Patience With Portals: Balancing Convenience and Compliance

  • March 11, 2026
  • Deborah Kichler, RN, MSHCA

Since the COVID pandemic, there has been a significant increase in electronic communications between patients and providers. From virtual visits via computer screen to email and text messaging, physicians and patients are now experiencing the “new normal” of patient care. 

However, physicians need to be mindful of liability risks when communicating with patients electronically.¹ Practices that use technology to store, access, or transmit protected health information (PHI) must comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and California’s Confidentiality of Medical information Act (CMIA) and Health and Safety Code §1280.18.² 

In the early 2000s, healthcare facilities began giving patients remote access to parts of their electronic health records, and in 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act further accelerated the adoption of electronic health information technology among practices and patients. By 2021, the 21st Century Cures Act Final Rule went further by requiring the immediate electronic release of test results and clinical notes upon patient request. While these advancements expanded access and aimed to increase patient engagement, they also introduced new risks for clinical practices.

Patient portals are accessed through secure, encrypted websites that require a user login and password. Patients can sign in at any time to view their health information and medical records. These portals enhance communication, improve information availability, and support better care management for both patients and physicians. Patients can review test results, visit summaries, medications, appointments, and educational materials. They can also pay bills, refill prescriptions, schedule appointments, complete forms, and exchange secure messages with their care team. These features help empower patients to better engage with their healthcare and adhere to treatment plans. Benefits include: 

  • 24/7 access to health information
  • Convenient appointment scheduling with automatic reminders
  • Easy access to test results
  • Secure messaging with healthcare team
  • Faster response to most patient questions

Physicians also can benefit from their patient’s use of the portal, including: 

  • Increased patient engagement, leading to better adherence to treatment plans, appointment attendance, and chronic condition management
  • Timely follow-ups and clear communication via secure messaging
  • Reduced administrative workload by minimizing phone calls for appointments, prescription refills and routine inquiries
  • Reduced no-shows with convenient scheduling options
  • More accurate patient information through electronic updates of personal details and completion of pre-visit questionnaires

Overall, patient portals can foster a collaborative healthcare environment that benefits both patients and physicians by improving access, communication, and health management.

Patient portals can also pose risks concerning privacy, security, communication, and workload. It is important for both patients and physicians to be aware of these potential issues.

For patients, risks include:

  • Misinterpretation or misunderstanding of medical notes and results
  • System downtime or technical issues
  • Information overload
  • Data breaches and unauthorized access
  • Lack of internet access

For physicians, patient portals can present challenges such as:

  • Increased workload due to a higher volume of messages and requests
  • Delays in reviewing and responding to patient messages
  • Patient misinterpretation of medical information
  • Overreliance on digital communication methods
  • Ensuring compliance with HIPAA regulations to safeguard patient data
  • The need for staff training and establishing effective portal management protocols

Appreciating the patient-centered benefits of portal usage and acknowledging the substantial impact on provider and practice workflows are critical for successful management of a patient portal.³ Physicians and practices should develop policies and protocols for portal usage that reduce potential risks.

Risk mitigation strategies should include the following:

1.Compliance and Legal Considerations

  • Ensure the portal software adheres to all relevant regulations, such as HIPAA.
  • Implement end-to-end encryption for data transmission and storage to safeguard PHI.
  • Conduct regular security audits and vulnerability assessments to identify and address potential risks.
  • Obtain and document patient consent for portal use and electronic communications.
  • Ensure that portal communications are recorded in the patient’s medical record.

Additionally, integrate digital care with in-person care by ensuring that practitioners have full access to the patient’s medical record when responding through the portal. Remember, an active audit trail will verify whether you reviewed the patient’s record before replying to their inquiry.

2. Clinical Communication and Workflow

  • Establish clear protocols outlining expected response times for messages.
  • Implement processes to effectively prioritize and delegate incoming messages.
  • Provide staff training on portal usage and documentation standards.
  • Incorporate portal discussions into in-person patient interactions.

3. Technical Reliability and Usability

  • Maintain regular system maintenance and back-ups to ensure reliability.
  • Offer technical support services for both patients and staff.
  • Design user-friendly interfaces that accommodate varying levels of digital literacy, minimizing errors, and promoting adoption.
  • Ensure accessibility for users with disabilities and compatibility across a wide range of devices.

4. Patient Education and Support

Patient portal user agreement: This agreement functions similarly to an informed consent, detailing how the portal will be used, the nature of non-emergent communications, associated benefits and risks, and the option to opt out.

  • Permissible Communication Topics. Define appropriate subjects for portal messaging, including communication with physicians or staff, obtaining test results, reviewing medical record notes, scheduling appointments, renewing prescriptions, and updating personal information.
  • Emergency instructions. Clearly instruct patients not to use the portal for urgent or emergency situations (e.g., mental health crisis) and provide guidance on appropriate emergency contacts.
  • Code of conduct. Establish guidelines prohibiting threatening, offensive, or inappropriate language within portal communications.
  • Access and Response. Explain who may access and respond to patient messages, such as members of the healthcare team and administrative personnel.
  • Response timeframes. Clearly communicate expected timelines for responses to patient inquiries.
  • Patient-Friendly Explanations. Provide explanations of medical terms, lab results, and clinical notes in language that is easy to understand.
  • Patient Acknowledgement. Require the patient’s signature on the Patient Acknowledgement and Agreement form.

Additionally, include detailed Instructions for setting up portal registration and provide contact information for technical support or troubleshooting.

5. Address Digital Divide

  • Offer alternatives for patients who lack internet access or digital literacy.

Patient portals provide significant advantages for both physicians and patients by improving communication and access to information. However, they also carry potential risks. To promote a safe and positive experience, it is crucial to establish clear policies and protocols.   

Deborah Kichler, RN, MSHCA, is a Senior Risk Management and Patient Safety Specialist. Questions or comments related to this article should be directed to DKichler@CAPphysicians.com.

¹“Electronic Communication with Patients: Patient Portals, Email and Online Advice.”  CMA California Physician’s Legal Handbook. April 2022, page 1.

²Ibid, page 1.

³Augustine Chavez, MD, Jesse Bracamonte, DO, et al. “High Volumes Portal Usage Impacts Practice.” Journal of the American Board of Family Medicine, May-June 2020; 33: 3-452.

Additional Resources:

Sara Berg, MS. “What doctors wish patients knew about using a patient portal.” American Medical Association. June 17,2022. https://www.ama-assn.org/practice-management/digital-health/what-doctor….

“Using and Managing Patient Portals.” ECRI, July 11,2024. (December 23, 2025)

Bryan D. Steitz, PhD; Robert W. Turer, MD, et al. “Perspectives of Patients About Immediate Access to Test Results Through an Online Patient Portal.” March 20, 2023. JAMA Network Open. 2023;6(3):e233572.