Doctors: Get Serious About HIPAA!

I have many new patients express frustration with my office about our strict adherence to HIPAA policies; some of the stories I’m hearing are truly jaw dropping.

One new parent (with a medically complex child) was incredibly irritated that we don’t communicate via email. He told my front-desk staff that “he communicates this way with many other physicians all the time!” He is in the IT industry and was surprised to know that email is not considered medically secure.

We have a practice email where patients can contact us. I primarily use this email account to notify parents that I have sent them a portal message (many of my patients get themselves locked out and I have no way to know if they received my messages). We fully let patients know that if they choose to send records via email, it not considered secure enough for private medical information, but most patients prefer to send their records to us this way.

It’s also a bit surprising to me that most patients do not have access to fax machines. Their reaction to the news that fax is considered secure is comical.

What worries me is the reports I get from patients about communications they have had via email and even Facebook messenger with physicians that live in other states. Some have even had Skype consults with out-of-state providers. Not only is this not secure, these medical professionals are essentially practicing without a license if they are not licensed in the same state as the patient.

Texting private medical advice is also not considered secure. About a month ago, I had a family with a child in psychologic crisis over a weekend. He was not so severe that he needed to go to the ER, but the mother desperately needed support while they went through the day. She and I were texting each other, however I was very careful to not put any medical information in my texts. If anything needed that sort of information exchange I called her.

Mostly I was checking in to ask how he was doing and whether things had improved. The mother told me afterwards how grateful she was to have ongoing live contact with a physician for support.

And of course, I have had Facebook friends (parents of my patients) ask me advice on that platform. I simply inform them that I cannot answer as it is risky for private medical information. Most are understanding (and a bit embarrassed to have asked).

We all know that medicine is slow to adopt new technology and states are glacial in their ability to aid reciprocity between states. But rather than complain about the fact of the matter, physician MUST be extremely careful to uphold HIPAA protections. Anyone can report a physician to the government. With hefty fines, not carefully protecting medical privacy is an extremely expensive gamble to take.

If you have any comments on this article email editor@physicianspractice.com. We'll publish the best ones!