Datica Blog

Joint Commission Allows Secure Texting

Travis Good, MD

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

May 11, 2016

In last month’s edition of the Joint Commission Perspectives, the Joint Commission ended its ban on text messaging for healthcare providers, reversing its 2011 prohibition for these recognized healthcare entities. Effective immediately, healthcare professionals may text patient care directives through a secure, compliant text messaging platform. The passageway to innovate and invest for healthcare stakeholders, primarily EHR software developers and product managers, has been opened once again. This ruling not only will significantly increase accuracy and remove the necessity of phone calls, faxing or direct communication, but leads to the heavily desired streamlined clinician order process. The Joint Commission is finally embracing modern technology, and these updated regulations permit customers like ours to freely produce, promote, and integrate their secure text messaging solutions.

First issued back in 2011, the Joint Commission text messaging ban was caused by a response posting to the FAQ section regarding the previously prevalent communication tool. “[I]t is not acceptable for physicians or licensed independent practitioners to text orders for patients to the hospital or other healthcare setting. This method provides no ability to verify the identity of the person sending the text and there is no way to keep the original message as validation of what is entered into the medical record.” Without a specific policy in opposition to electronic communications, the comment sparked the Commission to highlight concerns regarding the shortcomings of text message privacy, security, reliability, and record retention. That spark led to combustion, placing a texting ban on clinical orders for all Joint Commission accredited entities. Despite the outlaw, various studies report that by permitting the texting of clinician orders within health systems, hospital efficiencies could significantly increase, leading to reduced lengths of care.

Communicating orders through a text messaging medium is a far more suitable solution than the most common alternatives. Secure texting should not only be allowed, but it should be ensured for the sake of patients and their data. While clinicians have continued to adopt new technologies and applications personally, the majority of EHRs have propped up the legacy of DIRECT message solutions, a government-led project commenced in 2010. DIRECT is an asynchronous apparatus that frequently resembles a traditional email inbox. DIRECT contrasts completely with an ever-evolving generation of mobile-first messenger products. Even further inconvenient and obsolete is verbal communication, which must have the associated risks highly considered. The Joint Commission has attempted to safeguard verbal orders by permissing only if the receiving party “reads them back” to confirm. Nevertheless, this is nowhere near safe nor secure. In reality, it is nothing more than a game of “telephone” shrouded in misconceptions that will affect patient lives. When it comes to communication alternatives, the pros heavily outweigh any cons. There are just too many pieces that can go awry, so why would anyone now take those risks with fast, convenient, accessible secure text messaging solutions?

Noting an emphasis on “secure” and other data security functionalities, the Commission stated its previous concerns could be satisfied by meeting certain requirements, even when texting from personal devices. Therefore, practicing clinicians practicing within accredited institutions may now text orders when the following criteria have been fulfilled:

  • Secure sign-on process must be incorporated
  • All messaging must be encrypted
  • Delivery and read receipts included in the platform
  • Messages require a date and time stamp
  • Sanction to customized message retention time frames
  • Include a specified contact list of authorized individuals

The Joint Commission is in the process of evaluating whether to further outline secure text messaging expectations, policies, and procedures for accreditation guidelines. However, healthcare entities are currently advised to tackle additional initiatives:

  • Develop evidencing documentation of the platform’s secure text messaging capabilities
  • Further define when text orders are appropriate
  • Constantly monitor texting order frequency
  • Gauge texting policy and procedure compliance
  • Create a risk management strategy and complete a risk assessment
  • Conduct training for staff, licensed independent practitioners, and other practitioners on applicable policies and procedures.

In an age of growing cybersecurity attacks, this maneuver made by the Joint Commission is pivotal. To showcase that while security threats thrive, standards and rule-setting organizations must be willing to integrate innovative technologies into previously instituted workflows to enact a proactive and considered security strategy. To be appropriately cliché, keep calm and text on.

Questions? Reach out to us directly, tweet us, or provide us your contact information to the right. We’ll solve your problem so you can focus on your solution.

Earlier

4 PHI Marketing Special Cases

Under the Omnibus Rule, learn about four special cases for making use of PHI in marketing efforts.

Next Post

Announcing Change Agent, Datica's Medium Publication

Since Datica’s beginning, a core belief has revolved around the importance of transparent, free, readily available content. That is why we write about what we learn. That is why we have open sourced our company policies] and made our Business Associate Agreement publicly available.