The HIPAA Security Rules allow you to communicate with emails that include Protected Health Information as long as the patient acknowledges and accepts the risks associated with email. The key question is should you?
The argument for using email includes the wide use and familiarity with email among the general public. Stage 2 Meaningful Use includes a core/required measure using secured messaging to communicate with at least 5% of your patients. Email is a viable option to meet the Measure as is secured messaging through a patient portal and even messaging through the patient health record.
Emails are attractive since so many people have access to email. Indeed, we need patient email information even if you use a patient portal for secured messaging: a number of patient portals will send a message to the patient that a secured message is on your portal!
However, the vast majority of EHRs do not directly work with email. In practice, the exchange of email messages will occur outside of the patient’s EHR based medical record. Your practice will have to copy and paste the email exchange into the medical record. The problems with this strategy include copying only part (or none) of the email, missing exchanges with the patient after the email has been copied and even nonrepudiation of the contents of the email. Depending on your EHR, you may not be able to see the email messages in context with patient visits and other activities.
Emails lack the auditability that you have with patient portal based secured messaging such as knowing when or if a patient saw the message or information. In all fairness, emails can be made smarter (although we have yet to see this in the EHR world), but even a “smart” email can lead to false impressions. For example, you can detect when an email has been opened or a link clicked, but the email could have sent those notifications merely when the security filters in the email server verified the email without the patient ever seeing the email.
In addition to tracking the exchange of secured messages, patient portals also allow you to pursue a number of other agendas that will not be as easy with email exchanges:
Patient portal exchanges are coordinated with the EHR and are posted directly to the patient’s medical record.
A patient may ask for an appointment that has to be separately managed and dealt with through email, but is directly supported by a number of patient portal products.
Patients may need additional services such as requesting refills, submitting HPI or other information, or accessing a treatment plan that cannot be dynamically managed with an email.
Patients can access other important information on their situation or care that will be updated on the portal, but could be obsolete in an old email.
Whether you are considering supporting patient centered medical homes, accountable care organizations or shared savings plans, contacts with patients through email, patient portals, remote patient monitoring tools, or phone will become a critical patient care and even treatment component.
Establishing the right communication channel and tools will be critical decisions for your practice and your patients. Unfortunately, email may not seamlessly allow you to support such exchanges and maintain the patient’s medical record at the same time. Indeed, email may direct important care information through a mechanism that will be difficult to manage and may undermine the collection of information to support continuity of care and maintenance of patient records.
In the final analysis, you need communication tools that will seamlessly work with you EHR for the convenience of patients and the integrity of your patient charts. Patient portals can meet that requirement but emails can’t.