MDU warns on email address fields

Doctors are being warned about the dangers of inadvertently breaching patient confidentiality when sending out group emails to patients.

The Medical Defence Union says it has been told of several cases where a breach of confidentiality occurred because patients’ email addresses were mistakenly inserted into the ‘To’ or ‘Cc’ – carbon copy – box instead of the ‘Bcc’ – blind carbon copy – box.

This meant all the recipients could see the email addresses of everyone on the list.

In one case, a practice received a number of complaints after a flu vaccination reminder was sent out that mistakenly used the ‘Cc’ box for recipient addresses.

One patient was upset when she was asked by a friend why she was on the list, which was because of a cancer diagnosis that she did not want to share.

MDU medico-legal adviser Dr Carol Chu said that while electronic communication has multiple benefits, it is not without risks.

She said it was“all too easy” when sending group emails to accidently use the ‘To’ or ‘Cc’ fields.

“If the email is then forwarded, all the addresses will be included in that email as well, which could result in confidential information being disclosed to an even greater number of people,” she explained.

“If a mistake is made in an email to a group of patients about a particular treatment or service, such as an asthma, immunisation or diabetes clinic, doctors run the risk of a triple breach of confidence.

"They run the risk of revealing the patient’s email address; of disclosing that the person is a patient; and that they are likely to have a condition that might benefit from the service being offered.”

The MDU advised doctors to inform patients quickly if a mistake is made so they can change their email address if they wish. They should also inform the Information Commissioner’s Office.

Patients should also be able to opt out of receiving such emails at any time.