With Privacy Awareness Week 2021 underway, we wanted to put the spotlight on privacy to ensure our clinicians and practices understand their privacy...
Email in Healthcare - Practical and Privacy Considerations
Learn about your privacy obligations when using email for health related communications and discover a better alternative in Foxo.
Despite the shortcomings, email remains an entrenched method of communication in healthcare.
A 2004 study demonstrated nearly two-thirds of health professionals utilised email for health communication1. Uses ranged from administrative tasks, project and research collaboration, organisational communication, to direct clinical communication around patient-related issues. These clinical uses ranged from informal or ‘curbside’ consults between providers through to formal electronic referral and also provider to patient communication.
So where does email fall short in healthcare?
Email in healthcare is a privacy and safety time bomb
- Email threads grow long and generate noise
- “Reply all” and group email creates unnecessary administration
- Emails are easily sent to the wrong recipient.
- Emails are often accessed on personal mobile devices which are easily lost or stolen. Password protection may be lacking on the user account.
- Unencrypted email is vulnerable to interception.
- Emails can be changed or forwarded without the knowledge or consent of the sender.
- Emails often lack context.
Email is an efficiency killer
It is estimated the average employee has nearly 200 unread emails at any one time.
Enterprise Work Management provider Workfront showed email was the second biggest hindrance to work productivity, with problems identified in email including:
- Lengthy email threads and difficulty in following conversations (55%)
- ‘Reply all’ emails and getting copied on threads that are not relevant to one’s job (54%)
Email privacy in Australia
We have previously discussed new obligations for healthcare workers and organisations which came in effect in Australia in 2018 under the Mandatory Notifiable Data Breach Scheme.
The scheme recently reported on data breaches occurring across industries, including healthcare in the last quarter of 2019. The findings continue to demonstrate the shortcomings of email as a secure communication tool:
Email remains vulnerable to malicious attacks
The compromise of email account details through phishing scams remained one of the most common causes of data breaches across the reporting period, accounting for 15 percent of all breaches.
A further 14 percent of all data breaches were attributed to compromised or stolen credentials, which often provided a malicious intruder with direct access to personal information stored within the compromised email account.
User error continues to drive a significant portion of data breaches
Unfortunately, user error continues to drive the majority of data breaches within healthcare.
Nearly 10 percent of all data breaches reported to the Australian Information and Privacy Commissioner from July to December 2019 resulted from personal information being emailed to the wrong person.
After all, driving the safest of cars still carries risk if the user doesn’t know how to drive, right?
Practical considerations when using email
Published literature clearly demonstrates email communication at the point-of-care by way of mobile devices can drive efficiency as compared to phone or paging1. However, the literature also shows the utility of email rapidly reduces when the subject matter is complex and requires more than one initial email and one reply.
Furthermore, studies have also shown a discordance in the perceived urgency of the messaging between the sender and recipient2-4. For instance, consider the purpose of the communication and whether your intended recipient is aware of the priority and urgency of your request. Is your email a casual or informal consult, corridor consult, multidisciplinary collaboration for a complex cancer patient, or is it constituting a formal e-referral?
- Do you intend to store the information contained in the email in the patient electronic record?
- Does your practice have written consent policies covering the handling of personal and sensitive information?
- Are all recipients on encrypted emails? In many institutions visiting medical officers use their personal emails or emails associated with private practices. A chain is only as strong as its weakest link.
Where Foxo fits in:
No system is perfectly secure. However, at Foxo we take security and privacy very seriously. Foxo employs 3 pillars to reduce the risk of personal and sensitive information mishandling:
- We manually validate all our users. Also, because users have the ability to easily update their practice information and location, user profiles can be easily kept up to date.
- We utilise enterprise-grade encryption.
- We have built privacy into the design of Foxo from the ground up to reduce the risk of user error and information mishandling. For instance, users are provided with in-app prompts when patient sensitive information will be shared with other users, and at all times the primary carer has the ability to revoke information access to other recipients on the Foxo network. Additionally, users have access to a log of user activity. This provides a permanent record of which users on the Foxo network have received patient information.
1.Brooks RG, Menachemi N. Physicians’ use of email with patients: Factors influencing electronic communication and adherence to best practices. J Med Internet Res. 2006;8:e2
2. O’Connor C, Friedrich JO, Scales DC, Adhikari NK. The use of wireless e-mail to improve healthcare team communication. J Am Med Inform Assoc. 2009;16:705–713
Cited Here | PubMed | CrossRef
3. Wu R, Rossos P, Quan S, et al. An evaluation of the use of smartphones to communicate between clinicians: A mixed-methods study. J Med Internet Res. 2011;13:e59
Cited Here | PubMed | CrossRef
4. Singarella T, Baxter J, Sandefur RR, Emery CC. The effects of electronic mail on communication in two health sciences institutions. J Med Syst. 1993;17:69–86