Dedicated to providing the latest
HIPAA compliance news

Joint Commission Ends Ban on Clinician Text Messaging

Share this article on:

For the past five years the Joint Commission has banned the use of text messaging by licensed independent practitioners (and other practitioners) due to security risks. That ban has now been lifted with immediate effect, although there are conditions.

Test messaging is permissible, although only if a secure text messaging platform is used. Furthermore, that secure text messaging platform must meet the following criteria:

  • The text messaging platform must incorporate a secure sign-on process
  • All text messages must be protected by end to end encryption
  • The platform must incorporate read and delivery receipts
  • Messages must include a date and time stamp
  • The platform must incorporate a contact list of individuals authorized to receive and record orders, and
  • The platform must allow customized message retention time frames to be set

Standard text messaging is still prohibited as encryption is not used, there are no authentication controls to ensure that only the intended recipient can view the messages, and original messages cannot be retained in order to validate information entered into medical records.

TigerText CEO Brad Brooks has previously called for a lifting of the Joint Commission ban on text messaging by practitioners. After reading the announcement, which was published in May 2016 Perspectives newsletter, Brooks said “We welcome the Joint Commission’s pronouncement to allow physician orders through secure texting.”

When the ban was implemented there were few options available that allowed sensitive data to be transmitted securely. However, there are now a number of secure messaging platforms which offer all of the necessary controls to ensure that PHI is not accidently disclosed to unauthorized individuals and remains secure at all times.

The Joint Commission will be “assessing the need to further delineate the expectations for secure text messaging platforms and policies and procedures for texted orders within the accreditation standards;” however, in the meantime providers have been advised to ensure:

  • An attestation is obtained that documents the capabilities of the secure messaging platform
  • Policies are developed that stipulate when text orders are appropriate and inappropriate
  • The use of text messaging is monitored to determine how frequently the service is used for orders
  • Compliance with policies and procedures covering the use of text messages is assessed
  • A comprehensive risk assessment is performed
  • A risk management strategy is developed, and
  • Staff and practitioners receive training on policies and procedures covering the use of secure text messaging platforms.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On