Editor's Corner

I'm delighted to hear that doctors are taking e-care seriously (see below). Like most of you, I've been online for more than ten years, so my attitude is, "Hey, it's about time!"

However, if I were advising a smaller medical practice, I still might not recommend that they jump on board. Offering email-based care sounds great and certainly offers consumers a great deal of convenience, but implementing such a service is trickier than it sounds. Lots of questions come up. Should practices roll out their own Webmail system, and if so, how do they figure out how much to spend? Should they pay for their own development work, or find an ASP offering e-care services? What kind of investments are reasonable? And perhaps most importantly, given HIPAA issues, how do they judge whether security is strong enough without a full-time IT staff member on board (as is so often the case)? Given these types of issues, it's certainly no surprise that smaller practices are still behind on most types of IT adoption.

I don't know about you, but I send standard, unencrypted email to doctors whenever I get the chance. The thing is, I know it goes out in the clear, and govern myself accordingly. I'll wager that most consumers--and doctors--aren't aware that their intimate medical conversations could be sniffed, read and distributed. Doctors might include privacy warnings in each and every email communication they send out, but consumers might very well tune them out.

Given these problems, I expect to see an e-care security breach give rise to a HIPAA suit before e-care matures as a service. (Any attorneys reading this? What do you think?) - Anne