Part of Proxy access: advice and guidance
Use of the terms "must" and "should" in this guidance
The following guidance uses either "must" or "should" as defined by RFC-2119 where:
- must: means that the definition is an absolute requirement of the standard
- should: means that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course
Last edited: 6 May 2026 4:33 pm
Chapters
- Proxy access: advice and guidance
- Glossary
- Roles and responsibilities
- Use of the terms "must" and "should" in this guidance
- Process overview
- Step 1: Determine if proxy access is appropriate, that is, if the benefits outweigh the risks
- Step 2: Evaluate the safety of proxy access
- Step 3a: Get the patient's informed consent to proxy access
- Step 3b: Inform the patient about the opportunity of self-access
- Step 4: Rely on another basis for access if the patient cannot provide consent
- Step 5: Check if the proxy has proven their identity to access online services
- Step 6: Understand if anyone else should have proxy access to the patient’s record
- Step 7: Redact sensitive information from the proxy’s view based on what is being shared
- Step 8: Grant proportionate and time-bound proxy access
- Step 9: Communicate the decision to grant or deny proxy access
- Step 10: Review and manage access on an ongoing basis
- Appendix 1: complex scenarios in relation to granting and managing parental access