Standards of Care Security and Privacy

As use of the Internet becomes more common in the delivery of health care, standards of online care and service arise. Some are dictated through legislation, such as the HIPAA statute enacted by the federal government. State medical boards also will play a role in setting and enforcing regulations. Indeed, several state boards have already taken disciplinary action against practioners who have violated state board regulations related to online patient-physician interaction. These punitive actions have focused on the provision of care and the delivery of prescriptions when there is no pre-existing relationship between the physician and the patient. The need for a previously established patient-physician relationship is commonly recognized as a requirement in care delivered online.

However, there are other generally accepted standards that go beyond government legislation and extend to generally accepted standards of care. As is the case in most of medical practice, norms and guidelines for standard of care evolve from medical organizations, liability carriers, medical societies, and state medical boards. Fortunately for practicing physicians, these four entities have found a forum, the "eRisk Working Group," to work together to create a single set of guidelines for clinicians as they communicate with patients in an online environment.

The eRisk Guidelines have been developed by the eRisk Working Group for Health Care, a consortium of professional liability carriers, medical societies, and state board representatives. These guidelines are meant to provide information to health care providers related to online communication. They are reviewed and updated regularly. These guidelines are not meant as legal advice, and providers are encouraged to bring any specific questions or issues related to online communication to their legal counsel.

Online Communications eRisk Guidelines

The legal rules, ethical guidelines, and professional etiquette that govern and guide traditional communications between the health care provider and patient are equally applicable to e-mail, websites, listservs, and other electronic communications.

However, the technology of online communications introduces special concerns and risks. The following lists some of the concerns involved in online communication:

1. Security

Online communications between health care provider and patient should be conducted over a secure network, with provisions for authentication and encryption in accordance with eRisk, HIPAA, and other appropriate guidelines. Standard e-mail services do not meet these guidelines. Health care providers need to be aware of potential security risks, including unauthorized physical access and security of computer hardware, and guard against them with technologies such as automatic logout and password protection.

2. Authentication

The health care provider has a responsibility to take reasonable steps to authenticate the identity of correspondent(s) in an electronic communication and to ensure that recipients of information are authorized to receive it.

3. Confidentiality

The health care provider is responsible for taking reasonable steps to protect patient privacy and to guard against unauthorized use of patient information.

4. Unauthorized Access

The use of online communications may increase the risk of unauthorized distribution of patient information and create a clear record of this distribution. Health care providers should establish and follow procedures that help to mitigate this risk.

5. Informed Consent

Prior to the initiation of online communication between health care provider and patient, informed consent should be obtained from the patient regarding the appropriate use and limitations of this form of communication. Providers should consider developing and publishing specific guidelines for online communications with patients, such as avoiding emergency use, heightened consideration of use for highly sensitive medical topics, appropriate expectations for response times, and so forth. These guidelines should become part of the legal documentation and medical record when appropriate. Providers should consider developing patient selection criteria to identify those patients suitable for e-mail correspondence, thus eliminating persons who would not be compliant.

6. Highly Sensitive Subject Matter

The health care provider should advise patients of potential privacy risks associated with online communication related to highly sensitive medical subjects. This warning should be repeated if a provider solicits information of a highly sensitive nature, such as issues of mental health, substance abuse, and so forth. Providers should avoid active initial solicitation of highly sensitive topic matters.

7. Emergency Subject Matter

The health care provider should advise patients of the risks associated with online communication related to emergency medical subjects such as chest pain, shortness of breath, bleeding during pregnancy, and so forth. Providers should avoid active promotion of the use of online communication to address topics of medical emergencies.

8. Doctor-Patient Relationship

The health care provider may increase liability exposure by initiating a doctor-patient relationship solely through online interaction. Payment for online services may further increase that exposure.

9. Medical Records

Whenever possible and appropriate, a record of online communications pertinent to the ongoing medical care of the patient must be maintained as part of, and integrated into, the patient's medical record, whether that record is paper or electronic.

10. Licensing Jurisdiction

Online interactions between a health care provider and a patient are subject to requirements of state licensure. Communications online with a patient outside of the state in which the provider holds a license may subject the provider to increased risk.

11. Authoritative Information

Health care providers are responsible for the information that they provide or make available to their patients online. Information that is provided on a medical practice website should come either directly from the health care provider or from a recognized and credible source. Information provided to specific patients via secure e-mail from a health care provider should come either directly from the health care provider or from a recognized and credible source after review by the provider.

12. Commercial Information

Websites and online communications of an advertising, promotional, or marketing nature may subject providers to increased liability, including implicit guarantees or implied warranty. Misleading or deceptive claims increase this liability.

Fee-Based Online Consultations eRisk Guidelines

A fee-based online consultation is a clinical consultation provided by a medical provider to a patient using the Internet or other similar electronic communications network in which the provider expects payment for the service.

An online consultation that is given in exchange for payment introduces additional risks. In a fee-based online consultation, the healthcare provider has the same obligations for patient care and follow-up as in face-to-face, written, and telephone consultations. For example, an online consultation should include an explicit follow-up plan that is clearly communicated to the patient.

In addition to the 12 guidelines stated earlier, the following are additional considerations for fee-based online consultations:

1. Pre-Existing Relationship

Online consultations should occur only within the context of a previously established doctor-patient relationship that includes a face-to-face encounter when clinically appropriate. State medical boards have begun enforcement actions.

2. Informed Consent

Prior to the online consultation, the health care provider must obtain the patient's informed consent to participate in the consultation for a fee. The consent should include explicitly stated disclaimers and service terms pertaining to online consultations. The consent should establish appropriate expectations between provider and patient.

3. Medical Records

Records pertinent to the online consultation must be maintained as part of, and integrated into, the patient's medical record.

4. Fee Disclosure

From the outset of the online consultation, the patient must be clearly informed about charges that will be incurred and that the charges may not be reimbursed by the patient's health insurance. If the patient chooses not to participate in the fee-based consultation, the patient should be encouraged to contact the provider's office by phone or other means.

5. Appropriate Charges

An online consultation should be substantive and clinical in nature and be specific to the patient's personal health status. There should be no charge for online administrative or routine communications such as appointment scheduling and prescription refill requests. Health care providers should consider not charging for follow-up questions on the same subject as the original online consultation.

6. Identity Disclosure

Clinical information that is provided to the patient during the course of an online consultation should come from, or be reviewed in detail by, the consulting provider, whose identity should be made clear to the patient.

7. Available Information

Health care providers should state, within the context of the consultation, that it is based only on information made available by the patient to the provider during or prior to the online consultation, including referral to the patient's chart when appropriate and, therefore, may not be an adequate substitute for an office visit.

8. Online Consultation vs Online Diagnosis and Treatment

Health care providers should attempt to distinguish between online consultation related to pre-existing conditions, ongoing treatment, follow-up question related to previously discussed conditions, and so forth, and new diagnosis and treatment addressed solely online. New diagnosis and treatment of conditions, solely online, may increase liability exposure.

The following copyright information is provided to users of the guidelines:

Copyright © 2002 Medem, Inc. Used with the permission of Medem, Inc. and the eRisk Working Group for Health care.

As patient-physician communication online expands, the standards of care and service will evolve. It is conceivable that, in the not-too-distant future, the use of online communication will become as commonplace as the use of the telephone and there will be generally accepted norms for availability of clinicians to patients. For the time being, clinicians are encouraged to err on the side of discretion, disclosure, and prudence in delivering care online to their patients. Clinicians are also warned to keep accurate records of online communication with and about patients, because these records are now routinely subpoenaed in liability litigation. Clinicians must show the same accuracy and discretion in online patient communication, as they would in any written clinical document.

Was this article helpful?

0 0

Post a comment