E-Mail Policy

February 1, 2007

I am creating a “new patient” information form for my office. I am trying to decide whether to include a field where patients can write in an e-mail address. I can foresee that it may be useful to e-mail patients with business news, such as how we now accept a new payer or that we are adding a new service, but I am concerned that gathering e-mail addresses without a fixed policy on e-mail will create more confusion than productivity in the office. I have seen that HIPAA recommends or requires encrypted e-mail for doctor-patient communication, for example. What kind of policy do you suggest?

Question: I am creating a “new patient” information form for my office. I am trying to decide whether to include a field where patients can write in an e-mail address. I can foresee that it may be useful to e-mail patients with business news, such as how we now accept a new payer or that we are adding a new service, but I am concerned that gathering e-mail addresses without a fixed policy on e-mail will create more confusion than productivity in the office. I have seen that HIPAA recommends or requires encrypted e-mail for doctor-patient communication, for example. What kind of policy do you suggest?

Answer: I would ask for e-mail addresses. Sending patients notices about new services and the like does not violate HIPAA since you aren’t transmitting protected health information.

That said, you should also put an e-mail policy into place. For now, it’s probably sufficient to say that no patient will receive protected health information (anything that identifies anything about a patient’s health or payment for healthcare as an individual) via regular e-mail. Also, review the guidelines approved by the AMA, AHIMA, and AAFP.

Finally, consider looking into services that provide secure messaging, such as Medem and many others.