Joint Commission Ban on Secure Messaging for Orders Remains in Place

The Joint Commission on Accreditation of Healthcare’s (Joint Commission) ban on the use of secure text messaging platforms for patient care orders will remain in place, according to its December newsletter.

In April 2016, the Joint Commission took the decision to allow the use of a secure texting platform for sending orders. The ban was not totally lifted, as the Joint Commission required certain components to be in place and certain standards to be followed to ensure patient safety was not placed at risk.

The ban was originally put in place as SMS messages were not secure. It was also not possible to verify the sender of a message nor for original message to be retained for auditing purposes. Since the original ban was introduced, a number of companies developed secure text messaging platforms that incorporated all of the necessary security features to ensure messages could not be intercepted.

Those messaging platforms also allowed the identity of the sender to be verified, ensured that messages were retained for auditing purposes, and a slew of other privacy and security controls were incorporated to ensure compliance with the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.

The advances made in secure text messaging technology led to the decision to lift the ban, which was announced in the May perspectives newsletter. Then in July 2016, the Joint Commission reversed its decision and reinstated the ban, calling for further guidance for healthcare organizations due to concerns over patient privacy.

Guidance for healthcare organizations on the use of secure text messaging platforms would be developed in collaboration with the Centers for Medicare & Medicaid Services (CMS). Those guidelines were expected to be released by September this year.

However, the Joint Commission said in its December newsletter that its position has not changed and the ban is to remain in place, although it will continue to monitor the advances in secure texting technology and may update its position in the future.

In the meantime, CMS and the Joint Commission continue to ban the use of unsecure SMS messages and secure messaging platforms for sending patient care orders, although clinicians are permitted to use HIPAA-compliant secure messaging platforms to send messages to each other.

The decision to further delay the lifting of the ban on secure text messaging for orders is due to the Joint Commission still having a number of concerns over privacy and security.

The preferred method for sending orders is a computerized provider order entry (CPOE), as this method allows providers to directly enter orders into their electronic health record system.

The Joint Commission says, “CPOE helps ensure accuracy and allows the provider to view and respond to clinical decision support (CDS) recommendations and alerts. CPOE is increasingly available through secure, encrypted applications for smartphones and tablets, which will make following this recommendation less burdensome.”

If a CPOE is not possible, orders can be communicated verbally, but not by SMS message or even a secure messaging platform. The Joint Commission said, “After extensive discussion weighing the pros and cons of using secure text messaging systems to place orders, the Joint Commission and CMS have concluded that the impact of secure text orders on patient safety remains unclear.”

The Joint Commission also believes the use of an additional method of transmitting orders may increase the burden on nurses to manually enter the orders into the EHR. It was also pointed out that transmission of verbal orders allows synchronous clarification and confirmation of orders in real time, and if alerts or a CDS recommendation is triggered during the order process, an individual manually entering the order into an EHR may need to contact the ordering practitioner to request further information.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.