Would like to know two things: Is this a HIPAA Violation and Can this be removed from an EMR/Patient Portal?
Patient and Doctor had a personal email/conversation over the weekend. More to the story, but Doctor was venting to the patient how frustrated he was with the patient's pharmacy. Patient replied how they agreed it was frustrating and the patient has been frustrated with the pharmacy for several other problems with prescriptions. That's it. The email was as simple as a personal conversation between doctor and patient. On Monday, the patient's email ended up in their portal from the assistant at the doctor's office. Patient has already instructed the office and it's noted in their chart for no one to contact the patient except the doctor and not to contact them through the portal or another secured messaging site. The assistant obviously did not read the note or remembered that the patient did not want to receive anything through the patient portal. The patient contacted the assistant and asked why they received the personal email/conversation between the doctor and patient? Then asked "how did you get ahold of it"? The assistant replied "I don't know". The patient asked again "this was a personal conversation/email between the doctor and patient, how did you get it"? "Do you have his password to his home computer to read his messages when he is away"? The assistant replied "I don't know". Patient said "then how did you get ahold of it"? Assistant replied "It comes through the secured messaging site". Patient replied "that they don't use the secured messaging when they found out it wasn't so secured when their personal message to the doctor was being read by assistants and answered by assistants". The assistant then replied "the doctor sent it to the receptionist, who sent it to one assistant who sent it to the other assistant". The patient replied "so everyone in the office just read the personal email/conversation between the doctor and patient"? "That still doesn't answer why the patient received it through their portal when noted in their chart not to send anything to the patient through the portal or make contact with patient". The assistant replied "it was sent to help with the issues". Patient asked "what issues - there are no issues - the issue has passed'. The assistant said "issue with Joe's prescription". The patient said "the prescription for Joe was from over a month ago, issue was resolved over a month ago". Obviously, they didnt' read the email/conversation or they would have realized it. Anyway, it was a personal email/conversation. Patient wants it removed from the portal and their Electronic Medical Record. The patient contacted the support of the software provider and was given instructions on how the office can remove/delete the personal email/conversation". The office states that the message was sent as a phone message so it can't be deleted. It was not a web encounter. Patient finds that hard to believe. What happens if the doctor's office accidentally sent a personal email/conversation or results to the wrong patient. Are they able to retrieve it? Patient wants it removed. Email should not have been sent in the first place. The Doctor was leaving town and was sending all the emails he received to the receptionist to take care of. That particular patient's email/conversation was sent also, but no action was needed. It was a conversation. Is this a HIPAA violation with it being a personal email/conversation to the MD on his personal computer? Can it be removed from a patient's portal/EMR if it was sent as a phone message? Software support told the patient they can delete it from the message area of the portal. But the patient would like to know if they delete it, will it still show in the backgroun on the EMR?