Frequently Asked Questions

How Get Patient Consent works, and the law behind electronic consent.

The answers below are general information about how the platform works and the law that applies to electronic signatures in the UK. They are not legal advice. If you need advice about a specific situation, please speak to a qualified professional.

Electronic signatures & the law

Yes. Electronic signatures are recognised under UK law, principally the Electronic Communications Act 2000 and the UK eIDAS Regulation.1 The law does not generally require a particular technology or a "wet ink" signature for a document to be valid — what matters is that the person intended to authenticate the document and that the signature can be linked to them.2 A consent form signed electronically through Get Patient Consent meets these requirements.

  1. Electronic Communications Act 2000, s.7 — legislation.gov.uk; UK eIDAS Regulation (EU) No 910/2014 (retained) — legislation.gov.uk.
  2. Law Commission, Electronic execution of documents (2019) — lawcom.gov.uk.

In almost all everyday situations, yes. UK law treats an electronic signature as having the same effect as a handwritten one where the signer clearly intended to approve the document.1 What gives any signature its weight in practice is the evidence around it — who signed, when, and what exactly they were agreeing to. An electronic process can capture that evidence more completely and reliably than a paper form, which is one of its advantages.

  1. Law Commission, Electronic execution of documents (2019): an electronic signature is capable of executing a document where the signatory intends to authenticate it — lawcom.gov.uk.

Proving who signed

Before a patient can open their consent form, they confirm their identity by answering a security challenge (for example, their date of birth and postcode). The signing link is unique to that patient and that consent request. We also record technical details at the moment of signing — see the next question.

At the moment of signing we capture an audit record that includes the date and time, the patient's device and network information, and a cryptographic hash ("fingerprint") of the exact content the patient saw and agreed to. The hash means that if the recorded consent were ever altered afterwards, it would no longer match — so the signed version can always be verified as genuine. This kind of integrity and admissibility is exactly what the UK eIDAS framework is concerned with.1

  1. UK eIDAS Regulation (EU) No 910/2014 (retained), on electronic identification and trust services — legislation.gov.uk.

How patients sign

A patient can sign in whichever way is easiest for them:

  • Draw their signature with a finger or mouse.
  • Type their full name.
  • Photograph a signature they have written on paper and upload it.

All three are valid electronic signatures. The method does not change how binding the consent is — the patient's intention and the audit record are what matter.1 Offering a choice of methods, including uploading an image of a signature, is standard practice in widely used e-signature tools.2

  1. Law Commission, Electronic execution of documents (2019) — the form of the mark does not affect validity where there is intent to authenticate: lawcom.gov.uk.
  2. DocuSign, Upload or Draw a Signature — type, draw, or upload a scanned/photographed signature: support.docusign.com.

Signing accurately on a phone or tablet screen is difficult for many people, and the result often looks nothing like their normal signature. Letting a patient sign a piece of paper and photograph it gives them a signature they recognise as their own, while still being captured electronically with the same audit trail as any other method. This mirrors how widely used tools such as DocuSign and Adobe Acrobat handle signatures.1

  1. DocuSign, Upload or Draw a Signature (uploading a scanned or photographed handwritten signature) — support.docusign.com.

Yes. Electronic consent is a tool to make the process clearer and better documented, not a requirement. Clinicians remain responsible for the consent process and free to take consent on paper where that is more appropriate for a particular patient or setting.1

  1. General Medical Council, Decision making and consentgmc-uk.org.

Understanding & asking questions

Valid consent is about understanding, not just a signature. Following the UK Supreme Court's decision in Montgomery v Lanarkshire Health Board, clinicians must take reasonable care to ensure patients are aware of the risks that matter to them and of the reasonable alternatives.1 Letting patients read at their own pace and ask questions before they sign helps demonstrate that this conversation took place — which is good for the patient and defensible for the clinician.2

  1. Montgomery v Lanarkshire Health Board [2015] UKSC 11 — supremecourt.uk.
  2. General Medical Council, Decision making and consentgmc-uk.org.

Every question a patient asks is sent to their clinician and answered before the form can be signed — nobody is asked to consent to something they are unsure about. The question and the clinician's answer are saved as part of the consent record, so there is a clear account of the conversation.1

Because the form already sets out the benefits, risks and alternatives and links to relevant information, a lot is answered before a patient needs to ask. That means the questions patients do raise tend to focus on what matters most to them, and the clinician can respond to those directly.

  1. General Medical Council, Decision making and consentgmc-uk.org.

Questions go to the clinician responsible for the patient's care rather than a general inbox, and they are tracked so none is missed. The clinician sees a patient's questions together and responds before the consent can be completed, so each one gets a considered answer rather than a rushed reply.

This structure keeps the focus on genuine understanding, which is what makes consent valid and defensible.1 It also means a clear explanation given once can help the next patient facing the same decision, so good answers are reused rather than rewritten each time.

  1. General Medical Council, Decision making and consentgmc-uk.org.

Choices & changing your mind

Yes. Consent can be withdrawn at any time before the procedure begins, and doing so does not affect the care the patient receives. This reflects GMC guidance on consent and is stated clearly within the consent form itself.1

  1. General Medical Council, Decision making and consentgmc-uk.org.

Privacy & access

Yes. Patient information is encrypted both when stored and when it travels over the internet, and access is restricted to the patient's own clinical team. We handle health information in line with UK GDPR and the Data Protection Act 2018.1 You can read more on our Privacy and Security pages.

  1. Data Protection Act 2018 — legislation.gov.uk.

The patient and their clinical team. After signing, the patient receives a copy of their completed consent form, and the clinician can access the signed record, including the audit trail described above.

If Get Patient Consent is no longer around

Your record does not depend on us still being here. We deliberately designed it to stand on its own.

Each signed consent form contains, in full, everything it describes — your name and details, the procedure, the benefits, risks and alternatives you were shown, the questions you asked and the answers you were given, and the name of the clinician who gave them. Nothing in it is a code or reference number that only our system could look up. Anyone reading the document — you, your clinician, a solicitor or a court — can understand exactly what was agreed, and by whom, without contacting us.

It is also independently verifiable. Each record is sealed with a digital signature, and the key needed to confirm that seal is published openly, not held privately by us. That means a third party can prove a record is genuine and unaltered using freely available tools, even years from now and even if Get Patient Consent no longer exists. Your consent stays valid, readable and defensible for as long as you need it.

FAQ Privacy Terms Security Consent Verification hello@getpatientconsent.com
© 2026 Get Patient Consent (trading name of CSSL Ltd).