In The Australian last week an article appeared reporting that a large teaching hospital in Melbourne has been using standard e-mail to send discharge summaries to GPs. Further it was reported that this had been approved by the hospital following a decision by the hospital's privacy committee that the benefits of rapid communication outweighed the risks to patient confidentiality.
The questions this action poses are interesting and, to a degree, contentious. What they boil down to are essentially - What place does standard e-mail have in daily clinical practice? – Should its use be constrained? - What alternatives exist to achieve the outcomes sought by the hospital (rapid communication of important information to the relevant GP)?.
The essential facts are these.
Firstly traditional un-encrypted e-mail is simply an insecure communications medium. Even more worrying is that it is a very persistent (long lasting) medium where, with enough effort, months or years down the track e-mail can be retrieved. Why - because e-mail seldom goes directly from sender to recipient (it typically passes through one, two or more intervening servers all of which often keep a copy) and anyone who has access control to that server can read any e-mail on it.
Secondly the recognition that e-mail is insecure has provoked privacy organisations and general practice organisations to consider – How should email best be used?.
Thirdly, the ubiquity and ease of use of e-mail, makes it imperative that rather than apply blanket bans or approval a reasonable, responsible, balanced and pragmatic approach to e-mail use, between hospitals and GPs, and between patient’s and GPs, should be developed. I and many others have been using e-mail in one form or another for almost two decades. To-date I have had no problems although others have, ranging from e-mails being leaked to the press to marriages being threatened by receipt of misdirected or accidentally copied or forwarded e-mail.
For GPs it seems clear that the guidelines developed by the General Practice Computing Group (GPCG), and available from their website, provide a sensible and well thought out approach for the use of e-mail when communicating with patients . The essential elements of this approach are to treat e-mail as official correspondence, get informed consent as to the risks of disclosure from the patient before using e-mail, do not use e-mail for any urgent matters, have a properly worded disclaimer on the footer of any patient e-mail and do not include anything in e-mails that could potentially embarrass or upset a patient. A practice policy as to security of e-mail, filing of e-mails in patient records and response time back to the patient are also sound and needed steps.
GPs who are concerned can, of course, set up various technology based secure links with regular patients – but such approaches are not really generally applicable given the effort required by both parties and the cost. Better would be an agreed national approach to secure e-mail for GPs to communicate with patients rather than the present – albeit obviously interim - situation we have at present.
The circumstances for hospitals are a little different in my view. They should obtain informed patient consent and carefully review any content sent for potential patient compromise – if it would cause the patient distress, or if the information were to appear on the front page of The Australian, it should not be sent. Ideally, however, large organisations should take advantage of the availability of a range of secure, encrypted clinical e-mail messaging services (such as Argus, Medical Objects, HealthLink and others) and use one of those services to send information back to their referring GPs.
In all cases it is the sender of the e-mail who must get informed consent from the affected individual before any unsecured e-mail is sent.
Over time we can hope that the work being undertaken by the National E-Health Transition Authority (NEHTA) will lead to the emergence of secure clinical messaging services where no possibility of breach of patient trust and confidentiality is possible.
David.
Privacy is truly undermined by unencrypted email.
ReplyDeleteDavid More highlights the issue of a large teaching hospital in Melbourne using standard (unsecured) email to send discharge summaries to GPs.
Is it reasonable to expect a third party to take care when they send sensitive personal information about an individual to another third party? If using Australia Post is it reasonable to expect the information be placed inside a ‘sealed’ envelope?
When a bank sends a credit card and the card’s PIN number to a customer, should the bank put them both in the same envelope? Or is it reasonable to expect the bank to take precautionary steps and send the credit card and the PIN in different envelopes a week or more apart?
Apply the same questions to transmitting medical information between the many third parties involved in treating and caring for a patient.
In that regard Shirley Fairall’s comments on email security are reasonable. Today “there is a viable alternative to unsecured email” – it is called ‘encryption’. She states “that the only way to protect data online is to encrypt it. It then doesn’t matter who intercepts an encrypted email – they can’t see the message or attachments unless they’re the intended recipient.”
Encryption tools available in the market today make this a viable option. Encrypting an email takes milliseconds at the most. That being the case ‘is it not reasonable’ to expect a hospital to take care when sending sensitive personal clinical information about a patient to another third party? Should the hospital make the effort to ensure the information is transmitted securely inside a ‘sealed electronic envelope’?
Somewhat surprisingly David More records that the hospital’s privacy committee had approved the use of standard (unsecured) email to send discharge summaries from the hospital to GPs! It is recorded that the hospital was relying on the argument “that the benefits of rapid communication outweighed the risks to patient confidentiality”. Is this reasonable by today’s standards?
It will not be long before the law is tested on the subject of secure transmission across the Internet of an individual’s clinical information from one health service provider to another. In the UK, an organisation aware of a solution to a problem, such as the need to keep information private, will be found guilty of negligence if they ignore the problem. In the EU, privacy is treated with the seriousness it deserves - the laws are tighter, and organisations are careful about privacy.
Put simply:
- patients’ medical information is sensitive, sometimes extremely so
- there are affordable, practical ways of keeping email and other Internet information private
- keeping information private doesn’t delay its delivery
- many organisations already take care to keep sensitive information private
- making no effort whatsoever is irresponsible.
This is an important issue. It should be addressed as a high priority. It doesn’t need to wait for any legislation. The standards have long been finalised. There is a choice of affordable, uncomplicated, practical solutions readily available, so there’s no excuse for procrastinating.
There are no good reasons why it should not be done; there are lots of reasons why it should.
Dr Ian Colclough
Integrated Marketing & e-Health Strategies
Balwyn North VIC 3104
(m) 0412 059 392
(e) ihsipl@smartchat.net.au
Shirley,
ReplyDeleteThat sounds really interesting - is there a trial version or something that I can download and try out?
Thanks
Steph