The medical office mentioned in the previous post called me back, and they are working on figuring out why I was getting email meant for a patient with the same name as me.

My best guess is that her email address is very, very similar to mine and that there was a typo or a transcription error somewhere. For example, maybe her email address is at instead of a similarly spelled and more well-known email provider? Or perhaps she normally includes a middle initial in her email address? It’s even possible that her last name has some sort of misspelling that was introduced when her ancestors moved to the US, and a staffer familiar with Polish names corrected it without thinking.

In any event, email ended up in my inbox instead of hers.

So I was thinking: What could a medical office do to verify patient email addresses without violating anyone’s privacy? Medical offices don’t build their own IT systems from scratch. Whether it’s a large organization that uses something like Epic or a smaller office that relies on a simpler tool, there is a third party involved. So really it is these third parties that need to implement the solution to this problem.

Here are my ideas.

  1. This case assumes that most patients who want to sign up for the email reminder system also carry smart phones around with them. The medical office would collect the patient’s email address on the intake forms (as well an whatever opt-in approval is necessary). While the patient is waiting for the appointment and/or seeing the provider, the staff would enter the patient’s email address into the system. The system would send an email to the patient that says something along the lines of, “Your medical provider uses [name of this service] to send appointment reminders and other messages to patients. To confirm that you wish to receive these messages at this address, please give the front desk staff the code [SOME-CODE-GOES-HERE].” The email wouldn’t say which medical office it was, so an incorrect recipient wouldn’t learn anything about the patient other than that person has gone to some medical office somewhere. The staff could then ask patients on the way out if they received the code and then enter that into the system to confirm the email address. If something goes wrong, they can work together to fix it before the patient leaves. If the patient doesn’t have a phone with them, they could call the office later with the code; an incorrect recipient wouldn’t know which office to call.

  2. The other situation that I thought of is a little bit trickier because the medical office also needs to make sure that random people are not just signing up pretending to be patients and trying to get unauthorized access to patients’ information. The office would give the patient a card with a URL (something easy to type or else explain where the link is on the practice’s web page) and a code. The patient would enter their email address and the code from the medical office; this confirms that the person using the system really is a patient. The system would email the patient (again, with a generic email that’s roughly similar to the one that I described above) a second code, which needs to be entered onto the page; this confirms that the email address belongs to that patient. This is annoying and convoluted—and it’s likely to reduce the number of people signing up for the system—but it will prevent mix-ups.