New rules: You have mail, and trouble is enclosed

Recently released guidelines on how to safely use e-mail to communicate with patients will become the standard of care in short order, says one expert. That means health providers must comply with the recommendations quickly or risk increased liability.

The guidelines were released by the eRisk Working Group on Healthcare, a consortium of professional liability carriers, medical societies, and state board representatives that represents more than 70% of insured physicians. The new guidelines set groundbreaking standards, including a mandate that substantive patient-physician e-mail occur solely within the context of a pre-existing relationship. State boards have taken action recently against so-called "on-line doc-in-a-box" services in which physicians provide on-line care and prescribe medication for patients whom they have never seen, says Mark Gorney, MD, medical director of The Doctors Company in Napa, CA, the largest doctor-owned medical malpractice carrier in the country, and an eRisk participant.

Patient-physician e-mail is growing rapidly, according to a 2002 Harris Poll analysis, which noted that more than 70% of patients want e-mail access to their physician’s office. Many say they are willing to change physicians to get the service and nearly 40% are willing to pay for the convenience. Physicians have indicated that liability, security, and payment concerns are the biggest roadblocks to offering e-mail service.

Gorney says e-mail risks have been discussed for years as the popularity of on-line communications grew, but the guidelines should create a sense of urgency for risk managers.

"Any guidelines, like it or not and though we usually deny it hotly, are interpreted legally as the standard of care," he says. "They’re not intended nor designed to be the standard of care, but invariably they seem to become so."

If you ignore the guidelines, the risk for health care providers comes on two fronts, Gorney says. The guidelines will be cited as the standard of care in court and insurers will use them as a yardstick for measuring how well you met their expectations.

"Certainly at the next trial involving on-line communication they become the standard of care when the plaintiff’s attorney waves them around in front of a jury," he says. "And if something happens because they did not follow the guidelines, or simply ignored them, their reinsurability is going to be in question after that claim is settled. We’ll look at the situation very carefully and if someone has done something in violation of the guidelines, that is someone we will look at very carefully at renewal time."

Many risks looming as use of e-mail increases

Health care has lagged behind most other industries in using e-mail, mostly because of confidentiality issues and other risks, but Gorney says e-mail is becoming increasingly common. Patients, in fact, are demanding that they be able to communicate with their physicians because they know how easy and convenient it is. There’s no need to resist those demands, he says, but some limitations and precautions are necessary.

Misdiagnosis via e-mail is a significant risk, Gorney says. The convenience of e-mail makes it tempting to respond quickly without enough information to make an accurate diagnosis, he says. As has always been the case, it is usually not a good idea to diagnose a patient without seeing him or her and conducting at least a cursory examination. The ease of responding by e-mail doesn’t change that, he says.

"If mom sends you an e-mail saying her child is sick and has fever, it might be tempting to send an e-mail saying, Give him two aspirin and call me in the morning,’" he says. "Well, if it turns out that kid had meningitis, that doctor has a major problem."

There are more questions involving doctor-to-doctor on-line communication and interstate licensing issues, but Gorney says he expects most liability issues to arise from e-mail communication with patients. So far, while plaintiff’s attorneys have not considered e-mail communications a source of big money, that could change very quickly, he says.

"For the near future, this may be only a theoretical problem," Gorney says. "We’ll have to wait until some sharp, aggressive attorney discovers this new minefield and takes advantage of it. No really major cases have happened yet, but it will occur, I guarantee you."

12 issues to consider with e-mail

The eRisk group’s Guidelines for On-line Communications state that "the legal rules, ethical guidelines, and professional etiquette that govern and guide traditional communications between the health care provider and patient are equally applicable to e-mail, web sites, listservs, and other electronic communications." On-line communications introduce special concerns and risks, however, necessitating the new guidelines.

These are the 12 points of concern, along with the resulting advice, outlined by the eRisk group:

  • Security. On-line communications between health care provider and patient should be conducted over a secure network, with provisions for authentication and encryption in accordance with eRisk, Health Insurance Portability and Accounta-bility Act, and other appropriate guidelines. Stan-dard e-mail services do not meet these guidelines. Health care providers need to be aware of potential security risks, including unauthorized physical access and security of computer hardware, and guard against them with technologies such as automatic logout and password protection.
  • Authentication. The health care provider has a responsibility to take reasonable steps to authenticate the identity of correspondent(s) in an electronic communication and to ensure that recipients of information are authorized to receive it.
  • Confidentiality. The health care provider is responsible for taking reasonable steps to protect patient privacy and to guard against unauthorized use of patient information.
  • Unauthorized Access. The use of on-line communications may increase the risk of unauthorized distribution of patient information and create a clear record of this distribution. Health care providers should establish and follow procedures that help to mitigate this risk.
  • Informed Consent. Prior to the initiation of on-line communication between health care provider and patient, informed consent should be obtained from the patient regarding the appropriate use and limitations of this form of communication. Providers should consider developing and publishing specific guidelines for on-line communications with patients, such as avoiding emergency use, heightened consideration of use for highly sensitive medical topics, appropriate expectations for response times, etc. These guidelines should become part of the legal documentation and medical record when appropriate. Providers should consider developing patient selection criteria to identify those patients suitable for e-mail correspondence, thus eliminating persons who would not be compliant.
  • Highly Sensitive Subject Matter. The health care provider should advise patients of potential privacy risks associated with on-line communication related to highly sensitive medical subjects. This warning should be repeated if a provider solicits information of a highly sensitive nature, such as issues of mental health, substance abuse, etc. Providers should avoid active initial solicitation of highly sensitive topic matters.
  • Emergency Subject Matter. The health care provider should advise patients of the risks associated with on-line communication related to emergency medical subjects such as chest pain, shortness of breath, bleeding during pregnancy, etc. Providers should avoid active promotion of the use of on-line communication to address topics of medical emergencies.
  • Doctor-Patient Relationship. The health care provider may increase liability exposure by initiating a doctor-patient relationship solely through on-line interaction. Payment for on-line services may further increase that exposure.
  • Medical Records. Whenever possible and appropriate, a record of on-line communications, pertinent to the ongoing medical care of the patient, must be maintained as part of, and integrated into, the patient’s medical record, whether that record is paper or electronic.
  • Licensing Jurisdiction. On-line interactions between a health care provider and a patient are subject to requirements of state licensure. Com-munications on-line with a patient outside of the state in which the provider holds a license may subject the provider to increased risk.
  • Authoritative Information. Health care providers are responsible for the information that they provide or make available to their patients on-line. Information that is provided on a medical practice web site should come either directly from the health care provider or from a recognized and credible source. Information provided to specific patients via secure e-mail from a health care provider, should come either directly from the health care provider or from a recognized and credible source after review by the provider.
  • Commercial Information. Web sites and on-line communications of an advertising, promotional, or marketing nature may subject providers to increased liability, including implicit guarantees or implied warranty. Misleading or deceptive claims increase this liability.

The eRisk guidelines and other advice can be found on-line at