Electronic communication can provide a useful and alternative point of access for patients. However, you should make sure that, if sensitive information needs to be sent electronically, safeguards are in place to avoid breaching patient confidentiality. This factsheet sets out the potential risks of electronic communication.
Use of email
Email is an attractive way for patients to communicate with doctors, and the demand for such a service will undoubtedly increase over time.
Safeguards are required in order to preserve patient confidentiality. Unless messages are encrypted, patients should be aware that their messages could potentially be read by someone else. The Malaysia Medical Association's (MMA) Code of Medical Ethics stresses it is the doctor’s responsibility to ensure patient confidentiality.
Only appropriate matters should be dealt with via email exchanges, eg, appointment scheduling, ordering repeat prescriptions and obtaining test results. A standard protocol for email exchanges could prevent emails from patients asking for more complex information about medical symptoms or their proposed treatment, which would be difficult for the practice to respond to quickly and appropriately.
The MMA warns that email consultations may compromise standards of care where: the patient is not known to the doctor; there is little or no provision for appropriate monitoring of the patient or follow-up care, or where the patient cannot be examined. It is important to ensure that all emails to and from the patient are included as part of the patient’s medical record.
It is a good idea to:
- Ensure that there are appropriate levels of encryption.
- Liaise with your IT provider to ensure that appropriate safeguards are in place and information on the clinical system remains secure.
- Have an automated response indicating that the email has been received, when the patient should expect to receive a reply and with a recommendation that they should contact the practice directly if the matter is urgent.
- Monitor email enquiries at regular intervals and ensure that they are promptly brought to the attention of the relevant person.
- Respond in a professional manner and, in particular, avoid “textspeak”.
- Give consideration as to whether or not you wish to respond from your personal (as opposed to the practice) email address and, if so, you should ensure that there is a mechanism in place to deal with enquiries that arrive whilst you are on leave or away from the practice.
It is important not to:
- Forget that email exchanges are an important part of a patient’s medical records.
- Underestimate the amount of work that is likely to be involved in both setting up and maintaining such a system.
- Forget that many of the subtleties of communication, including non-verbal cues, are lost when communicating by email.
- Use email to respond to complicated or difficult problems.
- Forget to set aside some time in the working day to respond to email enquiries.
- Forget to have robust procedures in place to follow up any matters that arise from an email exchange.
MPS has dealt with a number of cases where information has been picked up by the wrong person, often because of misdialling or out-of-date fax numbers. This can mean that patient confidentiality is breached and treatment is delayed, due to the time lapsed until the information reaches the correct person.
Doctors are advised to:
- Only use fax machines to send sensitive data if it is absolutely necessary to do so, eg, for urgent referrals, and when no other means of requesting the referral is available.
- Ensure any fax machines are only accessible to authorised staff, and are placed in a secure location.
- Check with the intended recipient before sending that incoming faxes are only picked up by authorised staff, and ask them to confirm when it has been received.
- Ensure confidential faxes are not left lying around by the recipient.
- Use pre-programmed fax numbers wherever possible, rather than hand-dialled numbers, to avoid the risk of misdialling a number when sending sensitive information.
- Send a cover sheet along with the fax, containing a confidentiality statement.
- Only the minimum amount of personal information necessary should be sent by fax and, where possible, should be anonymised or a unique identifier used.