eRisk

The use of online communication and consultation between doctors and patients is becoming more common in everyday physician practice. The unique concerns and risks inherent in this form of communication have prompted the development of the “eRisk Guidelines for Online Communication.”

“Medicine is increasingly using the Internet for communications, and there is growing pressure from health plans, employers, and government to use both personal health records (PHRs) and electronic medical records,” says David B. Troxel, MD, medical director of The Doctors Company. In light of these developments, it is important for physicians to know how to avoid potential risks when using online patient communications.

The guidelines were initially created in 2000 by the eRisk Working Group for Healthcare, a volunteer consortium including professional liability carriers, medical societies, and state licensing boards. Released late last year during a conference co-hosted by Medem, Inc., and The Doctors Company, the 2006 revision represents the third update.

“In the latest update, we alert doctors to potential licensure problems with online communications,” Dr. Troxel explains. For example, if something goes awry as a result of an online consultation that a physician has with an out-of-state patient, there is a potential that the doctor could be accused of practicing medicine without a license if he or she doesn’t have a license in the patient’s state.

In addition, a new PHR section represents a substantial new guidance for physicians. One of the most important provisions is that physicians must make it clear to patients that patients are responsible for what appears in their personal health record. “For example, if a new blood test result is automatically added to the record by a laboratory, the patient must inform the doctor of that addition,” he warns.

Because the technology of online communications introduces special concerns and risks, it’s important to understand the latest major provisions. Here are some of the main points:

Maintain Patient Confidentiality: Physicians are responsible for taking reasonable steps to protect patient privacy and guard against unauthorized access to and/or use of patient information. This responsibility extends to the use of network services, which are expected to have an appropriate level of privacy and security as required under the Health Insurance Portability and Accountability Act (HIPAA).

To maintain confidentiality, conduct online communications with patients over a secure network that contains encryption technology. Standard email services don’t meet HIPAA requirements.

When sending standard, non-secure emails to patients, add a disclosure to the bottom stating that “this e mail is not secure and is not for use by patients or for healthcare purposes in general.”

It is also important to take reasonable steps to authenticate the identity of the individuals receiving your electronic communication and to be sure the individual is authorized to receive it so that patient privacy and confidentiality is never compromised. That is why you should establish a written patient authentication protocol for all practice personnel and ensure all staff members understand and follow it.

Another important guideline is to maintain a written record of each patient who is authenticated for online communication. Make sure the record includes the patient’s name, the authentication date, the name of the staff member authenticating the patient, and the method your office used to authenticate the patient.

Prevent Unauthorized Computer Access: Your office should have a system in place to guard against unauthorized access to computers by using automatic log-out and password protection.

Obtain Informed Consent: Be sure your patient signs an informed consent form before you initiate online communications. The consent form should list the appropriate use and limitation of online communications.

You also will want to develop specific written guidelines and protocols for online communications with patients, such as avoiding emergency use, heightened consideration of use for highly sensitive medical topics, and setting expectations for response times. Take the time to document these guidelines in your practice policy manual, patient terms of service or disclosures, and the medical record when appropriate.

Limit Online Communications to Existing Patients: Online communications of any kind are best suited for patients previously seen and evaluated in an office setting. Initiating a physician-patient relationship online may increase liability exposure.

Understand Licensing Jurisdiction: Online interactions with patients are subject to state licensure requirements. Pathologists, radiologists, and other clinicians interpreting specimens, slides, or images sent through interstate commerce for a primary diagnosis that becomes part of the patient’s medical record, should have a license to practice medicine in the state in which the patient presents the diagnosis or where the specimen is taken or image is made.

Intra-specialty consultation, however, does not require in-state licensure, as long as the consultation is requested by a physician licensed within the state and referenced in a report he or she issues.

Inform Patients About Sensitive Subject Matter: Always advise patients of the risks that information the patient considers sensitive inadvertently may be accessed by someone not authorized to see it. You can list examples for patients of conditions that should be handled in an office setting, such as mental health, substance abuse, reproductive history, sexually transmitted diseases, drug and alcohol problems, and HIV status. Some states may prohibit electronic transfer of specific classes of information regardless of patient consent. Be sure you know what the law requires in your state.

Understand Your Responsibility Regarding Online Patient Education: Physicians are responsible for information made available to patients online. Be sure the information provided to patients through a PHR, automated patient education programs, care management, and other online services come either directly from you or from a recognized, credible and authoritative source.

Warn Against Electronic Communications Regarding Emergency Topics, Such As Chest Pain, Shortness of Breath, and High Fever: It is important to discourage the use of online communication to address medical emergencies and instead ask your patients to call the office or go to an emergency department. To avoid potential problems, use a disclaimer on web pages and emails reminding patients that emergency subject matter is not appropriate for electronic communication.

Document Communication in the Medical Record: You should keep a permanent record of online communications with patients, whether that record is paper or electronic. Accurate and thorough documentation is an effective risk management tool. Remember that email and online information, including PHRs and consultations, are not erased from the hard drive when deleted and are potentially discoverable in litigation.

You Are Responsible for the Information Made Available to Patients on Your Practice Website: Any medical information you provide on your website should come either directly from you or from a recognized credible source.

Tread carefully when it comes to commercial information. Websites and online communications dealing with advertising, promotions or marketing may raise patient expectations and increase your liability. This is especially true when cosmetic procedures, off-label drug use, and non–FDA approved procedures are promoted. “If something goes wrong, an aggressive public prosecutor may make claims about implied warranties,” Dr. Troxel warns.

The guidelines recommend posting a disclaimer page between your practice website and links to any third party Websites advising patients and others that they are leaving your practice website and therefore you don’t assume any responsibility for the content or the privacy of the websites to which the practice website links.

Properly Manage Fee-based Consultations: The eRisk working group also provides physicians with guidance on how to handle fee-based online communications. There are also potential risks when patients are referred to on-line pharmacies, since some employ “cyberdocs” who dispense drugs and medical devices without a valid doctor’s order and others may be involved in the illegal importation of prescription drugs. The National Association of Boards of Pharmacy has a Verified Internet Pharmacy Practices Sites (VIPPS) program (http://www.nabp.net/vipps/intro.asp). Pharmacies in compliance with their standards show the VIPPS seal of approval on their home page.

Following these guidelines and staying-up-to-date with the latest version can help physicians avoid potential electronic liability minefields. Says Dr. Troxel: “Physicians should become familiar with the liability risks inherent in online communications, since the failure to follow them increases their liability exposure.”