Secure E-mail Cures Headaches

A physician group solves communication problems
Secure E-mail Cures Headaches
For physician group practices, responding to requests from patients, lawyers, insurers and others for copies of patients' medical records is a time-consuming, labor-intensive headache. But one New York practice has found that secure e-mail is a cure for that pain, as well as a remedy for other communication maladies.

Crystal Run Healthcare, a 200-physician, multi-specialty practice in Middletown, N.Y., now uses secure e-mail for a variety of purposes, including certain doctor/patient communications as well as to share private information with its accountants, lawyers and others, says Miguel Hernandez, the practice's I.T. director.

The practice began investigating secure e-mail "because a younger generation of patients was coming in and begging for more electronic interaction with the practice," Hernandez says. Plus, some physicians were starting to ramp up their use of e-mail, which led to concerns that doctors might use e-mail to share personal health information in violation of the HIPAA privacy rule.

"We started to use secure e-mail for some patients on a small scale," Hernandez says. But soon, the practice determined that the technology, from Proofpoint Inc., Sunnyvale, Calif., could help cure a huge headache for its medical records department.

Inefficient process

The practice uses electronic records software from NextGen Healthcare Information Systems, Horsham, Pa. But when patients, attorneys, insurers and others requested copies of records, the practice printed out copies and either mailed them or faxed them to help ensure privacy. With records that could amount to hundreds of pages, this grew into a time-consuming task.

Today, the practice uses secure e-mail instead to transmit the patient records electronically, assured that the encrypted information will remain private, Hernandez explains.

When a secure e-mail is transmitted, the recipient receives a brief, standard note that they have a secure message waiting for them on the practice's Web site. Once the recipient launches that link, he is prompted to create a user account and password and answer some challenge questions, much like setting up an online banking account. Then the recipient can view all encrypted e-mail messages and open any attached files.

Three encryption options

The practice creates secure e-mail messages in three ways, Hernandez explains:

  • Users can click on a "send secure" button added to Microsoft's Outlook e-mail system that automatically encrypts the message using Proofpoint's software and transmits an e-mail to the recipient directing them to the Web site.
  • If a user transmits a standard e-mail via Outlook, Proofpoint will automatically encrypt it if the software's logic detects certain keywords, such as "Social Security," that indicate it likely includes personal patient information.
  • Certain departments, including human resources, automatically transmit only encrypted e-mails because so many of their messages contain sensitive information.

At first, the shift to secure e-mail raised some issues with the practice's patients, Hernandez recalls. "John Q Public at the beginning had a hard time because the e-mail messages referring them to our Web site looked a little weird," he says. "A lot of them thought the message was spam or they thought it was some kind of hoax. So we had to redesign the standard e-mail message so it was clear that it was legitimate."

Some patients who were not computer-savvy "were really thrown for a loop" when the secure e-mail message link launched a Web browser, Hernandez adds. As a result, the practice launched a campaign to educate patients about how the system worked. Plus, it coached doctors to use e-mail with patients more selectively, first making sure the patients were comfortable with the technology.

What's next?

Next, the practice will work on more routinely using secure e-mail for communications with insurers about payments and other issues, Hernandez says.

The bottom line: "Considering the cost of secure e-mail, as opposed to the cost of litigation over a HIPAA violation, it's certainly worth it."


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.