i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
journal homepage: www.intl.elsevierhealth.com/journals/ijmi
Issues and questions to consider in implementing
secure electronic patient–provider web portal
communications systems
Douglas S. Wakefield a,∗ , David Mehr b , Lynn Keplinger c , Shannon Canfield b ,
Rajitha Gopidi a , Bonnie J. Wakefield d , Richelle J. Koopman b , Jeffery L. Belden b ,
Robin Kruse b , Karl M. Kochendorfer b
a
University of Missouri, Center for Health Care Quality and Department of Health Management and Informatics, United States
University of Missouri, Department of Family and Community Medicine, United States
c University of Missouri, Department of Medicine, United States
d Center for Research in the Implementation of Innovative Strategies in Practice (CRIISP), Department of Veterans Affairs Medical Center
Iowa City, IA and the University of Missouri Sinclair School of Nursing, United States
b
a r t i c l e
i n f o
a b s t r a c t
Article history:
Purpose: Patients are increasingly interested in using Internet-based technologies to com-
Received 20 January 2010
municate with their providers, schedule clinic visits, request medication refills, and view
Received in revised form
their medical records electronically. However, healthcare organizations face significant chal-
19 April 2010
lenges in providing such highly personal and sensitive communication in an effective and
Accepted 21 April 2010
user-friendly manner.
Methods: Based on the literature and our experience in providing a secure web-based
patient–provider communication portal in primary care clinics, a framework was devel-
Keywords:
oped that identifies key issues and questions to consider in implementing secure electronic
Patient web portal
patient–provider communications systems.
Secure web communications
Results: The framework serves to categorize the many lessons learned from our implementa-
Electronic patient–provider
tion process and the specific issues and questions healthcare organizations need to consider
communications
in implementing such systems related to seven areas: strategic fit and priority; selection process & implementation team; integration into communications and workflows; HIPAA issues
& clinic policies; systems implementation & training; marketing & enrollment; on-going
performance monitoring.
Conclusion: The framework provides a useful guide for organizations looking to implement
secure electronic patient–provider communication systems.
© 2010 Elsevier Ireland Ltd. All rights reserved.
1.
Introduction
To better serve and to strengthen relationships with patients,
healthcare organizations are increasingly implementing
secure web-based patient–provider communication portals
[1–5]. Communications typically include some combination
of secure e-mail, appointment scheduling, and medication
refill requests. In addition, systems may also support patient
communication of clinical data (e.g., blood pressures and
∗
Corresponding author at: Center for Health Care Quality, CE548, One Hospital Drive, Columbia, MO 65212, United States.
Tel.: +1 573 882 6578.
E-mail address: wakefi[email protected] (D.S. Wakefield).
1386-5056/$ – see front matter © 2010 Elsevier Ireland Ltd. All rights reserved.
doi:10.1016/j.ijmedinf.2010.04.005
470
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
blood glucoses) to the provider and allow patients to electronically view portions of their medical records. Whether
simply secure communication or an expanded product, such
systems present many regulatory, logistical, and operational
challenges. Because these systems may include a wide array
of clinical care, information exchange, and service request
functions, integration into existing patient care and communication workflows requires careful planning. Further, because
potential patient users are most likely Internet-savvy consumers, who are already familiar with e-mail and on-line
purchasing and banking services, they will expect healthcare
organizations to have similarly, user-friendly, and secure systems. Therefore, carefully considering several key issues and
questions during the planning phase is essential to ensure
a smooth launch and high patient and provider acceptance
and satisfaction. This paper provides a brief review of the
current literature related to the implementation and management of secure patient–provider electronic communications,
our conceptual framework for understanding this process, and
key implementation issues and questions that flow from the
framework.
2.
Secure messaging in healthcare
organizations
In the outpatient setting, efforts to reduce costs and increase
clinical productivity have resulted in an increased pace of
healthcare delivery and a decrease in the time available
for face-to-face provider–patient communications. Ironically
these time constraints have occurred as providers are attempting to care for increasingly clinically complex patients. Both
patients and providers have been frustrated by the quality and
effectiveness of these brief encounters; patients may forget to
tell the provider important information, fail to ask essential
questions, or fail to understand or remember what their physician told them [6–8]. Providing patients the ability to securely
communicate electronically with their providers between
visits can potentially improve communication, reduce frustration, and enhance patient–doctor relationships and patient
satisfaction [2,9–19]. Evidence suggests a growing patient
interest in, and in some cases limited willingness to pay for,
on-line access to their providers [7,11,20–26]. In the future
electronic access may also play a role in patients’ choice of
providers.
Web messaging, a secure form of e-mail communication
over a web portal, allows patients and providers separated
by both space and time to share information asynchronously.
A key difference between traditional e-mail and secure web
messaging is that the latter is a dedicated system, used only
for patient–provider and provider–provider electronic communications, and requires unique user identifiers and log-in
procedures to maintain communication security [4,8,23,25,26].
Information shared via web messaging may include laboratory
and other diagnostic test results, information about health
status, information resources relevant to the patients’ conditions, responses to patient queries related to diagnosed
conditions or prescribed treatments, appointment scheduling, referral requests, prescription refill requests, and e-visits.
Potential advantages of web messaging include easier com-
munication documentation, improved convenience due to its
asynchronous nature, and reduced logistic problems due to
time and space constraints that are inevitable in face-toface and telephone communications [12,16,23]. Despite the
potential to improve communication and patient satisfaction,
adoption of web messaging has been slow [27,28].
Concerns with web-based secure communications have
been expressed by both patients and providers. Patients’
concerns include timeliness of responses, loss of interpersonal relationships, people other than their provider viewing
their messages, and difficulty using the communication portal [1,8,29–32]. Providers’ concerns with opening this line of
communication include fit with current workflow, potentially
being flooded with messages leading to increased workload,
and not being reimbursed for the time spent responding
to messages [9,13,24,31–34]. Other provider concerns include
patients inappropriately using web messaging for sensitive
or complex topics requiring face-to-face communications,
or emergencies and patient review on-line of their medical
records or diagnostic test results in the absence of explanation
by the physician [17,27,28,32,35,36].
Potential benefits of web-based secure messaging systems include avoidance of unnecessary visits and telephone
calls for tasks such as prescription renewals, referral
requests, appointment scheduling, lab reports, information
updates, simple queries about diagnosed conditions and
concerns, dosage adjustments, and non-acute symptom treatment in chronic disease management [8,10,12,16]. There
is evidence that the introduction of web messaging has
resulted in improved patient satisfaction and communication [9–12,16–19]. The majority of patients registering for web
messaging have been women and those with more chronic illnesses [12,28,37]. Alternatively, web messaging allows users to
discuss sensitive issues that could be avoided due to shyness
and inconvenience [11,39]. Patient users perceive improved
management of their chronic conditions [4,18,37,38,40,41]
and may have fewer annual visits [38,42]. Rather than being
inundated with messages [11,16], physicians may actually
experience increased productivity [12,35,38,43,47–50], plus
being able to answer patient messages at their convenience
[44,45]. There is also evidence that physicians tend to recommend web messaging to their colleagues [35,46]. Finally, there
is growing use of web portals to address the unique needs of
specific patient populations [4,18,23,41,44,47–50].
Studies have found that the communication content of
patient messages tends to be appropriate: addressing nonurgent care issues, adherent to recommended messaging
guidelines (e.g., AMIA guidelines for on-line communication) [13,28,33,45,46,51,52] with physician messages directly
answering patient queries while providing a level of emotional
support and empathy [39]. Moreover, use of web messaging appears to decrease as the complexity and sensitivity
of patients’ clinical issues increase [39]. Overall, patients,
providers and clinic staff express positive attitude towards
web-based secure communications [11,14,15,17,27,28,33]. Process efficiency has improved for referral, scheduling and refill
requests [1,35,43]. On the negative side, web messaging has left
some users frustrated due to difficulty in connecting, unmet
expectations regarding message responsiveness, loss of interpersonal relationships, and feelings of isolation [16].
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
471
Fig. 1 – Issues and questions to consider in implementing secure web-based electronic patient–provider communications
system.
3.
Secure communication issues and
questions framework
Building on earlier work addressing implementation of patient
portals and electronic health records [5,9,53] and based on
our experience implementing a secure patient–provider webbased communications system in an academic health center’s
primary care outpatient clinics, Fig. 1 presents a framework identifying seven areas to consider when implementing
such systems. Using this framework, we categorize the many
lessons learned in the form of issues and questions to prospectively consider when deciding to adopt and implementing a
web-based secure patient–provider communication system.
By design, this framework is depicted as being sequential in
nature beginning with issues and questions related to the
strategic fit and ending with on-going operation and management concerns.
3.1.
Strategic fit and priority
Implementing a secure patient–provider web-based communications system will generate both direct and indirect costs
for the organization and may require changes in workflows
and provider–patient interactions. The decision to implement
a system should also take into consideration whether the system might serve as the electronic platform for future service
delivery options, such as on-line only provider visits (e-visits)
or consultations. Because of the potential for unanticipated
future uses, it is useful to obtain input from the organizations’
various stakeholders (i.e., providers, clinical and support staff)
about potential applications and impacts. Because patients
are increasingly comfortable using electronic communications for other personal business activities, it is also important
to understand their assumptions and expectations about
potential system uses and to evaluate the system’s user friendliness. For example, if potential users are very interested in
seeing their laboratory results, they may be quite disappointed
if that option is not provided as part of the system. Thus,
the decision to implement a secure communications system
clearly should link directly to the organizations’ overall shortand long-term strategic and information technology plans and
be informed by information from key internal stakeholders
and patients. In making the decision about whether to implement a secure communications system, it is useful to consider
the following issues and questions:
1. How does a secure patient–provider electronic communications system fit our overall organizational, and health
information technological, strategic plans and priorities?
2. How does the proposed secure electronic communications system and proposed functionality fit with specific
short- and long-term strategic priorities including: market share; patient satisfaction; physician satisfaction;
employee satisfaction; patient care quality & safety; regulatory compliance; and/or workflow efficiency?
3. If applicable, how well does the proposed electronic communication link to our current (or planned) electronic
health record (EHR)?
4. What types of secure electronic communication functionality are needed to meet the organization’s strategic priorities? Potential options could include: secure
patient–provider e-mail, passive viewing of EHR by patient,
EHR data entry by patients, scheduling visits and tests,
requesting medication refills, hosting patients’ personal
health records, providing e-visits, reviewing and paying
bills, patient education, and, internal operational and/or
clinical effectiveness research. If direct viewing of the EHR
by the patient is allowed, which portion of the EHR will
patients be allowed to view on-line (e.g., test results and
notes), and within what time frames (e.g., immediately
after results become available, after a set time period,
after the provider has reviewed the results) will viewing
be allowed?
5. Who will be the primary users (i.e., all vs. selected
categories of patients, physicians, midlevel providers,
assistants) of the secure communications system?
6. What are the anticipated costs of implementation in relation to available capital? What are the anticipated on-going
operational funding and personnel resources necessary to
support this initiative?
7. What is the priority (i.e., low, medium, high) and timeframe (i.e., within 3 months; 3–6 months; 6–12 months;
>12 months) for implementing a secure patient–provider
electronic communications system?
8. Is there a potential revenue stream based on the secure
communications such as fees for e-visits? What is the business model for the use of the different functions of the
secure communication system?
9. Will this secure communication system provide all of
the required functions being required by the emerging
“meaningful use” standards proscribed by the American
Reinvestment & Recovery Act (ARRA) of 2009 [54]?
3.2.
Selection process & implementation team
Like other major decisions involving health information technology (HIT), it is critical to have a well thought out product
selection process and to identify the key implementation team
members early. Identifying the executive champion/owner
and key stakeholders early in the process is essential. Sim-
472
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
ilarly, it is also advantageous to identify and begin having
key members of the selection and implementation teams
work together early in the process. For example, unless there
is a direct channel to key organizational decision-makers a
project can bog down because different organizational units
are not coordinating their efforts. Clearly these key individuals must not only have a full understanding and appreciation
of how implementation of web-based secure communication
system fits into the organization’s strategic priorities but also
an appreciation of patient preferences and expectations, and
provider and staff concerns. That is, what are the needs and
concerns of the secure communication system’s various customers (i.e., patients, providers and staff)? To accomplish this
it can be helpful to conduct focus groups and/or surveys prior
to selecting a specific secure communications system. The following issues and questions are useful to consider during the
selection process and formation of the implementation team.
1. Who will be the executive owner(s) of the secure
patient–provider electronic communications system (i.e.,
CIO, COO, CFO, CMO, and CMIO), and who in the
organization will have administrative ownership of and
responsibility for the initial rollout, marketing and customer service, and system maintenance?
2. What do we know about our patients’ current use of and
expectations for electronic communications with other
service providers and their preferences for electronic communications with their healthcare providers?
3. Who will lead the selection process and implementation
team? Who, and which stakeholders, need to be represented on the selection and implementation team (i.e.,
providers, nurses and allied health, clerical, patients)?
4. What required response items will be included in the
vendor request for proposal (RFP)? Specific items might
include: listing of specific functionalities; demonstrated
patient acceptance in terms of ease of use and intuitive operation; interoperability with existing EHR and
other HIT systems; hosting/support options; 3–5 year total
implementation and operational costs and fees, training
requirements and resources; list of current users and references; vendor’s financial stability; planned upgrades;
requirements for on-sited demonstrations; evidence of
vender long-term financial stability?
5. Selection process issues to consider include: Will on-site
or off-site demonstrations be used? What is the weighting
scheme for the required RFP items? What is the timeframe
for RFP development, review and selection?
3.3.
Integration in patient care communications and
workflows
By its very nature, introducing a secure communications system potentially changes not only the nature and types of
communications, but also the current workflows associated
with how providers and patients communicate. For example, patients experienced in using e-mail and other forms
of electronic transactions will expect easy to use interfaces
and same-day if not almost immediate responses from their
providers. Providers scheduled to see patients in the hospital and/or clinic all day long may not have opportunity or
desire to answer e-mails as they arrive or as quickly as patients
may desire, particularly if there is no compensation associated
with this work. As with current processes related to screening
and forwarding telephone messages from patients, new processes will be needed for screening and forwarding patient
e-mails to their providers. If messages go directly to providers,
processes will be needed to identify more urgent messages
and to provide for times that providers are unavailable, such
as on vacation. An additional potential challenge involves
patients seen by multiple providers, either from the same
or different specialties, and patient’s expectations that email communications would automatically be shared among
the providers, regardless of whether the providers belong to
different organizations. Thus, it is necessary to carefully evaluate current-state patient–provider telephone communication
processes, patterns and content to design the future state webbased communications processes. To this end the following
issues and questions can be useful to consider:
1. How will implementing a secure patient–provider communication system affect clinic/hospital patient–provider
communications and workflows? Who is accountable for,
and, what actions will need to be taken to ensure adequate
and timely IT and administrative support for clinic staff?
Specific areas of needed support include marketing and
patient enrollment support; developing and maintaining
a user/customer database; maintaining and updating the
secure communications interface and web-site; establishing effective electronic communication triage and proxy
screening to support providers.
2. In a multi-specialty group practice setting, will patients
have e-mail and other secure communications access (i.e.,
e-mail, viewing medical records, and scheduling appointments) with all primary care providers and medical or
surgical specialists that they are being seen by, or will
the secure communications connection be limited to designated primary care providers? A related issue of major
concern is how patients can be accurately linked to their
designated provider(s). Because patients may be seen by
multiple providers, simply using billing records to establish
the presence of an on-going patient–provider relationship
may be inadequate. Likewise, patients may think that their
primary provider is different from the provider identified
by the organization. Finally providers may leave the organization, which could leave affected patients unlinked to
any provider. This issue of assigning patients to providers is
particularly challenging for large multi-specialty practices
and academic medical centers.
3. Who in the clinic or hospital will directly receive and
screen electronic communications from the patient (i.e.,
the patient’s physician, assigned nurse, clerk, or other surrogate), and how will after-hours, weekend or vacation
coverage by other providers be handled in terms of access
to or receiving electronic communications from patients?
4. Will communications such as “visit scheduling” or prescription refill requests be automatically routed to the
provider, someone designated as her/his clinical proxy for
purposes of communicating with patients, or will patients
be able to directly schedule a visit by selecting from a list
of scheduled openings listed on-line? Related to all such
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
electronic requests will be a need to ensure that a system
is in place monitoring the timeliness and responsiveness
to patient requests.
5. What actions will clinic/hospital staff be expected to take
(i.e., respond directly to sender, copy sender’s information
into EHR, etc.) when receiving clinical data from patients?
Such data could include home monitoring (e.g., home blood
glucose or blood pressure readings), clinical values sent by
the patient that were obtained from other providers, or data
entered into an electronic personal health record. How or
when will patients’ providers be notified that such information is being “imported” into the system? Clearly specific
organizational policies must be developed to address the
potential importing of such information from the patient
directly into the patient’s medical record.
6. Will the organization use a software product to structure patient inquiries so that complete histories of patient
concerns can be collected with the first message, rather
than through 3–4 turns of successive electronic messages
between patient and provider [55]?
7. What will the organizational policy be for informing
patients about potential delays in response if e-mail
communications are used, and will there be automatic
monitoring to ensure that e-mails sent by patients are
responded to within a specified time frame (e.g., 24 h, next
regular business day, etc.)?
3.4.
Aligning organizational policies with health
insurance portability & accountability act (HIPAA)
requirements
Maintaining patient confidentiality in communications
between providers and patients is essential both from regulatory and patient-expectation perspectives. However, patients
may be cared for by multiple providers from different organizations, and patients may desire to share parts or all of
their medical record and communications with all of their
providers, with family members, and/or significant others.
For patients already using e-mail, who may already be using
it to communicate with health-care providers, the need for
establishing a separate mechanism for secure communications may be confusing or be seen as an unnecessary bother.
Further complicating the confidentiality issue is whether to
limit parental access to communications between teenagers
and their providers. While clinical practice is to privately
discuss sensitive issues, such as sexual activity with adolescents, institutions may perceive that access to electronic
information belongs to parents or guardians. Institutions will
have to decide whether to limit parental rights to view their
child’s medical record or medication list, which might include
oral contraceptives or treatment for a sexually transmitted
infection, if the teenagers do not want this information
shared with their parents. In the case of divorced parents
with unequal custody authority, there are potential issues
about which parent, and under what circumstances, will have
access to the child’s medical record. Thus it is not sufficient to
just implement a secure electronic communication system,
but it is also necessary to review and align existing organizational policies and procedures and HIPPA requirements with
the introduction of a secure patient–provider communica-
473
tions portal. The following questions are illustrative of some
of the confidentiality issues to consider:
1. Will all providers and patients be required to only use
the dedicated secure patient–provider e-mail system to
communicate clinical information via e-mail, or will other
e-mail systems be allowed?
2. How will current organizational policies and procedures
related to who has access to a minor’s health record
(i.e., married/divorced parents, step parents, etc.) be incorporated into allowing electronic viewing of the minor’s
medical record? Will all portions of a teenager’s electronic health record be accessible by the parents or adult
guardian?
3. How will access be handled for adults either caring for or
serving as legal guardians of their elderly parents? That
is, how will permission for access to the same electronic
health record be given to more than one authorized user?
As more individuals have access to an individual’s EHR, the
organization will need to develop processes for approving
such access and long-term storage of documentation of the
permissions given.
4. Will all clinically related secure message exchanges
between patients and providers be retained, and if so for
how long?
5. For parents with more than one child, will separate access
codes and accounts need to be set up for each child, or will
the parent only have to use one access code and account in
order to e-mail providers or view their children’s medical
records? How will the situation be handled in which a parent sends a secure message regarding their child but uses
her own account?
3.5.
System implementation & training
Preparing the secure communications system for “go-live”
requires careful planning and execution of both the technical
aspects of the HIT implementation, as well as training staff
and providers to use the system. Patients will expect a fully
functional secure communication system that works and with
staff who are prepared to assist in using it. Thus, it is essential
to test all aspects of the system to ensure that it is functioning
as desired and to provide adequate training to staff designated
to assist patients in enrolling or actually using the system. The
following types of questions related to implementation and
training can be helpful to consider:
1. Will management of the implementation and on-going
operation of the secure communications system be internally led/controlled or outsourced to a firm specializing in
this type of service?
2. Who are the key personnel from the organization’s information technology, clinical care, clerical and support
services, and administrative staff that will be assigned
to support system implementation and staff training?
If outsourced to an external organization, how will the
appropriateness and adequacy of the implementation and
training processes be assessed and ensured?
3. Is there a project management plan detailing specific
project tasks, implementation milestones, and personnel
474
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
responsible for the pre-go-live (i.e., build, system testing, and training), go-live (i.e., system turn on, superuser
support), and post-go-live (i.e., trouble shooting, system
monitoring and modification) phases of the project?
4. What capital decisions, acquisitions, and IT system
upgrades will need to be made, and by what dates?
5. What training types, intensities and modalities for delivering training will be needed for staff to enroll patients,
clinicians interacting with patients about their potential
use of the system, and training for enrolled patients to use
the system, both at initial enrollment and as new features
are introduced?
3.6.
Marketing & enrollment
Organizations will need to determine which patients will be
targeted to enroll in the secure messaging system. For example
in the case of a primary care clinic, the decision may be made
to target only those patients for whom there is an expectation
of a long-term provider–patient relationship. Alternatively in
a large multi-specialty group practice or integrated healthcare
delivery system, only patients seen on an on-going basis in
a primary care clinic or in one or more of the specialty clinics may be targeted for enrollment. Regardless, it is important
to consider in advance which patients will be encouraged to
sign up to use the secure messaging system and to develop
marketing materials specifically targeting them. There are
also a number of organizational issues to consider in terms
of how the new secure communications system will be marketed to prospective users. First and foremost, it must be clear
to prospective enrollees whether it will be free or have an
associated fee. Potential alienation may occur if fees are subsequently added once patients have become accustomed to
using the system. Options for promoting the secure messaging system can vary widely ranging from posting signs in the
clinic or office about the system’s availability to direct mail
announcements, use of looped promotional video tapes playing in the office, and/or having someone in the organization
such as the provider, nurse or clerical personnel take time
to talk with the patient about the system’s potential benefits and recommend its use. Regardless of the strategy to
make potential users aware of the system, it is essential to
have consistent promotional messages presented in an appropriate manner for the patient’s age and literacy level. Once
patients have decided to enroll, the enrollment process should
be user-friendly, efficient, and accurate. Enrollment options
may include on-line, in-person, or over the telephone. Whatever option is used, it is essential to have a clear and consistent
process to verify the identity of the person being enrolled
and/or given access to the system. However, if this is a separate step from enrollment, this may create log-in problems,
which may or may not be addressable by the “help desk.” Some
questions to consider related to marketing and the enrollment
processes include the following:
1. Which patients will be encouraged to enroll in the secure
communication system?
2. How will the secure communications system be presented/promoted to potential users (i.e., during scheduled
visits, special promotions, etc.)?
3. What role will physicians and other providers play in
recruiting patients to use the secure communication system? Will providers be actively encouraging patients to sign
up?
4. Who will explain features and answer potential enrollees’
questions? Who is responsible/authorized to enroll
patients?
5. How will enrollment be carried out (i.e., in-person, via the
web, by telephone, etc.), and how will enrollee identity be
verified?
6. What web-site tutorials, FAQs, or other resources such
as log-in and password reminders, are available to assist
enrollees in logging in, understanding and using the secure
communications system? Will “live help” either in the form
of a telephone or e-mail-based help desk be available?
3.7.
On-going system use and performance monitoring
As with all HIT applications, once implemented there is an
on-going need to monitor utilization and system performance
and manage the organizational resources being devoted to it.
If the secure communications system is viewed as part of a
long-term strategy to strengthen ties between patients and
their providers, it will be essential to periodically monitor metrics such as: message volumes, types, and response timeliness
of providers; medication refill and visit scheduling requests;
numbers and frequencies of patients electronically viewing
their medical records; and patient, provider and staff satisfaction. In particular monitoring provider response times to
patient e-mails may provide important information about the
timeliness and resource intensity of responding to patients
via e-mail. Costs of system maintenance and upgrades plus
on-going staff support also require on-going monitoring and
management. To this end it is useful to consider the following
types of issues and questions:
1. Who has responsibility for tracking/monitoring use of the
secure communications system as well as general system
performance?
2. What mechanism will be used to ensure that patientgenerated e-mails sent to providers are responded to in a
timely manner?
3. Is there a formalized policy describing expectations for the
nature and type of content appropriate to communicate via
the secure messaging system?
4. How will patient, provider and staff satisfaction with the
system be monitored on an on-going basis?
5. Which departmental budgets should be amended to
include implementation and on-going support and responsibility? What are the on-going post-implementation costs
associated with marketing, enrollment and daily operations?
6. What is the plan for operations when the system has temporary failures?
4.
Conclusion
As patients increasingly share in the financial cost of the care
they receive, it is incumbent on healthcare organizations to
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
Summary points
What is known:
• Patient desire and expectations for electronic communication with healthcare providers is growing.
• Secure web portals offering a variety of ways to
enhance patient–provider communication are increasing being implemented by healthcare providers &
organizations.
475
Acknowledgements
This work was supported in part by grant number
R18HS017035 and by grant number K08HS017948 from
the Agency for Healthcare Research and Quality. The content
is solely the responsibility of the authors and does not necessarily represent the official views of the Agency for Healthcare
Research and Quality.
references
What study adds:
• Provides a framework for planning and implementing
secure patient–provider web portals.
• Identifies specific questions and issues healthcare
providers & organizations should consider if implementing such systems.
develop new ways of meeting patients’ expectations. Secure
web-based systems can be used to enhance patient–provider
communications, facilitate visit scheduling, respond to medication refill requests, provide for bill paying, and increase
patient access to their medical records. These enhancements
are all consistent with healthcare organizations’ movement
towards patient-centered care and their goals of maintaining current and growing future market share. Additionally,
the use of secure web-based communication systems as
part of the patient–provider interaction will likely be part of
the emerging concept of “meaningful use,” currently being
developed by the federal government to define which entities will qualify for funding for implementing EMRs [54].
The preliminary proposal by a committee of experts calls
for organizations to provide patients with timely electronic
access to their health information by 2011, and by 2013 proposed requirements will include secure messaging, home
device uploads and integration with a personal health record
(PHR).
While there may be many potential benefits for healthcare organizations to implement such systems, it is critical
that such an undertaking be done in a thoughtful and
organized manner. Failed or poorly managed implementations have the potential to be very costly, not only in
terms of economic costs, but also in terms of potential
threats to patient safety, lost provider productivity, and user
dissatisfaction. This paper has presented a framework identifying seven key areas in planning and implementation of
secure web-based systems for patient–provider communication: the strategic fit, selection process and implementation
team, workflow integration, HIPAA compliance; implementation and training planning, marketing and enrollment,
and on-going performance monitoring and management.
While the list of specific questions is not exhaustive, from
our experience addressing them provides a solid foundation for what should be considered before implementing
and operating a secure patient–provider communications system.
[1] A. Hassol, J.M. Walker, D. Kidder, K. Rokita, D. Young, S.
Pierdon, D. Deitz, S. Kuck, E. Ortiz, Patient experiences and
attitudes about access to a patient electronic health care
record and linked web messaging, J. Am. Med. Inform.
Assoc. 11 (6) (2004) 505–513.
[2] C. Chen, T. Garrido, D. Chock, G. Okawa, L. Laing, The Kaiser
permanente electronic health record: transforming and
streamlining modalities of care, Health Affairs (Millwood) 28
(2) (2009) 323–333.
[3] J.D. Ralston, D.P. Martin, M.L. Anderson, P.A. Fishman, D.A.
Conrad, E.B. Larson, D. Grembowski, Group health
cooperative’s transformation toward patient-centered
access, Med. Care Res. Rev. 66 (6) (2009) 703–724.
[4] L.T. Harris, D.P. Martin, S.J. Haneuse, J.D. Ralston, Diabetes
quality of care and outpatient utilization associated with
electronic patient–provider messaging: a cross-sectional
analysis, Diabetes Care 32 (7) (2009) 1182–1187.
[5] C. Fullerton, P. Aponte, R. Hopkins, D. Bragg, D.J.U. Ballard,
Lesson learned from pilot site implementation of an
ambulatory electronic health record, Proc. Bayl. Univ. Med.
Cent. 19 (4) (2006) 303–310.
[6] J.M. Bryne, S. Elliott, A. Firek, Initial experience with
patient–clinician secure messaging at a VA medical center, J.
Am. Med. Inform. Assoc. 16 (2) (2009) 267–270.
[7] S.L. Zickmund, R. Hess, C.L. Bryce, K. McTigue, E. Olshansky,
K. Fitzgerald, G.S. Fischer, Interest in the use of
computerized patient portals: role of the provider–patient
relationship, J. Gen. Intern. Med. 23 (Suppl. 1) (2008) 20–26.
[8] D. McGeady, J. Kujala, K. Ilvonen, The impact of
patient–physician web messaging on healthcare service
provision, Int. J. Med. Inform. 77 (1) (2008) 17–23.
[9] S.J. Katz, C.A. Moyer, The emerging role of online
communication between patients and their providers, J.
Gen. Intern. Med. 19 (9) (2004) 978–983.
[10] T.K. Houston, D.Z. Sands, M.W. Jenckes, D.E. Ford, Experiences of patients who were early adopters of electronic
communication with their physician: satisfaction, benefits
and concerns, Am. J. Manage. Care 10 (9) (2004) 601–608.
[11] C.T. Lin, L. Wittevrongel, L. Moore, B.L. Beaty, S.E. Ross, An
internet-based patient–provider communication system:
randomized controlled trial, J. Med. Internet Res. 7 (2005)
e47.
[12] M. Wallwiener, C.W. Wallwiener, J.K. Kansy, H. Seeger, T.K.
Rajab, Impact of electronic messaging on the
patient-physician interaction, J. Telemed. Telecare 15 (5)
(2009) 243–250.
[13] D.F. Sittig, Results of a content analysis of electronic
messages (email) sent between patients and their
physicians, BMC Med. Inform. Decis. Making 3 (2003) 11.
[14] S.L. Leong, D. Gingrich, P.R. Lewis, D.T. Mauger, J.H. George,
Enhancing doctor–patient communication using email: a
pilot study, J. Am. Board Family Pract. 18 (3) (2005) 180–188.
[15] M.E. Matheny, T.K. Gandhi, E.J. Orav, Z. Ladak-Merchant,
D.W. Bates, G.J. Kuperman, E.G. Poon, Impact of an
476
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
automated test results management system on patients’
satisfaction about test result communication, Arch. Intern.
Med. 167 (20) (2007) 2233–2239.
J.D. Ralston, D. Carrell, R. Reid, M. Anderson, M. Moran, J.
Hereford, Patient web services integrated with a shared
medical record: patient use and satisfaction, J. Am. Med.
Inform. Assoc. 14 (6) (2007) 798–806.
E.M. Liederman, C.S. Morefield, Web messaging: a new tool
for patient–physician communication, J. Am. Med. Inform.
Assoc. 10 (3) (2003) 260–270.
S.E. Ross, L.A. Moore, M.A. Earnest, L. Wittevrongel, C.T. Lin,
Providing a web-based online medical record with electronic
communication capabilities to patients with congestive
heart failure: randomized trial, J. Med. Internet Res. 6 (May
(2)) (2004) e12.
J. Hereford, E. Bell, J. Lee, T. Eytan, Patient satisfaction with a
web-based patient–provider messaging system
implemented across a statewide delivery system (Group
Health Cooperative), in: AMIA Annu. Symp. Proc., 2003, p.
860.
K.G. Adler, Web portals in primary care: an evaluation of
patient readiness and willingness to pay for online services,
J. Med. Internet Res. 8 (4) (2006) e26.
Harris Interactive, Patient/physician online communication:
many patients want it, would pay for it, and it would
influence their choice of doctors and health plans, Health
Care News 2 (8) (2002) 1–4.
J.B. Fowles, A.C. Kind, C. Craft, E.A. Kind, J.L. Mandel, S. Adlis,
Patients’ interest in reading their medical record: relation
with clinical and sociodemographic characteristics and
patients’ approach to health care, Arch. Intern. Med. 164 (7)
(2004) 793–800.
C.L. Bryce, S. Zickmund, R. Hess, K.M. McTigue, E. Olshansky,
K. Fitzgerald, G. Fischer, Value versus user fees: perspectives
of patients before and after using a web-based portal of
management of diabetes, Telemed. J. E: Health 14 (10) (2008)
1035–1043.
K.D. Kleiner, R. Akers, B.L. Burke, E.J. Werner, Patient and
physician attitudes regarding electronic communications in
pediatric practices, Pediatrics 109 (5) (2002) 740–744.
L. Sorensen, R. Shaw, E. Casey, Patient portals: survey of
nursing informaticists, Stud. Health Technol. Inform. 146
(2009) 160–165.
T. Delbanco, D.Z. Sands, Electrons in flight—e-mail between
doctors and patients, N. Engl. J. Med. 350 (17) (2004)
1705–1707.
S.J. Katz, N. Nissan, C.A. Moyer, Crossing the digital divide:
evaluating online communication between patients and
their providers, Am. J. Manage. Care 10 (9) (2004) 593–598.
C.B. White, C.A. Moyer, D.T. Stern, S.J. Katz, A content
analysis of E-mail communication between patients and
their providers: patients get the message, J. Am. Med.
Inform. Assoc. 11 (4) (2004) 260–267.
G.R. Couchman, S.N. Forjuoh, T.G. Rascoe, M.D. Reis, B.
Koehler, K.L. Walsum, E-mail communications in primary
care: what are patients’ expectations for specific test
results? Int. J. Med. Inform. 74 (January (1)) (2005) 21–30.
D.F. Sittig, S. King, B.L. Hazlehurst, A survey of
patient–provider e-mail communication: what do patients
think? Int. J. Med. Inform. 61 (1) (2001) 71–80.
A. Tjora, T. Tran, A. Faxvaag, Privacy vs. usability: a
qualitative exploration of patients’ experiences with secure
internet communication with their general practitioner, J.
Med. Internet Res. 7 (2) (2005) e15.
S.J. Katz, C.A. Moyer, D.T. Cox, D.T. Stern, Effect of a
triage-based e-mail system on clinic resource use and
patient and physician satisfaction in primary care, J. Gen.
Intern. Med. 18 (9) (2003) 736–744.
[33] E.M. Liederman, J.C. Lee, V.H. Baquero, P.G. Seites, The
impact of patient–physician web messaging on provider
productivity, J. Healthcare Inform. Manage. 19 (2) (2005)
81–86.
[34] R.G. Neville, W. Marsden, C. McCowan, C. Pagliari, H. Mullen,
A. Fannin, A survey of GP attitudes to and experiences of
email consultations, Inform. Prim. Care 12 (4) (2004) 201–206.
[35] A.F. Kittler, G.L. Carlson, C. Harris, M. Lippincott, L. Pizziferri,
L.A. Volk, Y. Jagannath, J.S. Wald, D.W. Bates, Primary care
physician attitudes towards using a secure web-based portal
designed to facilitate electronic communication with
patients, Inform. Prim. Care 12 (3) (2004) 129–138.
[36] J. Hobbs, J. Wald, Y.S. Jagannath, A. Kittler, L. Pizziferri, L.A.
Volk, B. Middleton, D.W. Bates, Opportunities to enhance
patient and physician e-mail contact, Int. J. Med. Inform. 70
(1) (2003) 1–9.
[37] J.D. Ralston, C.M. Rutter, D. Carrell, J. Hecht, D. Rubanowice,
G.E. Simon, Patient use of secure electronic messaging
within a shared medical record: a cross-sectional study, J.
Gen. Intern. Med. 24 (3) (2009) 349–355.
[38] Y.Y. Zhou, T. Garrido, H.L. Chin, A.M. Wiesenthal, L.L. Liang,
Patient access to an electronic health record with secure
messaging: impact on primary care utilization, Am. J.
Manage. Care 13 (7) (2007) 418–424.
[39] D.L. Roter, S. Larson, D.Z. Sands, D.E. Ford, T. Houston, Can
e-mail messages between patients and physicians be
patient-centered? Health Commun. 23 (1) (2008) 80–86.
[40] R.W. Grant, J.S. Wald, J.L. Schnipper, T.K. Gandhi, E.G. Poon,
E.J. Orav, D.H. Williams, L.A. Volk, B. Middleton,
Practice-linked online personal health records for type 2
diabetes mellitus, Arch. Intern. Med. 168 (16) (2008)
1776–1782.
[41] B.B. Green, A.J. Cook, J.D. Ralston, P.A. Fishman, S.L. Catz, J.
Carlson, D. Carrell, L. Tyll, E.B. Larson, R.S. Thompson,
Effectiveness of home blood pressure monitoring, web
communication, and pharmacist care on hypertension
control: a randomized controlled trial, JAMA 299 (24) (2008)
2857–2867.
[42] T.S. Bergmo, P.E. Kummervold, D. Gammon, L.B. Dahl,
Electronic patient–provider communication: will it offset
office visits and telephone consultations in primary care?
Int. J. Med. Inform. 74 (9) (2005) 705–710.
[43] K. Reijonsaari, D. McGeady, J. Kujala, N. Ekroos, Effects of
E-health on health care service production processes-case
study: Palo alto online, in: International Conference on the
Management of Healthcare & Medical Technology, Aalborg,
Denmark, August 25–26, 2005, pp. 62–73.
[44] R.C. Wu, D. Delgado, J. Costigan, J. Maciver, H. Ross, Pilot
study of an internet patient–physician communication tool
for heart failure disease management, J. Med. Internet Res. 7
(1) (2005) e8.
[45] S.G. Anand, M.J. Feldman, D.S. Geller, A. Bisbee, H. Bauchner,
A content analysis of e-mail communication between
primary care providers and parents, Pediatrics 115 (5) (2005)
1283–1288.
[46] J.S. Wald, K. Burk, K. Gardner, R. Feygin, E. Nelson, M.
Epstein, E.G. Poon, B. Middleton, Sharing electronic
laboratory results in a patient portal—a feasibility pilot,
Stud. Health Technol. Inform. 129 (Pt 1) (2007) 18–22.
[47] R. Hess, C.L. Bryce, S. Paone, G. Fischer, K.M. McTigue, E.
Olshansky, S. Zickmund, K. Fitzgerald, L. Siminerio,
Exploring challenges and potentials of personal health
records in diabetes self-management: implementation and
initial assessment, Telemed. J. E: Health 13 (5) (2007) 509–517.
[48] M.T. Britto, H.B. Jimison, J.K. Munafo, J. Wissman, M.L.
Rogers, W. Hersh, Usability testing finds problems for novice
users of pediatric portals, J. Am. Med. Inform. Assoc. 16 (5)
(2009) 660–669.
i n t e r n a t i o n a l j o u r n a l o f m e d i c a l i n f o r m a t i c s 7 9 ( 2 0 1 0 ) 469–477
[49] A. Atreja, N. Mehta, D. Miller, S. Moore, K. Nichols, H. Miller,
M. Harris, One size does not fit all: using qualitative
methods to inform the development of an internet portal for
Multiple Sclerosis patients, in: AMIA Annu. Symp. Proc.,
vols. 16–20, 2005.
[50] E. Shaw, M. Howard, D. Chan, H. Waters, J. Kaczorowski, D.
Price, J. Zazulak, Access to web-based personalized
antenatal health records for pregnant women: a randomized
controlled trial, J. Obstet. Gynaecol. Can. 30 (1) (2008)
38–43.
[51] G. Ketteridge, H. Delbridge, L. Delbridge, How effective is
email communication for patients requiring elective
surgery? ANZ J. Surg. 75 (8) (2005) 680–683.
477
[52] J. Car, A. Sheikh, Email consultations in health care. 2.
Acceptability and safe application, BMJ 329 (7463) (2004)
439–442.
[53] C.M. Ruland, H. Brynhi, R. Andersen, T. Bryhni, Developing a
shared electronic health record for patients and clinicians,
Stud. Health Technol. Inform. 136 (2008) 57–62.
[54] Office of Health Information Technology, Meaningful Use,
http://healthit.hhs.gov/portal/server.pt?open=512&objID=
1325&parentname=CommunityPage&parentid=1&mode=2
(accessed 12/10/09).
[55] J.W. Bachman, The patient–computer interview: a neglected
tool that can aid the clinician, Mayo Clin. Proc. 78 (1) (2003)
67–78.