Security
      Back to home
      1. Knowledge Base
      2. Security

      Reasons for not using email to communicate with a Patient

      Using email seems the simplest way to communicate with patients. There are dangers with promoting the email address on the website as well as complications.

      Using email seems the simplest way to communicate with patients. There are dangers with promoting the email address on the website as well as complications.

      NHSmail security

      The footer included in nhs.net mail contains the following text
      "NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services."

      Email services provided to general public are not accredited. This means that when a patient contacts you by email the information that is sent to you is not secured and the emails you send to the patient my not secure.

      By using email you are inviting patients to contact you without informing them of the risks, so they may send sensitive information unwittingly.

      Transparency

      The following extract has been taken from Email and text message communications - NHSX

      "Transparency information
      It is important to be clear and upfront with patients/service users about the scope and purpose of the service being offered, how their personal data will be used and accessed and individual rights. Information should be made available explaining to the patient or service user how their information will be used and what information will be texted/emailed (e.g. appointment reminders). It should also be clear that text messages and emails will not be read during non-working hours and therefore should not be used for urgent queries. "

      An auto responder from email is not an 'upfront' way of informing the patient of how you you use their personal data. And in fact it is too late as they have already transmitted it.

      Confidentiality

      The following extract has been taken from Email and text message communications - NHSX

      "Confidentiality
      It is important to consider the possibility that someone else may read a text message or email that you send to a patient or service user, e.g. a family member accessing their unlocked mobile phone, or the phone being passed on, sold or stolen and ending up in the possession of someone else. With this in mind, consider what information it is appropriate to include and whether clinical information, e.g. test results, should be shared via a portal requiring user verification, such as Patient Online or the NHS App. Only the minimum amount of personal data for the purpose should be communicated via email/text."
      All emails sent by patients will have an email trail within their device.

      Encryption Facilities are not available to the Patient

      There is an encryption facility which can be used, but you have to set this up with the patient before it can be used Sharing Sensitive Information Guide for NHSmail and Encryption Guide for NHSmail and does not protect the original message from the patient.

      Related articles