Abstract
In 1998, the American Medical Informatics Association (AMIA) published a white paper entitled “Guidelines for the Clinical Use of Electronic Mail with Patients,” which outlined a practical framework for this interaction. Interest in the use of other Internet-based tools, such as the World Wide Web, to enhance clinical communication is increasing. In such systems, static information can be made centrally available to patients and interactive tools such as messaging systems, schedules, and individualized care regimens can be integrated within the site. Sitespecific guidelines are needed to address potential problems inherent in the particular services being offered. This article presents advice on developing site-specific guidelines, with examples, based on experience gained in developing and refining guidelines for the use of PatientWeb at the Massachusetts General Hospital Department of Neurology.
Increasing numbers of physicians and patients are turning to the Internet to support communication. Typical interactions are via e-mail. According to a study by Neinstein,1 64 percent of responding university health centers reported having used some form of electronic communication with their patients; however, only 4.7 percent of all respondents had a policy about such use. An additional 5.9 percent had a policy in development.
The use of non-secure electronic clinical communication has ethical and legal implications, and readers are referred to the AMIA White Paper,2 in which a clear and concise set of guidelines for the use of patient–provider e-mail are presented. The landscape of Internet-based technologies, however, is changing rapidly. A variety of methods other then e-mail are being used more frequently, and there has been a surge of interest in use of the Internet, especially the Web, to provide content, schedule appointments, augment synchronous and asynchronous communication, and generally manage administrative and clinical affairs. While these systems may adhere to and even surpass the AMIA e-mail recommendations,3 they contain features that differentiate them from e-mail, and broader guidelines covering rights, responsibilities, and terms of use of these systems should be drawn up. Presented here are the guidelines developed by the Massachusetts General Hospital (MGH) Department of Neurology for a Web-based patient resource, PatientWeb.
Brennan et al.4,5 and Gustafson et al.6,7 have described computer systems that facilitate support for patients with breast cancer, HIV/AIDS, Alzheimer's disease, and other illnesses as well as victims of domestic violence. More recently, Mandl and Kohane3 have described an interactive tool, HealthConnect, used to deliver follow-up care after a pediatric emergency department visit. The popularity of these approaches has grown as the Web has expanded. In a 1999 survey of patients at the MGH Epilepsy Clinic,8 59 percent of respondents had access to the Internet and 80 percent of this subgroup were interested in using it to communicate with their health care provider.
The MGH Epilepsy Service developed a Web-based system (PatientWeb) for communication with its patients in 1998. The project was given further impetus by the high level of patient interest indicated by the survey cited above.8 The MGH patients are given opportunities to communicate privately with their epilepsy specialist, to participate in moderated discussions with other MGH patients, and to browse a library of useful articles about epilepsy and related subjects. The guidelines for use of these services were derived from the AMIA recommendations2 but adjusted and extended to address potential problems and questions the users have raised about PatientWeb. The lessons we learned from this process and examples from the “Guidelines for Use of PatientWeb” are presented here.
Advice on Developing Site-specific Guidelines
Write patient guidelines clearly, make them highly visible, and ensure that all parties read and understand them before they use the resource. The user guidelines should be clear, straightforward, and prominently displayed. When a patient is given access to PatientWeb, prior to software orientation, the trainer (provider or technical support person) reviews with the patient each point in the guidelines. In addition, at each logon the user is presented with a screen containing the guidelines and must click a button marked “OK, I've read and understand these guidelines” to proceed to the messaging areas.
Present a statement about the intent and limitations of the resource, and provide contact information should the user have questions. Patients must understand that the communication system plays a supportive role in their health care, and while messaging may prevent unnecessary office visits for minor requests, it cannot replace necessary clinical encounters. The MGH Epilepsy guidelines open with the following general statement:
Guidelines for the Use of PatientWeb.net Electronic Communication System at Massachusetts General Hospital Epilepsy Service
The Massachusetts General Hospital Epilepsy Service offers the PatientWeb.net system as a service to its patients. You can use the system to communicate with your health care provider on non-urgent matters, access selected articles on various aspects of epilepsy, and have bulletin board discussions and chats with other patients about topics related to epilepsy. The objective is to allow you to take a more active and informed role in your health care, have your questions answered and stored in a way that allows to you reread more complicated instructions, and interact with others in a supportive environment. PatientWeb does not replace more traditional health care, and there may be times when a telephone call to your doctor's office or a visit to the emergency room is more appropriate than electronic communication.
This document aims to clarify your rights and responsibilities, including when it is appropriate to use PatientWeb and when it may be better to place a phone call or seek emergency care. It will also address some privacy concerns you may have about using the Internet to communicate. If you have any questions about this, please contact Dr. Hoch (dhoch@partners.org, tel. 617-726-3311) or Deirdre Norris, RN, at 617-726-3311 or use the feedback section of PatientWeb.
Address concerns about privacy; identify possible security breaches and the steps users must take to protect their information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), mandates protection of health-related information. The clarification of the HIPAA rules published in the Federal Register, entitled “Standards for Privacy of Individually Identifiable Health Information” (December 2000, 45 CFR, parts 160–164), have been reviewed. PatientWeb and sites like it are covered by these rules, and the data are considered protected health information (PHI). For example, the information contained at PatientWeb is transferred to the electronic medical record and may be used in some instances as documentation to support a level of service. In this respect, it is clearly subject to the regulations. As a matter of record, however, no PatientWeb information is released directly to any entity other than the patient's care providers. Research projects performed with data collected in PatientWeb have been approved by the Partners HealthCare Institutional Review Board (IRB), and in most cases the PHI is de-identified before analysis. In cases in which the information can not be de-identified, this issue is presented when informed consent is obtained.
Some specific privacy issues are addressed in these guidelines. E-mail may be stored on hard drives and mail routing servers, and there is a small but inherent danger of interception of unencrypted messages by a third party during transmission. Although encryption for e-mail is widely available, it is underutilized. Use of the bulletin board messaging system through a Web browser obviates the potential confidentiality problems of e-mail, unless the patient shares his or her username and password.
Shared Internet terminals, while convenient, raise a number of privacy issues for patients. Patients need to be aware that they should “log off” a Web site before physically leaving a shared terminal, and they should never save any Web pages or documents to the computer's hard drive where other people may find them. From the Web server perspective, shared Internet terminals can be made safer by implementing a “time out” feature, so that users are automatically logged out after a set period of idleness on the account.
Important, and unknown by many novice users, Web browsers save temporary copies, or “caches,” of visited pages on a computer's hard drive. Because another user can access these cached pages directly, bypassing any password protection that may be in place, this represents a downgrading of message security. For this reason, it is vital that Secure Socket Layer (SSL) encryption be used in all Web-based patient–provider communication systems. Secure Socket Layer encrypts all data on the page as they are transmitted across the Internet, prevents interception of data streams, encrypts the username and password, and prevents the caching of Web pages.
To protect their anonymity from other patients, users of PatientWeb are assigned a login ID that does not include their name. Medical record numbers, Social Security numbers, and other identifiable information are not stored anywhere on the system, so the patient cannot be identified unless he or she chooses to provide such information.
The privacy and security issues are discussed in PatientWeb in the following guideline:
Privacy issues. The health-related information kept at this site that can be directly linked to you is protected information under federal law. (Read more about the Healthcare Insurance Portability and Accountability Act at http://aspe.hhs.gov/admnsimp/index.htm). PatientWeb is run on a server that provides access to specific Web pages on the basis of a username and password. Only people who are registered members of PatientWeb can log on to the system. This bulletin board method of communication is more secure than e-mail, since messages can be safely stored in a single, central location on the Internet, as opposed to e-mail messages, which may reside on different mail servers and even sit on a person's hard drive in a public place. Your username and password also allow you to see certain areas of PatientWeb and not others, depending on who you are (see Private Folders, below). This works in the same way as a physical key: You can unlock your own house's front door but not your neighbor's house!
Security. PatientWeb utilizes a secure connection which encrypts (or scrambles) all data transmitted over the Internet so others cannot intercept and read it, and prevents the browser from storing the data on a temporary Web page on the hard drive (caching). If you share a computer terminal, you will need to take extra care to prevent others from seeing your health information. Never save any page on PatientWeb to the computer's hard drive, as others may be able to read it. When you have finished your PatientWeb session, always click the “Log out of System” link. This prevents someone else from re-entering PatientWeb under your login name. You are automatically logged off if there is no activity on the PatientWeb server after 15 minutes. Keep your password in a safe place, and never give your username and password to anybody. We are happy to register new users and can provide limited guest access (no private folders can be seen) if there is a caregiver or family member whom you would like to have access to the resources. We can also recommend other sources of self-help to friends and family.
Define and clarify which areas of the resource are for posting private messages to providers containing health information and which areas are public. Disclose who has access to these files. Avoid embedding e-mail links to providers in the system, as this represents a downgrading of message security. In PatientWeb, areas that are for private and confidential discussion are clearly marked and have a color-coded background that differentiates them from the public areas. The PatientWeb guideline reads as follows:
Private folders. Your private folders have a GREEN background. The only people who can read and post messages in your private folder are you and your health care provider team (your physician, covering physicians in the group, and nurse). This works in the following way. On the index page, you will see a folder entitled “Your Private Folder.” When you click on this link, you only see one folder—yours. Your doctor and nurse will see all the folders from all the other patients and for administration purposes only, the Network Administrator also has access to all files. In effect, your health care team has the “master key” and can unlock everyone else's files; you have the key to open only your file.
Other areas. The other areas of PatientWeb, the discussion groups, feedback, library, and chat room are all open to everyone who is a registered user of PatientWeb. These areas have a YELLOW background, indicating that it is a public space and you need to be more cautious about what you say. You may use these areas anonymously or with your real name to discuss aspects of epilepsy with other patients. Do not post private information in areas that have a yellow background. Other patients using the system will be able to see it. If you do inadvertently post something in the wrong place, either delete it, or if you cannot, let your provider know and they will remove it for you.
Protect patients' anonymity. Our research in an unmoderated, online support community9 shows that patients highly value contact and support from other people in similar situations. PatientWeb incorporates a moderated bulletin board discussion forum for patient–patient discussion. If such features are incorporated, the designer should take steps to allow anonymity of the users. PatientWeb is open only to patients enrolled in the MGH Epilepsy Service and thus, being geographically restricted, it is possible that one patient may recognize another patient's name if it is displayed. PatientWeb does allow users to add their e-mail addresses and photographs to their profiles if they want to have a more personal interaction with other patients on the system. This is optional, however, and the default for all users is total anonymity.
Anonymity. You do not have to be identified by your full name when using the public posting areas of the system, the bulletin boards, chat room, and feedback sections. When you post a message on PatientWeb, only your initials will appear as they are on your login name. You may choose to change this at any time by e-mailing Information Systems Director John Lester <john_lester@hms.harvard.edu>. You may add a photograph and e-mail address to your profile if you wish by changing your “preferences” in the system. However, remember that if you do add this information, other members of PatientWeb will be able to identify you if you post in a public (yellow background) area.
Define the patient's rights and responsibilities and provide examples of queries that should be posted and those situations that require more immediate medical attention. A critical concern for those who do not use electronic methods of communication with patients is that some people will use it for urgent matters, and the provider will not see the message in a timely manner. It is recommended that turnaround time and alternatives to leaving messages on the system be clearly defined. Furthermore, it would be helpful if there were a method to indicate to patients that their messages have been received. Suggest ways to show that patients have read any posted medical information.
The patient's responsibilities are detailed in the section of the guidelines entitled “Communication with Your Health Care Provider”:
Your responsibilities:
-
Only non-urgent messages should be posted. Providers will attempt to respond within two working days; however, bear in mind that mes- sages posted on a Friday may not be read until Monday or Tuesday of the following week.
Examples of the kinds of messages that are appropriate for PatientWeb are:
- Requests for refills of prescriptions
- Discussion regarding medical treatment options, such as medication choices or surgery
- Discussion about medication side effects and in- structions on how to take your medications or im- plement changes to your medications, such as add- ing a new anti-epileptic drug to your regimen
- General questions relating to epilepsy
If your question is of an urgent nature, please call us at 617 726-3311. If an emergent issue arises, such as a serious new symptom—for example, a rash, a new side effect, or a prolonged seizure—a phone call to the office or visit to the emergency room is more appropriate.
When posting messages please be as brief and descriptive as possible. Remember to list the medi- cations you take, with doses.
When a health care provider posts a response to your message, please acknowledge that you have read it by posting a brief reply—for example, “Thanks for the information, I've read it.” It is important that we know your have read our com- munications. Of course, if you have further ques- tions, you may wish to continue the discussion.
If you have concerns about the accuracy of infor- mation that is posted to a public discussion, please inform us as soon as possible.
Define the provider's responsibilities. Maintaining an online extension of care requires provider motivation. While many providers are rightly concerned about extra demands on their limited time, anecdotal experience shows a reduction in telephone calls from patients who use electronic methods of sending messages. This section of the guidelines defining the provider's responsibilities emphasizes the collaborative nature of the clinical encounter. Although vacation and sickness coverage for electronic services will be determined by the individual practice, a flexible Web-based system can be configured to display coverage messages to individual users or all users. Thus, when a user logs on and discovers that Dr. A is on vacation, the user may be given the option of conversing with Dr. B, leaving a non-urgent message for Dr. A, or telephoning the practice. When no coverage is available, the system administrator has the option of temporarily disabling the service, ensuring that no messages are left unattended.
The provider's responsibilities are also detailed in the guidelines under “Communication with Your Health Care Provider”:
Our responsibilities:
We will attempt to respond to messages within two working days. If there is a reason that may affect our response time (for example, vacation), we will notify you.
We will keep the library as current as possible.
All discussion groups will be moderated, and in- accurate information will be corrected.
We will protect and keep confidential your medi- cal information on PatientWeb just as we do your paper and electronic medical records at the MGH.
We will always supply backup coverage for our clinical services when one of us is not available.
Inform the patient that the dialogue forms part of their medical record.10 A useful feature of PatientWeb and Web-based messaging systems in general is that posts are displayed on a single page, allowing a series of questions and answers to become a written dialog that can be easily referred to by both parties. This dialog can be copied and pasted into the electronic medical record, as we do, or printed for the paper chart as required. This section also introduces the possibility that we may contact the users about research projects, and appropriate informed consent will be sought.
General
Medical record. The PatientWeb dialog you have with your doctor or nurse forms part of your medical record. A permanent archive of the interactions will be created. Some may be printed for inclusion in the paper chart, or they may be transferred to the electronic medical record within Partners HealthCare.
Research. The use of computers in this way is a novel and relatively new idea. From time to time, we may wish to study the use of PatientWeb to see what effects it is having. If we do plan a study, your consent will be sought after you have been informed in detail about the study. You will have the opportunity to take part or decline, as you wish. Your decision in this matter will have no impact on your care, and you may continue to use PatientWeb even if you do not take part in a study.
Conclusion
The Internet can be used in many ways to augment communication between patient and provider. Technologic changes are occurring rapidly. To use these new tools effectively, we agree with Kane and Sands2 that broadly stated guidelines for use are needed. However, the developer must determine the exact wording, according to their specific system.
The guidelines presented in this technical brief are one example of how the AMIA recommendations2 can be modified to suit a particular application. Features of PatientWeb, such as the forum for anonymous patient-to-patient contact, differ a great deal from simple patient-to-provider e-mail. Each tool presents new challenges, not only to developers but also to those who must ensure that a standard for accuracy, privacy, and accountability is met.
References
- 1.Neinstein L. Utilization of electronic communication (e-mail) with patients at university and college health centers. J Adolesc Health. 2000;27(1):6–11. [DOI] [PubMed] [Google Scholar]
- 2.Kane B, Sands DZ. Guidelines for the clinical use of electronic mail with patients. The AMIA Internet Working Group, Task Force on Guidelines for the Use of Clinic–Patient Electronic Mail. J Am Med Inform Assoc. 1998;5(1):104–11. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 3.Mandl KD, Kohane IS. HealthConnect: clinical grade patient– physician communication. Proc AMIA Symp. 1999;849–53. [PMC free article] [PubMed]
- 4.Brennan PF, Ripich S. Use of a home-care computer network by persons with AIDS. Int J Technol Assess Health Care. 1994; 10(2):258–72. [DOI] [PubMed] [Google Scholar]
- 5.Brennan PF, Moore SM, Smyth KA. The effects of a special computer network on caregivers of persons with Alzheimer's disease. Nurs Res. 1995;44(3):166–72. [PubMed] [Google Scholar]
- 6.Gustafson DH, Bosworth K, Hawkins RP, Boberg EW, Bricker E. CHESS: a computer-based system for providing information, referrals, decision support and social support to people facing medical and other health-related crises. Proc Annu Symp Comput Appl Med Care. 1992:161–5. [PMC free article] [PubMed]
- 7.Gustafson DH, Hawkins RP, Boberg EW, Bricker E, Pingree S, Chan CL. The use and impact of a computer-based support system for people living with AIDS and HIV infection. Proc Annu Symp Comput Appl Med Care. 1994:604–8. [PMC free article] [PubMed]
- 8.Folek J, Norris D, Prady S, Lester JE, Hoch DB. Internet use of an epilepsy clinic population. Epilepsia. 1999;40(7):74.9924905 [Google Scholar]
- 9.Hoch DB, Norris D, Lester JE, Marcus AD. Information exchange in an epilepsy forum on the World Wide Web. Seizure. 1999;8(1):30–4. [DOI] [PubMed] [Google Scholar]
- 10.Spielberg AR. On call and online: sociohistorical, legal, and ethical implications of e-mail for the patient–physician relationship. JAMA. 1998;280(15):1353–9. [DOI] [PubMed] [Google Scholar]