Doctors must have consent and agree levels of disclosure before communicating electronically with patients, says UK-wide medical defence organisation MDDUS.
At a time when there is much debate surrounding the sharing of patient information, MDDUS is reminding doctors that patients must opt-in before receiving any form of electronic communication from their doctor.
Nowadays, the use of email may be part of everyday work for doctors, but MDDUS Joint Head of Professional Services Dr Anthea Martin believes doctors shouldn’t become complacent and must consider consent and confidentiality issues when sending patient data electronically.
“Not all patients wish to receive emails or texts from their medical practice,” says Dr Martin. “It is therefore important that only those patients who agree to communicate electronically receive information via email or text.”
MDDUS has dealt with calls from members concerned over what information is appropriate to share with patients via email.
“To avoid any potential breach of confidentiality, it is beneficial to agree levels of disclosure,” says Dr Martin. “Does a patient want to be contacted via email or text for vaccinations, rescheduling appointments or repeat prescriptions, or for more personal matters such as test results?
“Where patients wish to receive an email or a text from their GP, there are still risks of confidentiality breaches to consider, even with something as straightforward as rescheduling a patient’s appointment.
“It’s important to consider who has access to an email account or mobile phone – it may not just be the patient. Personal circumstances and relationships within families are all different and you should not presume to know what people might want to keep private.”
Healthcare professionals should familiarise themselves with policies and procedures issued by their employer or contracting body which are designed to protect patients’ privacy. They must also be mindful of the requirements of the Data Protection Act 1998 which requires information to be fairly and lawfully processed.
“Doctors who fail to protect patient information risk incurring a fine from the Information Commissioner’s Office (ICO),” says Dr Martin. “Furthermore, failure to adequately secure electronic medical records could result in a GMC hearing or even criminal charges.”
GMC guidance Confidentiality states: “If you are responsible for the management of patient records or other patient information, you should make sure that they are held securely and that any staff you manage are trained and understand their responsibilities. You should make use of professional expertise when selecting and developing systems to record, access and send electronic data.”
“Many practices now allow for patient contact through secure password-protected online systems,” adds Dr Martin. “Encryption can reduce some of the risks but no system can be completely secure so it is important to consider confidentiality risks in all information exchanges with patients and colleagues.
“Doctors must be satisfied that there are appropriate security arrangements in place and consider the potential for data security breaches in all electronic communications involving confidential patient data.
“Doctors should also refrain from discussing clinical issues via email. For routine inquiries, an email exchange can be a convenient way of communicating. However, it’s not a substitute for face-to-face consultations. Finally, any electronic exchange with a patient should be considered part of the patient’s medical records and recorded.”
MDDUS (The Medical and Dental Defence Union of Scotland).