Secure E-mail Cures Headaches

Credit EligibleAs a HealthcareInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

For physician group practices, responding to requests from patients, lawyers, insurers and others for copies of patients' medical records is a time-consuming, labor-intensive headache. But one New York practice has found that secure e-mail is a cure for that pain, as well as a remedy for other communication maladies.

Crystal Run Healthcare, a 200-physician, multi-specialty practice in Middletown, N.Y., now uses secure e-mail for a variety of purposes, including certain doctor/patient communications as well as to share private information with its accountants, lawyers and others, says Miguel Hernandez, the practice's I.T. director.

The practice began investigating secure e-mail "because a younger generation of patients was coming in and begging for more electronic interaction with the practice," Hernandez says. Plus, some physicians were starting to ramp up their use of e-mail, which led to concerns that doctors might use e-mail to share personal health information in violation of the HIPAA privacy rule.

"We started to use secure e-mail for some patients on a small scale," Hernandez says. But soon, the practice determined that the technology, from Proofpoint Inc., Sunnyvale, Calif., could help cure a huge headache for its medical records department.

Inefficient process

The practice uses electronic records software from NextGen Healthcare Information Systems, Horsham, Pa. But when patients, attorneys, insurers and others requested copies of records, the practice printed out copies and either mailed them or faxed them to help ensure privacy. With records that could amount to hundreds of pages, this grew into a time-consuming task.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

Today, the practice uses secure e-mail instead to transmit the patient records electronically, assured that the encrypted information will remain private, Hernandez explains.

When a secure e-mail is transmitted, the recipient receives a brief, standard note that they have a secure message waiting for them on the practice's Web site. Once the recipient launches that link, he is prompted to create a user account and password and answer some challenge questions, much like setting up an online banking account. Then the recipient can view all encrypted e-mail messages and open any attached files.

Three encryption options

The practice creates secure e-mail messages in three ways, Hernandez explains:

• Users can click on a "send secure" button added to Microsoft's Outlook e-mail system that automatically encrypts the message using Proofpoint's software and transmits an e-mail to the recipient directing them to the Web site.
• If a user transmits a standard e-mail via Outlook, Proofpoint will automatically encrypt it if the software's logic detects certain keywords, such as "Social Security," that indicate it likely includes personal patient information.
• Certain departments, including human resources, automatically transmit only encrypted e-mails because so many of their messages contain sensitive information.

At first, the shift to secure e-mail raised some issues with the practice's patients, Hernandez recalls. "John Q Public at the beginning had a hard time because the e-mail messages referring them to our Web site looked a little weird," he says. "A lot of them thought the message was spam or they thought it was some kind of hoax. So we had to redesign the standard e-mail message so it was clear that it was legitimate."

Some patients who were not computer-savvy "were really thrown for a loop" when the secure e-mail message link launched a Web browser, Hernandez adds. As a result, the practice launched a campaign to educate patients about how the system worked. Plus, it coached doctors to use e-mail with patients more selectively, first making sure the patients were comfortable with the technology.

What's next?

Next, the practice will work on more routinely using secure e-mail for communications with insurers about payments and other issues, Hernandez says.

The bottom line: "Considering the cost of secure e-mail, as opposed to the cost of litigation over a HIPAA violation, it's certainly worth it."