In The Australian last week an article appeared reporting that a large teaching hospital in Melbourne has been using standard e-mail to send discharge summaries to GPs. Further it was reported that this had been approved by the hospital following a decision by the hospital's privacy committee that the benefits of rapid communication outweighed the risks to patient confidentiality.
The questions this action poses are interesting and, to a degree, contentious. What they boil down to are essentially - What place does standard e-mail have in daily clinical practice? – Should its use be constrained? - What alternatives exist to achieve the outcomes sought by the hospital (rapid communication of important information to the relevant GP)?.
The essential facts are these.
Firstly traditional un-encrypted e-mail is simply an insecure communications medium. Even more worrying is that it is a very persistent (long lasting) medium where, with enough effort, months or years down the track e-mail can be retrieved. Why - because e-mail seldom goes directly from sender to recipient (it typically passes through one, two or more intervening servers all of which often keep a copy) and anyone who has access control to that server can read any e-mail on it.
Secondly the recognition that e-mail is insecure has provoked privacy organisations and general practice organisations to consider – How should email best be used?.
Thirdly, the ubiquity and ease of use of e-mail, makes it imperative that rather than apply blanket bans or approval a reasonable, responsible, balanced and pragmatic approach to e-mail use, between hospitals and GPs, and between patient’s and GPs, should be developed. I and many others have been using e-mail in one form or another for almost two decades. To-date I have had no problems although others have, ranging from e-mails being leaked to the press to marriages being threatened by receipt of misdirected or accidentally copied or forwarded e-mail.
For GPs it seems clear that the guidelines developed by the General Practice Computing Group (GPCG), and available from their website, provide a sensible and well thought out approach for the use of e-mail when communicating with patients . The essential elements of this approach are to treat e-mail as official correspondence, get informed consent as to the risks of disclosure from the patient before using e-mail, do not use e-mail for any urgent matters, have a properly worded disclaimer on the footer of any patient e-mail and do not include anything in e-mails that could potentially embarrass or upset a patient. A practice policy as to security of e-mail, filing of e-mails in patient records and response time back to the patient are also sound and needed steps.
GPs who are concerned can, of course, set up various technology based secure links with regular patients – but such approaches are not really generally applicable given the effort required by both parties and the cost. Better would be an agreed national approach to secure e-mail for GPs to communicate with patients rather than the present – albeit obviously interim - situation we have at present.
The circumstances for hospitals are a little different in my view. They should obtain informed patient consent and carefully review any content sent for potential patient compromise – if it would cause the patient distress, or if the information were to appear on the front page of The Australian, it should not be sent. Ideally, however, large organisations should take advantage of the availability of a range of secure, encrypted clinical e-mail messaging services (such as Argus, Medical Objects, HealthLink and others) and use one of those services to send information back to their referring GPs.
In all cases it is the sender of the e-mail who must get informed consent from the affected individual before any unsecured e-mail is sent.
Over time we can hope that the work being undertaken by the National E-Health Transition Authority (NEHTA) will lead to the emergence of secure clinical messaging services where no possibility of breach of patient trust and confidentiality is possible.
David.
0 comments:
Post a Comment