Appointment systems risks: a breach of confidence

A flaw in a practice's appointment booking system offers a useful lesson in protecting patient confidentiality.

During a recent MDDUS risk webinar – focussing on the risks associated with maintaining patient confidentiality within practice systems – one of the managers attending highlighted a recent significant event within her practice. The response from the other webinar participants suggested the associated risks may not have been fully considered and so we asked the practice to share the details of the event.

Case description

Mrs A calls the practice asking to make an appointment with one of the doctors to discuss the care of her 69-year-old mother, Mrs B. She has a complex medical history and has previously not been concordant with treatment. Mrs A is worried that her mother’s GP is not fully aware of the level of symptoms her mother has been experiencing and the fact that she has stopped taking her medication.

As per normal practice procedure, the receptionist offers to book an appointment for Mrs A with her mother’s usual GP but makes her aware that the doctor may not be able to disclose or discuss confidential issues without Mrs B’s consent. Mrs A accepts this and books the appointment.

For appointments of this nature, it is practice policy to book the appointment in the patient’s name, alerting the GP as to whose record to access. The appointment notes also show the reason for the booking - in this case it is noted that Mrs A wishes to discuss concerns about her mother without her knowledge.

Mrs A attends the appointment but returns the following day, very upset, and asks to speak to the practice manager.

It transpires that Mrs B had received a text reminder about the appointment and had phoned the practice to query it. She was told that an appointment had been made in her name but no further information was disclosed. Suspecting her daughter’s involvement she challenged her, leading to a huge argument in which Mrs A admitted speaking to the GP.

Analysis and outcome

The practice immediately recognised that this incident constituted a significant event and, under the current system, there was the potential for such a problem to recur. The practice investigated the incident and discussed what they could change and learn from it.

Appointment text reminders had been used for several years but this was the first time such a problem had occurred. On closer analysis of the system, risks were also identified in relation to child patients who were transitioning into adulthood. When booking appointments for younger patients, the practice often noted a parent or guardian’s contact number on the patient’s record. This raised the question of whether the system included an alert to review the appropriateness of such an approach for children reaching maturity and legal capacity.

The practice has since introduced an “unregistered booking” facility which means patient names are no longer tagged onto the appointment system text reminders (this means that appointment slots can be booked for non-patients and so are not included in the reminder text process). Staff continue to record information within the patient appointment notes, which show who has made the appointment and why (where this information is known).

Mitigating the risk in your practice

So, with this in mind, have you considered the appropriateness of your own system?

  • How do you deal with relatives and carers who wish to discuss a patient with one of the GPs?
  • Is there a safe way to deal with concerns raised by friends/family, whilst maintaining their confidentiality?
  • Do you review contact details for patients on a regular basis?
  • Are you confident that you have a system in place to reduce the risk of breaching a child’s confidence if they choose to make an appointment without their parent or guardian’s knowledge?

Many thanks to the practice concerned for allowing us to use this anonymised case as illustration of this area of risk.