[DAYS_LEFT] days left of your Medeconomics free trial

Subscribe now

Your free trial has expired

Subscribe now to access Medeconomics

Pitfalls of emailing and texting patients

The MDU's Dr Sally Old points out some common mistakes that can lead to breaching patients' confidentiality

Treat text messages sent to your patients as clinical contacts (Image: iStock)
Treat text messages sent to your patients as clinical contacts (Image: iStock)

The Information Commissioner has the power to levy fines for data protection breaches so always ensure you are contacting the right person. 

It is important to check the basic details to ensure you have the correct patient name and address, fax/mobile phone number or email address and that these are secure and cannot be read by someone else.

Crucial number/symbol omitted

This often leads to the incorrect person receiving an email. For example, in one anonymised case an email containing confidential patient information was sent to jo.bloggs@nhs.net instead of to jo.bloggs2@nhs.net. The former was an administrator in an NHS trust in southern England while the intended recipient was a consultant in a northern England trust in the North.

Personal email used for patient data

The account may be insecure and a confidentiality breach could occur if it is used to send or receive confidential patient data. 

Connecting for Health advises that the NHSmail service is the only one secure enough to use for emailing patient data.

There have been cases where doctors were disciplined for forwarding emails containing patient information to their private email address. Note too that it can be difficult to permanently erase data from personal computers.

Group emails with visible addresses

When emails are sent to a number of patients at the same time and the sender does not select the BCC (‘blind carbon copy’) box for this, a confidentiality breach automatically occurs as recipients can see each other’s email addresses. 

This can be a triple breach revealing:

  • Patients' email addresses to everyone on the list
  • All the recipients are patients of the doctor/practice
  • They have a condition that might benefit from the service offered, such as a vaccination clinic.

Patients complaining about emails and texts

Some patients may complain if contacted by email or text, especially if they worry that other people can access this information.

Many healthcare organisations use texts and emails to remind patients of their appointments.  It is advisable to obtain patients’ consent to be contacted in this way however.

Staff should explain clearly the nature of the information they may receive and that patients can opt out of receiving the service at any time.

No record kept of text messaging

When no record is kept of the patient being texted, this can cause continuity of care problems. It is advisable to consider each text message as a clinical contact and appropriately recorded and actioned.

Any text from a patient should then be deleted from the handset which should be password protected and locked away when not in use.

Dr Old is a medico-legal adviser at the MDU

Useful resource
Information Commissioner guidance for health organisations

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Sign up now
Already registered?
Sign in

Would you like to post a comment?

Please Sign in or register.

Database of GP Fees



Latest Jobs