Secure E-mail Cures HeadachesA physician group solves communication problems
Crystal Run Healthcare, a 200-physician, multi-specialty practice in Middletown, N.Y., now uses secure e-mail for a variety of purposes, including certain doctor/patient communications as well as to share private information with its accountants, lawyers and others, says Miguel Hernandez, the practice's I.T. director.
The practice began investigating secure e-mail "because a younger generation of patients was coming in and begging for more electronic interaction with the practice," Hernandez says. Plus, some physicians were starting to ramp up their use of e-mail, which led to concerns that doctors might use e-mail to share personal health information in violation of the HIPAA privacy rule.
"We started to use secure e-mail for some patients on a small scale," Hernandez says. But soon, the practice determined that the technology, from Proofpoint Inc., Sunnyvale, Calif., could help cure a huge headache for its medical records department.
The practice uses electronic records software from NextGen Healthcare Information Systems, Horsham, Pa. But when patients, attorneys, insurers and others requested copies of records, the practice printed out copies and either mailed them or faxed them to help ensure privacy. With records that could amount to hundreds of pages, this grew into a time-consuming task.
Today, the practice uses secure e-mail instead to transmit the patient records electronically, assured that the encrypted information will remain private, Hernandez explains.
When a secure e-mail is transmitted, the recipient receives a brief, standard note that they have a secure message waiting for them on the practice's Web site. Once the recipient launches that link, he is prompted to create a user account and password and answer some challenge questions, much like setting up an online banking account. Then the recipient can view all encrypted e-mail messages and open any attached files.
Three encryption options
The practice creates secure e-mail messages in three ways, Hernandez explains:
- Users can click on a "send secure" button added to Microsoft's Outlook e-mail system that automatically encrypts the message using Proofpoint's software and transmits an e-mail to the recipient directing them to the Web site.
- If a user transmits a standard e-mail via Outlook, Proofpoint will automatically encrypt it if the software's logic detects certain keywords, such as "Social Security," that indicate it likely includes personal patient information.
- Certain departments, including human resources, automatically transmit only encrypted e-mails because so many of their messages contain sensitive information.
At first, the shift to secure e-mail raised some issues with the practice's patients, Hernandez recalls. "John Q Public at the beginning had a hard time because the e-mail messages referring them to our Web site looked a little weird," he says. "A lot of them thought the message was spam or they thought it was some kind of hoax. So we had to redesign the standard e-mail message so it was clear that it was legitimate."
Some patients who were not computer-savvy "were really thrown for a loop" when the secure e-mail message link launched a Web browser, Hernandez adds. As a result, the practice launched a campaign to educate patients about how the system worked. Plus, it coached doctors to use e-mail with patients more selectively, first making sure the patients were comfortable with the technology.
Next, the practice will work on more routinely using secure e-mail for communications with insurers about payments and other issues, Hernandez says.
The bottom line: "Considering the cost of secure e-mail, as opposed to the cost of litigation over a HIPAA violation, it's certainly worth it."