Article
Privacy, security, professionalism remain top priorities as use of e-messaging, patient portals, and social media grows.
As online capabilities help you update your practices, coordinate care, and communicate with patients using patients’ preferred methods, they also present legal and ethical challenges. “Physicians must be vigilant about the potential to blur lines between professional and social spheres,” says David A. Fleming, MD, FACP, chairman of the American College of Physicians Ethics, Professionalism, and Human Rights Committee. “Care must be taken to ensure that standards for confidentiality, professional relationships, and boundaries online are in line with those we adhere to in the clinic.”
Patients may not be as concerned with the blurring of professional and social relationships, but regardless, you must retain a level of professionalism and be extremely careful when pursuing avenues of electronic communication. Reid Blackwelder MD, FAAFP, president-elect of the American Academy of Family Physicians (AAFP) encourages physicians to be creative but to also take caution.
“Electronic connections like email and other things should be happening,” he says. “But what’s most important is ensuring that guidelines for privacy are being followed and policies are in place.”
A top priority should be protecting patient privacy and health information under the Health Insurance Portability and Accountability Act (HIPAA).
Although electronic communication between a patient and physician is permitted under HIPAA, it’s not without significant risks. If patient information is sent to the incorrect person, or a message is intercepted, it might be considered a breach under HIPAA and, possibly, state laws.
Not only do you risk credibility and career by failing to comply with HIPAA, you also face significant financial penalties. Penalties can range from $100 per incident to $1.5 million per incident depending on the nature, intent, and other factors, according to Stacey Gulick, JD, a partner at New Jersey law firm Garfunkel Wild PC, where she serves on the firm’s HIPAA compliance and healthcare information and technology groups, among others.
Gulick recommends that providers type up an agreement for patients to sign confirming, in writing, that they have agreed to receive certain forms of electronic communication.
“Although it’s not required or even mentioned under HIPAA or any laws that I know of, I think it’s a good affirmative defense,” she says. “Be sure to include cautions that the information can be hacked, intercepted, received by the wrong party, to show upfront that the patient understood and still agreed to the communication.”
Remember that sensitive patient information, such as communication regarding HIV, substance abuse, and mental health, typically is subject to stringent laws, Gulick advises.
According to a 2001 report by the Institute of Medicine’s Committee on Quality of Healthcare called “Crossing the Quality Chasm,” a blueprint of sorts for healthcare in the 21st century, healthcare must shift from episodic care based on visits and the need to schedule appointments to a continuous process of communication and care. Electronic communication can help facilitate this goal.
“The way healthcare has been delivered is a bit archaic,” says Joseph E. Scherger, MD, MPH, vice president of primary care and academic affairs at the Eisenhower Medical Center and Eisenhower Argyros Health Center in La Quinta, California, and a Medical Economics editorial board member. “The Internet allows healthcare to be continuous by allowing patients to be active participants in their own care. It’s an exciting time. The advancement of online applications is going to revolutionize care.”
Michael D. Brown, CHBC, a practice management consultant at Health Care Economics and a Medical Economics editorial consultant, says that although more physicians are becoming technology-savvy, he hasn’t seen a major shift across the country where everybody is using certain tools. In fact, he estimates that only 10% of the doctors he interacts with are using any type of electronic communication to communicate with patients and colleagues.
Despite adapting to new drugs, new tests, and new science, it’s easy for physicians to fall prey to routine. But as times change, physicians must, too. Here is advice on how to use the most common forms of electronic communication in your practice in a safe and compliant way.
1/ E-messaging
Patients who have online access to their physicians and other healthcare professionals, including via secure email communication, increase their use of in-person and telephone clinical services, according to a study published in 2012 in the Journal of the American Medical Association (JAMA).
A study by electronic communication vendor Televox showed that 85% of consumers think email, text messages, and voicemails are as helpful as in-person or phone conversations with their healthcare providers. But patients would rather receive via email feedback following in-person visits with their doctors (59%), notices for seasonal health offers such as flu shots (55%), and payment reminders (56%) than receive this information via text message, phone call, or voicemail, according to the survey. For patient care between visits, 49% of patients said they prefer email communication. The survey also found that 85% of consumers think email, text messages, and voicemails are as helpful as in-person or phone conversations with their healthcare providers. (See “Patient preferences,” below, for more information.)
Brown says that most physicians with whom he interacts daily are communicating through email, both with colleagues and patients.
“It’s just such a great tool, especially in primary care, if you want to give a patient an update,” he says. “For example, if they need to come in for a lab test or for test results...it would not be breaching confidentiality.”
But be mindful of your practice demographics when it comes to making the shift to electronic communication, including email, Brown advises. For example, Medicare-aged patients could be offended or confused by the nature or intent of an email message.
“It might be a great mechanism to use, but it’s only as good as the patient, if you will,” he says. “It has to be the right population, the right demographic, the right intellect level, and the right acceptance level, which I would say are people 60 and under. It definitely doesn’t apply to everybody.”
Although Brown hasn’t seen too many physicians texting patients, it can be an invitation for potential problems. The main concern under HIPAA is whether an electronic message is encrypted or secure, and texting lacks encryption options. Therefore, communication via text is not as secure and could be potentially risky for physicians.
If you send text or email messages to patients without encrypting them, then Gulick recommends including it in your risk analysis.
“If messages are intercepted or hacked, the physician has exposure, because it may be considered a breach under HIPAA and perhaps even under state laws,” she says.
If a patient has a physician’s cell phone number, Scherger says, he or she may find it convenient to text status updates to the doctor-for instance, to relay that he or she is following healthful exercise and eating habits. These types of interactions would most likely be deemed safe, as the patient is driving and initiating the communication, but physicians still should be cautious.
“Patients and physicians need to think of healthcare communication like communication with a bank or retirement fund manager,” he says. “These are communications that you want to have pretty securely.”
If you already feel burdened by the size of your patient panel, then adopting electronic communication methods may seem like additional work. Scherger, however, who started giving out his email address to patients in 1997, advises physicians to instead look at electronic communication as the new first tier or front door to their practice.
“The idea of every patient being able to email a physician can cause them to break out in a cold sweat,” he says. “But every day, physicians are meeting demands and dealing with the needs of patients. There are different efficiencies in meeting that demand.”
Mark Murray, MD, a pioneer of open access and head of a large primary care department at a Kaiser Permanente facility in Northern California, has said that for every primary care physician (PCP) with 2,000 patients, there are about 50 needs on a daily basis. By taking 20 to 30 of those needs and directing them through an a-synchronous, mutually convenient communication that only takes seconds, you can make time for the other interactions.
Traditionally, patient needs have been handled via telephone and face-to-face visits. An average call to the office often requires multiple tries and might take up to 10 minutes of an office’s time. An in-person visit will occupy at least 20 minutes of time to complete charting, processing, and treatment of the patient. Alternatively, a typical email interaction takes less than a minute and is much more efficient. Scherger says that in an average day, he emails 20 to 30 patients in a total of 30 minutes.
His practice also uses RelayHealth, an online communication vendor, to handle a majority of patient communication throughout the day. The practice promises a 24-hour or same-day response to its 6,400 patients and sees as many patients as a typical office would but spends twice as much time with them, Scherger says.
“We’re able to deliver primary care with longer visits and a much more relaxed and on-time schedule because we’re meeting the other needs more efficiently,” he says. “Visits can be longer and more professional by shifting the demand of a practice into more efficient methods of communication.”
It’s important to establish a financial model that supports an electronic platform for communication and care. For example, consider financing your efforts through a medical home care coordination payment or charging patients a monthly or annual membership fee for providing online services.
Scherger’s practice takes a hybrid approach, accepting payments for visits as well as patient membership fees for unlimited online access to RelayHealth. Paying patients are able to communicate with secretarial staff and nurses during office hours and with physicians 7 days a week. The fee, Scherger says, depends on age for access. Patients aged 55 or fewer years pay $395 annually, whereas patients aged 56 or more years pay $595. The practice offers a $40 discount for couples and does not charge for children.
“They realize quickly that it’s what makes the practice work,” he says. “The frustrations and hassles of getting your questions answered, getting your needs met, even if it’s as simple as ordering a lab test or doing a prescription refill, are pretty much eliminated.”
Scherger says that 25% of his patients are willing to pay for this level of care as opposed to “regular” primary care-a traditional appointment-based model with limited RelayHealth communication that is limited to the front desk and is only answered during office hours. Ninety percent of the practice’s patients use the tool overall, however.
“Even that simple use of online communication saves time and money, because it reduces telephone volume enormously,” he says. “Telephone calls are less efficient and more costly because of the need for synchronous communication.”
Using electronic communication is more than adding something onto a traditional practice model. Instead, it’s about re-engineering your practice to enhance access.
“Visits and appointments are very, very important and still are going to be how the doctors spend most of their time,” Scherger says. “But healthcare is moving away from the dependence on visits as the way we deliver care.”
Instead of seeing 100 patients a week, Scherger says his physicians are seeing 50 and are being paid substantially more. More than 50% of the practice’s income comes from the online membership fee. In fact, he says, it’s more like 60/40 between membership fees and visit revenue. He adds that it’s not difficult for their PCPs to earn more than $300,000 a year conducting half the visits of a typical doctor but spending more time with patients. He compares the practice with concierge practices.
“A concierge doctor gives every patient their cell phone number, says ‘call me anytime,’ and tends to limit their practice to only 200 to 400 patients-because with more than that, your life gets very disruptive,” he says. “I could go out and play golf or run a marathon and know that if I get back to my messages at my convenience afterwards, the patients are still happy.”
Patient satisfaction scores for the practice have consistently stayed at the 99th percentile, according to Press Ganey.
2/ Patient portals
As many practices adopt electronic health record (EHR) systems to attest to meaningful use and gain financial incentives, industry experts recommend using the patient portal capabilities that in most cases accompany the systems. Not only are portals encrypted and secure-with limited access only for patients-but they also allow patients to access their medical records and lab results and ask questions of their physicians and other healthcare staff.
“Patient portals are HIPAA-compliant, and they’re built for the specific purpose: for practices to communicate electronically with patients,” says Kevin Pho, MD, founder of KevinMD.com and author of Establishing, Managing, and Protecting Your Online Reputation: A Social Media Guide for Physicians and Medical Practices.
One significant advantage of a patient portal over other methods of electronic communication is that all communication gets logged into a patient’s chart.
“Communicating with patients through Gmail, for example, won’t do that automatically,” he says. “You’ll have to print it out and scan it in.”
Kaiser Permanente has EHR systems that can use sound to communication with patients electronically using a secure, private message, but most systems don’t have that capability yet.
For more on patient portals, see www.medicaleconomics.com/patientportals and www.medicaleconomics.com/patientportalsvideo [video].
3/ Social media
Social media platforms provide a great opportunity for physicians to talk to the public about important health issues and be leaders in the community, but using them also carries significant risks. As president-elect of AAFP, Blackwelder says his role using social media is to share information about medical education, healthcare advocacy, and changes in the industry, and he advises other physicians to limit their posts to the same types of information.
“I’m never telling you what I’m eating for lunch. I never talk about my favorite sports team. I’m not partisan.…I make sure everything I post I’m proud of and happy for my mother to see,” he says. “I’m kind of being silly, but I’m not. These are really important issues physicians need to be aware of.”
Blackwelder says social media provide an opportunity for physicians to be networking and educational models, and he recommends tweeting at conferences to keep community members informed. Tweeting can be done in a non-personal way and still have a significant impact, he says.
“Rather than answering a particular individual patient’s questions-which I think is very dangerous to do, when even something generic can come across as a ‘relationship’ depending on the state-I think it’s a lot safer to post general comments,” he says.
In 2011, the American Medical Association’s (AMA) Council on Ethical and Judicial Affairs published guidelines suggesting that doctors “maintain appropriate boundaries of the patient-physician relationship” online and consider separating professional and personal content online. (See “Advice from the AMA” for more guidance from the organization.)
Blackwelder says it can be complicated to separate private and personal accounts, so he only has one for Facebook and one for Twitter, and he keeps both clean and professional.
In a survey published in the Journal of General Internal Medicine in 2011, 42% of physicians reported some use of online social networks, nearly all for personal reasons. Among the social media-active physicians, 35% said they had received a friend request from a patient, and of those physicians, 58% rejected them.
In 2012, the Journal of Medical Ethics published guidelines advising physicians never to invite a patient to become a friend online or to accept a friend request from a patient. Authors suggested a face-to-face explanation of why doing so could be unethical if a concern exists that declining a request might damage the therapeutic relationship.
An article in Health Lawyers Weekly says that the mere existence of an online patient-physician relationship could represent a HIPAA violation and suggests that physicians have patients agree to a written disclosure statement before accepting any friend requests from them on Facebook.
Echoing the AMA’s Council on Ethical and Judicial Affairs, Pho highly recommends separating public and private identities on social networks. On Facebook, you can create a fan page for your practice and have a personal account, too. You can close off your personal page to the public and keep it private to close friends and family members.
Pho says practice fan pages are good resources for patients and great ways to communicate with the public as well as market a practice. Just about every healthcare organization and group is taking such an approach. Fan pages bypass the dilemma of friend requests because they operate solely on “likes,” which merely indicate that someone wants to receive more information from the person or practice.
Gulick says that any practice wanting to pursue a social media presence should devise a policy beforehand and enforce it. Also be mindful of any endorsements. Whether you post as an individual or a practice, many states consider it professional misconduct to promote products from which a healthcare professional might achieve financial gain.
One of the most important aspects of patient care is the need to preserve privacy. Social media, by its name, indicates a form of communication that is not personal, privileged, or private. Avoid posting patient-identifiable information on social media, therefore, even if it does not contain a patient’s name.
A survey of state medical board officials published in the Annals of Internal Medicine in January highlighted potentially problematic situations related to social media. Of most concern were physicians posting misleading information about clinical outcomes, misrepresenting credentials, and using patient images without patient consent-behavior that also would draw serious scrutiny offline. Some scenarios were based on actual events.
Doctors have been reprimanded for posting information about patients, even after removing names, ages, and gender. Incidents have caused students to be expelled from medical school, led professionals to lose their jobs, and caused embarrassment for individuals and institutions.
The Rhode Island Board of Medical Licensure and Discipline in 2011 reprimanded an emergency-department physician who posted about clinical experiences on Facebook. Although the doctor didn’t identify anyone specifically by name, a patient still was identifiable due to the nature of the injury.
“It has to be more than not mentioning patients by name,” Pho says. “Physicians really need to de-identify patients. Patient privacy comes first.” (See “Closer look at HIPAA rules.”)
A good policy is to obtain a patient’s authorization via a compliant agreement before posting any image, recording, or potentially identifiable information about a patient on a public site, Gulick says.
Some nuance exists when discussing social media and HIPAA, Pho adds, because social media didn’t exist when the law was written. Although social media can be an excellent way to speak to patients collectively, Pho adds, he does not advise answering individual medical inquires.
“It’s a good way to clear up myths, to clarify information, and to speak to patients as a whole,” he says, “but social media is a public forum and isn’t secure enough to talk about a patient’s individual problem.”
Think twice before hitting “enter” on any social platform, Pho advises. Before posting anything, he suggests, try to imagine yourself in a crowded hospital elevator full of patients and colleagues. If saying the information aloud would be acceptable in the elevator, then post away. If not, then do not post the information; whether on Facebook or Twitter, the action cannot really be undone.
“The reality is [that when you post something], it’s out there, and you have to be aware,” he says.
In a letter published in JAMA in 2011, Katherine Chretien, MD, FACP, a hospitalist at the Washington, DC, Veterans Affairs Medical Center, detailed a study of 260 physician Twitter accounts that she and fellow colleagues had analyzed. Each account had at least 500 followers, and about half of the 5,156 tweets dealt with health or medicine.
Of those tweets, 12% were self-promotional, 1% recommended some sort of medical product or service, and 3% (154 tweets) were flagged “unprofessional” because they contained “bad” words, potential violations of patients’ privacy, or “discriminatory statements.”
Many patients follow Pho on Twitter, which makes him extra careful about what he posts. Although he admits to following patients and receiving medical questions from them, he says he would never try to diagnose their conditions in a public forum, not even with a direct message.
“Even if I know them, I would give a canned response, asking them to call the hospital, call 911, or talk to their regular doctor,” he says. “If it were my own patient, I’d let them know that I don’t provide personalized medical advice online and [would] ask them to call the office.”
Disclaimers are a very good tactic when responding to direct messages or questions regarding medical advice, Gulick says. She also advises physicians to clearly state that they will not immediately reply to all tweets and to ignore inappropriate questions or questions pertaining to personal matters.
As technology continues to advance, the healthcare field will continue to adapt. Keeping patient information private, however, will always be a top priority, whether it’s via email, social media, or the next big thing.
See also: "Electronic communication tips for physicians."