E-mail and peer review: Another urban myth?

There is a cable TV show called “Myth Busters” that examines the so called “urban” or technical myths that persist in our culture. These myths are often repeated stories that may have never been true or may have some basis in the past but need to be revisited.

The problem with urban myths is not that story persists, but that people continue to behave as though it is true. So how you destroy an urban myth? Just like on “Myth Busters,” you need to investigate.
I have worked with several clients recently to redesign their peer review programs, and the issue was raised regarding of the use e-mail for transmitting peer review documents such as committee minutes, case review rating forms, and inquiry letters. The common concern is that e-mail cannot be used to transmit these documents because one would lose peer review protection if anyone other than the intended party saw the e-mail. Is this is a real issue or an urban myth?

To determine the answer, we first need to look at the basis for protection from discoverability of peer review documents. While your state’s statutes determine the overall legal protection, your internal management of the documents defines whether there are any breeches in that protection. Internal protection comes from four means:
 

1. The source of the document
2. The authorization of the individual viewing it
3. The security of the method of transmission

The control of the document to prevent viewing by unauthorized individuals

The basic issues raised by e-mail relate to the security of transmission and control of the document. The source of the document, i.e. the peer review committee under the authority of the medical staff, is not any different. The authorization of the viewer, i.e. a peer review committee member or medical staff member receiving a letter of inquiry or findings, is the same as when the peer review committee uses hard copies.

The security of transmission is where the potential of the urban myth may first come into play. When e-mail was originally implemented, it was an unsecure system. However, with the implementation of Health Insurance Portability and Accountability Act (HIPPA) and the Health Information Technology for Economic and Clinical Health (HITECH) regulations over the past few years, and advances in encryption technology, most hospitals today have the ability to send and receive protected information. Most can also create password protected files for authorized individuals to access and view peer review documents from remote sites. If you are unsure of your IT capabilities, play "Myth Buster" by investigating whether your medical staff can transmit or access information securely from remote sites. An important component of an effective peer review system is using physicians’ time efficiently by creating the capacity for doing this work on their schedule at a convenient location. It will also improve the timeliness of the process.

The fourth means of protection, document control, is the one that concerns peer review and risk management staff the most. The concern is that through e-mail, one cannot account for all copies of peer review materials. The common practice is to bring these materials to meetings with numbered copies and collect them at the end. This raises two questions that require investigation:
 

1. How real is the concern that a peer review committee member will transmit these documents to someone outside of the peer review process? 
2. Are there electronic means to simulate this control?

The first question can be addressed by educating all peer review participants that sharing peer review information with people who are not involved in the peer review process puts the hospital and every individual involved at risk of losing peer review protections. The second issue may be addressed by investigating whether the hospital has the IT infrastructure to create “read only” folders, files, and web pages that will allow individuals to view but not print or save these documents.

So is it a myth that email is an unsecure way to transmit confidential information? It is a myth, as long as your organization has the proper protections in place.

As we move more into the age of the electronic health record, which makes chart review more convenient, we need to make the other aspects of peer review convenient as well. This may require some myth busting to get there.
 

Robert Marder, MD, CMSL, is the vice president of The Greeley Company, a division of HCPro, Inc. in Marblehead, MA.