We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Ai-assisted clinical coding
System Used: BetterLetter
Organisation: The New Surgery
Lawful Basis: UK GDPR Article 6(1)(e); Article 9(2)(h)
1. Purpose of processing
The Practice uses BetterLetter, an AI-enabled clinical correspondence management system, to support the administrative processing and clinical coding of patient letters.
The system analyses incoming and outgoing clinical correspondence (e.g. hospital letters, consultant communications, discharge summaries) and generates suggested SNOMED CT clinical codes for review. The purpose of this processing is to:
- Improve efficiency in coding patient correspondence
- Enhance consistency and accuracy of clinical record-keeping
- Reduce administrative burden on clinical and administrative staff
- Support safe and effective continuity of care
The AI system assists with code suggestion only. It does not make autonomous clinical decisions and does not update patient records without human authorisation.
2. Nature of the processing
The processing involves:
- Secure receipt of patient correspondence
- Automated text analysis using machine learning models
- Generation of suggested clinical codes
- Human review and validation of suggested codes
- Manual confirmation and entry into the patient’s electronic health record
There is no automated decision-making under Article 22 UK GDPR. All outputs are reviewed by authorised staff before implementation.
3. Categories of personal data processed
The system may process the following categories of personal data contained within correspondence:
- Patient identifiers (name, NHS number, date of birth)
- Clinical information (diagnoses, symptoms, medications, procedures, referrals)
- Special category health data
- Clinician identifiers
Only the minimum necessary data required for coding purposes is processed.
4. Lawful basis for processing
4.1 Article 6 UK GDPR
Processing is necessary for the performance of a task carried out in the public interest and in the exercise of official authority vested in the controller (Article 6(1)(e)).
4.2 Article 9 UK GDPR
Processing of special category data is necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care, and the management of health systems and services (Article 9(2)(h)).
5. Data controller and data processor roles
- The GP Practice acts as the Data Controller.
- BetterLetter acts as a Data Processor under a written Data Processing Agreement (DPA).
The processor is contractually bound to:
- Process data only on documented instructions
- Implement appropriate technical and organisational security measures
- Maintain confidentiality
- Comply with NHS DSP Toolkit standards (where applicable)
- Not use patient data for unauthorised secondary purposes
6. Data security measures
Appropriate safeguards include:
- Encryption in transit and at rest
- Role-based access controls
- Multi-factor authentication (where applicable)
- Audit logging and access monitoring
- Secure NHS-compliant hosting infrastructure
- Regular security and penetration testing (as applicable)
Access to coding outputs is restricted to authorised staff only.
7. Risk assessment and mitigation
7.1 Identified risks
- Inaccurate coding suggestions
- Over-reliance on automated outputs
- Data breach or unauthorised access
- Lack of transparency to patients
7.2 Mitigation measures
- Mandatory human review of all AI-generated coding suggestions
- Clear internal policy prohibiting automated application without verification
- Staff training on safe and appropriate use of AI tools
- Contractual data protection clauses with BetterLetter
- Inclusion of AI use within the Practice Privacy Notice
- Ongoing audit and monitoring of coding accuracy
Residual risk is assessed as low when safeguards are applied.
8. Data retention
The AI system does not determine retention periods. Patient correspondence and coded entries are retained in accordance with the NHS Records Management Code of Practice.
Any temporary processing by the data processor is governed by contractual retention and deletion requirements.
9. Transparency and patient rights
Patients are informed via the Practice Privacy Notice that AI-assisted tools may be used to support administrative and clinical documentation processes.
Patients retain all rights under UK GDPR, including:
- Right of access
- Right to rectification
- Right to restrict processing (where applicable)
- Right to complain to the ICO
As there is no solely automated decision-making, Article 22 rights are not engaged.
10. Clinical governance
The practice retains full accountability for:
- Accuracy of patient records
- Clinical safety
- Data protection compliance
The AI system functions solely as a decision-support tool. Final responsibility remains with the clinician or authorised staff member applying the code.
The use of BetterLetter is subject to periodic review under the Practice’s Information Governance and Clinical Governance frameworks.