Do EDs need a policy for e-communications?
While your facility, no doubt, has a HIPAA-compliance policy, which, among other things, covers electronic communications, it might be a good idea to craft one that is specific to your ED, experts say.
"It may be appropriate to have separate policies for the hospital and the ED, because there are certain issues appropriate to the ED that might not be appropriate to other departments," advises Catherine Marco, MD, FACEP, clinical professor of surgery at the Medical College of Ohio in Toledo, attending physician at St. Vincent Mercy Medical Center, also in Toledo, and immediate past chair of the American College of Emergency Physicians’ Ethics Committee.
One example, Marco notes, is transmission of patient information to the primary care provider. It happens all the time, she says. "You see a patient at midnight, and you do not want to wake up Dr. Jones," Marco adds. "How do you get the information to him so he’ll have it first thing in the morning?"
At her facility, fax lines are used, because they are considered secure under HIPAA. "The time may come when the security of e-mail is better," she adds. "Right now, I just would never trust every physician in Toledo to have a secure e-mail line."
Kathleen Clem, MD, FACEP, associate professor and chief for the division of emergency medicine in the department of surgery at Duke University Medical Center in Durham, NC, says it’s important enough for ED managers to write their department’s own policy.
"You don’t necessarily need to have a specific policy just for e-mail, but a more specific HIPAA policy for the ED is a good idea," Clem says.
What should such a policy include? "It should cover all of the patient identifiers, the basics of what HIPAA is, and the types of communication covered," Clem adds. Her facility offers on-line training for all staff, which is updated every year with a computerized graphics presentation and a quiz. "It includes the basics of what HIPAA is, the ways we communicate internally, and the types of communication possible under HIPAA," she explains.
Duke’s e-mail policy also includes the use of a disclaimer with all e-mails. "If your e-mail is discovered or accidentally sent to the wrong place or server, it’s something that protects you legally," she explains.
For reasons of confidentiality, she was unable to share the specific contents of Duke’s disclaimer.
"I would say that before you do your own, check with your hospital’s legal services to help you create it," Clem advises.