Health care online: the role of regulation in keeping patients safe

With an increase in online health care providers, Sophie Castle-Clarke discusses some of the problems it presents, the safeguarding measures already in place, and what should happen next.

Blog post

Published: 16/10/2017

Private organisations offering patients instant video access to a GP are becoming increasingly common. They join a slew of existing providers that offer prescriptions and access to treatments – often via nothing more than an online form.

As these companies become more prominent, the Care Quality Commission (CQC) is left with the unenviable task of making sure they deliver safe, appropriate care. For the last year, I’ve been part of a CQC advisory panel to help them do exactly that.

So, what’s the problem?

There are some obvious problems with providing health care exclusively online. The first is ensuring that patients are who they say they are. Some online providers have some checks – through a credit card, for example – but this isn’t foolproof. There have been a few cases, for instance, of children using a parent’s credit card to order prescriptions.

The second is the issue of capacity to consent, which is really tricky. In an online forum (particularly when there isn’t any form of face-to-face interaction via video link) it’s very difficult to assess whether patients are able to understand information given to them. That means online providers may give users written information about when to take medication and how to use it safely, but they can’t be sure that patients have read and fully understood it.

And then there are problems caused by online providers failing to put appropriate systems in place.

When the CQC started inspecting these providers, it realised most didn’t have any way of informing the patient’s GP about what had been prescribed – meaning the GP was unable to follow up. And sometimes these were powerful treatments. In one case, an immunosuppressant was prescribed, with no plan for follow-up care. But it’s a complex picture. For many, the attraction of using these websites is that the prescription will not be recorded on their medical records, particularly in relation to sexual health.

The lack of communication with GPs also means that many online providers don’t have access to patients’ medical records, and fail to make up for this by taking a detailed medical history. That means patients might be prescribed inappropriate treatment – either because it does not adequately address the problem or because it interacts with other drugs the patient is taking. Enabling access to the patient’s GP summary record would help here.

And some providers base their business model on providing medication that might be difficult to get elsewhere, such as opioid-based painkillers. Not only could this be harmful to patients but it raises other concerns about resale and (though it seems far-fetched) the involvement of organised crime.

What is the answer?

Fortunately the CQC is all too aware of these issues and has taken great steps to put safeguards in place. After an internal review of the 43 online registered providers, it decided to bring forward inspections.

To date, the CQC has taken some form of action against nearly all the online providers it has reviewed. At the more radical end, it immediately suspended the registration of two online providers. For others it has just put conditions on their continued registration. In a letter to digital providers, the CQC along with a host of other regulators set out its expectations for overcoming these challenges.

The CQC is doing all it can to make sure these providers have appropriate systems to protect their patients. But people who use these services also have a role in making sure the digital providers are acting in the way that they should, and the CQC has published guidance for the public.

Some of this is about open dialogue with patients. From a public health perspective, it is better for people to receive online treatment for a sexually transmitted infection than avoid to seek treatment altogether. In those cases, the option of not passing the information directly to the patient’s GP needs to remain open – and that has been the practice of sexual health clinics for a long time.

Despite these checks and balances, however, there are still lots of ways that people could abuse the system, such as to stockpile or resell treatment. But if someone is intent on doing that, there are lots of ways to do it in the analogue system too – such as via walk-in centres or asking GPs for extra doses to fit in with holidays or travel arrangements.

While the digital environment definitely does present more challenges to keeping patients safe, it is important to make sure we’re not holding digital providers to a more stringent standard than traditional practices.

What’s next?

The bottom line is that digital providers are here to stay. We’re likely to see more and more entering the market – particularly as some are beginning to make inroads into the NHS.

For the majority of people who use them because they want a quick convenient service, they fill a much needed gap in the market. The CQC has to make sure it protects those people from unsafe care – particularly vulnerable patients who may not realise the potential dangers of online health care.

But making the system foolproof to abuse is very difficult and it raises questions about where we should draw the line. There is only so much health care regulators can be expected to do.

Maybe in the future new developments like verified web identities will need to be in place, to make sure online services are not abused or misused. Until then, people need to exercise caution when getting their health care online, and health care professionals in the rest of the system need to be aware that the GP record may not give a full picture of a patient or the treatments they have received.

Suggested citation

Castle-Clarke, S. (2017) "Health care online: the role of regulation in keeping patients safe" Nuffield Trust comment