GP practices are regularly seeking advice on how to ensure patient confidentiality when using electronic records, according to medicolegal organisation the Medical Defence Union (MDU).
“Electronic records and communications are an increasing feature of GP practices and members may justifiably feel they are a valuable and efficient tool,” said MDU medicolegal adviser Dr James Armstrong.
“However, compared to paper records, they do pose slightly different challenges when it comes to safeguarding patient confidentiality and MDU members regularly contact us for risk management advice about this.”
Areas addressed by Dr Armstrong include emailing correspondence about patients; protecting information when transferring records electronically; upgrading computer systems; and the need to scan hospital correspondence.
One example and the key points of his advice is set out below:
“Can we send correspondence about patients by email?”
- Where an email contains patient information, you must consider the risk of the email being intercepted and ensure that it is effectively protected against improper disclosure at all times.
- Any email exchange with or about a patient should take place only with the patient’s full agreement, in line with the Data Protection Act 1998.
- You have a responsibility to ensure robust security measures are in place, such as encryption of data.
- Ιt is prudent to satisfy yourself that adequate security is in place at the receiving end.
- The General Medical Council says that, if necessary, you should seek appropriate authoritative professional advice on how to keep information secure and you should record the fact you have taken such advice.
Related article: A record achievement? Summary Care Records explained