Smartphones at work

Always consider patient confidentiality and seek permission before using your phone at work.

SMARTPHONE ownership has increased rapidly across the UK in recent years and healthcare professionals are no exception to this trend.

Research has shown a growing number of doctors and dentists are using their devices in the delivery of patient care, whether it is making use of photo messaging or accessing the latest clinical apps.

But do you think about the security of patient data and issues of confidentiality when using your phone? MDDUS is aware of cases where doctors – even those with the best of intentions – have found themselves in professional difficulties resulting from the use of their device at work.

Perhaps not surprisingly, trainee doctors feature prominently amongst smartphone users.

A recent survey in the Postgraduate Medical Journal questioned 108 foundation year 1 trainees, and 102 of them said they owned a smartphone. Of those, on at least a daily basis for the purposes of work, 83 per cent said they made/received phone calls, 87 per cent sent/received texts and 41 per cent sent/received emails on their phone. What’s more, 53 per cent had used their smartphone to take a work-related picture, in most cases to get advice about a wound or for research purposes.

Apps are also commonly used by trainees, with popular ones provided by the British National Formulary, MIMS, SIGN and NICE.

The PMJ research concluded: “There is a need for guidance on how patient information can be safely secured and transmitted using smartphones, their appropriate use, and any restrictions on the use of these devices in certain clinical settings.”

It called for improved hospital policies on mobile and smartphone usage to avoid confidentiality breaches.

There are a number of key points to keep in mind when using your phone at work.

Before considering whether to take a photograph of a patient on a mobile phone, you should be aware of your local organisation’s policy and seek approval to do so from your employing or contracting body, a Caldicott Guardian (the person responsible for ensuring data security) or equivalent. Robust arrangements must be in place to transfer the image to the medical/dental records and to ensure that the image is kept securely and protected from unauthorised viewing.

The General Medical Council has investigated a number of doctors in recent years in relation to patient photographs, often where the doctor’s intentions have been wholly appropriate.

Be sure to comply with GMC guidance Making and using visual and audio recordings of patients which states: “You must get the patient’s consent to make a recording that forms part of the investigation or treatment of a condition, or contributes to the patient’s care… You should explain to the patient why a recording would assist their care, what form the recording will take, and that it will be stored securely.”

The guidance goes on to explain that doctors should, where practicable, explain any possible secondary uses of the recording in an anonymised or coded form and that key elements of the discussion should be recorded in the patient’s notes.

In situations where an adult patient lacks capacity, you must get consent from someone who has legal authority to make a decision on their behalf. Where no one with authority is available or immediate treatment is required, photographs may still be taken where they form an integral part of an investigation or treatment.

The General Dental Council’s Standards for Dental Professionals guidance also highlights the importance of confidentiality, stating: “The duty to keep information confidential also covers recordings or images of patients such as photographs, videos or audio recordings, both originals and copies, including those made on a mobile phone. You must not make any recordings or images without the patient’s permission.”

The GMC’s Confidentiality guidance makes it clear that any personal patient information that you hold or control must be “effectively protected at all times against improper disclosure”.

It adds: “You must make sure that anyone you disclose personal information to understands that you are giving it to them in confidence, which they must respect.”

The GMC acknowledges that many breaches of confidentiality are unintentional and advises against discussing identifiable patient information where you can be overheard, whether in a public place or in an internet chat forum.

Healthcare professionals should not share passwords or leave patient records (on paper or on a screen) unattended or where they can be seen by others. Other basic precautions are advised, such as ensuring your device has its passcode lock activated with a limit set on the number of failed attempts allowed.

Many NHS policies on mobile phone use by doctors/dentists relate more to practical aspects of phone maintenance and fair usage rather than issues of confidentiality, but some do go into more detail.

Rotherham CCG, for example, has a smartphone and tablet policy which states: “Where the processing of NHS patient information is proposed on smartphone or tablet devices, additional authorisation must be obtained from the organisation’s Caldicott Guardian and the device must use encryption software.

“Sensitive data, including that relating to patients, should not routinely be stored on an NHS device and where necessary should be kept to the minimum required for its effective business use in order to minimise the risks and impacts should a breach occur.”

If you use your smartphone for personal messages/emails, take extra care to ensure any patient-related correspondence is kept separate and that patient details or images are not stored on the device.

ACTION: Seek permission from your employing/contracting body before using your smartphone at work. Be mindful of confidentiality issues and secure patient consent.