By Heather Morlang, J.D., LL.M. Candidate*
In the 1700’s, you might have visited your patients at their homes carrying your trademark black leather bag. By 1844, you might have corresponded from your office by telegraph. Thirty-two years later, in 1876, you might have used the telephone from a non-profit hospital. Today, you are thinking about using electronic mail from a medical center. While busy professionals recognize that e-mail is a timesaving convenient medium, there are certain risks in using e-mail for patient dialogue that physicians should consider before embarking on the information superhighway. This article provides a brief overview to the law, policy, and practice of e-patient care.
Medem, Inc., a medical society network, created a working group named e-Risk to identify issues within patient-physician interaction over the Internet. The e-Risk group cited the following concerns: security; authentication; confidentiality; unauthorized access; informed consent; doctor-patient relationships; medical records; licensing jurisdiction; authoritative information; and commercial information.
Is an e-mail exchange enough to form a treatment relationship? From a legal perspective, the notorious answer of "it depends" applies. Currently, there is little in Texas legislation and cases on-point. However, if we create an analogy between telephone conversations and e-mail messaging, then there may be legal precedent to argue that a legal relationship is possible. As the Texas Supreme Court stated, "[c]reation of the physician-patient relationship does not require the formalities of a contract. The fact that a physician does not deal directly with a patient does not necessarily preclude the existence of a physician-patient relationship."  Therefore, a physician using e-mail may be expected to apply informed consent principles and may be exposed to malpractice liability for his or her conduct while on-line; such liability might include technology failure or privacy breaches. 
From a medical ethics perspective, the American Medical Association (AMA) states that "[n]ew communication technologies must never replace the crucial interpersonal contacts that are the very basis of the patient-physician relationship. Rather, electronic mail … should be used to enhance such contacts." 
A related concern is what to do with unsolicited e-mails from strangers who seek to be your new patients. The Journal of the American Medical Association (JAMA) conducted a study that revealed "a striking lack of consensus among … providers on the theoretical and practical handling of unsolicited patient e-mail messages and their judgment of this topic."  One-third of subjects refused to answer the e-mail while two-thirds of subjects attempted to help the stranger, five of whom gave detailed treatment advice.
Finally, just as relationships can begin, they can also end. Physicians who use e-mail may later desire to stop the practice. Therefore, doctors may need to plan in advance how they could revert e-relationships to telephone or in-person relationships should the medium become unmanageable.
Should an e-mail message be considered a medical record component? Texas law states that a medical record includes "all information regarding the history, diagnosis, treatment, or prognosis of a patient."  According to the Texas State Board of Medical Examiners (TSBME), it includes "any records documenting or memorializing the history, diagnosis, and treatment of any patient." 
Physicians should review the above definitions and assess whether they treat e-mail messages as they do any other medical record information. For example, are you keeping a printed copy of all e-mail messages in the respective patient’s medical record? Some commentators argue that failure to do so may present liability. Additionally, doctors should assess to what extent they archive e-mails in their data systems.
Commentators are quick to note that with e-mail, "patients’ own words will appear … the very interactions themselves will be recorded verbatim, serving as a transcript of the encounter … [but] no longer prescreened for ‘medically relevant material.’" Therefore, doctors must appreciate that patients’ e-mail messages might include information unrelated to a medical condition and subject to legal discovery in any kind of litigation, including child abuse, divorce, disability, or will contest.  This issue, coupled with the fact that e-mail messages can never be deleted ultimately from a hard drive, merits pause to consider the full range of possibilities.
As discussed above, if a physician considers an e-mail message as a medical record component, then the same legal and ethical principles regarding confidentiality may apply. To highlight this issue’s complexity, consider the following questions: Are the networks secure? Are you encrypting your messages? Do you have password-protected computers and screen savers? Who can access your computer other than yourself? Have you ever sent a mass-mail from your address book to all your patients thereby providing each with a discrete list of all your other patients? Do you know that the person sending you a message is indeed who she purports to be? When you reply to an e-mail do you know who in that household has access to your response? Have you ever forwarded an e-mail to a third party without obtaining prior consent from the patient to divulge the information contained therein? The answers to these questions are critical as one looks at the legal privacy continuum across past, present, and future.
In 1966, the Freedom of Information Act (FOIA) precluded disclosure of medical files. In 1974, the Federal Privacy Act protected personal information gathered and maintained by the government. The Supreme Court decided Whalen v. Roe in 1977,wherein the Court recognized a "threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks."  By 1986, the Electronic Communications Privacy Act made it unlawful for the government to intercept e-mail whether stored or in transit (but, after 09-11-2001, this law may be in flux). Texas, in 1999, codified section 159.002(a)-(b) in the Texas Occupations Code, which provides, "a communication between a physician and a patient, relative to … any professional service as a physician … is confidential and privileged and may not be disclosed… [and] a record of the identity, diagnosis, evaluation, or treatment of a patient by a physician that is created or maintained by a physician is confidential and privileged and may not be disclosed."
Texas Senate Bill 11 became fully effective in January 2002, however, the compliance date is 09-01-2003. The bill addresses "protected health information" (PHI) that includes "the past, present, or future physical or mental health or condition of an individual."  Senate Bill 11 requires Texas healthcare providers to follow the mandates of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), and extends the scope of HIPAA to other Texas actors not included in the federal legislation. 
Looking ahead to 04-14-2003, providers must comply with the federal privacy mandates of HIPAA, which may also prescribe technical requirements for storing PHI in computers. 
Although these laws may have a chilling-effect on e-mail use, devolved agency regulations often do encourage physicians to use the Internet. For example, physicians can receive information from LVNs by e-mail for purposes of pronouncing death so long as statutory requirements are satisfied.  Additionally, doctors may file various Workers Compensation Program evaluations by e-mail. 
SPECIAL PURPOSE LICENSE AND COMPENSATION
Increasingly, the states are crafting policy statements regarding physicians’ Internet use. For example, the TSBME established a policy for Internet prescribing. The Board states that "[i]t is unprofessional conduct for a physician to initially prescribe any dangerous drugs or controlled substances without first establishing a proper physician-patient relationship."  The physician must (1) verify the person requesting the medication is in fact who they claim to be; (2) establish a diagnosis through the use of accepted medical practices; (3) discuss the diagnosis, evidence, risks, and benefits of treatment options; and (4) insure appropriate follow-up care. According to the Board, "[a]n online or telephonic evaluation by questionnaire is inadequate."
The Board also issued telemedicine rules, which can be found in Chapter 174. According to provision 174.4, unless an exemption applies, Texas physicians need a special purpose license to practice medicine across the Texas state line if using electronic communications. Therefore, before you use e-mail to diagnose, treat, or offer to treat a person who is not in Texas you need to assess whether you require an additional license. The Board does, however, recognize six unique exemptions for e-communication for specific, interstate consultations.
A 15 minute e-mail consultation with a patient is worth about $57.00, according to a recent survey of 1,200 providers by Deloitte Research and Fulcrum Analytics. However, commentators explain that "[u]nless insurers require e-mail consultation under specific circumstances or, conversely, seek to dissuade patients from contacting physicians by any means, e-mail exchanges within the physician-patient relationship will remain uncompensated." For example, in 1992 Congress created demonstration projects in rural areas for Medicare Part B reimbursement for telemedicine. However, the Healthcare Finance Administration (HCFA), now Center for Medicare and Medicaid Services (CMS), was quick to add that asynchronous telecommunications systems in single media format does not include e-mail. Thus, according to definition, e-mail may not be "interactive" for project billing purposes.
LIMITING YOUR LIABILITY
Numerous organizations have developed guidelines to help physicians create a safer way to incorporate e-mail in their practice. Most encourage (1) a written protocol for e-mail; (2) informed consent whereby doctors and patients discuss the protocol and written agreements are signed; (3) encryption unless the patient signs a waiver; (4) an indemnity agreement whereby a patient will hold a doctor harmless for technology failures that produce an incomplete or erroneous message; (5) disclaimers if doctors include embedded hyper-links to World Wide Web sites. Comprehensive guidelines that provide a detailed, step-by-step method to create and maintain an e-mail component in a practice include:
* Copyright © Heather Morlang (2002). Portions of this article will appear in Baylor College of Medicine Risk Watch, volume 4 number 2 (forthcoming 2002). They are reproduced here with permission.
 Medem, Inc., e-Risk, Guidelines for Online Communications and Consultation, available athttp://www.medem.com/corporate/corporate_erisk_guidelines.cfm (last visited 2/22/02).
 St. John v. Pope, 901 S.W. 2d 420, 424 (Tex. 1995).
 Medem, Inc., e-Risk, E-Risk for Providers: Understanding and Mitigating Provider Risk Associated with On-Line Patient Interaction, available at http://www.medem.com/level2/downloads/ eRisk_for_Providers_Mar_01.pdf (last visited 2/22/02).
 American Medical Association, H-478.997 Guidelines for Patient-Physician Electronic Mail, available at http://www.ama-assn.org/ama/pub/category/6460.html (last visited 2/12/02).
 Gunther Eysenbach et al., Responses to Unsolicited Patient E-mail requests for Medical Advice on the World Wide Web., 280(15) JAMA 1333, 1334 (1998).
 Tex. Occ. Code § 151 (9) (Vernon 2000).
 Texas State
Board of Medical Examines, Rule 165.1, available at
http://www.tsbme.state.tx.us/ rules/rules165.htm (last visited 2/22/02).
 Alissa R. Spielberg, Symposium, OnLine Without a Net: Physician-Patient Communication By Electronic Mail, 25 Am. J. L. & Med. 267, 275 (1999).
 Beverly Kane & Daniel Sands, Guidelines for the Clinical Use of Electronic Mail with Patients, 5(1) JAMIA 104 (1998).
 Spielberg, supra note 9, at 274-75.
 See, e.g., In re R.D.B., 20 S.W.3d 255 (Tex. App.—Texarkana, no pet. 2000) (involving a case in which a juvenile’s defense attorney was found liable for failing to investigate whether the boy’s frontal lobe brain injury produced his anti-social behavior; the evidence in the case included an e-mail message regarding the boy’s condition from an unnamed physician to the head nurse where the boy was being detained).
 5 U.S.C. § 552(b)(6) (Supp. IV 1998).
 5 U.S.C. § 552a (Supp. IV 1998).
 429 U.S. 589, 605 (1977).
 Pub. L. No. 99-508, 100 Stat. 1848.
 Tex. S.B. 11 (77th Legis. 2001).
 Pub. L. No. 104-191, 110 Stat. 2033.
 22 Tex. Admin. Code § 193.9(a)-(c) (Vernon 2002).
 28 Tex. Admin. Code § 129.50(h) (Vernon 2002); 28 Tex. Admin. Code § 130.3(d)-(e) (Vernon 2002); 26 Tex. Reg. 10924 (2002); 28 Tex. Admin. Code § 130.1(B) (Vernon 2002); 26 Tex. Reg. 10924 (2002); 28 Tex. Admin. Code § 126.6(f) (Vernon 2002); 28 Tex. Admin. Code § 126.7(c) (Vernon 2002).
 Texas State Board of Medical Examiners, Internet Prescribing Policy, available at http://www.tsbme.state.tx.us/guidelines/ipp.htm (last visited 2/22/02).
 Texas State
Board of Medical Examiners, Rule 174, available at
http://www.tsbme.state.tx.us/ rules/rules/174.htm (last visited 2/22/02).
 Deloitte Research, Taking the Pulse: Physicians and Emerging Information Technologies, available at http://www.dc.com/obx/pages.php?Name=dr_physicians_emerging; see also Fulcrum Analytics, Taking Technology’s Temperature: Physicians Still Cool Toward E-Mail, available at http://www.cyberdialogue.com/news/releases/2002/01-29-ful-takingthepulse.html
 Speilberg, supra note 9, at 290-91.
 7 U.S.C. § 950aaa-5 (Supp. IV 1998); 42 C.F.R. § 410.78 (2001); 66 Fed. Reg. 55246-01 at 55281 (2001).