Is emailing patients truly legally risky?
Is emailing patients truly legally risky?
It might make case more defensible
In one medical malpractice case, a psychiatrist emailed the husband of her patient, who had just been involuntarily committed by the psychiatrist. The psychiatrist set out the legal basis for doing so, which was an incorrect understanding of the law.
"It was the wrong standard, and the plaintiff had this email and could say, 'This is what the doctor said, and he was wrong,'" says Steven Martin Aaron, JD, a partner in the Kansas City, MO, office of Husch Blackwell.
If the physician's email communication is incorrect about any aspect of the patient's care, or contrary to the physician's notes, there is a memorialized record of it, says Aaron. "If the doctor says in a deposition, 'My notes say I did X, Y, and Z, and email communication to the patient provides conflicting information, the doctor has set himself up to be impeached and will lose all credibility with the jury," he says.
Less than 7% of office-based physicians routinely email back and forth with patients, in part because of worries over liability risks, according to a 2010 survey conducted by the Center for Studying Health System Change.
"While the percentage of physicians who do this today is still low, I believe it will increase rapidly in the near future," predicts Deven McGraw, director of the Center for Democracy & Technology's Health Privacy Project in Washington, DC.
As of 2014, the Centers for Medicare & Medicaid Services will require physicians to get at least 5% of their patients to engage in secure email communications with them in order to be eligible for a second round of electronic health record stimulus payments, adds McGraw.
"Physicians must adhere to professional standards of practice in emails with patients, just as they would do in any communication with patients over the phone or in person," says McGraw.
Risks exaggerated?
None of the experts interviewed by Physician Risk Management were aware of any medical malpractice lawsuit where email was a central issue in the case.
" I believe the risks are overblown," says McGraw. "The fact that the [American Medical Association] has put out best practices for this means they see the value, and do not believe it is inherently risky, or risky in a way that cannot be managed by physicians."1 (See Resource at end of this article to access the AMA's guidelines.)
Emails actually might help a physician defendant if it can prove a doctor told a patient to do something to prevent a bad outcome. "Email correspondence could potentially make the case more defensible because the provider's advice, like a hospital discharge summary, provides the steps a patient should take in order to prevent an adverse event or worsening of a condition in a particular situation," says Rose.
However, if an inaccurate response is given to a patient's query, it might lead to a negligence claim if an adverse event occurs and the patient hasn't been adequately evaluated, which is a state law cause of action, says Rachel V. Rose, JD, MBA, a Houston, TX-based attorney, focusing on health law. For example, if a physician has been treating a patient for Crohn's Disease and the patient emails the physician to report increased abdominal pain and cramping, fever, and pain, given the patient's history, the physician might provide advice solely based on that condition.
"However, appendicitis also has the many of the same symptoms," says Rose. "By potentially delaying treatment based on an email exchange without a physical exam, it could lead to a burst appendix, peritonitis, and additional complications." (See related stories on risk-reducing practices, below, and liability risks involving patient privacy regulations,below.)
Reference
- American Medical Association. Guidelines for physician-patient electronic communications. 2003.
Sources/Resource
For more information on liability risks involving email communications with patients, contact:
- Steven Martin Aaron, Partner, Husch Blackwell, Kansas City, MO. Phone: (816) 983-8308. Fax: (816) 983-8080. Email: [email protected].
- Deven McGraw, Director, Health Privacy Project, Center for Democracy & Technology, Washington, DC. Phone: (202) 637-9800 Ext. 115. Fax: (202) 637-0968. Email: [email protected].
- Kristen B. Rosati, JD, Coppersmith Schermer & Brockelman, Phoenix, AZ. Phone: (602) 381-5464. Fax: (602) 772-3764. Email: [email protected].
- Rachel V. Rose, JD, MBA, Houston, TX. Phone: (713) 907-7442. Email: [email protected].
- To view the American Medical Association (AMA)'s "Guidelines for Patient-Physician Electronic Mail," go to bit.ly/QmLs9T. To view the AMA's ethical guidelines on the use of electronic mail based on its report "Ethical Guidelines for the Use of Electronic Mail Between Patients and Physicians," go to http://bit.ly/NMGd35.
Reduce risks when emailing your patients Many patients like to email their physicians. "There is a way for physicians to do so legally and in a manner that reduces risk," says Kristen B. Rosati, JD, an attorney with Coppersmith Schermer & Brockelman in Phoenix, AZ. Rosati recommends these practices: 1. Have patients sign a consent form that sets the "rules of the road." American Medical Association guidelines recommend physicians obtain informed consent before using email to communicate with patients.1 "Some states require consent to communicate with patients by email," adds Rosati. 2. Send an automatic reply to all patient emails, such as: "Thank you for your email. Any medical question, especially one of an urgent nature, will not be addressed via email communication. For other assistance, please call XXX-XXX-XXXX. If you have a medical emergency, please call 9-1-1." 3. Keep subject lines generic and nonspecific. "Emails should not put patient information in the subject line or body of the email, such as a patient's name, date of birth or account number," says Rosati. 4. Check state laws to determine whether electronic communications with patients about treatment issues are considered part of the official medical record. "Even if they are not treated as part of the medical record, keeping these communications is essential for risk management purposes, in the event there is a dispute with the patient later about the content of email communications," says Rosati. (See related story on protected health information, below.) Reference
|
Emailing protected health information? Prevent lawsuits If a physician emails a patient and doesn't meet security requirements for electronic transmission of protected health information (PHI), he or she could be held liable for a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, warns Rachel V. Rose, JD, MBA, a Houston, TX-based healthcare attorney. A recent example is the Department of Health and Human Services (HHS), Office for Civil Rights' (OCR) enforcement action against Arizona-based Phoenix Cardiac Surgery in April 2012. According to HHS, "[t]he incident giving rise to OCR's investigation was a report that the physician practice was posting clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible. On further investigation, OCR found that Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients' electronic protected health information (ePHI)." Ultimately, the physician group was fined $100,000 and required to implement a corrective action plan. "This is one way physicians, as covered entities or business associates under HIPAA and the HITECH Act, will be held liable," say Rose. "Patients sign a HIPAA release form, and the entity agrees to protect their PHI." If someone who has not been authorized by the patient sends a request for PHI to the physician, and the physician has not received a proper authorization and has not verified who is requesting the information, "it could open the doors to liability," adds Rose. The HIPAA Privacy Rule sets parameters as to who can view and receive an individual's PHI, whether electronic, written, or verbal, says Rose. Without the proper safeguards in place, an entity that discloses that information to third parties without proper authorization might have breached its duty under the federal Privacy Rule. Many state laws have patient privacy statutes that parallel federal HIPPA laws, notes Rose. "If the elements of a common-law negligence claim are considered — duty, breach, causation, and damage — then liability based on breaches of the Privacy and Security Rules is possible," she says. |
In one medical malpractice case, a psychiatrist emailed the husband of her patient, who had just been involuntarily committed by the psychiatrist.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.