Home Forums Discussions General Discussion Updox Portal User Consent

Does anyone have a consent form that they would be willing to share regarding electronic communications (ie Portal use, email etc)?

Thanks

May not be much help.. but we don't use a special form. We just have a section in the new patient forms where it says "Do you want to receive email communication?" and a yes/no box to check.

If you are going to send private health information over email, I would do much more than check a box.

Yea, you're right Chris. Just made this form on Updox. We'll be using this to get authorization. Hopefully it's enough.

I emailed Tobin at Updox and they didn't have any type of consent. I did an internet search and found the following (quite lengthy).




Physician-patient Email Communication Consent form
If you wish to communicate to the office using email please read this page, fill in the part at the bottom. Once received your chart will be updated.
?
Risks of using email
The physician offers patients the opportunity to communicate by email. Transmitting patient information poses several risks of which the patient should be aware. The patient should not agree to communicate with the physician via email without understanding and accepting these risks. The risks include, but are not limited to, the following:
1. ?The privacy and security of email communication cannot be guaranteed.
2. ?Employers and online services may have a legal right to inspect and keep emails that pass through their system.
3. ?Email is easier to falsify than handwritten or signed hard copies. In addition, it is impossible to verify the true identity of the sender, or to ensure that only the recipient can read the email once it has been sent.
4. ?Emails can introduce viruses into a computer system, and potentially damage or disrupt the computer.
5. ?Email can be forwarded, intercepted, circulated, stored or even changed without the knowledge or permission of the physician or the patient. Email senders can easily misaddress an email, resulting in it being sent to many unintended and unknown recipients.
6. ?Email is indelible. Even after the sender and recipient have deleted their copies of the email, back-up copies may exist on a computer or in cyberspace.
7. ?Use of email to discuss sensitive information can increase the risk of such information being disclosed to third parties.
8. ?Email can be used as evidence in court.
9. ?The physician uses encryption software as a security mechanism for email communications. The patient:
1. ◦agrees to and will comply with the use of encryption software
2. ◦waives the encryption requirement, with the full understanding that such waiver increases the risk of violation of the patient?s privacy
10. Conditions of using email
The physician will use reasonable means to protect the security and confidentiality of email information sent and received. However, because of the risks outlined above, the physician cannot guarantee the security and confidentiality of email communication, and will not be liable for improper disclosure of confidential information that is not the direct result of intentional misconduct of the physician. Thus, patients must consent to the use of email for patient information. Consent to the use of email includes agreement with the following conditions:
1. ?Emails to or from the patient concerning diagnosis or treatment may be printed in full and made part of the patient?s medical record. Because they are part of the medical record, other individuals authorized to access the medical record, such as staff and billing personnel, will have access to those emails.
2. ?The physician may forward emails internally to the physician?s staff and to those involved, as necessary, for diagnosis, treatment, reimbursement, health care operations, and other handling. The physician will not, however, forward emails to independent third parties without the patient?s prior written consent, except as authorized or required by law.
3. ?Although the physician will endeavour to read and respond promptly to an email from the patient,?the physician cannot guarantee that any particular email will be read and responded to within any particular period of time. Thus, the patient should not use email for medical emergencies or other time-sensitive matters.
4. ?Email communication is not an appropriate substitute for clinical examinations. The patient is responsible for following up on the physician?s email and for scheduling appointments where warranted.
5. ?If the patient?s email requires or invites a response from the physician and the patient has not received a response within a reasonable time period it is the patient?s responsibility to follow up to determine whether the intended recipient received the email and when the recipient will respond.
6. ?The patient should not use email for communication regarding sensitive medical information, such as sexually transmitted disease, AIDS/HIV, mental health, developmental disability, or substance abuse. Similarly, the physician will not discuss such matters over email.
7. ?The patient is responsible for informing the physician of any types of information the patient does not want to be sent by email, in addition to those set out in the bullet above. Such information that the patient does not want communicated over email includes:
__________________________________________________________________________________________________

__________________________________________________________________________________________________

8. The patient can add to or modify this list at any time by notifying the physician in writing.
9. ?The physician is not responsible for information loss due to technical failures.
Instructions for communication by email
To communicate by email, the patient shall:
1. ?Limit or avoid using an employer?s computer.
2. ?Inform the physician of any changes in patient?s email address.
3. ?Include in the email: the category of the communication in the email?s subject line, for routing purposes (e.g., ?prescription renewal?); and the name of the patient in the body of the email.
4. ?Review the email to make sure it is clear and that all relevant information is provided before sending to the physician.
5. ?Inform the physician that the patient received the email.
6. ?Take precautions to preserve the confidentiality of emails, such as using screen savers and safeguarding computer passwords.
7. ?Withdraw consent only by email or written communication to the physician.
8. ?Should the patient require immediate assistance, or if the patient?s condition appears serious or rapidly worsens, the patient should not rely on email.?Rather, the patient should call the physician?s office for consultation or an appointment, visit the physician?s office or proceed to the closest?emergency department.
Patient acknowledgement and agreement
I acknowledge that I have read and fully understand this consent form. I understand the risks associated with the communication of email between the Physician and me, and consent to the conditions outline herein, as well as any other instructions that the Physician may impose to communicate with patients by email. I acknowledge the Physician?s right to, upon the provision of written notice, withdraw the option of communicating through email. Any questions I may have had were answered.


Patient name : ___________________________________________________________________________
?

Patient email: ____________________________________________________________________________
?

Patient signature (if family, all persons interested): ____________________________________________
?

Date: ________________________
?

Do you really think we need this consent, or that it is accurate, when the portal is secure and encrypted?

This might be useful: http://www.texaschildrens.org/uploa...ChildProxyAuthorizationForm-Jun-2013.pdf

It's for an online portal similar to Updox. http://www.texaschildrens.org/Plan/MyChart/

Chris,

The portal is secure & encrypted but the consent form does bring up some valid points. We don't use the portal yet but will be doing so shortly. We are just trying to protect ourselves as much as possible.

If a patient chooses to set up their account, are they not ultimately responsible?
If they choose to provide the email address, again, are they not agreeing to any unintended, unknown risks?

Are we going to have to sign a waiver when we apply for driver's licenses, buy cars, ride public modes of transportation?
Do we have to sign a waiver if we send a letter through snail mail, or agree to have a mailbox?
I don't recollect signing for any of the junk mail that comes our way, which, in and of itself can pose more risk than what is being discussed.

Are we really thinking of getting sued over a cup of hot coffee that is not labeled as "caution: contents are hot?"

Chazli: Is this your name?

Sometimes I hate the world today!

There are 4 ways to communicate with patients in a HIPAA compliant accepted fashion--old fashioned mail, telephone, faxing, and secure e-messaging in a password protected encrypted portal.
Emailing is not HIPAA compliant.
I explain the only time they will receive an e-mail from me is to direct them to open up a message within the portal. Anything else do not open, as it is not from me.
My nurse will educate each patient on this topic, and also this is covered on my Updox patient portal profile information.
Also, the only time I have an informed consent signed is when a family member (agreed upon by the patient and family member) agrees to receive the secure messages instead of the patient.
Also, I explain the messaging within the portal is the only secure fashion to e-message, and if they decided to e-mail outside the portal, they do at their own risk, and I will not respond to any email outside of the portal.
Up to 771 active patient portals--it makes a world of difference with communication--but I am a stickler with this one issue with my nurse--ABSOLUTELY no e-mailing patients anything.