HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Joint Commission Ends Ban on Clinician Text Messaging

For the past five years the Joint Commission has banned the use of text messaging by licensed independent practitioners (and other practitioners) due to security risks. That ban has now been lifted with immediate effect, although there are conditions.

Test messaging is permissible, although only if a secure text messaging platform is used. Furthermore, that secure text messaging platform must meet the following criteria:

  • The text messaging platform must incorporate a secure sign-on process
  • All text messages must be protected by end to end encryption
  • The platform must incorporate read and delivery receipts
  • Messages must include a date and time stamp
  • The platform must incorporate a contact list of individuals authorized to receive and record orders, and
  • The platform must allow customized message retention time frames to be set

Standard text messaging is still prohibited as encryption is not used, there are no authentication controls to ensure that only the intended recipient can view the messages, and original messages cannot be retained in order to validate information entered into medical records.

TigerText CEO Brad Brooks has previously called for a lifting of the Joint Commission ban on text messaging by practitioners. After reading the announcement, which was published in May 2016 Perspectives newsletter, Brooks said “We welcome the Joint Commission’s pronouncement to allow physician orders through secure texting.”

Please see the HIPAA Journal Privacy Policy

When the ban was implemented there were few options available that allowed sensitive data to be transmitted securely. However, there are now a number of secure messaging platforms which offer all of the necessary controls to ensure that PHI is not accidently disclosed to unauthorized individuals and remains secure at all times.

The Joint Commission will be “assessing the need to further delineate the expectations for secure text messaging platforms and policies and procedures for texted orders within the accreditation standards;” however, in the meantime providers have been advised to ensure:

  • An attestation is obtained that documents the capabilities of the secure messaging platform
  • Policies are developed that stipulate when text orders are appropriate and inappropriate
  • The use of text messaging is monitored to determine how frequently the service is used for orders
  • Compliance with policies and procedures covering the use of text messages is assessed
  • A comprehensive risk assessment is performed
  • A risk management strategy is developed, and
  • Staff and practitioners receive training on policies and procedures covering the use of secure text messaging platforms.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.