Thoughts on Patient-Physician Email (Part 3)

In part 1, I talked about the reasons why physicians don't use email. In part 2, I discussed the benefits of patient-physician email. To summarize:

• Many patients would like to email their physicians.
• Many physicians are either unfamiliar with email or uncomfortable with giving patients the additional access that email provides.
• Email has the potential to strengthen the physician-patient relationship and improve both patient education and the quality of care.
• The HIPAA privacy law prohibits email between physicians and patients unless this communication is encrypted.
• Many commercial solutions for encrypted email between physicians and patients exist. Unfortunately, many of these solutions are either expensive, proprietary, and/or cumbersome to use. (If you would like to suggest a commercial email system that is inexpensive/free and easy to use, please comment.)
• Encrypted email systems that are cumbersome to use and/or require an elaborate login process will frustrate patients and discourage them from emailing providers.
• Many patients would prefer to use plain, unencrypted email to communicate with their physicians.

Ideally, an encrypted email system between patients and providers should be used. But what if one is not available and/or the patient would like to give permission to communicate protected health information over insecure, unencrypted email?

Different institutions have come up with their own solutions to this problem. This is an excerpt from Yale's Guidance on the Use of Email Containing Protected Health Information:

A provider may obtain informed consent from a patient via electronic messaging (e.g., email) by conducting the following consent exchange upon presentation of a patient query via electronic messaging (this example is for an email exchange):

I will be happy to respond to your query but to do so via email you must provide your consent, recognizing that email is not a secure form of communication. There is some risk that any protected health information that may be contained in such email may be disclosed to, or intercepted by, unauthorized third parties. I will use the minimum necessary amount of protected health information to respond to your query.

If you wish to conduct this discussion via email, please indicate your acceptance of this risk with your email reply. Alternatively, please call my office to arrange a phone conversation or office visit.

Columbia University also has a policy on email on their HIPAA information page:

If a patient requests email communications containing their PHI, the individual receiving the request must obtain a completed Request for Email Communications form from the patient AND must provide the patient with the Important Information about Provider/Patient Email form prior to processing the patient’s request.

(If you're interested, I've extracted the text from the forms on Kidney Notes.)

If you have other solutions to the problem of physician-patient email, please feel free to comment.

Permalink | Email Post