Secure E-Mail: A Different ApproachPractices Use Remotely Hosted System
But for some smaller practices with limited budgets, installing a robust patient portal or investing in encryption software to install on their own servers can prove to be too costly and cumbersome. And many still lack the option of linking up to a regional health information exchange, most of which are still in the formative stages.
So some are turning to new secure e-mail options. For example, Core Empowerment Group LLC in Benton, Ark., and the Orthopedic Institute in Sioux Falls, S.D., are using an encrypted communications platform hosted by MaxMD, Fort Lee, N.J. The company sells the secure e-mail service in conjunction with the "MD" website domain registration.
The MaxMD technology enables the two practices to send and receive e-mails with encrypted attachments. Users, including patients, physicians and others, must register for the service, creating credentials in a three-step process. Each time they receive a message notifying them they have a secure e-mail, they must enter their e-mail address and a password to gain access to the message in the attachment. Messages traveling to and from the MaxMD gateway, which remotely serves the physician groups, are automatically encrypted and decrypted in the background.
Customer Service Orientation"In this day and age, you've got to do everything you can to reach patients quickly and effectively and give them the opportunity to reach you," says Sarah Collie, R.N., CEO at Core Empowerment Group, where her husband, William Collie, M.D., practices.
"Secure e-mail ultimately will be required of all clinics," contends David Vrooman, director of information technology at the Orthopedic Institute. "It's almost going to be a standard business practice."
Although secure clinical messaging will continue to grow, some observers expect it ultimately will shift to the health information exchange platform as more HIEs become operational and robust.
"I see this as temporary with the expectation that HIEs may provide the conduit and help providers set up secure portals and the means to exchange information," says Margret Amatayakul, president of MargetA Consulting LLC, which specializes in electronic health records issues.
The HITECH Act, which mandates tougher penalties for violations of the HIPAA privacy and security rule and requires data breaches to be reported, is leading more practices to look for new ways to protect patient information, especially when it traverses the Internet. Federal regulators recently issued a proposal to modify HIPAA, which spells out the tougher penalties.
Improved CommunicationWhile the clinic in Arkansas primarily uses secure e-mail to communicate with patients, the South Dakota practice uses it mainly to communicate with physicians who have referred patients. But both were looking for a way to cut their reliance on faxes and phone calls.
Core Empowerment Group specializes in the treatment of patients with attention deficit and bipolar disorders, so it sought out a system that would be easy for patients to use. "I needed something HIPAA-compliant, sophisticated on the back-end and very simplistic for the patient," Collie says.
The Arkansas clinic has a button on its Web site that enables patients and others to submit a secure e-mail using the MaxMD remotely hosted service. Submitting a message doesn't require registration.
Patients who register for the secure e-mail can receive messages from the clinic about test results, upcoming appointments and other updates, Collie explains.
"We treat people from all over the world, including missionaries, for example. So we use secure e-mail for out-of-country communication because they can't always pick up a phone and call, but they typically can use e-mail."
The practice also uses secure e-mail to communicate with area physicians and hospitals. For example, it sometimes uses the system to transmit a portion of a patient's electronic health record to psychologists.
Collie and her physician husband primarily access secure e-mails over their Apple i-Phones. "We don't use a beeper any more," she says. The practice's voice mail system sends audio files to the secure e-mail system as well.
Managing ReferralsUnlike Core Empowerment Group, the Orthopedic Institute does not yet have an electronic health record system. It's holding off on using secure e-mail to communicate with patients until it rolls out an EHR as well as a new practice management system, says Vrooman, the IT director.
In the meantime, the 15-physician specialty practice, which gains referrals from a vast rural area, is using secure e-mail for communication with area doctors.
The practice briefly considered, and rejected, spending $15,000 to install e-mail encryption software on its own server, Vrooman says. It investigated other options, including patient portals, but settled on MaxMD because it was cost-effective.
The clinic uses the secure e-mail system "very extensively rather than playing phone tag or using the fax machine," he adds. The most common use is to share test results or transcribed notes with area primary care physicians.
Vrooman and Collie say the secure e-mail technology has paid for itself based on each practice's savings on postage and paper.