How Get Patient Consent works, and the law behind electronic consent.
The answers below are general information about how the platform works and the law that applies to electronic signatures in the UK. They are not legal advice. If you need advice about a specific situation, please speak to a qualified professional.
Yes. Electronic signatures are recognised under UK law, principally the Electronic Communications Act 2000 and the UK eIDAS Regulation.1 The law does not generally require a particular technology or a "wet ink" signature for a document to be valid — what matters is that the person intended to authenticate the document and that the signature can be linked to them.2 A consent form signed electronically through Get Patient Consent meets these requirements.
In almost all everyday situations, yes. UK law treats an electronic signature as having the same effect as a handwritten one where the signer clearly intended to approve the document.1 What gives any signature its weight in practice is the evidence around it — who signed, when, and what exactly they were agreeing to. An electronic process can capture that evidence more completely and reliably than a paper form, which is one of its advantages.
Before a patient can open their consent form, they confirm their identity by answering a security challenge (for example, their date of birth and postcode). The signing link is unique to that patient and that consent request. We also record technical details at the moment of signing — see the next question.
At the moment of signing we capture an audit record that includes the date and time, the patient's device and network information, and a cryptographic hash ("fingerprint") of the exact content the patient saw and agreed to. The hash means that if the recorded consent were ever altered afterwards, it would no longer match — so the signed version can always be verified as genuine. This kind of integrity and admissibility is exactly what the UK eIDAS framework is concerned with.1
A patient can sign in whichever way is easiest for them:
All three are valid electronic signatures. The method does not change how binding the consent is — the patient's intention and the audit record are what matter.1 Offering a choice of methods, including uploading an image of a signature, is standard practice in widely used e-signature tools.2
Signing accurately on a phone or tablet screen is difficult for many people, and the result often looks nothing like their normal signature. Letting a patient sign a piece of paper and photograph it gives them a signature they recognise as their own, while still being captured electronically with the same audit trail as any other method. This mirrors how widely used tools such as DocuSign and Adobe Acrobat handle signatures.1
Yes. Electronic consent is a tool to make the process clearer and better documented, not a requirement. Clinicians remain responsible for the consent process and free to take consent on paper where that is more appropriate for a particular patient or setting.1
Valid consent is about understanding, not just a signature. Following the UK Supreme Court's decision in Montgomery v Lanarkshire Health Board, clinicians must take reasonable care to ensure patients are aware of the risks that matter to them and of the reasonable alternatives.1 Letting patients read at their own pace and ask questions before they sign helps demonstrate that this conversation took place — which is good for the patient and defensible for the clinician.2
Every question a patient asks is sent to their clinician and answered before the form can be signed — nobody is asked to consent to something they are unsure about. The question and the clinician's answer are saved as part of the consent record, so there is a clear account of the conversation.1
Because the form already sets out the benefits, risks and alternatives and links to relevant information, a lot is answered before a patient needs to ask. That means the questions patients do raise tend to focus on what matters most to them, and the clinician can respond to those directly.
Questions go to the clinician responsible for the patient's care rather than a general inbox, and they are tracked so none is missed. The clinician sees a patient's questions together and responds before the consent can be completed, so each one gets a considered answer rather than a rushed reply.
This structure keeps the focus on genuine understanding, which is what makes consent valid and defensible.1 It also means a clear explanation given once can help the next patient facing the same decision, so good answers are reused rather than rewritten each time.
Yes. Consent can be withdrawn at any time before the procedure begins, and doing so does not affect the care the patient receives. This reflects GMC guidance on consent and is stated clearly within the consent form itself.1
Yes. Patient information is encrypted both when stored and when it travels over the internet, and access is restricted to the patient's own clinical team. We handle health information in line with UK GDPR and the Data Protection Act 2018.1 You can read more on our Privacy and Security pages.
The patient and their clinical team. After signing, the patient receives a copy of their completed consent form, and the clinician can access the signed record, including the audit trail described above.
Your record does not depend on us still being here. We deliberately designed it to stand on its own.
Each signed consent form contains, in full, everything it describes — your name and details, the procedure, the benefits, risks and alternatives you were shown, the questions you asked and the answers you were given, and the name of the clinician who gave them. Nothing in it is a code or reference number that only our system could look up. Anyone reading the document — you, your clinician, a solicitor or a court — can understand exactly what was agreed, and by whom, without contacting us.
It is also independently verifiable. Each record is sealed with a digital signature, and the key needed to confirm that seal is published openly, not held privately by us. That means a third party can prove a record is genuine and unaltered using freely available tools, even years from now and even if Get Patient Consent no longer exists. Your consent stays valid, readable and defensible for as long as you need it.
FAQ
Privacy
Terms
Security
Consent Verification
hello@getpatientconsent.com
© 2026 Get Patient Consent (trading name of CSSL Ltd).