Three Rules to Avoiding the Pitfalls of E-mail with Patients

February 3, 2011

You can still safely, and properly, use e-mail with your patients if you follow three technical limitations on its use, as well as ensuring privacy measures are in place.

Recently, I have discussed reasons why physicians should be using e-mail to communicate with patients and also their referring network. In doing so, the digitally-enabled physician must avoid the privacy pitfalls necessary to remain HIPAA compliant, ensure that proper security measures have been considered, an e-mail policy is established, and that you avoid “playing doctor” over the Internet.

Disclaimer: I am not an attorney, and this is not to be construed as legal advice. Consult an attorney if you have questions.

Remember, we are talking about e-mail shared with patients and between physicians.

Privacy is the biggest concern about digital transmission whether it’s e-mail, articles, or posts on a blog. Thus, there are two situations where we need to be concerned. Those situations that involved sensitive data and those that do not.

In situations where private/sensitive data is going to be used and transmitted you must comply with HIPAA, which includes;

1. Use encrypted transmission
2. Preferred practices include: automatic logoff, unique user logon and passwords
3. Consider purchasing an SSL certificate (your URL will have https://)
4. Consider an e-mail system that is backed up and recoverable
5. Develop an e-mail policy that states e-mail is not for time sensitive replies, such as emergencies, patient responsibilities for follow-up, etc.

By the way, GMail is not encrypted and has no privacy statement that applies.

Complying to everything above is, admittedly, difficult. But you can still safely, and properly, use e-mail and engage the Internet.

The technical limitations are obviated if you follow 3 rules;

1. Don’t use patient identifying data.
2. Never give a diagnosis.
3. Never give medical advice - never.

The first rule is easy. Pretend you are on the elevator in the hospital. Don’t use names or make identifying remarks about a patient. If you are e-mailing a colleague, skip the details where a patient can be identified. If you must share sensitive data, comply with HIPAA and/or obtain a formal consultation with your patient’s permission.

Never give a diagnosis. This applies to patients that may e-mail you. A patient that e-mails you forgetting what you just told them in the office is very different (this happens to me all the time). I get e-mails from “patients” via my blog daily and I am comfortable recommending general information only. Readers still appreciate this and understand the limits of e-mail.

You really can’t share your expertise or make a diagnosis over the Internet anyway. Just as you can’t treat your friend over the phone, you can’t make a treatment plan over the Internet.

For example, you get a call from your brother, an attorney, who is too lazy to go to the nighttime pediatric clinic. Let’s say your nephew Johnny has a sore throat with chills. Would you rightly phone in an antibiotic prescription?

As with making a diagnosis, never give medical advice other than recommending a doctor visit. You can’t possibly have the patient in front of view and every patient reading your article may interpret what you are writing differently.

Let’s say I’m talking about the treatment of chest pain. You wouldn’t advise (and write) that everyone with chest pain take nitroglycerin. Instead, you could talk about the causes of chest pain and how the causes could be differentiated. See the difference?

If you follow these three rules, you may engage the Internet, e-mail, and Web sites and start to improve communication between your patients and colleagues. The purpose is to open the doors to communication. E-mail is not a substitute for actual patient encounter. By using e-mail, you are making a statement - You can communicate.