Communicating with Patients via E-Mail

August 19, 2011

Communicating with Patients via E-mail 

Medical Office Today

By Daniel Casciato

While e-mail is a great way for physicians to convey and discuss medical reports, test and imaging results and other sensitive information with patients, providers need to be aware of privacy and security issues.

“E-mail can extremely beneficial when used in the right setting for the right purposes, especially when compared to paper communication,” says Dr. Ravi N. Chandiramani of the Journey Healing Centers, a drug and alcohol treatment center in Scottsdale, Ariz.

One benefit is that e-mails create written records that are easily accessible by both patients and doctors. When physicians and patients communicate via e-mail they know exactly where they can find the information they’re seeking and have the benefit of a search bar to help them find it.

“Written letters on the other hand can be misplaced, lost, or take a while to sort through, especially if you have a lot of medical records,” Chandiramani adds.

Incorporating email communication into your practice

As with anything new in medicine, practitioners fall on both sides of the fence when it comes to incorporating digital communication into their practices. However, communication between individuals is taking place increasingly through a variety of alternative methods and replacing face-to-face interaction. Modern medicine is no exception to this trend as digital communication is quickly finding a role in the new physician-patient relationship.

“While an argument can certainly be made for the increased utility of social media, smart phones and old fashioned email in communicating information, medical practitioners must abide by standards and guidelines that govern the application of such technologies,” says Chandiramani.

E-mail has its share of pros and cons, experts note. While e-mails are easily accessible, easier to keep organized and less likely to get misplaced, they also require special attention to security threats. Paper documents can be shredded and access may be limited to key personnel.

“E-mailed medical information is subject to unauthorized access such as hacking and this may take place without provider or patient knowledge until too late,” warns Chandiramani.

Confidentiality and security are the most common raised objections to potentially sensitive patient information being conveyed via e-mail. Chandiramani notes that using e-mail to convey emotionally sensitive information is inappropriate. Furthermore, if there is any reason to believe that anyone other than the patient for whom it is meant would have access to the information being relayed, the utmost caution should be used.

“As the role for e-mails and other methods of digital communication evolves, practitioners should feel increasingly comfortable leveraging technology in the day-to-day practice of medicine understanding that while a useful adjunct to conventional patient management, e-mails cannot and should never replace the interpersonal communication that is at the heart of the therapeutic physician patient relationship,” he adds.

Since email makes it easy for your patients to reach your practice, consider using an e-mail screener, recommends Dr. Daniel Kantor, president of the Florida Society of Neurology and the Medical Director of Neurologique, an organization in Ponte Vedra, Fla., dedicated to patient care, research and education.

“Some patients may abuse e-mail – not necessarily on purpose, but we are all now used to instant gratification – and catching up on e-mails can be daunting,” Kantor notes.

Additionally, many issues not relevant to the doctor might be sent to the doctor and an e-mail screener can filter the e-mails. “However, the patient needs to know that there is a screener reading the e-mails looking for routine matters and triaging important issues,” Kantor says. “There are both advantages and disadvantages to allowing your patients to communicate via e-mail but overall it makes patients feel that their doctor is there for them and it may save you from phone calls during the day, but keep you tied up at night.”

Legal implications of e-mail communication

Before clicking the send button in an e-mail, healthcare professionals should have heightened awareness that HIPAA violations has entered a new era. More cases are prosecuted with assessment of both statutory civil fines and criminal penalties.

The HITECH Act, which was enacted in 2009 with the aim to increase HIPAA confidentiality protections of Electronic Protected Heath Information (ePHI), provides for tough civil and criminal penalties for violations, mandates notification of breaches of HIPAA protected heath information and extends the definition of covered entities to include business associates.

Section 13410(d) of the HITECH Act strengthened the civil money penalty scheme by establishing tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical provision.

For medical practices that want to communicate with patients via e-mail, the HITECH Act requires that all communications involving ePHI be encrypted. Health and Human Services (HHS) has recently adopted National Institute of Standards and Technology guidelines for encryption.

“This means that if a physician wants to consult, refer, or prescribe for a patient by e-mail, the e-mail had better be encrypted,” says attorney Michael Sacopulos, general counsel for the national organization Medical Justice in Terre Haute, Ind.

Of course most patients do not have software to decrypt, acknowledges Sacopulos. So what alternatives do healthcare providers have? “Healthcare providers may seek their patient’s consent to communicating via unencrypted e-mail,” he suggests. “While HHS does not provide a standard form for securing patient consent, basic informed consent strategies should apply.”

Always get the patient’s consent in writing, stresses Sacopulos. “The patient should not be given just a binary choice,” he warns. “Patients may wish to electronically receive information on appointment dates, but not test results. The consent document should also note that the patient may withdraw his or her consent at a later time.”

Kantor agrees: “E-mail is inherently non-confidential but your patients may not realize this. So I would have an informed consent form, just like any procedure, explaining the inherent dangers of e-mail communication. Until e-mail becomes standard for medical issues, it still needs a consent form.”

Since privacy is a big concern to both patients and physicians, Kantor also recommends that you let patients know which messages are for phone calls (such as emergencies) and which is for e-mails.

E-mail communication tips

When communicating with your patients electronically, Sacopulos offers these tips:

  • A physician may be held responsible for a delay when responding to a patient’s e-mail. A physician who wishes to accept e-mail from patients should use an auto response feature that informs the patient that the physician typically responds to e-mail within X number of hours/days; or if the patient requires immediate attention, the patient should telephone the physician’s office or contact an emergency healthcare provider.
  • If a patient initiates an e-mail with a physician, it is assumed that the patient consents to unencrypted communication. In this situation, you can assume – unless the patient has explicitly stated otherwise – that e-mail communications are acceptable to the individual.
  • If a physician does end up sending a patient an e-mail, double check the recipients’ e-mail address before clicking the send button. This is to prevent the e-mail from being sent to the wrong person, thereby sharing private information to an unintended party.
  • The physician should add any e-mail a patient sends to the patient’s chart, as well as any response to the patient.

In the HITECH Act code 170.210, section B states that the date, time, patient identification and user identification must be recorded when electronic health information is created, modified, deleted or printed; and an indication of which actions occurred must also be recorded.

“Since communicating with patients via e-mail is becoming stricter, more physician offices and hospitals are using portals as a means of communication,” says Sacopulos. “This allows the patient to sign in with a secure username and password to view their records and communicate with their physicians. The security rule allows for ePHI to be sent over an electronics open network, as long as it is adequately protected.”