Is it just me, or is there a real problem here?
I've just got off the phone after a very frustrating conversation with our GP's practice manager concerning privacy and security issues. The practice has two online methods of ordering prescription repeats.
1. A secure website that requires registration.
2. Just drop us an email.
I have no problems with the first, I have a big problem with the second. When I raised the issue with the practice, the response I got was: "NHS email is secure". When I informed the practice manager about the realities, including some free email providers reading emails for targetted advertising, she replied, "Yes, I know, but its' the patient's choice". I could not get her t understand that it's not an informed choice.
“Sending information via email to patients is permissible, provided the risks of using unencrypted email have been explained to them, they have given their consent and the information is not person-identifiable or confidential information.”
While it say nothing about patients emailing the NHS, my contention is that the NHS should not be encouraging patients to risk confidentiality by using insecure methods to request repeat prescriptions, especially when a secure method is also provided. I think pretty much all Reg readers would agree that the vast majority of people are uninformed as to the risks involved.
A side issue here is that the practice manager confirmed that there is no verification that the person sending the email request is the actual patient...
A quick trawl using a well-known search engine suggests that many GP practices in NHS England are encouraging repeat prescription requests by email. So, as the title suggests, is it just me, or is there a real problem here?