GP representatives have warned doctors to check the confidentiality of patient data submitted when patients use online services on practice websites.
The BMA’s General Practitioner Committee said it was important to make sure information governance safeguards are in place on practice websites, as increasing numbers of surgeries offer online functionality.
The GPC said many GP practices were using third party suppliers to build and host their practice websites.
It told local medical committees: “These websites are often hosted by companies outside the NHS. This may result in a third party processing information about patients, which could include name, address, date of birth and NHS Number.”
The doctors’ representative committee also noted that patients may be unaware that the website is not part of the GP practice and said: "It is important that websites make it clear to patients that any data they submit are being handled by a third party, if this is the case.”
The GPC said it GPs should check-out any company offering services that involve patient identifiable data, to make sure they have appropriate information governance safeguards in place.
It added: “Where data is held on servers, for example when patients’ complete web forms, there should be an agreement, in the form of a signed contract, with the web hosting service which states that they will not retain copies of any data.”
The majority of GP practices now have practice websites and the main GP system suppliers all offer or plan to offer online functionality for patients.