The Informatics Review: An on-line journal focusing on clinical computing and medical informatics

This week's Informatics Review has some useful entries:

• A mention of the recent paper by David Bates and the leadership of NAPCI on electronic medical records in primary care.  NAPCI is the brainchild of John Zapp who served as Chair of the AMIA primary Care Informatics Working Group for the past two years. (David Little has now taken over for his two-year term).  NAPCI is a great idea.  The concept is that NAPCI will help unify efforts to standardize implementation of EMRs in primary care.  The EMR vendors have defined what EMRs are .. and what they do.  This is the opposite of what should be happening.  The user community needs to step up to the plate.  We need to define basic configuration and architecture parameters.  We need to define basic functionality and even basic specific for data models and interface requirements.  No small task.  But without a unified voice, there is no clear guidance from the user community.  Indeed, I would hope that the EMR vendors would embrace such a unified voice from all of primary care.   We need to work together.  I have the privilege of representing STFM in the leadership of NAPCI. 
• A discussion of guidelines for online communications in healthcare.  Some highlights:
  1. Security. Online communications between health care provider and patient should be conducted over a secure network, with provisions for authentication and encryption in accordance with eRisk, HIPAA and other appropriate guidelines. Standard email services do not meet these guidelines. Health care providers need to be aware of potential security risks, including unauthorized physical access and security of computer hardware, and guard against them with technologies such as automatic logout and password protection.

  2. Authentication. The health care provider has a responsibility to take reasonable steps to authenticate the identity of correspondent(s) in an electronic communication and to ensure that recipients of information are authorized to receive it.

  3. Confidentiality. The health care provider is responsible for taking reasonable steps to protect patient privacy and to guard against unauthorized use of patient information.

  4. Unauthorized Access. The use of online communications may increase the risk of unauthorized distribution of patient information and create a clear record of this distribution. Health care providers should establish and follow procedures that help to mitigate this risk.

  5. Informed Consent. Prior to the initiation of online communication between health care provider and patient, informed consent should be obtained from the patient regarding the appropriate use and limitations of this form of communication. Providers should consider developing and publishing specific guidelines for online communications with patients, such as avoiding emergency use, heightened consideration of use for highly sensitive medical topics, appropriate expectations for response times, etc. These guidelines should become part of the legal documentation and medical record when appropriate. Providers should consider developing patient selection criteria to identify those patients suitable for email correspondence, thus eliminating persons who would not be compliant.

  6. Highly Sensitive Subject Matter. The health care provider should advise patients of potential privacy risks associated with online communication related to highly sensitive medical subjects. This warning should be repeated if a provider solicits information of a highly sensitive nature, such as issues of mental health, substance abuse, etc. Providers should avoid active initial solicitation of highly sensitive topic matters.

  7. Emergency Subject matter. The health care provider should advise patients of the risks associated with online communication related to emergency medical subjects such as chest pain, shortness of breath, bleeding during pregnancy, etc. Providers should avoid active promotion of the use of online communication to address topics of medical emergencies.

  8. Doctor-Patient Relationship. The health care provider may increase liability exposure by initiating a doctor-patient relationship solely through online interaction. Payment for online services may further increase that exposure.

  9. Medical Records. Whenever possible and appropriate, a record of online communications, pertinent to the ongoing medical care of the patient, must be maintained as part of, and integrated into, the patient's medical record, whether that record is paper or electronic.

  10. Licensing Jurisdiction. Online interactions between a health care provider and a patient are subject to requirements of state licensure. Communications online with a patient outside of the state in which the provider holds a license may subject the provider to increased risk.

  11. Authoritative Information. Health care providers are responsible for the information that they provide or make available to their patients online. Information that is provided on a medical practice Web site should come either directly from the health care provider or from a recognized and credible source. Information provided to specific patients via secure email from a health care provider, should come either directly from the health care provider or from a recognized and credible source after review by the provider.

  12. Commercial Information. Web sites and online communications of an advertising, promotional or marketing nature may subject providers to increased liability, including implicit guarantees or implied warranty. Misleading or deceptive claims increase this liability.