How can I Message or email patients from within OpenEMR?

Day-to-Day Users
#1

I looked at ‘Messaging’ in the Demo, but this seems to be INTERNAL messaging to other members of the practice.
Is there a way to text or email a patient from within OpenEMR and preserve them as patient notes??

Many patients will not ‘sign up’ for a portal, and expect to get text messages or emails from a practice. Contrary to many claims, plain email is perfectly permissible under HIPAA, according to the official information from CMS.https://www.hhs.gov/hipaa/for-professionals/faq/570/does-hipaa-permit-health-care-providers-to-use-email-to-discuss-health-issues-with-patients/index.html

The Security Rule requires practices to CONSIDER encryption, but does not require it, and many patients will not tolerate the additional bother involved in establishing secure communications.

“Based on your required risk analysis, is encryption needed to protect the transmission of EPHI
between your office and outside organizations? If not, what measures do you have in place to
ensure the protection of this information? Some small providers might consider password protection
of documents or files containing EPHI and/or prohibiting the transmission of EPHI via email.”

image
image1200×1600 61.4 KB

#2

yep, closest you’ll get is:

image
image1920×888 50.1 KB

You can get secure mail account from several different vendors out there.

Portal messaging is secure because it never leaves openemr namespace and is transacted via database.

#3

Portal messaging is secure because it never leaves openemr namespace

Right. But for people who want to communicate by text or garden variety email…(Note CMS says explicitly this is allowed under HIPAA.)

Nothing integrated w OpenEMR, tho I guess one could copy and paste.
There. That’s a solution.

#4

Allowing every message to patients’ general mailbox relies on staff members’ good judgement of HIPAA. As an example, while appointment reminders are allowed, someone could refer to existing issue description in that reminder!

However you can leverage mechanism that sends out appointment reminders by using message templates instead of fixed plain text used in standard code. As an example if a Rx requires an encounter before creating a refill, message can go out for pt to make appointment before a certain date.

Then there are installations not subject to HIPAA. That is another story.

#5

Most people don’t realize how flexible HIPAA is. It DOES NOT REQUIRE encrypted communications. Talking on the phone, sending a letter in clear text, or sending a plain text or email are all permissible IF they’re addressed in your privacy policy (see PP below.)

HHS says Use of Regular Email Allowed
So an exchange like this via plain email can be compliant, if your PP is written right.

Patient email - I’m now on these medications (list) , and I …xyz. What was my last HBA1c?

Office email- 7.2, which is excellent control!! Good work, and btw, a couple of your meds may help with weight loss, which can improve your BS control. Keep up the good work!!

Patient email -I didn’t mention, I’ve lost 3kg in the last 2 months!

Office email- Great work and keep it up!! Your next appt is…

Encryption is nice but not required, if your risk assessment is that plain email is secure enough and the patient agrees.

PP sample excerpt:

" If the Patient initiates a conversation in which the Patient discloses “Protected Health Information (PHI)” on one or more of these communication platforms then the Patient has authorized the Practice to communicate with the Patient regarding PHI in the same format."

Of course end to end encrypted email is more secure. But it’s not required. You can require it for yourself, but IMO it’s better to leave the flexibility so you don’t have inadvertent violations.