Email security and patient confidentiality

In the latest in our series on the GMC's new confidentiality guidance, Dr Nicola Lennard, MDU medico-legal adviser, looks at protecting patient information when communicating via email.

The GMC’s new document Confidentiality: good practice in handling patient information has expanded the guidance that it gives to doctors on handling patient information and highlights the risk of inadvertent disclosure of confidential patient information.

Doctors are encourage to communicate with patients in a format that suits the patient including email or text messaging, however the GMC acknowledges that most methods of communication can pose a risk to patient confidentiality. It’s important that GP practices take reasonable steps to make sure that their communication methods are secure.

The GMC’s guidance explains that doctors must make sure any personal information about patients they hold or control is effectively protected at all times against improper access, disclosure or loss.

Unless you are involved in the commissioning or managing of IT systems, you are not expected to be able to assess the security standards of IT systems provided for you to use. However, doctors are expected to develop and maintain an understanding of information governance that is appropriate to their role.

Doctors must also be familiar with and follow the confidentiality, data protection, and record management policies and procedures where they work and know where to get advice on these issues.

Patient consent

The GMC directs doctors to advice on safe email use from the Professional Record Standards Body (PRSB)1 and from the Scottish Government/NHS Scotland.2 The PRSB advises that patients give their informed consent for the use of email and that patients are told about the possibility of confidentiality problems when using email so they are aware of this risk before you send any confidential or sensitive information to them. The patient’s consent should be recorded.


While email has the advantage of being immediate and inexpensive, its use can lead to unintentional breaches of confidentiality.

NHSmail is authorised for sending sensitive information, such as clinical data, between secure email addresses. The acceptable use policy of the NHSmail service can be found here. This includes specific advice on sending sensitive clinical information via email.

To further maintain patient safety and to minimise clinical risk NHS Digital advises that all NHSmail users have a process in place for checking that clinical communications have been received, this may be particularly important when sending referrals or test requests.

Practices also need to have a business continuity plan in place in case NHSmail suddenly becomes unavailable as during the recent global cyber-attack which affected some parts of the NHS. The policy also makes clear that when sending information from an NHSmail account to a non-secure domain, practices must use the NHSmail encryption tool.

Things to watch out for

Many breaches of data are inadvertant and human error can play a significant role. The following tips highlight where some common errors could be avoided and what to do if a data breach happens:

    • A single error in an email address can result in emails being misdirected and so it is important to take the time to check and recheck the recipient’s email address.
    • Practices should have confidentiality, data protection and record management policies for staff to follow covering areas such as the use of passwords, mobile devices and reporting a data breach. There should be a nominated person to advise on data protection.  
    • Don’t send clinical information and patient data from your personal accounts or devices.
    • Use Bcc when sending an email to a group, this will allow the email to go to every recipient but only your email address is visible to the recipients.
    • If forwarding an email to another recipient be careful that the email trail does not contain sensitive information. This information could be within the body of the email, in the email addresses or within an attachment.
    • When sending a sensitive document to a recipient, consider password protecting the document and sending the password either via a separate email, or communicate it to the intended recipient in person.
    • If a mistake happens and confidential information gets into the wrong hands, the patient or patients whose information has been released should be told what information has been shared and with whom.
    • Say sorry to those affected by a data breach and instigate a significant event analysis so that any errors or policy failures can be identified and acted upon.
    • Consider if it is appropriate to inform the Information Commissioner of the breach. The MDU is happy to advise its members on how to respond should an inadvertent disclosure be made.

Read the rest of this series
When can GPs disclose information to the police?
> What can GPs tell family members?
> Disclosing information within the healthcare team 
> Genetic information and confidentiality


  1. Faster, better, safer communications: Using email in health and social care, Professional Record Standards Body, March 2015.
  2. Using email in NHS Scotland: A Good Practice Guide, The Scottish Government and NHS Scotland, 2014

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins


Already registered?

Sign in