Within business, healthcare and our social lives, email has become a preferred form of communication. Somewhere between the ubiquity of access and habits developed over years of use, we face the risk of entangling our professional and personal correspondence. All too often, users unwittingly leave digital footprints or cross the boundaries of personal and professional communication. Health professionals may find themselves at risk of revealing sensitive information or otherwise breaching duties of privacy or confidentiality.
In recent weeks, the appropriateness of email communication has come under heavy scrutiny as the media revealed that Hillary Clinton exclusively used a personal email account during her tenure as secretary of state. The personal email account was managed “through a private computer server that traced to her home” (Wall Street Journal). The Clinton email debacle parallels some issues we are seeing within healthcare. Moreover, the controversy serves as an opportunity for professionals in all sectors to examine their current communication policies and determine whether the basic requirements for appropriate professional communications are being met.
So what can the medical community and Hillary Clinton learn from each other?
In the wake of the incident, Clinton remarked that she regretted not having two separate email accounts, which echoes a conversation within the academic medical community. Some scholars suggest the need for a “dual citizenship” approach within digital space to reflect and separate professional and social personae. This is solid advice for healthcare professionals because the way we communicate through technology is almost seamlessly interwoven into daily routine, and medical providers may not always be mindful of safeguarding patient privacy and confidentiality. Along with their habits, providers also may overestimate their patients’ knowledge of technology and how to mitigate associated privacy risks.
For example, I was recently talking to a physician about a challenging case involving a minor who had tested positive for HIV. The physician mentioned that he was communicating with his patient by email, and I asked him if he discussed the risks of this type of communication or included the conversation in the patient’s health record. He shot me a puzzled look and asked, “Why would I do that?” I didn’t want to state the obvious, but this is the sort of patient communication—a discussion of test results—that should be put into a patient’s chart.
Email provides a novel method for clinicians to maintain unofficial shadow records (a/k/a ghost charts) for patient communication. It’s similar to Hillary Clinton sending emails from her personal email and those records being held within a private server: important information cannot be gleaned from the data, and security and oversight are disregarded in favor of personal control and convenience. For medical providers, important aspects of the patient history might be lost—a problem they already face with the shrinking patient narrative in electronic health records, to the detriment of those in their care.
The problems encountered when communications are placed in patient records rather than shadow records are exacerbated when free services such as Gmail are used because security, confidentiality, and privacy are impossible to safeguard. For example, although users retain ownership to content, Google’s terms of service grant the company a perpetual, worldwide license to material uploaded or transmitted through their systems. Marketing is a common use, and while the physician might move the conversation to email to keep the conversation controlled and “private,” Google can collect data and target ads to the patient based on their correspondence. For this reason and a host of others, these types of services are not appropriate for the transmission of protected health information.
These issues aside, the manner in which we access email also has its associated hazards. Smartphones have become the preferred point of access for the Internet, and website access is greatly overshadowed by apps. Traditionally, weak cybersecurity on the part of hospitals at the institutional level, coupled with an epidemic of poor personal security, means that human error is the biggest threat to protected health information—since 2005, around 38% of disclosures have included lost or stolen devices, accounting for 78% of all reported breaches.
Of the 89 reported breaches affecting 500 individuals or more so far in 2015, 13 had information exposed by email and six by portable electronic devices; one incident alone impacted over 56,000 patients. If mobile devices and networks are not secure, then communications are at risk. These technologies have the ability to transform professional operations and communication; however, they represent a known weak link in enterprise security.
For many reasons, it’s important for healthcare professionals to consider the idea of dual citizenship because it would create a focus on digital communication strategies and push for clearer policies and accountability. Technology has the ability to transform what we do and how we do it; however, the values which guide personal use of technology are quite different from those that should inform clinical practice.
But this is nothing new in the context of medicine. Sir William Osler, known as the Father of Modern Medicine, recognized the pressures that new science and technology impose upon medicine when he wrote, “The old art cannot possibly be replaced by, but must be absorbed in, the new science.” This aphorism is as applicable today as it was when he wrote it over 100 years ago—technological advancement is not a surrogate for professional practice.
Several organizations, such as the AMA and AHIMA, attempt to mitigate these issues by offering guidelines to help healthcare providers better understand the pitfalls of electronic communication, but patients might need the most help. Many patients aren’t aware of the intricacies of provider terms of service, or they may otherwise fail to grasp how their privacy and confidentiality are put at risk. That’s why it’s important for providers and healthcare institutions to understand the nuances of electronic communication and security within the provider-patient relationship, so that patients can be educated and make informed decisions.
Continued dialogue and examination of current communication practices within healthcare are essential for a technologically secure healthcare system. Currently, some healthcare professionals are taking too many unnecessary risks with communication for the sake of efficiency and availability, but it’s clear that in all professional careers, including the highest-ranking diplomat in the United States, we have a way to go to ensure our professional and personal communication interests do not become entangled.
Attorney-ethicist Eric Scott Swirsky, JD, MA, is a clinical assistant professor at the University of Illinois at Chicago’s Health Informatics program.
The opinions expressed in this Blog are those of Eric Scott Swirsky and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary, or affiliated companies.
This article is published as part of the IDG Contributor Network. Want to Join?