Guidelines urge physicians to respect patients’ privacy

These are excerpts from the eRisk Working Group for Healthcare’s guidelines for physician office on-line communications with patients, other health care providers, and industry:

  • Authentication — The health care provider has a responsibility to take reasonable steps to authenticate the identity of correspondent(s) in an electronic communication and to ensure that recipients of information are authorized to receive it.
  • Confidentiality — The health care provider is responsible for taking reasonable steps to protect patient privacy and to guard against unauthorized use of patient information.
  • Unauthorized Access — The use of on-line communications may increase the risk of unauthorized distribution of patient information and create a clear record of this distribution. Health care providers should establish and follow procedures that help to mitigate this risk.
  • Informed Consent — Prior to the initiation of on-line communication between health care provider and patient, informed consent should be obtained from the patient regarding the appropriate use and limitations of this form of communication. Providers should consider developing and publishing specific guidelines for on-line communications with patients, such as avoiding emergency use, appropriate expectations for response times, etc. These guidelines should become part of the legal documentation and medical record when appropriate. Providers should consider developing patient selection criteria to identify those patients suitable for e-mail correspondence, thus eliminating persons who would not be compliant.
  • Doctor-Patient Relationship — It may be possible to initiate a doctor-patient relationship solely through on-line interaction. The creation of such a relationship can increase the health care provider’s liability exposure. Payment for on-line services may further increase that exposure.
  • Medical Records — A record of on-line communications pertinent to the ongoing medical care of the patient must be maintained as part of, and integrated into, the patient’s medical record, whether that record is paper or electronic.
  • Licensing Jurisdiction — On-line interactions between a health care provider and a patient is subject to requirements of state licensure. Communications on-line with a patient outside of the state in which the provider holds a license may subject the provider to increased risk.
  • Authoritative Information — Health care providers are responsible for the information that they provide or make available to their patients on-line. Information that is provided by e-mail or on a medical practice web site should come either directly from the health care provider or from a recognized and credible source after review by the provider.
  • Commercial Information — Web sites and on-line communications of an advertising, promotional, or marketing nature may subject providers to increased liability, including implicit guarantees or implied warranty. Misleading or deceptive claims increase this liability.
  • Fee-Based On-Line Consultation — This is defined as a clinical consultation provided by a medical provider to a patient using the Internet or other similar electronic communications network in which the provider expects payment for the service. An on-line consultation that is given in exchange for payment introduces additional risks. In a fee-based on-line consultation, the health care provider has the same obligations for patient care and follow-up as in face-to-face, written, and telephone consultations. For example, an on-line consultation should include an explicit follow-up plan that is clearly communicated to the patient.

In addition to the 10 guidelines stated above, there are additional considerations for fee-based on-line consultations. For instance, on-line consultations should occur only within the context of a previously established doctor-patient relationship that includes a face-to-face encounter when clinically appropriate. Records pertinent to the on-line consultation must be maintained as part of, and integrated into, the patient’s medical record. Also, the patient must be clearly informed about charges that will be incurred, and that the charges may not be reimbursed by the patient’s health insurance. If the patient chooses not to participate in the fee-based consultation, the patient should be encouraged to contact the provider’s office by phone or other means.