In addition to the information below, practices should also familiarise themselves with the latest GPC England update message to BMA members, which includes this template letter to send to ICBs if a practice is overwhelmed on any given day, and considers there to be a potential risk of a patient safety incident occurring. Londonwide LMCs’ summary of the full range of contract changes can be viewed here.
Details around the GP contract changes that took effect in October 2025 are a rapidly developing area, if you are viewing this some time after publication (23 October) we suggest checking what other guidance has been published by GPC England to ensure this advice has not been updated or superseded.
GPC England advice on OpenSAFELY
We are sharing this important information from GPCE with all practices, as we are aware that there are still practices who have not activated access to OpenSAFELY. Please ensure that you activate this and follow the steps outlined by GPCE to maintain your contractual compliance. Their advice is:
“Following feedback, we have been working with the RCGP, NHS England and the OpenSAFELY team to reduce the burden on Optum/EMIS Web and TPP/SystmOne practices in England in accepting the OpenSAFELY Data Provision Notice. Over 1000 practices have activated the service so far but we still have some way to go. (Note: Medicus practices are currently out of scope.)
“The NHS England website has been updated this week with what we hope are clearer instructions.
“The good news is that we also now have agreement over a single national Data Protection Impact Assessment (DPIA) which practices can note, reducing any need to construct their own. The Joint GP IT Committee reviews are now referenced within this national DPIA. No additional work is needed by practices. The national DPIA is available via the above web page.
“There is also has a link to a 2-page “easy read” version of what OpenSAFELY is including a link to a short video.
“All practices need to do now is activate the service, note the national DPIA, update their website privacy notice (suggested text is in the above web page) and update their Record of Processing Activity (ROPA).”
Summary of GPC England advice on declaring compliance
GPCE think there may be a time point, imminently, where the services which practices are delivering, are compared against what practices have already declared.
GPCE recognise the current confusion and advise practices to ensure that they are appropriately declaring their compliance on eDEC. If not fully compliant as yet, they should note that they are ‘taking steps’ towards compliance.
BMA advice is key:
- Practices must ensure their websites, phones and surgery notices are consistent with GPCE guidance and wording around contracted hours being 08:00-18:30.
- Consulting hours are within these times. Use GPCE guidance wording.
- Online portals must be switched on for routine/non-urgent queries.
- For practices who have declared compliance and are fully compliant – continue, no action required.
- For practices who may have declared compliance but find they are not yet fully compliant – contact the local commissioner and explain the present challenges, and set out the steps being taken, and the practice plan to achieve compliance. Be clear where more ICB support would be welcome, and what assistance is needed.
- For practices who have not yet declared – ensure practice communications are in line with the contract.
The bottom line is to accurately complete the eDEC declaration.