Guidelines for Electronic Communications with Patients: The Texas Medical Association adopted the following suggested guidelines for physicians who choose to use single-channel communication (such as secure messaging) support to efficiently engage in electronic communications with established patients:
These guidelines are not meant as legal advice, and physicians are encouraged to bring any specific questions or issues related to online communication to their legal counsel.
The legal rules, standards of care, and professional etiquette that govern and guide traditional communications between the physician and patient are equally applicable to e-mail, websites, listservs, and other single-channel electronic communications. However, the technology of online communications introduces special concerns and risks:
Written policy. Physicians should develop and publish specific office policy guidelines for online communications with patients. These guidelines should cover such issues as:
Avoiding emergency use,
Heightened consideration of use for highly sensitive medical topics,
Appropriate expectations for response times,
Hours of operation,
Patient-identifying information that should be used in all communications,
Types of transactions that will be permitted electronically, and
Quality oversight mechanisms.
These guidelines should be evaluated periodically and should be included in informed consent documents.
Emergency subject matter. Physicians should specifically advise patients of the risks associated with online communication related to emergency medical subjects such as chest pain, shortness of breath, bleeding during pregnancy, etc. Physicians should caution patients against the use of online communication to address medical emergencies or urgent matters.
Security. Online communications between physician and patient should be conducted over a secure network, with provisions for authentication and encryption in accordance with HIPAA and other state and federal laws. Standard e-mail services do not meet these guidelines. Physicians need to be aware of potential security risks, including unauthorized physical access and security of computer hardware, and guard against them with technologies such as automatic logout and password protection.
Authentication. The physician has a responsibility to take reasonable steps to authenticate the identity of correspondent(s) in an electronic communication and to ensure that recipients of information are authorized to receive it.
Confidentiality. The physician is responsible for taking reasonable steps to protect patient privacy and to guard against unauthorized use of patient information. The physician should inform patients to whom their health information may be disclosed and for what purpose. The physician should inform patients of their rights with respect to patient health information.
Unauthorized access. The use of online communications may increase the risk of unauthorized access of patient information and establish a clear record of this access. Physicians should establish and follow procedures that help to mitigate this risk.
Informed consent. Prior to the initiation of online communication between physician and patient, informed consent should be obtained from the patient regarding the appropriate use, limitations, potential fees, and risk of this form of communication. Consent documents should include explicitly stated disclaimers, and service terms. The consent should establish appropriate expectations between physician and patient, and should become part of the legal documentation and medical record.
Preexisting relationship. The use of online communication between the physician and patient is appropriate only after the establishment of the physician-patient relationship as state rules require.
Medical records. A record of online communications memorializing the communications about which a medical decision is made is pertinent to the ongoing medical care of the patient and must be maintained as part of, and integrated into, the patient's medical record, whether that record is paper or electronic.
Licensing jurisdiction. Online interactions between a physician and a patient located in Texas are subject to the licensing requirements of the Texas Medical Board. Communications online with a patient outside of a state in which the physician holds a license may subject the physician to legal scrutiny by that state's medical board.
Commercial information. Websites and online communications of an advertising, promotional, or marketing nature may subject physicians to increased liability, including implicit guarantees or implied warranty. Misleading or deceptive claims increase this liability.
Highly sensitive subject matter. Physicians should advise patients of potential privacy risks associated with online communication related to highly sensitive medical subjects, such as issues of mental health, substance abuse, etc. Physicians should avoid active initial online solicitation of highly sensitive topic matters without making sure the lines of communication are secure (TF Rep. 1-A-01; substitute CC Rep. 1-A-03; amended CC Rep. 2-A-04; amended CPMS Rep. 2-A-16).