Online communication, Physician Web sites, Computer security, Viruses
A patient with AIDS wants to contact you through your practice's online messaging service, but you don't want the nurse who triages messages to read his e-mails. One possible solution: Ask the patient to write "sensitive" in the subject line and instruct the nurse to forward the communique to you, unread.
You'll find this and other recommended policies in an exhaustive collection of guidelines for online communications with patients at www.medem.com/erisk.html. The rules were issued by over 30 malpractice carriers, 12 medical societies, and Medem, a San Francisco company that makes physician Web sites. Medem was founded by the American Medical Association and other branches of organized medicine.
The new guidelines range from how soon a doctor should respond to a patient's medical question (no later than the second office day, the consortium suggests) to what a patient must do if he loses his password (you give him a new one only if he comes to the office).
Web site construction also gets its due. The guidelines advise that if a patient clicks on a link to another site, he should first see a "buffer" page announcing that he's entering new cyber-territory. And if a doctor writes his own patient-education material for the site, his articles should display publication dates and be reviewed periodically to ensure they still embody good medicine.
The guidelines include policy handouts as well as legal boilerplate, such as disclaimers to stick on messages to patients. Guideline authors cover their own backs by stating that they aren't offering legal advice; doctors should talk to their own lawyers before codifying online dos and don'ts.
Move over, Medem. Ten medical societies have joined forces to give their combined 80,000 members free patient Web sites and Internet portals.
The Medical Society eCooperative was formed by the California Academy of Family Physicians, the American Osteopathic Association, the American College of Sports Medicine, the American Gastroenterological Association, the American Medical Women's Association, the Association of Black Cardiologists, the Illinois Academy of Family Physicians, the American Geriatrics Society, the International College of Surgeons, and the North Carolina Academy of Family Physicians. Funding comes from Pharmacia, a drug maker.
Shelly B. Rodrigues, assistant executive director of the California Academy of Family Physicians, says her group and others established eCooperative as a low-cost, less centralized alternative to Medem. Each participating society, for example, can decide whether or not it wants to include adsincluding ones from Pharmaciaon its members' Web sites.
The University of Washington Medical Center in Seattle is fortifying its computer defenses after a hacker downloaded the admission records of nearly 5,000 patients last summer.
The hacker, who calls himself Kane, penetrated the medical center's network through a computer in the pathology department. Kane relied on a "sniffer" virus that filched log-ins and passwords of several university computer users, says UWMC information systems director Tom M. Martin. Downloaded records listed every patient's birth date, address, and Social Security number, as well as all medical treatment received.
The attack highlighted several weaknesses in the network. For example, unlike UWMC's computerized medical records, the pilfered administrative records weren't behind an electronic fire wall. UWMC now is erecting fire walls around all systems, but Martin says that may not be enough to block a sniffer virus. Consequently, UWMC is giving its 10,000 computer users a device called SecurID that flashes random numbers that must be entered along with log-ins and passwords to access the network.
Safeguarding confidential information is a formidable task at an academic medical center, notes Martin. "Our faculty members share information electronically with researchers all around the world to find new cures for disease," he says. "But their computers also store patient data. There's a juxtaposition of collaboration and privacy."
Creators of computer viruses exhibit evil genius. A virus called W32/Apology-B prevents an infected user from visiting the Web sites of many antivirus vendors, so the user can't download a software cure. It also blocks e-mail messages to those vendors. W32/Apology-B topped the list of viruses reported in the last quarter of 2000 to Sophos, an antivirus software company based in Abingdon, England.
Robert Lowes. Computer Consult. Medical Economics 2001;5:22.