Don't toss all your practice's e-mails in the virtual trash
■ A practical look at information technology issues and usage
By Pamela Lewis Dolan — covered health information technology issues and social media topics affecting physicians. Connect with the columnist: @Plewisdolan — Posted May 18, 2009.
- WITH THIS STORY:
- » Related content
Reading and deleting e-mails might be customary when e-mailing for personal use. But physicians incorporating e-mail into their practices might have to get out of that habit and enter the unfamiliar territory of e-mail archiving.
"A lot of people think that e-mails are just e-mails, that it's like a telephone conversation that you have with someone, you hang up and you have no record of it," said William J. Spratt Jr., health care partner for the Miami offices of K&L Gates. "But that's not the case. It actually is a written record, and it must be maintained if it is considered a health record."
Spratt said many don't consider this fact when they start using e-mail as a form of communication between physician and patient because of the convenience it offers. But experts say e-mails should be considered part of the business record and kept for future reference.
Ryan Williams, a health care attorney at the Cleveland firm of Walter & Haverfield, said that because archiving e-mail is so important to a practice, the decision to begin e-mailing patients should be a business decision for which doctors should weigh financial and liability risks and benefits.
Even if you are receiving reimbursement for e-visits, there are costs and staff time associated with maintaining those records that might not make it worth the investment.
Depending on your type of electronic medical record system, you might not have to worry about archiving. Some systems automatically enter e-mailed information into a patient's file, while other e-mailing systems are integrated into an office EMR. But for those who don't have fully functional EMRs with these capabilities, the archiving will have to be done manually.
Opinions vary as to what e-mails should be saved, and whether all should be made a part of a patient's medical file. Williams said many e-mails might contain simple questions and not personal health information, which needs to be protected under the Health Insurance Portability and Accountability Act. "You don't know where [the conversation's] going to go," he said. Therefore, he recommends that practices save all e-mails.
Peter Mancino, health care attorney for the New York offices of Garfunkel, Wild & Travis, argues that there's no reason for saving e-mails that are the equivalent of a quick phone call to the practice. For example, if details of a phone call would not make it into the patient's file, a similar e-mail doesn't need to, either.
But no matter which e-mails physicians deem important enough to be archived, the policy needs to be consistent, Mancino said. Inconsistencies could get physicians in trouble by appearing as if they are destroying e-mails solely because they appeared harmful to them. He said the same scrutiny used when determining what information to include in the clinical notes from a visit, or which phone messages are made part of a patient's file, should be used when determining which e-mails to save.
When it comes to long-term storage of e-mails, Williams said, accessibility is crucial, because patients can request copies of the medical records at any time, and physicians are bound by law to provide those records in their entirety. Records also can be subpoenaed, and an inefficient filing system can cost a practice a lot of time and resources.
Practices simply can print hard copies of e-mails and place them in their paper charts, or cut and paste into electronic charts. But since an electronic file containing personal health information was created, from a liability standpoint, it cannot just be purged once a hard copy has been made, Williams said.
"What I would argue if I were confronted with that issue is that the copied e-mail is the archaic form of the actual, real version of that health record, which is the original e-mail. That e-mail form has so many other dimensions than just the four corners of that paper," Williams said. Without the original record, there's no way of knowing whether the paper copy is a complete and accurate record of what actually was sent.
These issues have led many to consider archiving e-mails electronically, which can be done one of two ways -- storage on an in-house server or off-site storage at a data warehouse.
If practices choose to do the archiving in-house, Spratt said, the system could be as simple as creating a file for each patient's name in the e-mail application, so any correspondence could be found quickly. But since it is protected information, a backup of all data would be needed.
Helenemarie Blake Moore, an attorney with Miami-based Fowler White Burnett, said that if storage is done in-house, protecting the data from outside breaches has to be the first priority. She recommends that one person in the practice be appointed the compliancy officer in charge of data security.
Andres Kohn, vice president and general manager of Proofpoint Archive, a branch of Sunnyvale, Calif.-based Proofpoint, said the advantages to archiving off-site with a Web-hosted system is that the practice doesn't have to invest in the needed hardware or IT staff needed to encrypt the archived data and protect it. The system also can be set up with certain parameters so that the archiving happens without extra user effort.
A system such as Proofpoint, which costs about $100 per year per user, encrypts the data as they are being sent to the system. Even though data are stored off-site, users can query the system any time using various data points such as recipient or sender, or date and time, to find specific e-mails.
Mancino said there are several good archiving vendors but that doctors need to "kick the tires a bit." Before contracting with anyone, physicians need to find out how the company protects data, whether the practice's attorneys and insurance carriers are satisfied with the system, and whether there needs to be a business associate agreement that would bind that vendor to HIPAA guidelines and regulations.
Pamela Lewis Dolan covered health information technology issues and social media topics affecting physicians. Connect with the columnist: @Plewisdolan —