The
HIPAA Security Rules allow you to communicate with emails that include
Protected Health Information as long as the patient acknowledges and accepts
the risks associated with email. The key question is should you?
The
argument for using email includes the wide use and familiarity with email among
the general public. Stage 2 Meaningful
Use includes a core/required measure using secured messaging to communicate
with at least 5% of your patients. Email
is a viable option to meet the Measure as is secured messaging through a
patient portal and even messaging through the patient health record.
Emails
are attractive since so many people have access to email. Indeed, we need patient email information
even if you use a patient portal for secured messaging: a number of patient portals
will send a message to the patient that a secured message is on your portal!
However,
the vast majority of EHRs do not
directly work with email. In
practice, the exchange of email messages will occur outside of the patient’s EHR
based medical record. Your practice will
have to copy and paste the email exchange into the medical record. The problems with this strategy include
copying only part (or none) of the email, missing exchanges with the patient
after the email has been copied and even nonrepudiation of the contents of the
email. Depending on your EHR, you may
not be able to see the email messages in context with patient visits and other activities.
Emails
lack the auditability that you have with patient portal based secured messaging
such as knowing when or if a patient saw the message or information. In all fairness, emails can be made smarter (although
we have yet to see this in the EHR world), but even a “smart” email can lead to
false impressions. For example, you can
detect when an email has been opened or a link clicked, but the email could
have sent those notifications merely when the security filters in the email
server verified the email without the patient ever seeing the email.
In
addition to tracking the exchange of secured messages, patient portals also
allow you to pursue a number of other agendas that will not be as easy with
email exchanges:
Patient portal exchanges are coordinated with
the EHR and are posted directly to the patient’s medical record.
A patient may ask for an appointment that has
to be separately managed and dealt with through email, but is directly
supported by a number of patient portal products.
Patients may need additional services such as
requesting refills, submitting HPI or other information, or accessing a treatment
plan that cannot be dynamically managed with an email.
Patients can access other important
information on their situation or care that will be updated on the portal, but
could be obsolete in an old email.
Whether
you are considering supporting patient centered medical homes, accountable care
organizations or shared savings plans, contacts with patients through email,
patient portals, remote patient monitoring tools, or phone will become a
critical patient care and even treatment component.
Establishing
the right communication channel and tools will be critical decisions for your
practice and your patients.
Unfortunately, email may not seamlessly allow you to support such
exchanges and maintain the patient’s medical record at the same time. Indeed, email may direct important care information
through a mechanism that will be difficult to manage and may undermine the
collection of information to support continuity of care and maintenance of
patient records.
In
the final analysis, you need communication tools that will seamlessly work with
you EHR for the convenience of patients and the integrity of your patient
charts. Patient portals can meet that
requirement but emails can’t.
For more posts on HIPAA Security and Privacy, click here.
For expert advice on policies and procedures you need to serve your patients, contact Sterling Solutions at (800)967-3028 or click here.
© Sterling Solutions, Ltd, 2013
No comments:
Post a Comment