E-mail and voicemail are excellent and convenient means of dealing with prescription renewals, appointment reminders, and other standard administrative tasks.
Not long ago, retired journalist Margie Graham received the following message on her answering machine: "Hi, Mr. Rogers. This is Jane from Dr. Brown's office. We were able to change the date for your test from June 12 to June 5, but we were unable to change the time from 10:30 to 11:30. If this isn't OK, please let me know . . ."
The names in this scenario have been changed, but the situation is real-and indicative of the potential challenges you and your employees face when using modern messaging technology.
E-mail and voicemail are excellent and convenient means of dealing with prescription renewals, appointment reminders, and other standard administrative tasks, and with the proper precautions they can even be used to notify patients of test results and to disseminate clinical recommendations.
By taking a few key precautions early, you can be confident that your electronic communication is also fully compliant. What's more, getting started now could help prepare your practice for e-consults, video consults, and other forms of telemedicine that could save time, improve your care, and increase revenue.
GUARD YOUR PATIENTS' PRIVACY
HIPAA regulations do not prohibit physicians from communicating with patients by means of voicemail and e-mail. "What HIPAA regulations ask physicians to do is to reasonably guard patients' privacy," says Karen B. Everitt, regional vice president of risk management for ProAssurance, a malpractice carrier in Birmingham, Alabama.
Encryption software, which minimizes the possibility of a breach in confidentiality (files can be securely stored on encrypted volumes that only authorized users can access and modify), can be expensive. HIPAA doesn't require encryption, Everitt says, but it does ask you to consider the risks associated with electronic transmission of patient information. If your risk analysis indicates that privacy breaches are possible-if, for example, you're e-mailing patients about sensitive medical information, and other people have access to those patients' computers-you might want to consider encryption. Otherwise, encryption likely isn't necessary.
HIPAA, as it pertains to exchanging messages with patients, dictates providing the minimum amount of information needed for the communication. If you're calling to remind a patient about an appointment, for example, mention only the doctor's name and appointment time; don't mention the nature of the appointment or medications that the patient is taking.
Beyond HIPAA, a number of state and federal laws address risk management and patient privacy when communicating with patients about sensitive topics-most notably HIV, sexually transmitted diseases, alcohol or substance abuse, and mental health problems and treatments. "Here, state and federal laws are so stringent that we advise our clients against mentioning these subjects in e-mail or voicemail," says Everitt.
Legalities aside, a simple rule of thumb in your e-communication is to be reasonable and prudent. "I wouldn't recommend that the first time a patient learns he has cancer is via e-mail or voicemail," says Everitt. "When deciding what information to impart electronically, in addition to taking HIPAA and state and federal laws into account, you also need to ask yourself, 'What's the right thing to do?' There will be instances where, despite having the patient's permission, the subject matter is inappropriate for anything other than a direct telephone call or a face-to-face conversation."
Everitt advises against e-mailing or leaving a voicemail regarding any lab result that requires the patient to take immediate follow-up action. Is it OK to report normal test results via voicemail or e-mail? Yes, says Everitt-but by conveying test results electronically, you are depriving patients of the opportunity to ask immediate follow-up questions, and even patients whose tests show no pathology might have questions. For this reason, it is wise to provide them the option to call or visit to discuss routine results.
THE VALUE OF INFORMED CONSENT
If you plan to communicate with patients via voicemail or e-mail, first notify patients of your intent and get their written approval, risk managers recommend.
"The fact that a patient gives a physician his or her e-mail address doesn't constitute informed consent," says Anne Huben Kearney, vice president of risk management with ProMutual, a medical liability insurer headquartered in Boston. The physician should get a separate, written consent that lays out the basics. Consent requirements vary from state to state, so you'll need to check the rules in your area. Regardless, patients will have a clearer idea of your practice's e-mail policy if your form includes the following points:
Let patients know that e-mail correspondence will become part of their medical record. Also, advise patients not to use a work e-mail address, because employers have a right to access computer systems they're paying for.