FLU season will soon be upon us and one obvious means of alerting specific patient groups needing vaccination is via a group email. Consider though the case of a general practice surgery which sent out an alert via a large email distribution list.
The practice nurse composed the email and added the distribution list in the To… field rather than the Bcc… (blind carbon copy) field. This meant that each recipient of the alert could view all the email addresses and possibly identify everyone else on the distribution list.
This may seem a minor error but in effect constituted a breach of confidentiality for every patient on that list – as being on such a list or even a patient at a particular practice is confidential information. Not only was the practice in violation of the Data Protection Act, its actions also ran counter to guidance from regulators such as the GMC and GDC.
In the end the practice was advised to contact both the Information Commissioner’s Office (ICO) in regard to the breach and each individual patient on the distribution list, admitting the breach and offering an apology. This case illustrates just one of the possible risks practices take in using email or texting to routinely contact patients.
Benefit to risk
Email and – to a more limited extent – texting offer some very obvious benefits in communicating with patients. Sent out in bulk they reduce time and postage or telephone costs involved in contacting large groups of patients. On an individual basis they can eliminate the need for direct face-to-face or telephone consultations in routine inquires such as making or changing appointments, repeat prescriptions or test results. Patients can send a message to the practice at any time of the day or night and staff can respond at their convenience. Electronic communication can also increase access to care for the homebound or patients living in remote areas.
In this era of increasing reliance on primary care services, email and other means of remote communication offer an additional way of managing patient demand. But with the benefits come a number of risks involving both data security and patient confidentiality, as well as the nature and quality of patient contacts and the potential for practice system failures. Here we consider the former.
Healthcare professionals have a duty to ensure that any patient records they hold remain secure. With doctors and dentists increasingly using email to communicate with patients and colleagues, the risks of confidentiality breaches increase. It is important to be familiar with the policies and procedures issued by employers or contracting bodies which are designed to protect patients’ privacy. The Data Protection Act 1998 requires information to be fairly and lawfully processed and a serious breach of the Act can result in a complaint to the ICO who have wide-ranging powers, including the ability to impose large fines.
Any practice using email or text to communicate with patients should have their expressed and explicit consent. It may also be a matter of agreeing levels of disclosure. Is it for call backs or for vaccinations or more personal matters, such as test results? Patient confidentiality extends to even whether a patient is registered at a particular practice or has arranged an appointment for a particular time.
It is important to consider just who has access to an email account or a mobile phone – it could be more than just the patient. Personal circumstances and relationships within families are all different and you must not presume to know what people might want to keep private, even from parents or spouses. Patients should be made aware that unencrypted messages could potentially be read by someone else and only pre-agreed matters should be dealt with via email exchanges.
Many practices now allow for patient contact through secure password-protected online systems such as Patient Access in EMIS. This can reduce some of the risks but no system can be completely secure so it is important to consider confidentiality risks in all information exchanges with patients and colleagues.
In terms of using email systems the ICO offers the following general advice:
• Consider whether the content of the email should be encrypted or password protected. Your IT or security team should be able to assist you with encryption.
• When you start to type in the name of the recipient, some email software will suggest similar addresses you have used before. If you have previously emailed several people whose name or address starts the same way – e.g. "Dave" - the auto-complete function may bring up several "Daves". Make sure you choose the right address before you click send.
• If you want to send an email to a recipient without revealing their address to other recipients, make sure you use blind carbon copy (bcc), not carbon copy (cc). When you use cc every recipient of the message will be able to see the address it was sent to.
• Be careful when using a group email address. Check who is in the group and make sure you really want to send your message to everyone.
• If you send a sensitive email from a secure server to an insecure recipient, security will be threatened. You may need to check that the recipient’s arrangements are secure enough before sending your message.
Breaches in patient confidentiality or data security may not only lead to difficulties with the ICO but could also result in an investigation and sanctions by the health Ombudsman or the GMC or GDC. Contact an MDDUS adviser if you are in any doubt over the routine use of email or other forms of electronic communication with patients.
ACTION Consider the potential for data security breaches in all electronic communications involving confidential patient data.