Why Emails are not all they are cracked up to be

How web technologies have moved on to provide a greater and improved experience for all patients with accessible needs.

Email is now 50 years old, and whilst a lot of technology has changed since it's conception emails themselves have not. There have also been significant changes in data control standard most notably the introduction of the General Data Protection Regulation (GDPR) and Privacy and Electronic Communications Regulations (PECR). These both sit along side the general Data Protection Act which is ever evolving to encompass developments in security standards, and form legal standards for all organisations to follow.
 
Both GDPR and PECR contain specific standards for keeping communications services secure and set out different levels of protect for different types of data. Organisation that provide NHS Services deal with more sensitive levels of data which is generally know has Patient Identifiable Data (PID) which falls into the Special Category for GDPR and therefore require the highest level of protection.
 
Here is the main elements which fall under Special Category Data
  • personal data revealing racial or ethnic origin;
  • biometric data (where used for identification purposes);
  • data concerning health;
  • data concerning a person’s sex life; and
  • data concerning a person’s sexual orientation.
Emails do not meet the required standards for protection as they are not encrypted, and as an organisation that predominantly handles 'data concerning health' this is a real problem for them.

They also have a responsibility to protect their digital infrastructure to a higher level because they work predominantly with the list of data shown above. 
 
Promoting an email on a website, gives hackers all they need to start a relentless and intelligent campaign to gain access to the surgeries digital infrastructure. Remember this is now powered by Artificial Intelligence.
 
 
“These figures are a reminder that when it comes to stealing confidential data and wreaking havoc, cyber-criminals still consider our health service to be fair game. Unfortunately, these scam emails are often incredibly realistic, lulling the victim into a false sense of security to hand over passwords, patient records and sensitive information by impersonating legitimate brands and even fellow employees.”
 
 
Technology has moved on to support those with accessible needs. As part of the roll our of the new GDRP standards government implemented the Website Content Accessibility Guidelines (WCAG) which sets out clear instructions on how to make a website accessible to over 3 million of the UK's population
 
They explain how to make digital services, websites and apps accessible to everyone, including users with impairments to their:
  • vision - like severely sight impaired (blind), sight impaired (partially sighted) or colour blind people
  • hearing - like people who are deaf or hard of hearing
  • mobility - like those who find it difficult to use a mouse or keyboard
  • thinking and understanding - like people with dyslexia, autism or learning difficulties
We are currently on version 2.2 of the standards which are ever evolving to the latest developments.
 
Those organisation who offer Public Services have to reach a level of AA or higher otherwise they may be breaking the law under the Equalities Act, so it is something that they cannot ignore
The intention of these standards is to make the website the main element of their Accessible strategy and ensures that:
  • All content on the website can be used with the assistive technology which is at the fingertips of the general population i.e. Your Device and your browser.
Emails are now replaced with Online Forms which are fully accessible. They also have additional protection to ensure the hackers can't use them as a channel for attacking the surgery.
 
There is also significate benefits for Surgeries to operate in this manner. Not only can they can comply with all the legal standards as detailed, it saves them the most valuable and limited commodity, time! At the same time Patients will also benefit from more efficient services.
 
Lets look at a typical email communications and consider the extended process that this can cause the surgery. This
  • The 1st and most common, is that patients email the surgery for information that they can get from the website. During the pandemic, replying to emails was the biggest contribution to service issues and disruptions.
  • The initial email does not contain all the information that is needed to complete the request. This means a member of staff has to contact the patient back and await a reply. An Online Form for the same purpose will include the required information as mandatory questions, so there are less delays.
Emails can still be used should the surgery wish to supply an address to a patient specifically, but the promotion of the email for mass usage is the real issue.
The simple an most affective method is to use online forms (we call ours SmartForms).
Our SmartForms
  • Fully WCAG (AA) Compliant and can be translated into any language.
  • Digital signature, file uploads and more
  • Fully Customisable
  • Significantly reduce workload as they ensure the surgery has the right information upfront

The possibilities are endless.