Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Think carefully before engaging patients via text

July 10, 2017

Article

According to the HIPAA Privacy Rule, physicians and patients can exchange unsecured emails as long as patients are aware of and accept any potential privacy and security risks.

A patient wants to engage with his or her physician via email without going through the secure channel of a portal. Is this allowed, and should physicians consider it?

According to the HIPAA Privacy Rule, physicians and patients can exchange unsecured emails as long as patients are aware of and accept any potential privacy and security risks.

“It’s critically important that healthcare providers, payers and their technology partners design and implement systems that serve patients’ needs first and foremost,” says David C. Harlow, JD, MPH, principal at The Harlow Group, LLC, a healthcare law and consulting firm. “This includes respecting the patient’s right to choose ease of use over high security.”

However, obtaining patient consent is critical, says Harlow. Physicians can ask patients to physically sign intake paperwork stating the physician may contact them via unsecured email or text messages. They can also ask patients for their consent over the phone or via a secure message through the portal. Electronic signatures are sufficient, provided they meet federal and uniform state laws, he adds.

Harlow encourages physicians to take a thoughtful approach to unsecured communications.

“Given the sensitivity of the information being shared-and the potential for negative consequences if the information is intercepted or misdirected-it makes sense to go above and beyond the bare minimum requirements of clicking an ‘I agree’ box on a screen,” he says. For example, physicians could require patients to type their name or initials to signify consent. “Taking that extra step makes it more likely that a patient actually reads the consent,” he adds.

However, it’s important to set boundaries.“Texting creates an expectation of instantaneous response, and that’s really hard for practices and individual physicians to maintain,” says Jan Oldenburg, FHIMSS, chief executive officer of Participatory Health Consulting, a company that helps physicians use digital health technology to engage patients.

Consider using an automated reply letting patients know that the practice will respond within 48 hours and that they should call 911 in the event of an emergency, she adds. These same strategies are appropriate in establishing response standards for secure messaging.