SAN FRANCISCO — Give e-mail correspondence with patients the same care and attention you'd give to paper records, faxes, or phone calls in order to minimize medicolegal liability, Dr. Jeffrey L. Brown said.
Physicians should be reasonably certain that the person requesting information by e-mail is authorized to receive it, just as would be done with phone calls, he said at the annual meeting of the American Academy of Pediatrics.
At a minimum, your e-mail system should include an automated response to any e-mails received from patients, acknowledging that an e-mail message has been received and saying that you will respond within a set period of time, such as 24 or 48 hours, said Dr. Brown of Cornell University, New York, and in private practice in Rye Brook, N.Y. He has no association with companies that market e-mail systems or services.
The automated response should alert patients that confidentiality cannot always be ensured in e-mail correspondence, and that you cannot respond to urgent questions posed by e-mail. Patients should contact your office by phone for urgent matters.
The response also should inform patients that if they do not get a reply from you to any e-mail message within a reasonable period of time–“usually 48 hours,” Dr. Brown said—the patient should call your office, because you may not have received the e-mail. If you are away from the office when patients e-mail, the automated response should let them know that, and give the date of your return.
In the other direction, e-mails sent by physicians must be compliant with the Health Insurance Portability and Accountability Act (HIPAA). As with faxes, conventional e-mails must protect the confidentiality of sensitive information such as Social Security numbers, medical identification numbers, laboratory results, diagnoses, medications, and more.
To ensure confidentiality in e-mails, use an encrypted message system, Dr. Brown advised. Solo practitioners or small practices may want to do an Internet search for the term “encrypting e-mail systems” to find a list of encryption providers, he said. Typically, an outgoing e-mail would be sent to the provider, encrypted, and returned to the physician's system before going out to a patient.
Confidential e-mail from physicians should contain a warning disclaimer similar to those used on fax transmissions. A typical disclaimer says the following: “Important notice: This e-mail contains confidential and privileged information. It is intended only for the individual or entity to whom it is addressed. If you are not the intended recipient, or if you have received this transmission in error, you are hereby instructed to notify the sender and to erase its content and all attachments immediately. Copying, disseminating, or otherwise utilizing any of its content is unlawful and strictly prohibited.”
However, “If you don't want to use this one, ask your attorney to fax you something,” and use the disclaimer you find in the attorney's fax, Dr. Brown suggested.
Treat e-mail messages like other patient correspondence, and file them appropriately, he added. Before erasing e-mail, save the patient's original e-mail and your response as hard copies in the patient's chart or electronically if you use electronic charts. You should also take precautions to protect confidential information on laptop computers and hard drives from thieves, as you would for other medical records. Be sure to use encryption software or change passwords frequently to prevent unauthorized access. And of course, it is curcial to erase all confidential information from hard drives before disposing of them.
“Even if you do all the right things, there is still a possibility that you will be subject to suits,” Dr. Brown said. “In the end, the best defense against legal action is practicing good medicine.”
E-Mail Etiquette for MDs
▸ Do not use your personal e-mail address to answer patient e-mails.
▸ Do not answer a new patient's e-mailed medical questions without first establishing a formal relationship. “You have no idea who they are and what their problems are,” he warned.
▸ Do not forward a patient's e-mail correspondence or address to a third party without first getting the patient's consent.
▸ Do not use an indiscreet topic in the heading of your response. “Don't write, 'Your pregnancy test is positive' in the subject line,” he said. Instead, use the same strategies you'd use when leaving a voice mail on a patient's answering machine. “Say, 'I have your lab work,' or something like that,” he suggested.
▸ Do not leave e-mail messages on a computer screen where they can be read by others.
Source: Dr. Brown