Technology has become a part of our everyday lives but using technology correctly in a psychiatric practice is imperative and a key tool to a successful physician practice. Here are several do’s and don’ts to consider when using technology.
Always use HIPAA-compliant software and platforms for electronic communications, medical records, and telemedicine. When using any software platform, obtain a Business Associate Agreement (BAA) from the licensor. A BAA is required under HIPAA and confirms that the licensor attests to being HIPAA compliant.
Obtain your patients’ informed consent when using email and text communications. Best practice is to incorporate patient consent in the initial intake paperwork. A patient should always have the option to opt out of the use of text and email when communicating with his or her physician. Send emails and documents securely using encryption. Texting should be limited to confirming and canceling appointments and should not be used for discussions related to care and treatment. If the patient emails or texts you regarding care, add the information to the medical record to document the discussion verbatim and remind the patient of your policy. Documenting emails and texts does not replace the original communications. Remind patients that just because you are sending information encrypted and securely does not mean it may not be intercepted.
HIPAA requires health care professionals to implement procedures and policies designed to protect patient data. To maintain the patient’s privacy, access to the patients’ medical records should be limited only to staff members that need access to the information to do their job, and each user should have a unique log-in identifier. Remember to use a separate tab or system for maintaining psychotherapy notes with access limited to just the treating clinician.
All electronic devices maintain metadata. The metadata capture every key stroke made in a patient’s medical record, including deleted items. Plaintiff attorneys have become savvy to the use of metadata in medical malpractice actions. Never alter or delete information as it may be considered altering the medical record. A plaintiff attorney may hire an IT specialist to view the metadata to determine if the medical record was altered. An altered medical record could make a potentially defensible case indefensible.
When providing telehealth services, never use forward-facing platforms where unintended third parties can join the video session. Ensure the video session is only accessible to you and your patient. Remind patients that recording sessions is allowed only with your express consent. Some states allow for only one-party consent to a recording and, therefore, it is best to include in your office practice procedures that patients cannot record sessions without your consent.
Maintain control over your electronic devices. Cellphones, laptops, and tablets can be easily lost or stolen. Make sure your portable devices have a backup system so that if the device is misplaced, the information can be wiped remotely, and information stored in the backup system can be retrieved to protect patient privacy. Consult a specialist familiar with health care IT for advice.
Whenever questions arise regarding the use of technology in your practice, consider consulting with a health care IT specialist, risk management professional, or practice attorney. ■
This information is provided as a risk management resource for Allied World policyholders and should not be construed as legal or clinical advice. This material may not be reproduced or distributed without the express, written permission of Allied World Assurance Company Holdings, Ltd, a Fairfax company (“Allied World”). Risk management services are provided by or arranged through AWAC Services Company, a member company of Allied World. © 2023 Allied World Assurance Company Holdings, Ltd. All Rights Reserved.