User login
The pandemic has isolated our patients to an unprecedented degree, forcing them to find other ways to communicate with us, including email.
Responses varied all over the map. Some refuse the medium entirely. “I politely say that I don’t practice dermatology via email,” said one. “Please schedule a teledermatology appointment and I’d be happy to help.”
Others are ambivalent: “I do email with some patients who have complex situations or quick questions, but if it gets out of hand then I let them know someone will call to make an appointment.” Another office treats them as a one-way street: “We set up one account to receive patients’ emails, but we tell them clearly that we don’t respond ... my staff or I call them back.”
Still others have assimilated it completely. “Patients email through the portal and my MA routes [them] to me. I answer questions and the MA responds ... staff loves it because it’s so much faster than the phone.”
A 1998 study in JAMA was more scientifically designed, but basically reached the same conclusion. The authors found “a striking lack of consensus” on how to deal with patient emails: 50% responded to them, but 31% of responders refused to give advice without seeing the patient, while 59% offered a diagnosis, and a third of that group went on to provide specific advice about therapy. In response to a follow-up questionnaire, 28% said that they tended not to answer any patient emails, 24% said they usually replied with a standard message, and 24% said they answer each request individually. The authors concluded that “standards for physician response to unsolicited patient emails are needed.”
Indeed, my own unscientific survey suggests that, more than 20 years later, there is still nothing resembling a consensus on this issue. In the interim, several groups, including the American Medical Informatics Association and the American Medical Association have proposed standards, but none have been generally accepted. Until that happens, it seems prudent for each individual practice to adopt its own guidelines. For ideas, take a look at the proposals from the groups I mentioned, plus any others you can find. When you’re done, consider running your list past your attorney to make sure you haven’t forgotten anything, and that there are no unique requirements in your state.
Your guidelines may be very simple (if you decide never to answer any queries) or very complex, depending on your situation and personal philosophy. But all guidelines should cover such issues as authentication of correspondents, informed consent, licensing jurisdiction (if you receive emails from states in which you are not licensed), and of course, confidentiality.
Contrary to popular belief, HIPAA does not prohibit email communication with patients, nor require that it be encrypted. The HIPAA website specifically says: “Patients may initiate communications with a provider using email. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual.”
Still, if you are not comfortable with unencrypted communication, encryption software can be added to your practice’s email system. Proofpoint, Tumbleweed, Zix, and many other vendors sell encryption packages. (As always, I have no financial interest in any product or enterprise mentioned in this column.)
Another option is web-based messaging: Patients enter your website and send a message using an electronic template that you design. A designated staffer will be notified by regular email when messages are received, and can post a reply on a page that can only be accessed by the patient. Besides enhancing privacy and security, you can state your guidelines in plain English to preclude any misunderstanding of what you will and will not address online.
Web-based messaging services can be freestanding or incorporated into existing secure websites. Medfusion and klara are among the leading vendors of secure messaging services.
The important thing is to make a firm decision on how you want to deal with emails, and stick with that method. And follow your guidelines.
Dr. Eastern practices dermatology and dermatologic surgery in Belleville, N.J. He is the author of numerous articles and textbook chapters, and is a longtime monthly columnist for Dermatology News. Write to him at [email protected].
The pandemic has isolated our patients to an unprecedented degree, forcing them to find other ways to communicate with us, including email.
Responses varied all over the map. Some refuse the medium entirely. “I politely say that I don’t practice dermatology via email,” said one. “Please schedule a teledermatology appointment and I’d be happy to help.”
Others are ambivalent: “I do email with some patients who have complex situations or quick questions, but if it gets out of hand then I let them know someone will call to make an appointment.” Another office treats them as a one-way street: “We set up one account to receive patients’ emails, but we tell them clearly that we don’t respond ... my staff or I call them back.”
Still others have assimilated it completely. “Patients email through the portal and my MA routes [them] to me. I answer questions and the MA responds ... staff loves it because it’s so much faster than the phone.”
A 1998 study in JAMA was more scientifically designed, but basically reached the same conclusion. The authors found “a striking lack of consensus” on how to deal with patient emails: 50% responded to them, but 31% of responders refused to give advice without seeing the patient, while 59% offered a diagnosis, and a third of that group went on to provide specific advice about therapy. In response to a follow-up questionnaire, 28% said that they tended not to answer any patient emails, 24% said they usually replied with a standard message, and 24% said they answer each request individually. The authors concluded that “standards for physician response to unsolicited patient emails are needed.”
Indeed, my own unscientific survey suggests that, more than 20 years later, there is still nothing resembling a consensus on this issue. In the interim, several groups, including the American Medical Informatics Association and the American Medical Association have proposed standards, but none have been generally accepted. Until that happens, it seems prudent for each individual practice to adopt its own guidelines. For ideas, take a look at the proposals from the groups I mentioned, plus any others you can find. When you’re done, consider running your list past your attorney to make sure you haven’t forgotten anything, and that there are no unique requirements in your state.
Your guidelines may be very simple (if you decide never to answer any queries) or very complex, depending on your situation and personal philosophy. But all guidelines should cover such issues as authentication of correspondents, informed consent, licensing jurisdiction (if you receive emails from states in which you are not licensed), and of course, confidentiality.
Contrary to popular belief, HIPAA does not prohibit email communication with patients, nor require that it be encrypted. The HIPAA website specifically says: “Patients may initiate communications with a provider using email. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual.”
Still, if you are not comfortable with unencrypted communication, encryption software can be added to your practice’s email system. Proofpoint, Tumbleweed, Zix, and many other vendors sell encryption packages. (As always, I have no financial interest in any product or enterprise mentioned in this column.)
Another option is web-based messaging: Patients enter your website and send a message using an electronic template that you design. A designated staffer will be notified by regular email when messages are received, and can post a reply on a page that can only be accessed by the patient. Besides enhancing privacy and security, you can state your guidelines in plain English to preclude any misunderstanding of what you will and will not address online.
Web-based messaging services can be freestanding or incorporated into existing secure websites. Medfusion and klara are among the leading vendors of secure messaging services.
The important thing is to make a firm decision on how you want to deal with emails, and stick with that method. And follow your guidelines.
Dr. Eastern practices dermatology and dermatologic surgery in Belleville, N.J. He is the author of numerous articles and textbook chapters, and is a longtime monthly columnist for Dermatology News. Write to him at [email protected].
The pandemic has isolated our patients to an unprecedented degree, forcing them to find other ways to communicate with us, including email.
Responses varied all over the map. Some refuse the medium entirely. “I politely say that I don’t practice dermatology via email,” said one. “Please schedule a teledermatology appointment and I’d be happy to help.”
Others are ambivalent: “I do email with some patients who have complex situations or quick questions, but if it gets out of hand then I let them know someone will call to make an appointment.” Another office treats them as a one-way street: “We set up one account to receive patients’ emails, but we tell them clearly that we don’t respond ... my staff or I call them back.”
Still others have assimilated it completely. “Patients email through the portal and my MA routes [them] to me. I answer questions and the MA responds ... staff loves it because it’s so much faster than the phone.”
A 1998 study in JAMA was more scientifically designed, but basically reached the same conclusion. The authors found “a striking lack of consensus” on how to deal with patient emails: 50% responded to them, but 31% of responders refused to give advice without seeing the patient, while 59% offered a diagnosis, and a third of that group went on to provide specific advice about therapy. In response to a follow-up questionnaire, 28% said that they tended not to answer any patient emails, 24% said they usually replied with a standard message, and 24% said they answer each request individually. The authors concluded that “standards for physician response to unsolicited patient emails are needed.”
Indeed, my own unscientific survey suggests that, more than 20 years later, there is still nothing resembling a consensus on this issue. In the interim, several groups, including the American Medical Informatics Association and the American Medical Association have proposed standards, but none have been generally accepted. Until that happens, it seems prudent for each individual practice to adopt its own guidelines. For ideas, take a look at the proposals from the groups I mentioned, plus any others you can find. When you’re done, consider running your list past your attorney to make sure you haven’t forgotten anything, and that there are no unique requirements in your state.
Your guidelines may be very simple (if you decide never to answer any queries) or very complex, depending on your situation and personal philosophy. But all guidelines should cover such issues as authentication of correspondents, informed consent, licensing jurisdiction (if you receive emails from states in which you are not licensed), and of course, confidentiality.
Contrary to popular belief, HIPAA does not prohibit email communication with patients, nor require that it be encrypted. The HIPAA website specifically says: “Patients may initiate communications with a provider using email. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual.”
Still, if you are not comfortable with unencrypted communication, encryption software can be added to your practice’s email system. Proofpoint, Tumbleweed, Zix, and many other vendors sell encryption packages. (As always, I have no financial interest in any product or enterprise mentioned in this column.)
Another option is web-based messaging: Patients enter your website and send a message using an electronic template that you design. A designated staffer will be notified by regular email when messages are received, and can post a reply on a page that can only be accessed by the patient. Besides enhancing privacy and security, you can state your guidelines in plain English to preclude any misunderstanding of what you will and will not address online.
Web-based messaging services can be freestanding or incorporated into existing secure websites. Medfusion and klara are among the leading vendors of secure messaging services.
The important thing is to make a firm decision on how you want to deal with emails, and stick with that method. And follow your guidelines.
Dr. Eastern practices dermatology and dermatologic surgery in Belleville, N.J. He is the author of numerous articles and textbook chapters, and is a longtime monthly columnist for Dermatology News. Write to him at [email protected].