User login
CHICAGO – An inadequately designed medical practice website can pose serious legal dangers, said Michael J. Sacopulos, a medical malpractice defense attorney based in Terre Haute, Ind.
Here is a list of website to-dos that can reduce your legal risks:
• Post emergency information on the website contact page. Unlike the practice’s phone system, the website may fail to include a disclaimer that the patient should call 911 if experiencing a medical emergency.
• Provide disclaimers about doctor-patient relationship. In addition, it’s important that the website includes a warning that communications through the website do not constitute a doctor-patient relationship, Mr. Sacopulos said during an American Bar Association conference. “Most [websites] have a box where you can leave comments. [People need to be told] that it does not create a physician-patient relationship when they describe their medical condition, sometimes even posting photographs.”
• Advise regarding comment security. Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, medical information sent through electronic channels must be encrypted unless a patient consents otherwise. If information can be transmitted through a website’s comment box, patients should be advised that the transmission is not secure before they send their information, Mr. Sacopulos said.
• Secure any online appointment scheduling. Make sure that patients’ names and personal information are not visible to other patients when they schedule appointments, he said. A cardiology practice in Phoenix learned this the hard way when it had to pay the U.S. Department of Health & Human Services $100,000 for lack of HIPAA safeguards online. An investigation by the Office for Civil Rights found the practice was posting clinical and surgical appointments for patients on an Internet-based calendar that was publicly accessible.
• Ensure patient anonymity. The accidental release of private medical information occurred on the website of a St. Louis physician who obtained consent from her patients to include their before and after photos. No names were posted with the photos, but the computer file names of the photos included the patients’ names, and when a person scrolled over a photo with a cursor, the file name popped up. This allowed the public to view the patient name associated with each photo and caused serious problems for the practice, including litigation, he noted.
• Be aware of state board requirements that pertain to physician practice websites. Several state boards do not allow testimonials to be posted on websites. States also differ on the inclusion of before and after photos. New Jersey, for example, allows before and after photos on websites, while New York does not. Some state boards allow doctors to cite that they are board certified on a website without specifics, while states such as Louisiana require that physicians announce the specific certifying board.
“These are ethical and affirmative duties on behalf of physicians that oftentimes come up in websites,” he said.
• Adhere to the Americans With Disabilities Act (ADA). A website is considered real estate for purposes of the ADA, meaning it must include an accessible format to patients with disabilities, Mr. Sacupulos said. Problems arise when certain website features make sites difficult or incompatible with assistance devices that disabled patients require, such as a screen reader or voice interactive software. The National Federation for the Blind has been active in this area and has filed multiple class action lawsuits against companies that did not have compliant websites, he said. An ADA tool kit for best website practices can be found online.
• Hire an experienced Web designer to create the practice’s website. Too often, practices use a family member or friend to set up the company’s page, Mr. Sacupulos said. In one such instance, a young designer became angry at his doctor employer and set up a false website in his name, alleging abuses against patients. “Work with someone credible,” he advised. “Make sure you own your own domain. Many of these Web designers will purchase the domain name and build a site around it, which is great until you want to move to the next Web designer, and then you have to buy your domain back.”
On Twitter @legal_med
CHICAGO – An inadequately designed medical practice website can pose serious legal dangers, said Michael J. Sacopulos, a medical malpractice defense attorney based in Terre Haute, Ind.
Here is a list of website to-dos that can reduce your legal risks:
• Post emergency information on the website contact page. Unlike the practice’s phone system, the website may fail to include a disclaimer that the patient should call 911 if experiencing a medical emergency.
• Provide disclaimers about doctor-patient relationship. In addition, it’s important that the website includes a warning that communications through the website do not constitute a doctor-patient relationship, Mr. Sacopulos said during an American Bar Association conference. “Most [websites] have a box where you can leave comments. [People need to be told] that it does not create a physician-patient relationship when they describe their medical condition, sometimes even posting photographs.”
• Advise regarding comment security. Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, medical information sent through electronic channels must be encrypted unless a patient consents otherwise. If information can be transmitted through a website’s comment box, patients should be advised that the transmission is not secure before they send their information, Mr. Sacopulos said.
• Secure any online appointment scheduling. Make sure that patients’ names and personal information are not visible to other patients when they schedule appointments, he said. A cardiology practice in Phoenix learned this the hard way when it had to pay the U.S. Department of Health & Human Services $100,000 for lack of HIPAA safeguards online. An investigation by the Office for Civil Rights found the practice was posting clinical and surgical appointments for patients on an Internet-based calendar that was publicly accessible.
• Ensure patient anonymity. The accidental release of private medical information occurred on the website of a St. Louis physician who obtained consent from her patients to include their before and after photos. No names were posted with the photos, but the computer file names of the photos included the patients’ names, and when a person scrolled over a photo with a cursor, the file name popped up. This allowed the public to view the patient name associated with each photo and caused serious problems for the practice, including litigation, he noted.
• Be aware of state board requirements that pertain to physician practice websites. Several state boards do not allow testimonials to be posted on websites. States also differ on the inclusion of before and after photos. New Jersey, for example, allows before and after photos on websites, while New York does not. Some state boards allow doctors to cite that they are board certified on a website without specifics, while states such as Louisiana require that physicians announce the specific certifying board.
“These are ethical and affirmative duties on behalf of physicians that oftentimes come up in websites,” he said.
• Adhere to the Americans With Disabilities Act (ADA). A website is considered real estate for purposes of the ADA, meaning it must include an accessible format to patients with disabilities, Mr. Sacupulos said. Problems arise when certain website features make sites difficult or incompatible with assistance devices that disabled patients require, such as a screen reader or voice interactive software. The National Federation for the Blind has been active in this area and has filed multiple class action lawsuits against companies that did not have compliant websites, he said. An ADA tool kit for best website practices can be found online.
• Hire an experienced Web designer to create the practice’s website. Too often, practices use a family member or friend to set up the company’s page, Mr. Sacupulos said. In one such instance, a young designer became angry at his doctor employer and set up a false website in his name, alleging abuses against patients. “Work with someone credible,” he advised. “Make sure you own your own domain. Many of these Web designers will purchase the domain name and build a site around it, which is great until you want to move to the next Web designer, and then you have to buy your domain back.”
On Twitter @legal_med
CHICAGO – An inadequately designed medical practice website can pose serious legal dangers, said Michael J. Sacopulos, a medical malpractice defense attorney based in Terre Haute, Ind.
Here is a list of website to-dos that can reduce your legal risks:
• Post emergency information on the website contact page. Unlike the practice’s phone system, the website may fail to include a disclaimer that the patient should call 911 if experiencing a medical emergency.
• Provide disclaimers about doctor-patient relationship. In addition, it’s important that the website includes a warning that communications through the website do not constitute a doctor-patient relationship, Mr. Sacopulos said during an American Bar Association conference. “Most [websites] have a box where you can leave comments. [People need to be told] that it does not create a physician-patient relationship when they describe their medical condition, sometimes even posting photographs.”
• Advise regarding comment security. Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, medical information sent through electronic channels must be encrypted unless a patient consents otherwise. If information can be transmitted through a website’s comment box, patients should be advised that the transmission is not secure before they send their information, Mr. Sacopulos said.
• Secure any online appointment scheduling. Make sure that patients’ names and personal information are not visible to other patients when they schedule appointments, he said. A cardiology practice in Phoenix learned this the hard way when it had to pay the U.S. Department of Health & Human Services $100,000 for lack of HIPAA safeguards online. An investigation by the Office for Civil Rights found the practice was posting clinical and surgical appointments for patients on an Internet-based calendar that was publicly accessible.
• Ensure patient anonymity. The accidental release of private medical information occurred on the website of a St. Louis physician who obtained consent from her patients to include their before and after photos. No names were posted with the photos, but the computer file names of the photos included the patients’ names, and when a person scrolled over a photo with a cursor, the file name popped up. This allowed the public to view the patient name associated with each photo and caused serious problems for the practice, including litigation, he noted.
• Be aware of state board requirements that pertain to physician practice websites. Several state boards do not allow testimonials to be posted on websites. States also differ on the inclusion of before and after photos. New Jersey, for example, allows before and after photos on websites, while New York does not. Some state boards allow doctors to cite that they are board certified on a website without specifics, while states such as Louisiana require that physicians announce the specific certifying board.
“These are ethical and affirmative duties on behalf of physicians that oftentimes come up in websites,” he said.
• Adhere to the Americans With Disabilities Act (ADA). A website is considered real estate for purposes of the ADA, meaning it must include an accessible format to patients with disabilities, Mr. Sacupulos said. Problems arise when certain website features make sites difficult or incompatible with assistance devices that disabled patients require, such as a screen reader or voice interactive software. The National Federation for the Blind has been active in this area and has filed multiple class action lawsuits against companies that did not have compliant websites, he said. An ADA tool kit for best website practices can be found online.
• Hire an experienced Web designer to create the practice’s website. Too often, practices use a family member or friend to set up the company’s page, Mr. Sacupulos said. In one such instance, a young designer became angry at his doctor employer and set up a false website in his name, alleging abuses against patients. “Work with someone credible,” he advised. “Make sure you own your own domain. Many of these Web designers will purchase the domain name and build a site around it, which is great until you want to move to the next Web designer, and then you have to buy your domain back.”
On Twitter @legal_med
EXPERT ANALYSIS FROM THE PHYSICIANS LEGAL ISSUES CONFERENCE