March 24, 2022

QUESTION:
I am the chief of the division of family medicine at my hospital.  I recently learned that a nurse’s aide complained to her supervisor about my tone when speaking with the mother of a patient in our clinic.  The complaint made its way into the peer review system, and I was sent a “letter of guidance” referencing the organization’s Code of Conduct and encouraging me, for lack of a better explanation, to be on my best behavior and be mindful of my reputation and that of the health system.

To be honest, although I am involved in leadership and understand the underlying motivation for the Code of Conduct, I found this to be a really patronizing experience.  The aide who made the complaint knows nothing about my history with this patient and his mother, nor the practical or clinical reasons why I might take a serious tone with her.  My treatment of this patient and his mother was appropriate, given the circumstances and I feel pretty strongly that the aide should have stayed out of it or at least raised her concerns with me before reporting me to her supervisor.

I would like to take this opportunity to discuss this situation with the aide and her supervisor.  It’s important for the aide to understand that some patients of the clinic are well known by clinic staff to require more intense interactions regarding appropriate treatment options and the importance of compliance with the treatment plan.  I am not expecting an apology from the aide as a result of this conversation but, instead, see this conversation as an opportunity to improve how the clinic team operates and, hopefully, prevent frivolous reports in the future.

Last week, I approached the supervisor regarding this, to schedule a time for all three of us to sit down to talk (me, the supervisor, and the aide).  The supervisor told me that my plan was not appropriate and could be viewed as intimidation.  She refused to schedule the session and said I’d better run my plan past the Chief of Staff first.  I did and she said it’s better to “leave it alone.”

Has the whole world gone crazy?  Can’t professionals talk to each other anymore?  How is this supposed to improve the patient care environment?

OUR ANSWER FROM HORTYSPRINGER ATTORNEY RACHEL REMALEY:
It’s easy to see why you might be frustrated, given the scenario you have described.  A key component of any peer review process should be transparency.  This means all practitioners who are subject to the process should understand that it exists and how it works.  Information should, ideally, be periodically pushed out to members of the Medical Staff to help them understand the many moving parts to the peer review process.  When the process is better understood, practitioners are less likely to feel targeted when their own practices come under scrutiny.

Transparency requires more than knowledge of the process, however.  It also requires practitioner involvement in their own peer review.  In your case, it appears as though the peer review of the concern involving your conduct was concluded without anyone ever asking for your input and getting your side of the story.  How can practitioners be expected to buy-in to a process that does not include their input?  As you describe it, that input may have been vital in deciding the appropriate outcome.  Maybe if you had been given a chance to discuss the facts with those conducting the review, they would have concluded that rather than sending you a letter of education, they should provide additional information and training to clinic personnel regarding tough, non-compliant patient management.

At this point, what’s done is done.  Your best bet may be to respond to the letter of education explaining your side of the story and requesting that consideration be given to obtaining your input should any future, similar concerns be reported.  Further, you might consider recommending that clinic personnel receive additional training to help them understand and manage situations like this.  Don’t worry that your response will be seen as controversial or adversarial.  A professionally-worded response, sent through appropriate channels, is part of the review process and is completely appropriate.  After all, the aim of the peer review process should not only be to work with privileged practitioners to address concerns that are under their control, but also to bring to light related, systemic concerns that should be addressed to improve patient care overall.

With that said, we agree with the aide’s supervisor that it is not a good idea for you to sit down with the aide to discuss this matter.  While doing so might be the fastest, most efficient way to get from point A to point B, the supervisor is right – your actions could intimidate the aide.  And, in the long run, that could lead to aides (and other personnel) being reluctant to report meaningful concerns about practitioners due to fear of retaliation.

This advice may be frustrating, because your intentions may be good.  Instead of focusing on your intentions, though, try to think about process.  Can an effective peer review process rely on the good intentions of every physician whose conduct is reported?  If practitioners are given free rein to “confront” those who report concerns about that, would that have a chilling effect on future reports?  Would that promote advancements in quality?

You can see where we are going with this.

Ideally, this issue would have been addressed with you earlier (when your input was first sought by the leadership reviewing this matter) and, at that time, the organizational definition of retaliation could have been provided, along with a caution about engaging in any conduct that could be viewed as retaliatory.  Our recommendation is that a professionalism policy include any contact with the individual who filed a report, in an attempt to discuss the matter, as retaliatory – no matter the intention.  Letting practitioners know this early in the process avoids any embarrassment or confusion later.  Further, bringing it up early in the process avoids an implication that the practitioner is pursuing retaliatory conduct and allows it to serve as a generalized, non-confrontational FYI.  In most organizations, it works well and keeps disputes (and retaliation) to a minimum.

Peer review is tough and imperfect. Organizations are constantly tweaking their processes to correct deficiencies and improve the experience for the practitioners who are subject to review.  We hope you can take the flaws you perceived in this review of your conduct and work through available channels at your organization to suggest appropriate changes (e.g., earlier, methodical request for the practitioner’s input and guidance to practitioners of who they can contact to discuss the matter).

April 2, 2015

QUESTION:    May physicians text or e-mail patient information to one another if such texts or e-mails are directly related to patient care? If so, does HIPAA require that such transmissions be encrypted?

ANSWER:       Any discussion of sending Protected Health Information (“PHI”) via text or e-mail should distinguish between: (1) the HIPAA Privacy Rule and (2) the HIPAA Security Rule:

(1)       The Privacy Rule is concerned with WHY information is being used or disclosed. Is there a permissible purpose? There is no violation of the Privacy Rule if a text or e-mail is for a treatment purpose.

(2)        The Security Rule is concerned with HOW information is transmitted and stored. Thus, while it may be appropriate for one physician to disclose PHI to another physician for treatment purposes, the Security Rule could be violated if the method used to transmit that information is improper.

The Security Rule has three categories of requirements:

(i)         Standards.

(ii)        Required Implementation Specifications.

(iii)       Addressable Implementation Specifications.

Covered entities must comply with all “Standards” and “Required Implementation Specifications.” As the name implies, “Addressable Implementation Specifications” do not always have to be implemented. Instead, each covered entity must evaluate whether an Addressable Implementation Specification is a “reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting” PHI. If so, the Addressable Implementation Specification must be implemented. If not, the covered entity must consider whether an alternative measure to protect security is feasible and must document its conclusions.

Encryption is an Addressable Implementation Specification. Thus, covered entities are expected to encrypt texts and e-mails if doing so is a “reasonable and appropriate safeguard in its environment.” In evaluating this question, covered entities should consider whether encryption would interfere with patient care (e.g., undue delays in transmission, retention of encrypted transmissions, etc.).