Texting, faxing and emailing patients

Communication with patients by SMS text message, fax and email

The Medical Council Guide to Professional Conduct and Ethics for Registered Medical Practitioners provides clear guidelines in relation to maintaining patient confidentiality and this should always be observed when communicating with patients. A doctor should protect a patient’s privacy by keeping records and other information about patients securely and guarding against accidental disclosures. Doctors must comply with data protection and other legislation relating to storage, disposal and access to records.

Under the Data Protection Acts 1988 and 2003, persons are required to register details with the Data Protection Commissioner if they record data on a computer relating to the physical or mental health of identifiable individuals. GPs are data controllers in relation to their patients’ medical records. Registration with the Data Protection Commissioner must be renewed on an annual basis. Registration can be completed online on the website of the Office of the Data Protection Commissioner www.dataprotection.ie.

1. SMS Text Message:

GPs are responsible for processing “data” about their patients and must ensure adequate security measures are in place before sensitive personal information is processed. While sending of text or SMS messages to patients may seem to be an efficient and appealing means of communication, difficulties can arise if sending confidential information in this manner, as text messages can be read by people other than the intended recipients and phone numbers may have changed. It is, therefore, advisable to restrict messages by text to matters which are non-clinical, such as appointment reminders or notification that non- specific test results are available and not to give the patient’s name or identifiers in the message so that if it is delivered to the incorrect phone, the person receiving it does not know who the message was intended for. As with all communications with a patient it is advisable that you include details of all text and fax messages on the patient’s chart.

A patient has a right to determine for himself/herself when, how, and to what extent information about his/her is communicated to others. It is, therefore, advisable to obtain informed consent in advance from your patients to communication by means of text messages. Provision of a mobile phone number in and of itself should not be seen as consent to receive text messages. Ideally when a patient is registering their details they should be asked to provide written consent to communication by text message for specified purposes and this should be kept on the patient’s chart. Such consent will need to be renewed if the manner in which you communicate with the patient changes significantly and /or the content and purposes for which you use text messages changes. Patients must be given an opt-out or more ideally an opt-in to this form of communication. The patient should be informed as to what the general content of messages will be and how the source of the communication shall be indicated. They will then have the opportunity to make a decision, based on their personal circumstances as to whether they wish to receive such messages. If a patient gives consent they should be advised to inform the surgery of any changes to their contact details.

Considerations when sending text messages to patients:

  1. Has the message been sent to the patient’s correct mobile number? 
    Patient details should regularly be checked and updated particularly when ordering investigations.
  2. No confirmation of receipt. 
    There are no guarantees that the text message has arrived at its destination.
  3. Is the message urgent? 
    Urgent messages are not suitable for text messages as some people may not have their mobile phone switched on or there may be a delay in the network. ‘Appointment Reminder’ text messages should be sent a few days in advance of the appointment.
  4. Text content: 
    Text messages to patients should be of limited length and have a minimal amount of detail so as not to give too much information to anyone else. For example, you may identify your medical practice provided this does not provide clues as to the patient’s clinical condition. “Text-speak” should be avoided.

Considerations when receiving text messages from patients:

Patients may wish to send messages for some services - for example requesting prescriptions or appointments. While facilitating this means of contact from patients may provide considerable benefits for some patients, these messages must be processed effectively with procedures in place to ensure an appropriate level of safety and security.

The patient should be required to identify themselves in their text message but this alone cannot be relied upon and the mobile number must also be checked against the patients details contained in their records.The message details should then be transcribed carefully into the patient’s file.

2. Fax Messages:

The transmission of personal health information to a patient by fax should be avoided. In circumstances where medical information is required urgently and a more secure means of communication is unavailable the following should be taken into consideration:

  1. Make sure that the patient information is being sent to the correct fax number. If an auto-dial function is being used, be sure that the number has not been changed.
  2. The recipient should be notified by phone that the fax will arrive shortly.
  3. Request the recipient to confirm by phone that the faxed document has been received.
  4. Fax machines which are used to transmit and receive confidential information should be kept in a secure area and not accessible to the general public.
  5. Make sure a fax cover sheet is included which clearly identifies the sender and the intended recipient.
  6. The fax cover sheet should indicate that the information contained is confidential.
  7. Confirm the correct number of pages were sent and received.
  8. Check confirmation sheet to ensure there were no errors.
  9. Keep the fax confirmation sheet together with the faxed material on file.

Sample confidentiality notice:

“The information contained in this facsimile message is privileged and confidential information intended for the use of the individual or entity named above. If you have received this fax in error please contact us immediately and then destroy the faxed material”
ICGP’s A Guide to Data Protection Legislation for Irish General Practice 2011 (7.1.5)

3. Email

If using email communication with patients, the practice should have an email communications policy which incorporates safeguards in order to preserve patient confidentiality. Ensure that the patient has given consent for email communication. A system should be in place so that emails are replied to in a timely manner. All communication by email should be included in the patient’s medical chart. Do not use email to respond to complicated problems or engage in an exchange of emails if a consultation would be more appropriate.

It is important to ensure that there are appropriate levels of email encryption. Consult your IT provider to ensure that proper safeguards are in place so that clinical system information remains as secure as possible. Personal health information should not be transmitted by GPs to hospitals and other health providers by e-mail unless it is encrypted or a secure electronic pathway, such as Healthmail, has been established between the GP and the secondary health provider.

Notwithstanding appropriate measures to protect the security and confidentiality of email information sent and received, it must be considered that email communication remains subject to risks which include:

  • Email can be forwarded, printed and stored in numerous paper and electronic forms and be received by many intended and unintended recipients without the sender’s knowledge or agreement
  • Email may be sent to the wrong address by any sender and receiver
  • It is easier to forge than handwritten or signed papers
  • Copies of email may exist even after the sender or receiver has deleted his or her copy
  • Email can be inappropriately accessed or intercepted during transmission without detection or authorisation
  • Email service providers have a right to archive and inspect emails through their systems
  • Work email systems are the property of the employer and subject to inspection by them
  • Email can spread computer viruses.

Monitor email queries at regular intervals and ensure that they are brought to the attention of the relevant person. Set up an automated response to indicate that the email has been received including details on when the patient may expect to receive a reply. It may also include direct contact details recommending how the patient should contact the practice for urgent matters.

Remember that email communications are an important part of the medical notes of a patient and must be recorded there.

4. Medical Council Guidelines regarding web-based communication

Section 43.3 of The Medical Council’s Guide to Professional Conduct and Ethics for Registered Medical Practitioners states:

A doctor “must follow the standards of good practice set out in this Guide, whether you provide services using telemedicine or traditional means. In particular, you should:

  • make sure that patients have given their consent to conduct the consultation through telemedicine and consent to any treatment provided. See paragraphs 9 to 13;
  • follow paragraph 44 of the guide if you advertise on websites or similar media; protect the privacy of patient information through effective security measures; protect patients’ privacy by following the guidance on confidentiality and medical records set out in paragraphs 29 and 33, and explain your information policies to users;
  • comply with data protection principles if you transfer and personal patient information to other jurisdictions; and
  • inform the patient’s general practitioner of the consultation (see paragraph 33.3)”

Paragraph 44.1 states “Information about medical services published in the media, internet or other means is generally in the public interest provided the information is factually accurate, evidence-based and not misleading.”

You must include your Medical Council registration number on your letter headings, medical prescriptions, and all other documentation and records (paper or electronic) related to your practice or in any information published about your practice including your website site. Information about your practice or services must also make it clear that “doctors may only practise in countries in which they are registered”.



Share this article: