The content of this website is intended for healthcare professionals only

GPs warned to seek patient consent before communicating by email

Medical defence organisation sets out potential pitfalls of electronic communication and how to guard against them

Ingrid Torjesen

Wednesday, 05 March 2014

GPs have been warned to agree with patients the level of information that can be disclosed before communicating with them electronically through email and text.

GPs are increasingly being encouraged to use email and text to communicate with patients to increase access for patients, alongside telephone and even video consultations through Skype.

However the Medical and Dental Defence Union of Scotland (MDDUS) has warned doctors that patients must opt-in before receiving any form of electronic communication from their doctor.

MDDUS Joint Head of Professional Services Dr Anthea Martin said: “Not all patients wish to receive emails or texts from their medical practice. It is therefore important that only those patients who agree to communicate electronically receive information via email or text.”

She added that to avoid any potential breach of confidentiality, it is beneficial to agree levels of disclosure. “Does a patient want to be contacted via email or text for vaccinations, rescheduling appointments or repeat prescriptions, or for more personal matters such as test results?”

Where patients wish to receive an email or a text from their GP, there are still risks of confidentiality breaches to consider, even with something as straightforward as rescheduling a patient’s appointment.

“It’s important to consider who has access to an email account or mobile phone – it may not just be the patient. Personal circumstances and relationships within families are all different and you should not presume to know what people might want to keep private,” Dr Martin said.

Healthcare professionals should familiarise themselves with policies and procedures issued by their employer or contracting body which are designed to protect patients’ privacy. They must also be mindful of the requirements of the Data Protection Act 1998 which requires information to be fairly and lawfully processed.

“Doctors who fail to protect patient information risk incurring a fine from the Information Commissioner’s Office (ICO),” says Dr Martin. “Furthermore, failure to adequately secure electronic medical records could result in a GMC hearing or even criminal charges.”

Many practices now allow for patient contact through secure password-protected online systems. “Encryption can reduce some of the risks but no system can be completely secure so it is important to consider confidentiality risks in all information exchanges with patients and colleagues,” Dr Martin said.

“Doctors must be satisfied that there are appropriate security arrangements in place and consider the potential for data security breaches in all electronic communications involving confidential patient data. Doctors should also refrain from discussing clinical issues via email.

“For routine inquiries, an email exchange can be a convenient way of communicating. However, it’s not a substitute for face-to-face consultations. Finally, any electronic exchange with a patient should be considered part of the patient’s medical records and recorded.”

Registered in England and Wales. Reg No. 2530185. c/o Wilmington plc, 5th Floor, 10 Whitechapel High Street, London E1 8QS. Reg No. 30158470