What do these tasks do?

They are a security alert that someone has connected a third-party GP Online Services solution to the patient record. This might be the patient, but it might be someone else posing as the patient to gain ongoing access to their confidential record data.

Aren't they all 'NHS App'?

No.  This is (at the time of writing) the most common third-party app, but there is a growing list of third-party services that can be connected to GP records.
https://www.nhs.uk/nhs-services/gps/online-health-and-prescription-services/

What should we do with the tasks?

➡️ Action them.

Patient has chosen SMS or email as their preferred method of contact

A message will automatically be sent, the task is complete.

Surgery has not yet obtained a preferred method of contact or method is letter

Actioning the task will result in an error message advising you to contact the patient manually.

Gold standard: Contact the patient directly. We know most surgeries are unlikely to do so unless they have specific concerns about who may have linked to that patient record, such as where there is a history of attempts to gain information about that patient record.

Practical suggestion: Retrieve the record, where they have an email or mobile already attached; send a message via Communications Annexe. Then clear the task.
The ICB has published a message preset called 'Online Services Linked - security safety net (ICB)'
At the time of writing this will email/SMS: <initials>, a new online service was recently linked to your GP records, this may have been the NHS App or another third-party GP online services solution. If this wasn't you, let us know: <organisation_main_telephone>

That seems like a lot of work?

If you've not got preferred method of contact recorded, yes. Our primary suggestion is to ensure you are doing that as standard practice for all patients as this can improve how you communicate with patients in all situations (further info in 'We don't record preferred method of contact').

If you feel the task type should allow you to manually send a message where there is an email or mobile recorded, please vote on SystmOne Development Request 41530000 and have all your staff do the same. (How to vote).

What happens if we don't inform the patient?

Good scenario: It was the patient themselves linking to the record. Nothing happens.

Bad scenario: It was not the patient and was a malicious individual or individuals. They can now freely access the patient's record inappropriately, exploiting this (or the patient) however they wish. If this is discovered and investigated, it may be determined that the surgery was alerted and advised to contact the patient but elected to not do this. (We recommend ensuring you have taken some action to alert the patient).

We don't record preferred method of contact

You probably should. ?

1. Improved accessibility for patients that need certain tools/options to read your communication. e.g. Those with screen readers etc.
2. Gives the surgery a reliable way to know a patient's preferred method of engagement which can then be used when sending out bulk communications (condition information, clinic invites etc).
3. Can automatically reduce NHS costs. e.g. Communication Annexe will send emails (free) instead of SMS (not free) if the patient has selected email as their preferred method of contact.
4. Doing so was added to QOF guidance in 2019 and has remained in annual updates (as at 2023). Invites to LTC clinics are expected to use preferred method for the first invite.

"Practices should prospectively and opportunistically record individual patients preferred methods of communication, for example at the time of the next patient contact. Where a preferred contact method is recorded this would be used to make the first invitation for care. The second invitation may be via any method"

Source: Quality and Outcomes Framework guidance for 2023/24: https://www.england.nhs.uk/publication/quality-and-outcomes-framework-guidance-for-2023-24/