Reasonable and Necessary Steps: Patient Confidentiality and the Internet
It has been our pleasure to have represented many of you over the years. Often our conversations would occur by phone or email. With the advent of social media, we now have a forum to share important insights and information with you all in a proactive manner. This will allow us to update you on new developments in your practice areas and to advise you all of recent developments and trends in your industry. As importantly, it will create a hoped for ongoing and contemporaneous dialogue between you and us with the result that you will be better informed, and we will have a better sense of your needs and the challenges with which you deal on a daily basis.
Cyber Security and Communications with Patients
With this in mind, we thought that we would start with the current state of the laws and regulations regarding cyber security. Generally, as you know, all communications between, psychiatrists, psychologists, nurses, dentists, and social workers and clients or patients are confidential. There are limitations to that confidentiality that include, among others: exceptions provided by law and or regulation, written consent of your client/patient, where disclosure is necessary for the safety of clients or others, fee disputes, and certain legal proceedings.
Protecting Patient Emails
As I am sure you are aware, email communication has also become the norm. While it is now common for both practitioner and client/patient to communicate via email, the communication must be protected to ensure that no confidential information, including any personally identifiable information and/or protected health information, is accessible for anyone other than the client. To that end, it is imperative that you take reasonable and necessary steps to ensure this confidentiality. One method is to ensure that your email correspondence is via a secure network. A secure network is one that automatically encrypts the information being transmitted.
Patient Confidentiality on Social Media and Smart Phones
Health care professionals’ obligation to ensure confidentiality applies not only to emails but also to smart phones, Facebook, Twitter, Instagram , Snapchat and the like. Again the standard is reasonable and necessary steps. Given the quickly changing electronic environment and the obligation that you have to protect the confidentiality of your clients and patients, it would be prudent to consult with an IT professional who is knowledgeable in the area of cyber security at your earliest possible opportunity. Massachusett licensing boards expect this from you. Your failure to ensure your patient’s confidentiality could have legal consequences for you and could result in a licensing board sanction of you.
Tips for Avoiding or Responding to Licensing Board Investigations – a Blog Series
Tips for Avoiding or Responding to Licensing Board Investigations is a series of blog posts written by attorneys Milton Kerstein and Andra Hutchins. In this series we provide practical advice for health care professionals including psychiatrists, psychologists, nurses, dentists, and social workers. Attorneys Kerstein and Hutchins have more than 35 years of experience representing health care professionals with licensing board investigations, disciplinary actions and responding to complaints from Massachusetts’ licensing boards. We represent individual practitioners, corporate providers and group practices.