When emailing with patients, psychiatrists may encounter unique challenges in trying to protect patient confidentiality and ensure appropriate patient and psychiatrist use of email. The following steps can help you evaluate the measures needed to protect patient confidentiality, minimize liability exposures, and engage in appropriate email communication with patients.
First, obtain your patient’s written informed consent to use email communication. Document the patient’s informed consent, including acknowledgment of the security and risks associated with the use of email. When using email, the psychiatrist and the patient both have responsibilities.
Psychiatrist Responsibilities
•
Use a secure, encrypted email communication system. Encryption software protects messages during transmission and storage by requiring user authentication and linking the person’s identity to the email address.
•
Clarify the permissible purposes for your practice of email communication with patients, such as prescription renewal requests and appointment scheduling. Consider providing a table listing appropriate and inappropriate topics for email communication (see example below left).
•
Consider using a practice-dedicated email address with an automatic response indicating email response time (generally within 24 to 48 hours) that instructs patients to seek immediate help for urgent matters.
•
Inform patients that all email communication is part of the medical record.
•
Advise patients of staff who may view the email.
Patient Responsibilities
•
Use email solely according to the practice’s defined purposes.
•
Acknowledge in writing that emails are not to be used for urgent or emergency situations.
•
Use a personal and not a work email address, given that work email may not be afforded confidentiality protections.
Again, encrypt all email communications. Although patients can request unencrypted communications, if you send unencrypted emails, advise the patient of the risk to privacy and confidentiality. If a patient still prefers the use of unencrypted email, document that you advised the patient about the potential for unauthorized access to the information and obtain consent to proceed with sending the email unencrypted.
As with all patient communication, keep email communication professional. Thus, avoid using slang, medical jargon, and abbreviations and making typographical errors that give the impression of sloppiness. In addition, be mindful of the following questions:
•
Who is reading the email? How do you know that the patient is the only one reading the email?
•
How do you ensure that the patient actually received the email? Consider adding the tag “Request a Read Receipt” as a means to ensure that the patient received the email.
•
Are safety protocols in place? Consider using an “out of office” message when you are away so your patients know you are not available. Ensure that the message includes how to contact your covering practitioner and what to do in case of an emergency (similar to the message you would use on your voicemail system).
Be aware that using email communication with patients can be a slippery slope. For example, while you may permit using emails for appointment scheduling purposes, the patient might begin emailing more frequently and for more involved clinical questions. Should this occur, do not ignore the email. Respond to the patient and remind him or her of the permissible information that can be shared via email and ask the patient to schedule an appointment to see you in the office or to telephone you. Address the authorized use of email communication directly with the patient at the next treatment session. Document the conversation.
Use emails to supplement face-to-face encounters, not to establish a physician-patient relationship. Beware of inadvertently establishing a physician-patient relationship by answering specific clinical questions via email with individuals not in your care.
Another precautionary measure is to confirm that you are sending the email to the patient’s correct email address. Sending confidential information to the wrong person could lead to a breach of confidentiality and/or allegation or complaint to the state Board of Medicine. Consider sending an email to the patient to confirm the address prior to sending any email containing patient health information.
Treat email communication as a helpful and critical means of patient engagement and always ascertain that your email communications are appropriate, confidential, and professional. ■
This information is provided as a risk management resource for Allied World policyholders and should not be construed as legal or clinical advice. This material may not be reproduced or distributed without the express, written permission of Allied World Assurance Company Holdings, GmbH, a Fairfax company (“Allied World”). Risk management services are provided by or arranged through AWAC Services Company, a member company of Allied World.