Vanessa, a sixteen year-old patient, has attended your practice and returned a positive test result for HSV-2. After discussing the result with her over the phone, you prescribe an antiviral medication and leave the prescription at the front desk for Vanessa to collect.
Your practice receptionist sends Vanessa a message via SMS (text) stating that her “Famvir script is ready to pick up at reception.” However, the receptionist failed to check Vanessa’s patient registration form which clearly indicates that she did not consent to receiving any text communication from the practice.
The next day, Vanessa’s mother rings your practice and demands to speak to you. She has read the text on Vanessa’s phone after she left her mobile sitting on the kitchen bench. She is very concerned and wants to know why her daughter has been prescribed a medication for herpes.
Ultimately, Vanessa is very embarrassed that her mother has been privy to her confidential health information and makes a complaint to the Privacy Commissioner.*
The use of text messaging for recalls and reminders is becoming routine in many practices and hospitals due to postage costs. Our Medico-legal Advisory Service (MLAS) has seen an increase in requests from members for advice on the safe use of text communication to prevent patient privacy breaches like the one above. Organisations can face up to a $1.7 million civil penalty and individuals $340,000 for a privacy breach under the Privacy Act 1988. Doctors and practice staff can protect personal information when using text communication by taking a few simple steps.
1. Have a text messaging policy
It’s a good idea to develop a text messaging policy in your practice or hospital to encourage consistent use of the system. The policy should cover:
- who is authorised to send/receive and respond to text messages
- how messages are included in the electronic health records
- what information may be included or not included in a text message
- how patient consent is obtained and documented
- whether text messages are sent offering goods or health services
- what checks are made to verify the patient’s mobile number is up to date and accurate.
2. Obtain and document patient consent
Remember, just because patients have provided a mobile phone number, it does not automatically mean they agree to receive text messages.
Patient’s consent to receive text messages can be obtained via:
- the patient registration form for new patients
- when confirming an appointment for existing patients
- an online appointment or registration portal.
For example, the wording in a patient registration form could be:
‘Would you like to be contacted via SMS (mobile text message) for: appointment reminders, recall and other text reminders or medical services we offer? Yes/No.’
You should also confirm the patient’s identification and verify the patient’s contact details before any information is sent.
If a patient does not consent to being contacted via text messages, this should be clearly documented to ensure that text messages are not sent.
3. Limit information contained in text messages
Due to a higher risk of information inadvertently being seen by another person, doctors and practice staff should be mindful of protecting the privacy and confidentiality of the patient’s health information when sending texts.
As illustrated in the scenario above, text messages should not contain sensitive health information such as a description of particular test results that need to be followed up or the results of tests, for example, pregnancy results (unless the patient expressly consents to this). The message should simply request that the patient contact the practice or hospital and if appropriate, indicate the level of urgency.
Reminders about preventative screening tests, for example, pap smears and skin checks can be sent via text message.
4. Document text messages in the patient’s medical record
Text messages form part of the medical record, so any text messages to and from the patient should be included in the patient’s record. This also extends to texts exchanged between doctors in relation to a patient’s care.
When communicating health information to patients via text, remember to:
- have a text messaging policy in place at your practice or hospital
- obtain and document the patient’s consent and verify their identification and contact details before any health information is sent via text
- not include sensitive health information or test results
- document any text messages to and from the patient or text exchanges between doctors regarding their management in the patient’s medical record.
*This scenario has been created based on Avant’s experience.
For more information download our fact sheet Recommendations when using SMS messaging on the Avant Learning Centre.
Find out more
For more advice regarding the appropriate use of patient text communication, call Avant’s Medico-legal Advisory Service on 1800 128 268.
Find out why we are advocating for continuing education to maintain privacy rather than a punitive approach of a mandatory data breach notification law underpinned by civil penalties in our submission to the draft Serious Data Breach Notification bill.
Share your view
We welcome your feedback on this article – email the Editor at: email@example.com