part of DAPB3051 Identity Verification and Authentication Standard for Health and Care, Authorisation Use Case: Proxy

7.2 Age and development based reviews of access

Previous Chapter

7.1 Ongoing reviews of proxy access

Current Chapter

Current chapter – 7.2 Age and development based reviews of access

View all

Next Chapter

7.3 Time-bound reviews of access

There are two natural age-based milestones affecting proxy access. 

When a patient reaches an age between 11 and 13, any granted proxy access should be reviewed. There is legally no cut off when a child may be considered Gillick competent in relation to proxy access, but it is good practice to implement standard review dates in line with a young person's evolving maturity and ability to consent to proxy access.  

At 13 more digital services like the NHS App become available for young people to independently access, and so 13 should be used as a point to review the relevance of any ongoing proxy access. (This is due in many cases to the fact that 13 is the age at which a young person is considered to be able to give their own consent to data processing by information society services under the GDPR, where consent is the article 6 basis being relied on.)

Earlier or later age-based review dates may be set in line with a health and care organisation's local policy. For example, RCGP GP online services guidance for children and young people recommends age 11 as a review point for proxy access in general practice. 

When a patient reaches age 16, they should be presumed to have capacity, as per the provisions of the Mental Capacity Act 2005. If they were previously deemed to not be Gillick competent in relation to proxy access, their capacity should be considered. 

Clinical systems must therefore be programmed to suspend proxy access when a patient reaches age 16. Clinical systems should be programmed to suspend access for review at age 13 or earlier, configurable by the health and care organisation’s local policy.  

Proxies and patients must be informed of this suspension ahead of time so that they have an opportunity to extend access if there is a need to.  

Patients should also be informed of the opportunity for self-access where there are services that they are eligible for, so that they can be encouraged to utilise this as an alternative to proxy access. For example the NHS App is available at age 13, while other digital services can be offered to children younger than 13. 

Clinical systems must support staff to easily reactivate proxy access that has become inactive on reaching an age milestone to support continuity of care.  

Requests for extending proxy access must be considered in line with the requirements for proxy access defined in this standard. 

Last edited: 6 May 2026 4:27 pm

Previous Chapter

7.1 Ongoing reviews of proxy access

Next Chapter

7.3 Time-bound reviews of access

Chapters

  1. DAPB3051 Identity Verification and Authentication Standard for Health and Care, Authorisation Use Case: Proxy
  2. Glossary
  3. Use of the terms "must" and "should" in this guidance
  4. 1.0 Overview
  5. 1.1 Purpose of this standard
  6. 1.2 Who this standard applies to
  7. 1.3 What this standard does not cover
  8. 1.4 Compatibility with other standards and guidelines
  9. 2.1 Types of proxy access: formal and informal proxy access
  10. 2.2 Types of proxy access: Records access by a clinical professional
  11. 3.0 Roles and responsibilities
  12. 4.0 Grant proxy access
  13. 4.1 Assess if access is appropriate
  14. 4.1.1 Establish whether access is necessary
  15. 4.1.2 Establish whether access is relevant
  16. 4.1.3 Establish whether access is safe
  17. 4.2 Establish a basis for access
  18. 4.3 Check evidence relevant to the basis for access
  19. 4.3.1 Verify the proxy and patient’s identity
  20. 4.3.2 Understand if the patient has the ability to consent
  21. 4.3.3 Obtain the patient’s informed consent to proxy access, if appropriate
  22. 4.3.4 Verify evidence of a basis for access if the patient cannot consent
  23. 4.4 Redact sensitive information based on what is being shared
  24. 4.5 Audit decisions about proxy access
  25. 4.6 Communicate the outcome of a decision to grant or deny proxy access
  26. 5.0 The scope of proxy access
  27. 6.0 System audit of proxy access
  28. 7.0 Managing proxy access
  29. 7.1 Ongoing reviews of proxy access
  30. 7.2 Age and development based reviews of access
  31. 7.3 Time-bound reviews of access
  32. 7.4 Wider events that materially affect proxy access
  33. Appendix A: Ways to evidence a basis for access if the patient is not capable of providing informed consent
  34. Appendix B: Driver diagram articulating the strategic aims of this information standard