5 dos and don'ts of digital communication in healthcare
Professional values and modern technology can make for strange bedfellows
By Eric S. Swirsky, JD, MA Posted on 16 July 2015
For most of us, email is a facet of daily life. Mobile technologies have become a dominant mode of access, allowing us to connect at almost any time and place. This convenience does not come without associated risks to privacy. When healthcare providers use these means to communicate with patients, professional duties of confidentiality may also be placed in jeopardy. Here are some tips for providers to consider when seeking to enhance patient communication through digital media.
1. Encrypt your phones and mobile devices.
Mobile devices have become the preferred way to access email. By some estimates, 65 percent of all email in the United States is accessed through mobile devices, with a lion’s share viewed through smartphones. The mobile phone market is consumer driven, and devices that are designed for consumers are being used as professional tools; however, they do not have the same security protocols that health information technology is mandated to have by the Health Information Portability and Accountability Act (HIPAA). These devices frequently operate on unsecured networks and transmit a variety of data to manufacturers, app creators, and third parties for a variety of purposes. Hospitals have notoriously poor cybersecurity, which certainly doesn’t help matters. Since 2005, around 38 percent of disclosures have included lost or stolen devices, accounting for 78 percent of all reported breaches, according to a 2014 survey by Forrester Research Inc. reported in the Wall Street Journal.
Moreover, the mobile devices themselves are not always encrypted by users, so when these devices are lost or stolen, the information they contain is put at greater risk for leakage. This is no small issue. Of the 119 reported breaches affecting 500 individuals or more so far in 2015, 19 had information exposed by email and seven by portable electronic devices; one incident alone impacted over 300,000 patients. If email, mobile devices and networks are not secure, then communications are at risk.
2. Consider whether email is an appropriate channel of communication.
Before distributing any message, it is important to consider one’s audience and purpose of communication. Is this a casual communication, an electronic consultation with a patient, or an electronic “curbside” consultation with a colleague? The purpose of communication and content of the message to be delivered should be considered when deciding on the appropriate channel of delivery. For example, if it is a sensitive or complex issue, then perhaps face-to-face dialogue would be more appropriate.
For similar reasons, it is good practice for providers to maintain and use separate email accounts for professional and personal communications. In their 2011 paper “Professionalism in the Digital Age,” Mostaghimi and Crotty recommend a “dual-citizenship” approach that separates professional and private personae. This proactive approach allows clinicians to leverage the benefits of this method of communication while managing their professional responsibilities.
3. Mind the (health literacy) gap.
By some estimates, health illiteracy is at epidemic proportions. Somewhere between the lack of access to technology and poor accessibility of health information provided to the public, there exists a digital divide. As Health IT researcher Gunther Eysenbach explains in his 2012 paper “eHealth Literacy: Extending the Digital Divide to the Realm of Health Information”:
The more comprehensive and sophisticated use of the Internet and the subsequent increased gains among the high eHealth literate create new inequalities in the domain of digital health information.
Communicating information is not enough; patients require education to make it meaningful to their health. Providers must be mindful of the platforms they use as well as the manner and quality of the information they intend to in disseminate. For electronic communication technologies to achieve their potential of enabling or improving health and healthcare, patients must be able to access, understand, and synthesize information to make it relevant to their lives and health states.
4. If you encourage use, then explain the risks.
Receiving informed consent is (or should be) standard practice in clinical settings. This means that prior to delivering a healthcare intervention to a patient, healthcare providers should explain and make sure the patient understands the facts, benefits and risks associated with that intervention. While encouraging patients to use the Internet to garner more information may not rise to the level of requiring consent, an explanation of the risks and benefits is advised when providers encourage that use. According to a recent study published in Communications of the ACM, those seeking information online may be putting their privacy at risk; when users search for information, they may unwittingly share information with third parties that use behavioral tracking for business, marketing or nefarious purposes.
Use of email is a different story; providers should receive informed consent before sharing protected health information with patients through this medium. It is inappropriate for healthcare providers to use free email services, such as Gmail, that collect user information and share it with third parties. However, even if secured email is used on the provider side, a patient’s information may still be at risk if patients are using free email services. Digital communication can provide benefits for patients, including improved access to provider expertise and portability of health information. The risks, however, cannot be discounted: technology and security protocols can fail, health information may be leaked to third parties, and information may become fragmented as it is dispersed through a variety of mediums. The potential benefits and burdens need to be relayed so that patients can knowingly assent to them.
5. Seek guidance.
Professional associations may be of assistance to providers navigating these waters to safe harbors. For example, the American Medical Association offers guidance on the use of email in which physicians are advised to 1) refrain from starting a physician-patient relationship by email, 2) maintain the same ethical responsibilities when communicating through this medium and 3) inform patients about the risks and limitations of email before communicating that way. While the AMA’s opinion appears to be focused on limiting physician exposure to liability, it serves as a starting point for the dialogue that needs to occur between doctor and patient.
Elsevier Connect Contributor
Eric S. Swirsky (@HI_EthicsGuy) is a Clinical Assistant Professor in the Department of Biomedical and Health Information Sciences at the University of Illinois at Chicago. Professor Swirsky’s scholarly interests revolve around the ethical conundra that result from the use of health information technologies. In particular, Eric is interested in technology’s impact on clinical relationships, the delivery of health services, and professional communication. Ethical issues surrounding the use of information technology in healthcare are manifold and complex. From the board room to the bedside to the bench, ethical issues flourish in the chasm created by incompatible values.