This site is intended for health professionals only

GPs risk email security breaches

By Lilian Anekwe

Exclusive: GPs are putting confidentiality at risk by sending medical information to patients’ personal email addresses and failing to use encryption software, general practice IT experts are warning.

A Pulse survey reveals GPs are increasingly making use of email as a means of consulting with patients – nearly one in five say has already consulted over email – but many are not taking adequate security measures.

The survey of more than 500 GPs found 18% had provided email consultations in response to requests by patients, and a further 1% after an email consultation had been offered by a practice colleague.

The great majority – 77% of those who had given email consultations – had used a secure NHS email address. But 50% admitted they had sent information to patients’ personal email addresses, which could risk security breaches.

Only 12% of GPs said they used encryption tools when emailing patient identifiable information, just 8% had used a security function provided by their practice computer system, and only a tiny minority – 1% – had used Connecting for Health’s Communicator function.

GPs remain uncertain of the benefits of email consultation. When asked if the benefits outweighed the drawbacks, 12% said yes, 24% no and 53% were unsure.

But IT experts said pressure was likely to grow for email access to GPs – a key pledge of the Liberal Democrat election manifesto – and that it was essential GPs got to grips with security measures.

Dr Manpreet Pujara, clinical director of Connecting for Health’s electronic prescription service and a GP in Rochester, Kent, said: ‘One of the reasons some doctors may be hesitant is that email consultations are not generally recommended. Apart from NHS mail, for sending email clinician to clinician, there’s no recommended facility.

‘We need a wider rollout of Communicator because without doubt we’re going to have to look at new ways of communicating with our patients – coming to the surgery doesn’t suit everyone.’

Dr David Lloyd, medical director of out-of-hours IT at Connecting for Health and a GP in Harrow, Middlesex, said an enhanced version of Communicator would be piloted later this year in an effort to boost uptake, saying it needed to be ‘quicker and simpler’.

‘I’m gratified to hear 78% use an NHS email address – that shows GPs are aware of security issues,’ he added.

But many GPs remain sceptical. Dr Nick Bunting, a GP in Boston, Lincolnshire, said: ‘Email consultation will increase workload and not increase patient benefit or safety.’

Dr David Lloyd: Communicator needs to be quicker and simpler Click here to read the rest of our special issue on IT and information governance. Guest editor