Managing Your Practice

Do you answer patient emails?


Recently I received a lengthy email from a woman who claimed to have once been a patient, though her name did not come up in my EHR system. She asked numerous questions about a self-diagnosed skin disorder.

I was undecided on how to reply – or even whether to reply at all – so I queried several dozen dermatology colleagues around the country, as well as a few physician friends and acquaintances in other specialties.

Responses varied all over the map – from “I never answer patient emails” to “What harm could it do, she’s better off getting correct answers from you than incorrect answers from some ‘advocacy’ web site” – and everything in between. I decided to look at what has been published on the subject.

It turns out that as early as 1998, a group of investigators asked this same question and designed a study to address it (JAMA. 1998 Oct 21;280[15]:1333-5). Posing as a fictitious patient, they sent emails to random dermatologists describing an acute dermatological problem, tallied the responses they received, and followed up with a questionnaire to responders and nonresponders alike.

As with my informal survey, the authors found what they termed “a striking lack of consensus” on how to deal with this situation: 50% responded to the fictitious patient’s email; of those, 31% refused to give advice without seeing the patient, but 59% offered a diagnosis, and a third of that group went on to provide specific advice about therapy. In response to the questionnaire, 28% said that they tended not to answer any patient emails, 24% said they usually replied with a standard message, and 24% said they answered each request individually. The authors concluded that “standards for physician response to unsolicited patient e-mail are needed.”

Indeed. But my own unscientific survey suggests that, almost 20 years later, there is still nothing resembling a consensus on this issue. In the interim, several groups, including the American Medical Informatics Association, Medem, and the American Medical Association have proposed guidelines; but none have been generally accepted. Until such time as that happens, it seems prudent for each individual practice to adopt its own. For ideas, take a look at the proposals from the groups I mentioned, plus any others you can find. When you’re done, consider running your list past your lawyer to make sure you haven’t forgotten anything, and that there are no unique requirements in your state.

Your guidelines may be very simple (if you decide never to answer any queries) or very complex, depending on your situation and personal philosophy; but all guidelines should cover such issues as authentication of correspondents, informed consent, licensing jurisdiction (if you receive e-mails from states in which you are not licensed), and of course, confidentiality.

Contrary to popular belief, the Health Insurance Portability and Accountability Act (HIPAA) does not prohibit email communication with patients, nor does it require that it be encrypted. The HIPAA website specifically says, “Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual.”

Still, if you are not comfortable with unencrypted communication, encryption software can be added to your practice’s email system. Enli, Sigaba, Tumbleweed, Zix, and many other vendors sell encryption packages. (As always, I have no financial interest in any product or enterprise mentioned in this column.)

Another option is web-based messaging: Patients enter your website and send a message using an electronic template that you design. A designated staffer will be notified by regular email when messages are received, and can post a reply on a page that can only be accessed by the patient. Besides enhancing privacy and security, you can state your guidelines in plain English to preclude any misunderstanding of what you will and will not address online.

Web-based messaging services can be freestanding or incorporated into existing secure web sites. Medfusion and RelayHealth are among the leading vendors of secure messaging services.

Dr. Joseph S. Eastern, a dermatologist in Belleville, N.J.

Dr. Joseph S. Eastern

As for the email query that triggered all this: I responded, but I told the woman I could not answer questions about a condition that had never been professionally evaluated, and encouraged her to phone the office for an appointment.

And now, I’m writing my guidelines.

Dr. Eastern practices dermatology and dermatologic surgery in Belleville, N.J. He is the author of numerous articles and textbook chapters, and is a longtime monthly columnist for Dermatology News. Write to him at

Next Article: