Recently I began providing my email address to my patients. I’m not the only one, either. You can read about how surgeons are starting to stay in touch with their patients, and how both parties are generally happier about it. There’s a quick article about this issue here.
One of the big-time medical blogs out there, Kevin M.D., also weighs in on the subject and points out that there are some problems with this new practice. One of the big ones he mentions is that email communications are probably often not HIPAA compliant. If you don’t know what HIPAA is, I recommend that you NOT educate yourself. HIPAA is classic D.C. armchair policy-making that is meant to protect patient privacy, but in reality does less for this goal than intended. I’d prefer the acronym HIPPO. The policies are minute and voluminous, arcane, endless, cumbersome and impossible to follow perfectly. Worse, they’re meant to apply to every single health system in America. No regional variation. No State individuality. EVERYBODY.
In general, of course, the idea (initiated in ’96 by Bill Clinton) is a good one. Nobody wants their health info on YouTube. But while health information certainly is sensitive, the frank truth is that it isn’t high-value stuff. I’d be much more worried about someone using my identity information than my medical history to ruin my life. HIPAA policy – and the enforcement of it (they call it compliance) – has become an entire career field…all to protect information that is almost never interesting to anybody, even to the guys in ski-masks and dark glasses.
At any rate, it appears that doctors may not be able to talk to their own patients by email unless the system is hyper-encrypted to keep bad guys from getting the info and…oh, selling it on the medical info black market in Paraguay or whatever.
You can see that I have a dim view of government policymaking. I think government policy is often nothing more than a cathartic exercise for people with an above-average need to feel important. Writing stuff – even stupid stuff – that other people have to obey will make you feel important. In fact, the more stupid, the better. You’re in control. “DO IT!” you can demand, “Even if you think it’s dumb.” You’re The ALPHA.
Government wonks do this all the time, resulting in thousands of rules – which fulfills their own subconscious needs – that tend to be laughable and illogical when applied to every single human in America. HIPAA is supposedly in place to protect patients from losing their info. With respect to email correspondence between doc and patient, shouldn’t the actual patient themselves have the right to correspond with their doctor however they choose? No. You, dear ignorant patient (and doctor). You have no idea what is good for you. We here in Rached, D.C. will take care of you, whether you want us to or not.
The truth is that doctors, me included, HATE making phone calls. They take forever. The number is invariably wrong. You have to find somewhere to talk where your conversation isn’t going to be overheard. You NEVER get paid for them (unlike lawyers, who must have listened in their business classes). And often the patient isn’t there and you have to fret over leaving a message or not, never knowing who is going to hear the message, etc. (violating HIPAA, again) Ultimately, I feel bad that it takes me so long to get back to a patient when they leave me a message. Email is a perfect solution.
Or was…until policymakers totally remove this option from patients and their doctors.
The number of people edging themselves between patients and their doctors over the past 30 years is truly amazing – government, lawyers, insurance agents, pharmacy, to name a few. The evolution of this new army of medical middle-men, I believe, will be what is remembered about American medicine 100 years from now. And I think it will be looked upon as a largely aggressive and capitalistic change that generally harmed patients, not helped them.
secretwave101 
> Email is a perfect solution.
It is certainly convenient, but “perfect” may be going a little far. Here are some problems with using email for clinical correspondence with patients:
1) Email can be inadvertantly sent to the wrong recipient – sometimes as the result of the “auto-complete” functions in email clients.
2) Email can be caught in Spam filters and never seen by the intended recipient.
3) There is no way to be sure that only the intended recipient has access to that email address.
This is not to say email cannot be used. However, these items ought to be discussed with the patient before email is used. It should never be used to convey highly-sensitive information such as HIV results, mental health info, etc.
> it appears that doctors may not be able to talk to their own
> patients by email unless the system is hyper-encrypted
Encryption is not a “required” technical control under the HIPAA Security Rule. It is “addressable”, which means that each covered entity will have to perform their own risk analysis to determine whether encryption is appropriate or not. It IS HIPAA-compliant to communicate via email with patients without encryption provided the risk management has been documented. See 164.312(e)(1) Transmission Security.
> If you don’t know what HIPAA is, I recommend that you NOT
> educate yourself.
In the event readers of this blog would prefer to form their own educated opinions, the link below contains further guidance on the requirements of the HIPAA Security Rule:
http://www.cms.hhs.gov/EducationMaterials/04_SecurityMaterials.asp
LikeLike
@1: Spam filters can be made to go into a spam folder, if setup correctly. Pt can be instructed to add doc’s email addr to their addr book.
While 164.312 doesn’t require encryption, the legal liability it represents would be considerable if you as a doc go without it. Hence the push towards a financial institution style method of communication where you get an email letting you know that there is a message for you in your secure mailbox, esp till the day where s-email w/pgp becomes more widespread or some mutant thereof.
@BP: Here is an idea. CHARGE an yearly fee as a value add to your pts for email communication (via a secure channel ofcourse as described above). Decide what would be a reasonable amount. Then @ first pt visit, they can sign up for this service that they pay an yearly fee and will have access to a host of benefits. Detail out the benefits the pt can get. This is a win win situation since the doc gets paid, pt gets an alternate (more convenient) access channel. If the charge is reasonable, most pt’s would sign up. There are other strategic benefits. It’s part of a suite of what the business folks call CRM – it’ll help build pt/doctor relationship.
-Twitch @ SDN
LikeLike
> While 164.312 doesn’t require encryption, the legal liability it
> represents would be considerable if you as a doc go without
> it.
Definitely true. But don’t blame HIPAA. It is more from current “generally accepted security practices.”
LikeLike