When you interact with patients online, either through unstructured mechanisms (like email), or through more formalized services, like PatientWire E-Commerce or PatientWire Mass E-Mail, you need to take into consideration compliance with HIPAA regulations.

You should formally consent your patients before you allow online communications of any sort. This provides you with some measure of protection in case of problems down the road.

It is convenient to combine an consent form for online communication with your office intake forms. This consent form should describe your method of interaction online (ie, email, e-commerce, etc.), and risks that may arise from communicating online.

The form should also make reference to your Privacy Policy, and either link to the policy OR let the patient know that they have the right to ask any staff member to show them the policy. (Click here for an example of the stock Privacy Policy that we use with PatientWire. Feel free to copy and adapt it for use in your own practice.)

Remember that it is your responsibility to comply with the HIPAA guidelines with respect to patient privacy. And unfortunately, ignorance of the law is not a defense if you're found in violation. If you don't have the stomach to handle the details of HIPAA yourself, make sure that the vendor of any software that you use handles it for you. (Ask them explicitly about HIPAA compliance.)

I've uploaded a sample intake form that you can modify and use in your own practice. Having such a form will allow you to start collecting patient email addresses.

It's best to include this form with the other stack of papers that you make the patient fill out when they arrive at the office. It lets them get it over with up-front, and allows you to have a consistent procedure for collecting email addresses.

Having this consent form sorted out will go a long way to preventing any misunderstanding between you and the patients that you interact with online.

Good luck!

Adam W. Farkas, MD, MBA
afarkas@wolfbioscience.com