HIPAA and Email – How Does Your Practice Deal with Compliance in a Digital Age?

The internet has created a new business model for the smaller medical practice, specialty clinic and medical service (eg dermatologist, plastic surgeon, physical therapist, psychologist, et. Al). More and more, patients are looking to communicate with their healthcare providers as they do in their personal and business lives – via email.

Email as a communication solution for the smaller clinic can be a time-saving resource. It can replace the many phone calls and postal mailings, adding a financial benefit to the smaller clinic.

Does email eliminate the office visit? No, nothing can replace the personal face-to-face office visit, but email can be an additional tool clinicians can implement to streamline their practice.

Some healthcare practitioners do however feel that emailing their patients equates to working for free, but some clinics have already adopted charging for email consultations.

At some practices, patients pay a flat rate from $ 100 to several hundred dollars per year for this type of service. Harvard professor of medicine Dr. Daniel Z. Sands, a proponent to a digital clinic, stated "I think it's reasonable to assume that if lawyers and accountants charge for time, then physicians should too. (1)"

Sustainability of Health Information Technology is also on the government's radar. As part of the President's mandate to move the medical field towards a digital clinical setting within the next ten years (2). The National Coordinator for Health IT, Dr. David Brailer, noted the value-added benefit of investing in Healthcare IT:

Information technology supports treatment choices for consumers and enables better and more cost-effective care … Health IT not only adds value to the way people lead their lives, but it gets more out of our investment in healthcare overall. (3)

It is possible for clinics to shift towards a digital medical office while remaining financially solid. Rights management software tools have become a reality for the small and medium business office (4). Small Business Rights Management (SBRM) reflects a shift Rights Management software tools.

SBRM solutions provide clinics and practices of a smaller scale an equal level of user rights management and encryption previously available to larger medical organizations (eg state hospitals, large research facilities, university medical networks, etc.).

With any medical advance, the side affects of a solution or cure, must also be considered. While email is beneficial time-wise and financially, there are also cons to using this tool – many HIPAA related. According to the Health Privacy Project's 2005 study, 70% of Americans are concerned that personal health information (PHI) could be disclosed as a result of weak data security (5)

Currently, healthcare organizations are required to provide a disclosure statement when communication is sent to their patients. A sample of a healthcare professional's email disclosure statement may read like this:

Client information gathered by [Clinic or Organization's Name] is protected by Federal Law. If this communication contains any client information, including information which would identify a client, you are prohibited from redisclosing it to any person or organization in any manner, and you are required to maintain it as confidential. Failure to do so is punishable by civil and criminal penalties. Color : such information has the if Reached you in error, please contact [Clinic or Organization's Name] Contact@emailaddress.com

With the advent of phishing, malware, and spyware, the unintended recipient could possibly spread a patients PHI like a virus; using or selling data to any number of damaging sites.

Protecting a patient's PHI is an ingrained concept within the medical profession. Laws and government mandates are take this notion a step further, medical facilities not compliant to protecting their patient's PHI face stiff penalties under HIPAA. PHI includes and is not limited to:

  • Patient's address, phone number
  • Treating Hospital / Clinic number assigned the patient
  • Patient's date of birth / SSN
  • Patients legal next of kin / guardian and their telephone number
  • Patient's insurance information (pre-certification / DSHS / Medicare)
  • Anticipated Admission date and time

While there are some drawbacks to email, patients want the option of emailing their doctor, pharmacist, therapist or clinic. "People are often more comfortable talking to a computer than they are to a doctor," said Dr. Delbanco, a professor of medicine at the Harvard Medical School and the lead author of an article on doctors and e-mail in the New England Journal of Medicine (6).

Dealing with HIPAA compliance issues can often be frustrating to the small clinical practice. SBRM solutions bridge the gap between staying current with healthcare industry regulations and keeping a small physician practice open. Patient / client information, private communiqué regarding diagnosis / treatment, and medical billing can stay discreet, only the intended recipient will see this information.

With SBRM solutions; clinics do not have to worry that their email content breaks the Hippocratic Oath's creed of confidentiality by revealing patient's PHI. Healthcare providers can remain both respectful and compliant under HIPAA regarding the patient privacy.

– – – – – – – – – –

End Notes:

1.) Dr. Daniel Z. Sands as quoted in Liz Kowalczyk's article "Is E-Mailing the Future of Doctor-Patient Relations?" Boston Globe The, D2, April 27, 2004, Lexis Nexus – Http://www.lexisnexus.com

2.) United States Department of Health and Human Services, "Secretary Leavitt Takes New Steps to Advance Health IT," Press Release on HHS website, June 6, 2005, [http://www.os.dhhs.gov/]

3.) "Remarks by vBulletin® David Brailer, MD : PhD National Coordinator for Health Information Technology HIMSS 2005" February 17, 2005, Http://www.himss.org

4.) SBRM on Wikipedia – [http://en.wikipedia.org/wiki/Small_Business_Rights_Management]

5.) "Majority of Americans Have Privacy Concerns about Electronic Medical Record System," Health Privacy Project (www.heathprivacy.org): [http://www.healthprivacy.org/info-url_nocat2303/info-url_nocat_show.htm?doc_id = 263 085]

6.) Anahad O'Connor, "Take Two Aspirin, E-Mail Me Tomorrow," The New York Times, Section F; Column 5; Health & Fitness; 7., September 2005, Lexis Nexis – Http://www.lexisnexus.com 30