Not all physicians are on board with communicating with patients via email. Some are concerned about security and HIPAA violations. Others are unsure how to fit this aspect of patient care into their daily schedules.
But one thing is abundantly clear: patients want to be able to communicate with their physicians this way. Indeed, Catalyst Healthcare Research found that 93% of patients are likely to select a physician who offers email communication.
Clearly, physicians need to jump on this train—and fast. Benefits to email communication include increased patient satisfaction, increased physician satisfaction, and (potentially) improved relationships between doctors and patients.
So the question becomes how to safeguard patient information and ensure physicians are never at risk of violating HIPAA or any other regulation concerning patient health information (PHI). The key is to use the latest high-tech encryption and secure sharing techniques.
Here are the features to look for when selecting a secure email system:
- Multiple levels of authentication. The first step to strong security is making sure only authorized users can access your email system, whether it’s a standalone system or part of your patient portal. Look for systems that require a vault ID (such as your cell phone number), a vault open key (such as a password), and a vault read key (an encryption number sent to your mobile device).
- Encrypted identity. All of the personal sign-up information for each user should be encrypted.
- Encrypted content and storage. All communication data should be encrypted, along with all stored data.
- Encrypted transmission. All communications between the main office system and other devices should be encrypted.
- Set your own crypt key. When sharing electronic files such as documents, pictures, or spreadsheets containing confidential data and/or PHI, avoid using email attachments. Instead, look for opportunities to securely share a file via a secure link (URL) that is protected by a passphrase or “crypt key” that the recipient can use to access the document. Crypt keys, along with expiration dates on the shared link, prevent unauthorized access to files.
Is all this really necessary? You bet. Many free and paid products that claim to be HIPAA rated are not completely secure and can lead to breaches. For example, any access to email over public wifi can create an authentication breach, and some systems leave PHI stored on wireless carrier servers that do not have HIPAA-level security.
Finally, physicians worried about the effect on their daily schedules can take comfort in a number of studies showing email does not negatively impact their workload. The average daily impact of secure emailing with patients on physician workloads is estimated at 15 minutes, but some emails replace phone calls, meaning that estimate is probably high. “Physician fears about being overwhelmed with workload increases are not realized,” write the authors of a Kaiser Permanente study that found secure e-mailing with patients has not substantially impacted primary care provider workloads.
- “93% of Adult Patients Want E-mail Communication With Physicians,” Beckers Hospital Review
- “Enhancing Doctor-Patient Communication Using Email: A Pilot Study,” Medcape
- “Physician attitudes towards using a secure web-based portal designed to facilitate communication with patients,” Kittler et al, Journal of Innovation in Health Informatics, 2004.
- “Patient access to an electronic health record with secure messaging: impact on primary care utilization,” Zhou et al, American Journal of Managed Care, July 2007.
- “Secure Emailing Between Physicians and Patients,” Garrido et al, The Journal of Ambulatory Care Management, July 2014.