Emailing your doctor: would you choose convenience over privacy?

Almost every time I get in touch with my doctor, I feel like I’ve gone back in time.  Getting an answer to a simple question involves multiple rounds of phone tag. Sharing documentation requires finding a fax machine or using snail mail. Even leaving a basic message for the doctor means navigating through a frustrating maze of voice mailbox commands.
As with most other parts of my life, my impulse is to use email to communicate with the doctor. But, except for some administrative messages, every physician I’ve had has shut me down.
More startups and health technology companies are developing and offering secure platforms that enable patients and doctors to communicate electronically.  But a crowdfunding campaign on Medstartr is trying to take a low-tech approach to help solve this high-tech problem.
Launched by Boston healthcare attorney David Harlow, and backed by Fred Trotter, a well-known data hacktivist in healthcare, and Ian Eslick, a PhD candidate at the MIT Media Lab, the “Hacking HIPAA” campaign wants to create a new legal document, called the Notice of Privacy Practices, that patients would sign when they first arrive a new doctor’s office.

Letting patients waive some HIPAA protections

Sure, signing yet another medical form just sounds like a chore — something no patient really needs. But the document would explain the realities of data storage and transmission and then let patients explicitly consent to using standard email, video conferencing and other communications technology that may be less secure than health IT systems but more convenient, said Harlow, adding:

“What I’d like to see is to have those doctors provide forms front and center that let patients say ‘Text me, email me. I don’t care about privacy. I’m not Beyoncé and no one’s looking for my medical records. I just want to be able to communicate easily with my healthcare provider.’”

Concerns about violating the privacy and security law known as HIPAA (the Health Insurance Portability and Accountability Act) are often cited by doctors as a reason to stay away from email. But Harlow said that a piece of the law that is “often kicked under the carpet” is the right of patients to choose the level of security and privacy that goes along with their healthcare. Patients, he said, have always had the right to use email, SMS or other electronic communication tools, they just weren’t empowered to exercise it and haven’t had mechanisms for demanding it.

Helping health IT developers face new HIPAA rules

He added that the document could also help health IT developers who may be concerned about the new HIPAA rules that were announced in January and will go into effect this fall. Under the new measures, the government has expanded the definition of a healthcare provider’s “business associate,” meaning that any kind of service, like Amazon Web Services, involved in the storage or transmission of health information could have compliance obligations.
The emailing with the doctor debate isn’t a new one. While consumers and professionals in all kinds of industries have moved much of their communication online, the medical world has dragged its feet – according to a study from healthcare research firm Manhattan Research, just under a third of doctors said they emailed with patients in 2012. And while privacy and security are often-mentioned issues, there are others, too. Email doesn’t sure ensure continuity of care (if a doctor is out on vacation, they could miss an important email), it can lead to miscommunication and it’s not a platform that enables most doctors to get compensated for their time.
But even though email has the convenience factor on its side – and if given the choice to email and SMS with a doctor, I’d take it – it’s easy to see the risks. As a Boston Globe column this week pointed out, email makes it all too easy for people to receive medical correspondence that was never meant for them. The writer, who has a common name and email address said she’d twice received email messages from doctors’ offices that were intended for other patients. Even if you’re not Beyoncé, you likely don’t want strangers getting the results to your pregnancy test or access to your health record.
Harlow’s Hacking HIPAA campaign has only four days left to reach its goal of $10,000 and it’s barely a quarter of the way there. So, chances are, you’re not going to see a Notice of Privacy Practices form at your doctor’s office anytime soon.
But even though the campaign may not be a success, it’s raising some worthwhile issues related to patients’ rights when it comes to communicating with doctors and difficulties reconciling technology and the law. Said Harlow:

“It’s engaged at least some people in the conversation that I’ve always had the right to email my doctor. And I think that’s an important conversation for people to start.”