Use of electronic communications with patients

The Office of National Coordinator for Health Information Technology (ONC) and its HIT Policy Committee worked hard throughout the summer to develop a framework for the “meaningful use” standards required to qualify for electronic health record (EHR) adoption stimulus funds available under the Health Information Technology for Economic and Clinical Health Act (HITECH Act).  When I saw the survey that HIMSS released today regarding the use of social networking tools to communicate with patients, it reminded me of the “meaningful use” standard that centers on “engaging patients and families.”  The stated goal of this standard is to “Provide patients and families with timely access to data, knowledge, and tools to make informed decisions and to manage their health.” Although it’s doubtful today that social networking tools would be accepted as meeting this goal for purposes of the EHR stimulus funds, it did get me to thinking about the use of technology to literally communicate with patients and, in particular, the studies that have been done in regard to using technology, such as e-mail and texting, to communicate with patients.  

I reviewed the HIT Policy Committee’s “meaningful use” grid to refresh myself on how the HIT Policy Committee had envisioned the “engaging patients and families” standard to play out from 2011 through 2015.  To meet the “meaningful use” standard of “engaging patients and families”, an “eligible provider” (i.e. physicians) will need to ensure that their use of their EHR, among other things,* does the following:

  • 2011:  Provides access to patient-specific education resources; and Provides clinical summaries for patients for each encounter.
  • 2013: Offers secure patient-provider messaging capability; Provides access to patient-specific educational resources in common primary languages; Record patient preferences (e.g., preferred communication media, health care proxies, treatment options).
  • 2015: Provides patients with access to self-management tools.

The hospital’s requirements are much the same as those set forth above for the physician, with the exception of “providing secure patient messaging.”

Okay, so part of making a “meaningful use” does include “providing secure patient messaging.”  I understand that some EHRs incorporate internet e-mail into their platform. Is it secure?  Is it effective?   Whether e-mail and text messaging is used within or without the assistance of the EHR, issues concerning privacy, security, effectiveness and liability risks associated with such communication seem to abound.

In fact privacy and security seems to be a prevalent concern expressed in previous studies on the use of e-mail to communicate with patients.  Could the provider be assured that the person who opened the e-mail was the intended recipient, thereby raising privacy issues?  What encryption methods must be employed to ensure security of the e-mail and would such methods present additional barriers to the ease of use by and effective communication with the patient? 

The previous studies also expressed concerns that the patient would not have adequate access to the required technology or would not be responsive to that form of communication. The same could be said about texting. As the precious baby boomers, of which I’m one, leave planet earth, however, I expect that the conclusions of such studies if conducted 50, 30 or even 15 years from now will have different conclusions. 

For a sampling of previous studies on the use of e-mail to communicate with patients, see the following:

A more recent, interesting article published in The Canadian Medical Protective Association’s Information Letter (see pp. 5-8) discusses the legal risks of using e-mail. The article highlights the issues of privacy and security, timeliness of physician responses to patient e-mails, clarity of the communication, and obtaining consent:

The American Medical Association (AMA) seeks to address the concerns of privacy, security, effectiveness and liability risks in its published Guidelines for Electronic Physician-Patient Communication.  Here’s an excerpt:

With the continued increased usage of computers and the Internet by individuals, e-mail can be a valid, simple, convenient, and inexpensive mechanism for communication. It can aid the health care delivery process by allowing written follow-up instructions, test results and dissemination of educational materials for patients, as well as, a means for patients to easily reach their physician on routine health matters. At the same time, issues of privacy, confidentiality and security must be addressed to ensure the efficacy and effectiveness of e-mail.

The AMA guidelines are well worth reading before embarking on any type of electronic communication with patients. 

And addressing the issue from the patient’s perspective, Mayo offers tips for patients who are considering using electronic methods to communicate with their physicians , in order to make the most out of doctor-patient communications on-line.  The article covers both e-mail and physician interactive websites.

And let us not forget the potential notification obligations that are triggered when electronic communications containing protected health information result in a breach of privacy.  Ensuring that the electronic method used to communicate personal health information with either a patient or another provider is encrypted while “in motion” (during transmission) and “at rest” (after it hits its destination waiting to be open, read, discarded or saved) will be essential.  With the new Data Breach Notification Rule, and HHS Encryption Guidance, providers should ensure that the methods chosen to communicate with patients, whether through an on-line interactive webpage, e-mail or by texting, meet as many of the recommended security guidelines as is feasible, taking into consideration the urgency and content of the communication.


*The “engaging patients and families” list of standards in my blog above is not intended to be exhaustive. To see all the standards related to “engaging patients and families,” please see the actual grid. (For example, the standard also includes a requirement to provide patient access to the patient’s record in the patient’s preferred format.)

2 thoughts on “Use of electronic communications with patients

Leave a reply. Please note that although this blog may be helpful in informing clients and others who have an interest in information privacy and security, it is not intended to be legal advice. The information on this blog also should not be relied upon to form an attorney-client relationship.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.