When emailing with patients, psychiatrists may encounter unique challenges in trying to protect patient confidentiality and ensure appropriate patient and psychiatrist use of email. The following steps can help you evaluate the necessary measures needed to protect patient confidentiality, minimize liability exposures and provide appropriate email communication with patients.
First, obtain your patient’s written informed consent to use email communication. Document the patient’s informed consent, including acknowledgment of the security and risks associated with the use of email. When using email, the psychiatrist and the patient both have responsibilities.
- Use a secure, encrypted email communication system. Encryption software protects messages during transmission and storage by requiring user authentication and linking their identity to the email address.
- Clarify the permissible purposes for your practice of email communication with patients, such as prescription renewal requests and appointment scheduling. Consider providing a table illustrating topics appropriate and inappropriate for email communication. For example:
– Prescription renewals
– Scheduling appointments
– Brief non-clinical updates, such as “started new medication, doing well.”
– Urgent or time-sensitive information
– Confidential information on symptoms or lab results
– Complex clinical complaints or concerns that require multiple emails
- Consider using a practice-dedicated email address with an automatic response indicating email response time (generally within 24-48 hours) that instructs patients to seek immediate help for urgent matters.
- Inform patients that all email communication is part of the medical record.
- Advise patients of any additional staff who may view the email.
- Use email solely according to the practice’s defined purposes.
- Acknowledge in writing that emails are not to be used for urgent or emergency situations.
- Use a personal and not a work email address, given that there may not be confidentiality protections afforded with a work email address.
Again, encrypt all email communications. Although patients can request unencrypted communications, if you send unencrypted emails, advise the patient of the risk to privacy and confidentiality. If the individual still prefers the use of unencrypted email, document that you advised them regarding the potential for unauthorized access to the information and obtain their consent to proceed with sending the email unencrypted.
As with all patient communication, keep email communication professional. Thus, avoid using slang, medical jargon, abbreviations and typographical errors that give the impression of sloppiness. In addition, be mindful of the following questions:
- Who is reading the email? How do you know that the patient is the only one reading the email?
- How do you ensure that the patient actually receives the email? Consider adding a “Read Receipt” to email communication with patients as a means to ensure that the patient received the email communication.
- Are safety protocols in place? Consider using an “out of office” message when you are away so your patients know you are not available. Ensure that the message includes how to contact your covering practitioner and what to do in case of an emergency (similar to your voice mail system).
Be aware that using email communication with patients can be a slippery slope. For example, you may permit using email communication for appointment scheduling purposes, but then the patient begins emailing more frequently and for more involved clinical questions. Should this situation occur, do not ignore the email. Respond to the patient and remind them of the permissible information that can be shared via email, and ask them to schedule an appointment to see you in the office or to telephone you to discuss their question. Address the unauthorized use of email communication directly with the patient at the next treatment session. Document the conversation.
Use emails to supplement face-to-face encounters, not to establish a physician-patient relationship. Beware of inadvertently establishing a physician-patient relationship by answering specific clinical questions via email with individuals not in your care.
Another precautionary measure is to confirm that you are sending the email to the patient’s correct email address. Emailing to an incorrect address and sending confidential information to the wrong person could lead to a breach of confidentiality and/or allegation or complaint to the state Board of Medicine. Consider sending an email to the patient confirming the address prior to sending any email containing PHI.
Treat email communication as a helpful and critical means of patient engagement and always ascertain that your email communications are appropriate, confidential, and professional.