A lot of mythology regarding the new Health Insurance Portability and Accountability Act rules (which I discussed in detail a few months ago) continues to circulate. One of the biggest myths is that e-mail communication with patients is now forbidden, so let’s debunk that one right now.
Here is a statement lifted verbatim from the official HIPAA web site (FAQ section):
"Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual.
"If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications."
Okay, so it’s permissible – but is it a good idea? Aside from the obvious privacy issues, many physicians balk at taking on one more unreimbursed demand on their time. While no one denies that these concerns are real, there also are real benefits to be gained from properly managed online communication – among them increased practice efficiency, and increased quality of care and satisfaction for patients.
I started giving one of my e-mail addresses to selected patients several years ago as an experiment, hoping to take some pressure off of our overloaded telephone system. The patients were grateful for simplified and more direct access, and I appreciated the decrease in phone messages and interruptions while I was seeing patients. I also noticed a decrease in those frustrating, unnecessary office visits – you know, "The rash is completely gone, but you told me to come back ..."
In general, I have found that the advantages for everyone involved (not least my nurses and receptionists) far outweigh the problems. And now, newer technologies such as encryption, web-based messaging, and integrated online communication should go a long way toward assuaging privacy concerns.
Encryption software is now inexpensive, readily available, and easily added to most e-mail systems. Packages are available from companies such as EMC, Hilgraeve, Kryptiq, Proofpoint, Axway, and ZixCorp, among many others. (As always, I have no financial interest in any company mentioned in this column.)
Rather than simply encrypting their e-mail, increasing numbers of physicians are opting for the route taken by most online banking and shopping sites: a secure website. Patients sign onto it and send a message to your office. Physicians or staffers are notified in their regular e-mail of messages on the website, and then they post a reply to the patient on the site that can only be accessed by the patient. The patient is notified of the practice’s reply in his or her regular e-mail. Web-based messaging services can be incorporated into existing practice sites or can stand on their own. Medfusion, MyDocOnline, and RelayHealth are among the many vendors that offer secure cloud-based messaging services.
A big advantage of using such a service is that you’re partnering with a vendor who has to stay on top of HIPAA and other privacy requirements. Another is the option of using electronic forms, or templates. Templates ensure that patients’ messages include the information needed to process prescription refill requests, or to adequately describe their problems and provide some clinical assessment data for the physician or nurse. They also can be designed to triage messages to the front- and back-office staff, so that time is not wasted bouncing messages around the office until the proper responder is found.
Many electronic health record systems now allow you to integrate a web-based messaging system. Advantages here include the ability to view the patient’s medical record from home or anywhere else before answering the communication, and the fact that all messages automatically become a part of the patient’s record. Electronic health record vendors that provide this type of system include Allscripts, CompuGroup Medical, Cerner, Epic, GE Medical Systems, NextGen, McKesson, and Siemens.
As with any cloud-based service, insist on multiple layers of security, uninterruptible power sources, instant switchover to backup hardware in the event of a crash, and frequent, reliable backups.
Dr. Eastern practices dermatology and dermatologic surgery in Belleville, N.J. He is a clinical associate professor of dermatology at Seton Hall University School of Graduate Medical Education in South Orange, N.J. Dr. Eastern is a two-time past president of the Dermatological Society of New Jersey, and currently serves on its executive board. He holds teaching positions at several hospitals and has delivered more than 500 academic speaking presentations. He is the author of numerous articles and textbook chapters, and is a long-time monthly columnist for Skin & Allergy News.