For the past couple of years, I have wanted to write about the role of email in medical practice and doctor-patient relationships. I've finally done so, and posted the result on the Sacramento Medical Oasis blog.
Here's a copy:
I get asked all the time about using email for medical information. After all, itís how we do most everything else these days, and it seems so cumbersome to have to play telephone tag just to communicate with our doctors.
There is a fear of email in the medical community. It is rooted part in tradition and inertia, and it is fueled by an industry that has sprung up around paranoia about medical information. It diminishes patient care, though, as it leaves docs missing telephone calls and relying on outdated, unreliable, and inefficient modes of communications (voice mail, faxes, have-your-people-call-my-people third party information exchanges...). Is email really the scourge the IT industry would have us believe? Yes, itís insecure... but it beats the alternatives.
In the Good Old Days, one benevolent Telephone Company controlled all communications throughout the land. The Telephone Company was large and wise, and told us, each and every one, what communication services we really wanted and what outrageous long-distance rates we would pay. They were a Regulated Monopoly, and in a tryst betwixt The Telephone Company and the Federal Communications Commission, they choose to keep the power to monitor communications to themselves. Not that they could do much about it: in those days they lacked the technology to intercept or archive more than a tiny, carefully-chosen fraction of communications at any given time. Telephone calls and faxes, being the property of The Telephone Company, were thought to be secure. The evil upstart Internet, by contrast, was a Bad Place where email communication, bypassing The Telephone Company, was known to be porous and insecure.
Ahhh, but those halcyon days of yore when The Telephone Company blessed us with their divine presence are behind us. Today, The Internet rules the world. Dark times, indeed! The Telephone Company is now hundreds of tiny telephone companies, each with its own rules and practices covering privacy. Thanks to the USA Patriot Act, they are required to have the technology to record, transcribe, and archive faxes and conversations. Oh, and the abysmally low rates they charge for long distance! It is sad. It is a shame. Encryption for mobile phone systems was cracked long ago. All faxes are decoded, analyzed, and archived -- with no oversight as to how they are stored, disseminated, and disposed of. All phone conversations are recorded and archived, and a substantial fraction (no one knows how many) are transcribed and analyzed. All traffic routes are scrutinized. Many telephone calls are, these days, carried over the same internet as those abysmally insecure emails.
So... security of faxes is zero. Security of telephone calls is zero. Security of email is... zero. Which means that email = phone = fax.
If what you're worried about is someone sniffing your data while youíre using the local library's Wi-Fi link, and you somehow trust the library or its patrons less than you trust AT&T or Comcast or Verizon or the like, then just use a web-based email system like Gmail, which is completely encrypted against such local eavesdropping. Or require TLS encryption on IMAP and SMTP connections (your ISP need only flip a switch to enable same, and though some of your clients might have to be reconfigured, most clients already require TLS).
Creating an SSL encrypted web site isn't hard, but it's a total pain in the rear for end users. And why in the world do you trust the web site host any more than you trust Google? Zero is zero is zero.
All that said, you will find the mass of opinion in both medical and IT circles supporting the notion that the zero security of faxes and phone calls is somehow greater than the zero security of email. Of course, medicine is rooted in the 1800's, and IT stands to gain a lot by selling cumbersome SSL-encrypted web sites of dubious security as a panacea for privacy concerns.
Naturally, if you donít want us to send any of your medical information by email, we wonít. If youíd like the convenience of communicating with us by email, and you value the benefits of rapid, convenient communication among your medical providers, we suggest you consider email a blessing rather than a curse