There is some concern that organisations may face sanctions or disciplinary actions if they communicate with patients by email, especially during this pandemic but with some care and consideration it is quite acceptable to use email. We have set out some guidance on the use of email which will help you ensure data is being protected. .
The current policy is based on a red, amber, green classification. Emails classed as red or amber must be sent via the secure email system.
SPECIAL CONDITIONS
Email is one of several important communications channels with patients and the wider public and we use this route in our everyday lives ad are familiar with it. But as with paper letters there are security and practical issues to contend with. The following steps can be taken to make email possible as a form of communication if there is:
- Patient consent
- Pre-agreed green/amber communications (e.g. keeping in touch, appointments, queries and options for treatment)
- Manage expectations, if the email conversation begins to stray into more sensitive territory then other channels may be required.
- Agree and test the email address prior to sending personal information
- One email = One Patient
- Do not email the medical record unless it is encrypted.
- Keep it professional as any other form of medical correspondence
- Adhere to your records management policy. Emails are also subject to Freedom of Information, Subject Access Requests and Data Protection principles (e.g. accuracy, retention, relevance, etc.).
Use of encrypted email.
Access using a safe-space site is probably the most common way of receiving and sending high sensitive encrypted emails (e.g. NHS Mail [secure] option). It requires the recipient to register online. This is not more complicated that registering for any of the most common social media channels.
If your organisation is using NHSmail, a secure email service, there is guidance here to exchange data with patients who don’t have accredited email services via the NHS mail encryption feature.
Further guidance on use of email.
You can find further guidance here, and FAQ.
The Professional Records Standards Body (PRSB) has also published independent guidance. However, none of this guidance replaces your organisation’s policies, if you intend to communicate by email, specially within the amber and red categories, you must consult with your local Data Protection Team.