10 golden rules when sharing patient info by email

By Philip Ward, AuntMinnieEurope.com staff writer

December 12, 2019 -- Electronic systems make it quick and easy to transfer patient data and images, but it's vital to ensure sensitive information remains secure. In a new report about patient confidentiality, the U.K. Royal College of Radiologists (RCR) gives 10 simple email rules to follow.

These are the rules:

  1. Never autoforward mail to other accounts.
  2. Mark all email subject lines as "confidential." Do not include any patient information (e.g., hospital or National Health Service [NHS] numbers) in this line.
  3. In the text, use the minimum number of patient identifiers. Avoid using names and dates of birth where possible.
  4. Delete emails that contain patient information as soon as practicable.
  5. Think carefully about giving proxy access to anybody. Ask yourself: Is it appropriate for secretaries and personal assistants to see patient information?
  6. Be very careful when using group email accounts. This particularly applies to general practitioner inquiries. Group accounts should only be set up after agreement with your information governance officer and/or data protection officer.
  7. Be careful when replying to emails from patients or other members of the public. "You have no way of knowing who may read it or where it may end up. It is good practice just to acknowledge receipt of such emails and to request verification of their legitimacy via other means such as standard mail or a telephone call. Limit the exchange of sensitive data as far as possible," the authors noted in the RCR report.
  8. Remember, email has the same legal status as a letter. Emails can be submitted as evidence in court and can also be requested via the Freedom of Information Act, for instance.
  9. Be aware of different types of email accounts. In the U.K., ideally you should only send patient information to accounts ending with @nhs.net. If you have to use another type of NHS account -- for example, @somewhere.nhs.uk -- be sure of the identity of the recipient before you send the email.
  10. Do not import NHS mail account settings into your mobile device email client. This means confidential information can potentially be stored on your device and then inadvertently backed up to the cloud. Only access email remotely using the NHS web portal.

Duties and obligations

Overall, radiologists must be mindful of the duties of confidentiality placed on them by law, in particular the European Union's General Data Protection Regulation (GDPR) 2016 and national legislation such as the U.K. Data Protection Act (DPA) 2018, explained the authors of the 24-page RCR report called "Guidance on maintaining patient confidentiality when using radiology department information systems."

Radiologists are also bound by the professional obligations imposed by relevant medical councils, as well as local information governance and contractual requirements, and this is no different to the way other doctors are required to maintain patient confidentiality on hospital ward rounds, in clinics, in general practice surgeries, etc., they added.

The report aims to provide information on what to do in commonly encountered data sharing situations.

"With this knowledge, and the application of common sense, radiologists should be in a better position to comply with the law and provide the level of confidentiality that patients expect," the authors point out. "A note of caution however; data confidentiality and the legislature surrounding it are complex and constantly evolving. You are strongly advised to seek the guidance of your local data protection officer before commencing any new patient data handling processes."

They acknowledged the contribution of members of the RCR Radiology Informatics Committee and Mark Scallan, head of information governance at Royal Cornwall Hospital.

You can download a copy of the document free of charge from the RCR website.

Beware the perils of revealing data on social media
Sharing patient data on Facebook and WhatsApp involves a breach of European data protection regulations and can have serious consequences, according to...
Hospitals fall short on cybersecurity, report shows
Fresh evidence has emerged of the lack of staff training in cybersecurity and the serious problems facing hospitals in the ongoing struggle against increasingly...
Cybersecurity threats pose challenge to radiology's future
Keep aware of the need to protect imaging equipment from cyberrisks that pose a threat to the safety of patients and institutions, urged Dr. Jacob...
Cybersecurity: A time bomb for European radiology
Five months on from the crippling impact of the WannaCry cyberattack that affected one-fifth of U.K. hospitals and many other health providers across...
U.K. radiologists struggle to cope in wake of cyberattack
As staff in U.K. public hospitals draw breath after the unprecedented cyberattack that strangled many departments over the weekend, radiologists have...

Copyright © 2019 AuntMinnieEurope.com

Last Updated pw 12/12/2019 1:04:18 AM