DOCTORS should have consent and agree levels of disclosure before emailing or texting patients.
MDDUS has recently sent out an alert reminding doctors that patients must opt-in before receiving any form of electronic communication from their doctor.
The use of email may now be part of everyday work for doctors, but MDDUS Joint Head of Medical Division Dr Anthea Martin believes doctors should not become complacent and must consider consent and confidentiality issues when sending patient data electronically. “Not all patients wish to receive emails or texts from their medical practice,” says Dr Martin. “It is therefore important that only those patients who agree to communicate electronically receive information via email or text.”
MDDUS has dealt with calls from members concerned over what information is appropriate to share with patients via email. “To avoid any potential breach of confidentiality, it is beneficial to agree levels of disclosure,” says Dr Martin. “Does a patient want to be contacted via email or text for vaccinations, rescheduling appointments or repeat prescriptions, or for more personal matters such as test results?”
Dr Martin points out that there are still risks of confidentiality breaches even with something as straightforward as rescheduling a patient’s appointment. It is important to consider who might have access to an email account or mobile phone other than the patient. “Personal circumstances and relationships within families are all different and you should not presume to know what people might want to keep private.”
Healthcare professionals should familiarise themselves with policies and procedures issued by their employer or contracting body in regard to protecting patients’ privacy. They must also be mindful of the Data Protection Act 1998 which requires information to be fairly and lawfully processed.
“Doctors who fail to protect patient information risk incurring a fine from the Information Commissioner’s Office (ICO),” says Dr Martin. “Furthermore, failure to adequately secure electronic medical records could result in a GMC hearing or even criminal charges.”
Many practices now allow for patient contact through secure password-protected online systems. Encryption can reduce some of the risks but no system can be completely secure so it is important to consider confidentiality risks in all information exchanges with patients and colleagues.
“Doctors must be satisfied that there are appropriate security arrangements in place and consider the potential for data security breaches in all electronic communications involving confidential patient data,” says Dr Martin. “You should also refrain from discussing clinical issues via email. For routine inquiries, an email exchange can be a convenient way of communicating. However, it’s not a substitute for face-to-face consultations. Finally, any electronic exchange with a patient should be considered part of the patient’s medical records and be recorded.”