User login
I recently received a lengthy e-mail from a very worried woman. She claimed to be an established patient in my office, which I had no way of confirming because she did not sign her message. She asked many questions about sexually transmitted diseases and how they might affect her and a new boyfriend.
I was undecided on how to reply, or even whether to reply at all, so I posted my dilemma on the DermChat e-mail list to see how other dermatologists might handle such a situation.
Responses were all over the map—from “I never answer patient e-mails” to “What harm could it do, she's better off getting correct answers from you than incorrect answers from some 'advocacy' Web site”—and everything in between.
Clearly, this is a controversial issue that will only get more controversial in the future, so I decided to look at what has been published on the subject.
It turns out that, as early as 1998, two German investigators asked this same question and designed a study to address it (JAMA 1998;280:1333–5). Posing as a fictitious patient, they sent e-mails describing an acute dermatologic problem to random Web sites offering dermatologic information, tallied the responses they received, and followed up with a questionnaire to responders and nonresponders alike.
As with my informal survey, the authors found what they termed “a striking lack of consensus” on how to deal with this situation: Of the 50% who responded to the fictitious patient's e-mail, 31% refused to give advice without seeing the patient, but 59% offered a diagnosis, with a third of that group going on to provide specific advice about therapy.
In response to the questionnaire, 28% said that they tended not to answer any patient e-mails, 24% said they usually replied with a standard message, and 24% said they answered each request individually. The investigators concluded that “standards for physician response to unsolicited patient e-mail are needed.”
Unfortunately, my DermChat survey suggests that, 10 years later, there is still nothing like a consensus on this issue.
In the interim, several groups, including the American Medical Informatics Association http://134.174.100.34/AMIA%20E-mail%20Guidelines.pdfwww.medem.com/phy/phy_eriskguidelines.cfmwww.ama-assn.org/apps/pf_new/pf_oline?f_n=browse&doc=policyfiles/HnE/H-478.997.htm
Your guidelines may be very simple (if you decide never to answer any queries) or very complex, depending on your situation and personal philosophy, but all guidelines should cover such issues as authentication of patient correspondents, informed consent of those patients, licensing jurisdiction (if you receive e-mails from states in which you are not licensed), and above all, confidentiality.
Contrary to popular belief, ordinary unencrypted e-mail does not necessarily violate the Health Insurance Portability and Accountability Act (HIPAA). As I've noted many times, HIPAA allows you to handle medical information in just about any way you wish, as long as patients are informed of what you are doing and accept any associated risks of breach of privacy. As long as the Notice of Privacy Practices that you distribute to patients explains your e-mail policies, and each e-mail includes a standard confidentiality disclaimer, most experts say you will be HIPAA compliant.
If the lack of encryption and other privacy safeguards makes you or your patients uncomfortable, encryption software can be added to your practice's e-mail system. Rather than simply encrypting your e-mail, though, consider adopting Web-based messaging. Patients enter your Web site and send a message using an electronic template that you design. You (or a designated staffer) will be notified by regular e-mail when messages are received, and you can post a reply on a page that can only be accessed by the patient. Besides enhancing privacy and security, you can state your guidelines to preclude any misunderstanding of what you will and will not address online.
Web-based messaging services can be freestanding or incorporated into existing secure Web sites.
And the e-mail query that triggered all of this? I responded, but told the patient I could not provide specific answers to such personal questions over the Internet, particularly when they were asked anonymously. I said I would be happy to address her concerns in person, in my office.
And now, I'm writing my guidelines.
To respond to this column, e-mail Dr. Eastern at [email protected]
I recently received a lengthy e-mail from a very worried woman. She claimed to be an established patient in my office, which I had no way of confirming because she did not sign her message. She asked many questions about sexually transmitted diseases and how they might affect her and a new boyfriend.
I was undecided on how to reply, or even whether to reply at all, so I posted my dilemma on the DermChat e-mail list to see how other dermatologists might handle such a situation.
Responses were all over the map—from “I never answer patient e-mails” to “What harm could it do, she's better off getting correct answers from you than incorrect answers from some 'advocacy' Web site”—and everything in between.
Clearly, this is a controversial issue that will only get more controversial in the future, so I decided to look at what has been published on the subject.
It turns out that, as early as 1998, two German investigators asked this same question and designed a study to address it (JAMA 1998;280:1333–5). Posing as a fictitious patient, they sent e-mails describing an acute dermatologic problem to random Web sites offering dermatologic information, tallied the responses they received, and followed up with a questionnaire to responders and nonresponders alike.
As with my informal survey, the authors found what they termed “a striking lack of consensus” on how to deal with this situation: Of the 50% who responded to the fictitious patient's e-mail, 31% refused to give advice without seeing the patient, but 59% offered a diagnosis, with a third of that group going on to provide specific advice about therapy.
In response to the questionnaire, 28% said that they tended not to answer any patient e-mails, 24% said they usually replied with a standard message, and 24% said they answered each request individually. The investigators concluded that “standards for physician response to unsolicited patient e-mail are needed.”
Unfortunately, my DermChat survey suggests that, 10 years later, there is still nothing like a consensus on this issue.
In the interim, several groups, including the American Medical Informatics Association http://134.174.100.34/AMIA%20E-mail%20Guidelines.pdfwww.medem.com/phy/phy_eriskguidelines.cfmwww.ama-assn.org/apps/pf_new/pf_oline?f_n=browse&doc=policyfiles/HnE/H-478.997.htm
Your guidelines may be very simple (if you decide never to answer any queries) or very complex, depending on your situation and personal philosophy, but all guidelines should cover such issues as authentication of patient correspondents, informed consent of those patients, licensing jurisdiction (if you receive e-mails from states in which you are not licensed), and above all, confidentiality.
Contrary to popular belief, ordinary unencrypted e-mail does not necessarily violate the Health Insurance Portability and Accountability Act (HIPAA). As I've noted many times, HIPAA allows you to handle medical information in just about any way you wish, as long as patients are informed of what you are doing and accept any associated risks of breach of privacy. As long as the Notice of Privacy Practices that you distribute to patients explains your e-mail policies, and each e-mail includes a standard confidentiality disclaimer, most experts say you will be HIPAA compliant.
If the lack of encryption and other privacy safeguards makes you or your patients uncomfortable, encryption software can be added to your practice's e-mail system. Rather than simply encrypting your e-mail, though, consider adopting Web-based messaging. Patients enter your Web site and send a message using an electronic template that you design. You (or a designated staffer) will be notified by regular e-mail when messages are received, and you can post a reply on a page that can only be accessed by the patient. Besides enhancing privacy and security, you can state your guidelines to preclude any misunderstanding of what you will and will not address online.
Web-based messaging services can be freestanding or incorporated into existing secure Web sites.
And the e-mail query that triggered all of this? I responded, but told the patient I could not provide specific answers to such personal questions over the Internet, particularly when they were asked anonymously. I said I would be happy to address her concerns in person, in my office.
And now, I'm writing my guidelines.
To respond to this column, e-mail Dr. Eastern at [email protected]
I recently received a lengthy e-mail from a very worried woman. She claimed to be an established patient in my office, which I had no way of confirming because she did not sign her message. She asked many questions about sexually transmitted diseases and how they might affect her and a new boyfriend.
I was undecided on how to reply, or even whether to reply at all, so I posted my dilemma on the DermChat e-mail list to see how other dermatologists might handle such a situation.
Responses were all over the map—from “I never answer patient e-mails” to “What harm could it do, she's better off getting correct answers from you than incorrect answers from some 'advocacy' Web site”—and everything in between.
Clearly, this is a controversial issue that will only get more controversial in the future, so I decided to look at what has been published on the subject.
It turns out that, as early as 1998, two German investigators asked this same question and designed a study to address it (JAMA 1998;280:1333–5). Posing as a fictitious patient, they sent e-mails describing an acute dermatologic problem to random Web sites offering dermatologic information, tallied the responses they received, and followed up with a questionnaire to responders and nonresponders alike.
As with my informal survey, the authors found what they termed “a striking lack of consensus” on how to deal with this situation: Of the 50% who responded to the fictitious patient's e-mail, 31% refused to give advice without seeing the patient, but 59% offered a diagnosis, with a third of that group going on to provide specific advice about therapy.
In response to the questionnaire, 28% said that they tended not to answer any patient e-mails, 24% said they usually replied with a standard message, and 24% said they answered each request individually. The investigators concluded that “standards for physician response to unsolicited patient e-mail are needed.”
Unfortunately, my DermChat survey suggests that, 10 years later, there is still nothing like a consensus on this issue.
In the interim, several groups, including the American Medical Informatics Association http://134.174.100.34/AMIA%20E-mail%20Guidelines.pdfwww.medem.com/phy/phy_eriskguidelines.cfmwww.ama-assn.org/apps/pf_new/pf_oline?f_n=browse&doc=policyfiles/HnE/H-478.997.htm
Your guidelines may be very simple (if you decide never to answer any queries) or very complex, depending on your situation and personal philosophy, but all guidelines should cover such issues as authentication of patient correspondents, informed consent of those patients, licensing jurisdiction (if you receive e-mails from states in which you are not licensed), and above all, confidentiality.
Contrary to popular belief, ordinary unencrypted e-mail does not necessarily violate the Health Insurance Portability and Accountability Act (HIPAA). As I've noted many times, HIPAA allows you to handle medical information in just about any way you wish, as long as patients are informed of what you are doing and accept any associated risks of breach of privacy. As long as the Notice of Privacy Practices that you distribute to patients explains your e-mail policies, and each e-mail includes a standard confidentiality disclaimer, most experts say you will be HIPAA compliant.
If the lack of encryption and other privacy safeguards makes you or your patients uncomfortable, encryption software can be added to your practice's e-mail system. Rather than simply encrypting your e-mail, though, consider adopting Web-based messaging. Patients enter your Web site and send a message using an electronic template that you design. You (or a designated staffer) will be notified by regular e-mail when messages are received, and you can post a reply on a page that can only be accessed by the patient. Besides enhancing privacy and security, you can state your guidelines to preclude any misunderstanding of what you will and will not address online.
Web-based messaging services can be freestanding or incorporated into existing secure Web sites.
And the e-mail query that triggered all of this? I responded, but told the patient I could not provide specific answers to such personal questions over the Internet, particularly when they were asked anonymously. I said I would be happy to address her concerns in person, in my office.
And now, I'm writing my guidelines.
To respond to this column, e-mail Dr. Eastern at [email protected]