HIPAA and Email – How Does Your Practice Deal with Compliance in a Digital Age?
Article by Marilee Veniegas
The internet has created a new business model for the smaller medical practice, specialty clinic and medical service (e.g. dermatologist, plastic surgeon, physical therapist, psychologist, et. al). More and more, patients are looking to communicate with their healthcare providers as they do in their personal and business lives – via email.
Email as a communication solution for the smaller clinic can be a time-saving resource. It can replace the many phone calls and postal mailings, adding a financial benefit to the smaller clinic.
Does email eliminate the office visit? No nothing can replace the personal face-to-face office visit, but email can be an additional tool clinicians can implement to streamline their practice.
Some healthcare practitioners do however feel that emailing their patients equates to working for free, but some clinics have already adopted charging for email consultations.
At some practices, patients pay a flat rate from 0 to several hundred dollars per year for this type of service. Harvard professor of medicine Dr. Daniel Z Sands, a proponent to a digital clinic, stated “I think it’s reasonable to assume that if lawyers and accountants charge for time, then physicians should too. (1)”
Sustainability of Health Information Technology is also on the government’s radar. As part of the President’s mandate to move the medical field towards a digital clinical setting within the next ten years (2). The National Coordinator for Health IT, Dr. David Brailer, noted the value-added benefit of investing in Healthcare IT:
Information technology supports treatment choices for consumers and enables better and more cost-effective care… Health IT not only adds value to the way people lead their lives, but it gets more out of our investment in healthcare overall. (3)
It is possible for clinics to shift towards a digital medical office while remaining financially solid. Rights management software tools have become a reality for the small and medium business office (4). Small Business Rights Management (SBRM) reflects a shift Rights Management software tools.
SBRM solutions provide clinics and practices of a smaller scale an equal level of user rights management and encryption previously available to larger medical organizations (e.g. state hospitals, large research facilities, university medical networks, etc.).
With any medical advance, the side affects of a solution or cure, must also be considered. While email is beneficial time-wise and financially, there are also cons to using this tool – many HIPAA related. According to the Health Privacy Project’s 2005 study, 70% of Americans are concerned that personal health information (PHI) could be disclosed as a result of weak data security (5)
Currently, healthcare organizations are required to provide a disclosure statement when communication is sent to their patients. A sample of a healthcare professional’s email disclosure statement may read like this:
Client information gathered by [Clinic or Organization's Name] is protected by Federal Law. If this communication contains any client information, including information which would identify a client, you are prohibited from redisclosing it to any person or organization in any manner, and you are required to maintain it as confidential. Failure to do so is punishable by civil and criminal penalties. If such information has reached you in error, please contact [Clinic or Organization's Name] email@example.com
With the advent of phishing, malware, and spyware, the unintended recipient could possibly spread a patients PHI like a virus; using or selling data to any number of damaging sites.
Protecting a patient’s PHI is an ingrained concept within the medical profession. Laws and government mandates are take this notion a step further, medical facilities not compliant to protecting their patient’s PHI face stiff penalties under HIPAA. PHI includes and is not limited to:
* Patient’s address, phone number* Treating Hospital/Clinic number assigned the patient* Patient’s date of birth/ SSN* Patients legal next of kin/guardian and their telephone number* Patient’s insurance information (pre-certification/ DSHS/ Medicare)* Anticipated Admission date and time<
While there are some drawbacks to email, patients want the option of emailing their doctor, pharmacist, therapist or clinic. “People are often more comfortable talking to a computer than they are to a doctor,” said Dr. Delbanco, a professor of medicine at the Harvard Medical School and the lead author of an article on doctors and e-mail in the New England Journal of Medicine (6).
Dealing with HIPAA compliance issues can often be frustrating to the small clinical practice. SBRM solutions bridge the gap between staying current with healthcare industry regulations and keeping a small physician practice open. Patient/client information, private communiqu