On Tech Medicine, I recently discussed patient-physician email. As part of the review, I looked at Columbia University's guidelines for allowing providers to use nonencrypted email and still be compliant with the HIPAA privacy law. (Their web page is excellent and I strongly recommend that you read it if you're interested in this topic.) I've extracted the text from the two forms below, "Important Information About Provider/Patient Email" and "Patient Request for Email Communications."
These forms are provided for informational purposes only.
Important Information About Provider/Patient Email
As a patient of this office, you have the right to request we communicate with you by electronic mail (email). It is also your right to be informed in sufficient detail about the risks of communicating via email with your health care provider or office, and how your provider will use and disclose provider/patient email.
PLEASE READ THIS INFORMATION CAREFULLY
Email communications are two-way communications. However, responses and replies to emails sent to or received by either you or your health care provider may be hours or days apart. This means that there could be a delay in receiving treatment for an acute condition.
If you have an urgent or an emergency situation, you should not rely solely on provider/patient email to request assistance or to describe the urgent or emergency situation. Instead, you should act as though provider/patient email is not available to you – and seek assistance by means consistent with your needs.
Email messages on your computer, your laptop, and/or your PDA have inherent privacy risks – especially when your email access is provided through your employer or when access to your email messages is not password protected.
Unencrypted email provides as much privacy as a postcard. You should not communicate any information with your health care provider that you would not want to be included on a postcard that is sent through the post office.
Email messages may be inadvertently missed. To minimize this risk, your doctor requires you respond appropriately to a test email message before we will allow health information about you to be communicated with you via email. You can also help minimize this risk by using only the email address that you are provided at the successful conclusion of the testing period to communicate with your doctor.
Email is sent at the touch of a button. Once sent, an email message cannot be recalled or cancelled. Errors in transmission, regardless of the sender’s caution, can occur.
In order to forward or to process and respond to your email, individuals other than your health care provider may read your email message. Your email message is not a private communication between you and your treating provider.
Neither you nor the person reading your email can see the facial expressions or gestures or hear the voice of the sender. Email can be misinterpreted.
At your health care provider’s discretion, your email messages and any and all responses to them may become part of your medical record.
Patient Request for Email Communications
Communications over the Internet and/or using the email system are not encrypted and are inherently insecure. There is no assurance of confidentiality of information when communicated this way. Nevertheless,you may request that we communicate with you via email. To do so, you must complete this form and return it to your health care provider’s office.
Please be advised that:
(1) This Request applies only to the health care provider or office that you indicate below. If you would like to request to communicate via email with another health care provider or office, you must complete a separate Request for that office.
(2) Your health care provider will not communicate health information that is specially protected under state and federal law (e.g., HIV/AIDS information, substance abuse treatment records information, mental health information) via email even if we agree to communicate with you via email.
(3) Your Request will not be effective until you receive and respond appropriately to a test email message from your doctor. Please select the test question you want to use below, and provide us with your answer.
Please provide the following information:
Patient Name: ________________________ Date of Birth: _________
Phone number: _______________________
Please specify the email address to which communications should be addressed:
Please specify the health care provider or office from which you are requesting email communications:
Please select the question you want to use (by checking the one of the boxes below) for your test email and provide your answer.
o The last four digits of my Social Security Number: _______________
o My mother’s maiden name: _______________
o My middle name: _______________
o The street number of my residence: _______________
Please initial each blank and sign below:
____ I certify the email address provided on this Request is accurate, and that I, or my designee on my behalf, accept full responsibility for messages sent to or from this address.
____ I have received a copy of the IMPORTANT INFORMATION ABOUT PROVIDER/PATIENT EMAIL form, and I have read and understand it.
____ I understand and acknowledge that communications over the Internet and/or using the email system are not encrypted and are inherently insecure; that there is no assurance of confidentiality of information when communicated this way.
____ I understand that all email communications in which I engage may be forwarded to other providers, including providers not associated with my doctor, for purposes of providing treatment to
____ I agree to hold my doctor and individuals associated with him/her harmless from any and
all claims and liabilities arising from or related to this Request to communicate via email.
Signature of patient or personal representative
If personal representative, authority to act on behalf of patient