[Med-privacy] Doctor/Patient E-mail
pmarshall
pwm@comcast.net
Wed, 28 Jan 2004 09:32:00 -0800
Doctor/Patient E-mail: The Right Prescription With Privacy Safeguards
by Janlori Goldman,
director, Health Privacy Project
January 26, 2004
Imagine e-mailing a question to your doctor
and receiving a response complete with test
results, advice on drug side effects and
links to more information about your condition.
You save yourself the hassle of telephone tag
or missing hours of work for an in-person
appointment. Your physician can reply when
it=92s convenient and print out a transcript of
the conversation for your medical record.
Approximately 90% of American adults with
Internet access would like to communicate
with their doctors by e-mail, according to a
2002 Harris poll. However, many doctors
hesitate to offer the service. A recent
Stanford University Medical Center study
revealed that only 6% of patients surveyed had actually e-mailed a
physician. Although legitimate privacy
concerns have contributed to physicians=92 reluctance to embrace
e-mail, physicians can, and should, find ways
to address these concerns without sacrificing the convenience and
efficiency that e-mail offers.
E-mail Benefits Patients, Doctors
The American Medical Association, in its =93Guidelines for
Physician-Patient Electronic Communications,=94
noted that e-mail =93can aid the health care delivery process by
allowing written follow-up instructions, test
results and dissemination of educational materials for patients, as
well as a means for patients to easily
reach their physician on routine health matters.=94 By facilitating
direct communication between doctor and
patient, e-mail presents an opportunity to cement the doctor-patient
relationship. It allows for continuous
attention to health care between office visits and provides a simple
means of monitoring people with
chronic conditions. For those patients who cannot make regular
in-person appointments, because of work
commitments or limited mobility, e-mail allows them to still receive
health care. For those patients who use
e-mail simply to supplement regular appointments, perhaps to report
on side effects or symptoms, e-mail
enhances the quality of care that they receive.
Privacy, Security Concerns Hamper E-mail Adoption
However, doctor-patient e-mail is vastly under-utilized, in part
because physicians and consumers have
legitimate concerns about the privacy and security of the information
that they transmit. Although e-mail
communications may create an illusion of security, without adequate
safeguards, breaches of privacy may
occur. A patient who e-mails a doctor has no way of knowing who in
the doctor=92s office will read the e-mail.
Similarly, doctors worry that the e-mails they send to their patients
could be read by family members,
employers (if the patient has e-mail through his or her job), or even
Internet service providers. Unwanted
disclosure of health information can have negative repercussions such
as loss of employment or health
insurance. Doctors also may find themselves at risk of lawsuits from
patients who blame them for the
disclosure. With the stakes so high, it is not surprising that many
hesitate to use e-mail.
Other doctors worry that electronic communication will undermine the
doctor-patient relationship because
e-mail lacks nuances of tone and body language. They also worry that
patients will send lengthy and
unnecessary e-mails or inappropriately use e-mail in emergencies.
Doctors are also concerned that
insurance companies will not reimburse them for the time they spend
replying to e-mails. However, wide
public support for e-mail communications with doctors may pressure
insurers into covering e-mail, and
nearly 40% of people surveyed in the Harris poll indicated that they
were willing to pay out-of-pocket for
electronic communications.
HIPAA Allows Doctor-Patient E-mail
Both the privacy and security regulations issued in HIPAA offer some
guidance regarding doctor-patient
e-mail. The HIPAA security rule says you have to take =93reasonable
precautions=94 when communicating with
patients by e-mail, according to HHS spokesperson Bill Pierce
(National Public Radio, May 28, 2003). The
security rule instructs covered entities to =93implement technical
security measures to guard against
unauthorized access to electronic protected health information that
is being transmitted over an
electronic communications network.=94 The rule specifically instructs
covered entities to implement security
measures =93to ensure that electronically protected health information=
is not improperly modified without
detection until disposed of=94 and to implement =93a mechanism to encr=
ypt
electronic protected health
information whenever deemed appropriate.=94 These implementation
specifications are =93addressable,=94 which
means that if a covered entity deems them inappropriate it may
implement alternative measures.
The HIPAA privacy rule also requires covered entities to =93have in
place appropriate administrative,
technical, and physical safeguards=94 to protect the privacy of
electronic communication. Although HIPAA
does not explicitly endorse doctor-patient e-mail, one could argue
that HIPAA implicitly encourages e-mail
by offering guidelines for its use.
Many models for doctor-patient email are currently in use
Recently, several companies have developed software to facilitate
secure e-mail between doctors and
patients, and several insurers, including Blue Cross Blue Shield of
Massachusetts, have explored
reimbursing physicians for electronic communications. Promising
strategies for minimizing privacy risks and
maximizing efficiency include a Web-based system that simply sends a
notification e-mail to patients=92
personal e-mail accounts and a triage system in which a nurse screens
and directs e-mail. Blue Shield and
ConnectiCare Inc. of Farmington, Conn., use a =93structured
interchange=94 in which patients are directed to
fill out a questionnaire that is then sent to their doctor.
The American Medical Association=92s guidelines, last updated in June
2002, suggest developing an informed
consent agreement that describes appropriate communications
(including not using e-mail for sensitive
subjects such as HIV and mental health), describe security measures
(including who in the doctor=92s office
has access to e-mail), and allow patients to waive encryption
requirements. The guidelines instruct
physicians not to send group mailings where recipients are visible to
each other. Dr. Daniel Sands, a
Massachusetts physician, has offered additional useful suggestions on
his Web site, the Electronic Patient
Centered Communication Resource Center.
With Appropriate Privacy Safeguards, E-mail is Valuable In Health
Care
Doctors and patients=92 concerns about using e-mail to communicate
sensitive medical information are similar
to those raised by answering services and fax machines, which the
medical community has dealt with for
many years. All of these technological developments have helped
streamline medical services at a time when
many doctors find themselves overburdened with patients and
paperwork. For consumers, easier access to
doctors is a boon. Like faxes and telephones, e-mail is not a
replacement for an in-person doctor visit, but
it is a powerful supplement. The effort that will go into ensuring
that e-mail is secure and private will pay
off in better quality care and closer bonds between doctors and
patients. Like many other technological
developments, doctor-patient e-mail raises privacy and security
problems only when it is used without
meaningful and effective protections.
About the authors:
Elizabeth Ida Tossell, the Health Privacy Project=92s research
assistant, contributed to this piece. Ms.
Tossell is a graduate of Yale University, and is sharing with HPP her
research and writing skills ? as well
as her passion for improving the world ? until she goes to law school
next year.
Janlori Goldman is director of the Health Privacy Project. The Health
Privacy Project is dedicated to
raising public awareness of the importance of ensuring health privacy
in order to improve health care
access and quality, both on an individual and a community level. Ms.
Goldman can be reached by e-mail at
jgoldman@healthprivacy.org.
The views expressed in this column are those of the author and do not
represent the views of the California HealthCare Foundation or the
Advisory Board Company.
iHealthBeat is published daily for California HealthCare
Foundation by The Advisory Board Company.
=A9 2001 The Advisory Boar=
d
Company.