Virtual Patient Consultations: Embracing technology while safeguarding patients

Dr Nathalie MorenoDr Nathalie Moreno
Dr Nathalie Moreno
The doctor will see you now has taken a new meaning with healthcare providers now turning to virtual patient consultations.

How healthcare providers can embrace technology while safeguarding patients is outlined here by Dr Nathalie Moreno, Louise Dobson and Anouj Patel of law firm Addleshaw Goddard.

The availability of face-to-face appointments with the family doctor has made recent headlines, as healthcare practices seek to find a balance between patients who prefer the convenience of virtual appointments and those who need or prefer to see their doctor in person.

How GP practices and NHS trusts approach this balance will be critical to their ability to provide the most appropriate level of care (and accurate diagnoses), whilst protecting patient data.

Louise DobsonLouise Dobson
Louise Dobson

Medical practices are entrusted by patients with their most sensitive information, which is given an enhanced level of protection under UK law.

The consequences of getting this wrong are severe, in terms of the impact on individuals, regulatory penalties, legal claims and reputational damage.

The amount of personal data that is accessible online is enormous. Where organisations must store (and process) that data in order to provide their services, data protection is paramount. It often goes wrong (e.g. the WannaCry ransomware attack of 2017, which resulted in thousands of appointments and operations being cancelled across the UK). Data protection and sector regulators around the world have been beefing up privacy rules significantly, recognising the ballooning threat of cybersecurity breaches and data leaks, resulting not only in service disruption, but also fuelling an explosion of online fraud, scams and identity theft.

It is no surprise, then, that compliance with regulations to protect patient data are at the core of any decisions to deploy new technologies in healthcare. Awareness of technology service providers and understanding the scope of investment required, and the regulatory framework, are now among healthcare practitioners' key priorities. NHS Trusts should equip themselves with essential training, knowledge and expertise to ensure they can offer virtual services which are secure, and meet patient requirements.

Anouj PatelAnouj Patel
Anouj Patel

Software suppliers often charge substantial licensing fees for organisations using their software and services. Getting the Terms and Conditions correct, and ensuring that all those who use the systems are doing so in a way that doesn’t contradict those terms, is essential. Patients should also expect to be provided with clear privacy notices setting out the applicable data processing activities and data security measures. Healthcare providers are likely to encounter some issues with implementing virtual consultation software, hardware and potentially also with bugs or defects in the system.

Law firms, like Addleshaw Goddard LLP, regularly help healthcare providers who face a growing number of disputes with their IT suppliers. While the details vary, there is a recurring theme: healthcare providers believe IT suppliers' software isn't up-to-scratch. Conversely, IT suppliers place the blame on healthcare providers, challenging their expectations around how the software functions, and relying on sometimes-ambiguous contract clauses, to seek to shelter themselves from liability. Such liability disputes have the potential to see practices or trusts facing losses of hundreds of thousands or even millions of pounds.

There are simple steps to ensure these risks are managed properly. Here are Addleshaw Goddard's top tips for navigating issues that may arise with virtual patient consultation platforms.

1 Partnering with the Right Supplier

Ensure prospective suppliers are aware of the NHS trust's or practice's requirements, use cases and expectations. Ensure these are also built into the contract.

2 Compatibility and Patient Experience

Ensure software suppliers are aware of the extent and limitations of the trust's/practice's IT infrastructure, and that any proposed solution will be compatible with it. Software should minimise the burden on patients. For example, there should be no requirements for patients to download additional software.

3 Protecting Patient Data

Consider how patient data will be stored, accessed and used. Conduct data protection impact assessments to identify and mitigate risks. Build in adequate measures practically and contractually for securing data, preventing cyber breaches and for backup and disaster recovery.

4 Papering the Trail

Ensure documents and correspondence with the supplier accurately reflect what is happening on the ground (including any defects and proposed solutions). Flag any risks or defects as early as possible and set out how the supplier intends to mitigate them.

5 Early Engagement with Legal Advisers

This will help clarify any potential liabilities, cover confidential communications in legal privilege and forge a path to resolving issues as soon as possible.

Links to authors: