By common law standards, the ability to communicate with patients using electronic media is now expected by most patients under the age of 40. If failure to communicate electronically does not constitute malpractice, at the very least, it will lower your ratings on physician evaluation Web sites, such as RateMDs.com and mydochub.com. These ratings, more than anything else these days, make your reputation and can provide early “signal detection” to hospital boards concerned about future re-credentialing.
Avoiding liability and security risks
E-mail and social media exchanges with patients do, however, carry potential liability in a variety of areas, including confidentiality, privacy, security, timeliness of response, and clarity of meaning. These concerns are not different in kind from those that exist in all modes of patient-doctor communication.
Because e-mail may contain personally identifiable health information, it is protected under the Health Insurance Portability and Accountability Act (HIPAA). Some states have adopted additional privacy safeguards. All psychiatrists who use e-mail with patients should be familiar with HIPAA and state law and should adopt adequate procedures to safeguard the personal health information of their patients. For concerned psychiatrists, the ethical and legal as-pects of e-mail use—including American precedents—are well covered in a recent article on e-mail and the psychiatrist-patient relationship by Recupero.11
Practice tip No. 1. Ninety percent of patients who send e-mail or social media correspondence to their doctors are communicating sensitive medical information.2 Patients should know who has access to your e-mail. There are many security risks end-to-end on all unencrypted e-mail sent over the Internet, and patients must be so advised. They should sign prior informed consent.
E-mail correspondence outside of a secure system is indelible, it can be misaddressed, it can be forwarded, intercepted, circulated, and changed without the knowledge or permission of the sender, and the true identity of the sender of a normal e-mail is impossible to verify. Patients must also be advised that e-mail can be used as evidence in court and that it is subject to applicable rules on patient-doctor confidentiality. On open-source microblogging networks, such as Twitter, correspondence can be “cached” or copied forever on the World Wide Web. As such, it is accessible to anyone, despite the fact that the submitter retracts the original copies of “tweets.” Also, programmers with access to the Remote Application Programming Interface may retain access.
Practice tip No. 2. Take great care when addressing correspondence to anyone, patient or other care provider. Often e-mail software has an “auto-complete e-mail-address” feature so if you have 2 patients with the same first name, it is easy to send to the wrong patient. Be careful!
When writing a draft e-mail, it is easy to send it prematurely. (You mean to save the draft, but you hit Send instead.) To avoid this, first write the e-mail and then address it. Send e-mail the way that you send postal mail: only add an address “on the envelope” when you have fully completed and signed the letter (ie, leave the “To” address blank until you have fully completed the e-mail). To reply to an e-mail, hit the Forward button instead of the Reply button. Write the e-mail and only then insert the e-mail address.
When you send a group mailing to patients, use the “bcc” (blind carbon copy) feature so that names and addresses of recipients are kept private. Avoid Reply All. The patient may have copied others, but your reply should go back only to your patient.
Practice tip No. 3. Consider the source of your e-mail chain. Institutional e-mail is a problem because the institution has access to it. Free e-mail and Internet services are best avoided because they may be accessible to unauthorized persons. The same is true for mobile devices where “eavesdropping” is possible. Open-source or searchable social networks such as Twitter or Facebook open themselves up to exponentially larger unauthorized access.
Practice tip No. 4. To use encryption software, the patient is required to also install the same software. The hassle factor of installing such software on computers on both ends of an e-mail is why such encryption software has not become standard. There are excellent Web-based services, such as e-Courier.ca, that offer the highest security possible without the installation of any encryption software. e-Courier.ca also permits massive e-mail attachments, such as CT scan results for instance, that normally would get bounced. Moreover, you receive notification when the patient has opened your e-Courier.ca e-mail.
Practice tip No. 5. Electronic exchanges should all be kept within the patient’s file and the patient should be so informed.
Practice tip No. 6. Because it is impossible to guarantee that e-mail will be read and responded to within a set period, emergency messages and time-sensitive material should not be sent by e-mail. While generally received by the recipient’s e-mail server within seconds, e-mail can sometimes take a circuitous route and ar-rive hours later. Moreover, a patient may not review his e-mail for hours or even days, so ask patients to acknowledge receipt of e-mails by reply e-mail or telephone. Subject lines can contain words denoting urgency or deadlines, such as “Time-sensitive, please acknowledge receipt.”
Practice tip No. 7. Because speed of typing results in typos and the perception of curtness, take great care with clear wording and be as brief as possible.
Practice tip No. 8. Prepare standard, courteous messages for unsolicited mail that you do not wish to respond to (eg, “Thank you for your e-mail. Due to the high volume of e-mails, I will not be able to respond. To reach my assistant, please phone during office hours. For after-hour emergencies, please contact so-and-so. For immediate needs, please contact the physician on call or visit your nearest emergency room”).
