Joint Commission Now Allows Texting Of Orders

For a long time, it was common for clinicians to share private patient information with each other via standard text messages, despite the fact that the information was in the clear, and could theoretically be intercepted and read (which this along with other factors makes SMS texts a HIPAA violation in most cases). To my knowledge, there have been no major cases based on theft of clinically-oriented texts, but it certainly could’ve happened.

Over the past few years, however, a number of vendors have sprung up to provide HIPAA-compliant text messaging.  And apparently, these vendors have evolved approaches which satisfy the stringent demands of The Joint Commission. The hospital accreditation group had previously prohibited hospitals from sanctioning the texting of orders for patient care, treatment or services, but has now given it the go-ahead under certain circumstances.

This represents an about-face from 2011, when the group had deemed the texting of orders “not acceptable.” At the time, the Joint Commission said, technology available didn’t provide the safety and security necessary to adequately support the use of texted orders. But now that several HIPAA-compliant text-messaging apps are available, the game has changed, according to the accrediting body.

Prescribers may now text such orders to hospitals and other healthcare settings if they meet the Commissioin’s Medication Management Standard MM.04.01.01. In addition, the app prescribers use to text the orders must provide for a secure sign-on process, encrypted messaging, delivery and read receipts, date and time stamp, customized message retention time frames and a specified contact list for individuals authorized to receive and record orders.

I see this is a welcome development. After all, it’s better to guide and control key aspects of a process rather than letting it continue on underneath the surface. Also, the reality is that healthcare entities need to keep adapting to and building upon the way providers actually communicate. Failing to do so can only add layers to a system already fraught with inefficiencies.

That being said, treating provider-to-provider texts as official communications generates some technical issues that haven’t been addressed yet so far as I know.

Most particularly, if clinicians are going to be texting orders — as well as sharing PHI via text — with the full knowledge and consent of hospitals and other healthcare organizations — it’s time to look at what it takes manage that information more efficiently. When used this way, texts go from informal communication to extensions of the medical record, and organizations should address that reality.

At the very least, healthcare players need to develop policies for saving and managing texts, and more importantly, for mining the data found within these texts. And that brings up many questions. For example, should texts be stored as a searchable file? Should they be appended to the medical records of the patients referenced, and if so, how should that be accomplished technically? How should texted information be integrated into a healthcare organization’s data mining efforts?

I don’t have the answers to all of these questions, but I’d argue that if texts are now vehicles for day-to-day clinical communication, we need to establish some best practices for text management. It just makes sense.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.


  • As the CMIO of our hospital, we have a few more hurdles to get this working.
    1. We need to get approval from the State Board of Pharmacy, as there are laws about it that have to be amended.
    2. Similar with the State Board of Nursing, about readback and confirmation of order. Yet another hurdle.
    3. Storing the actual text in the patient chart is nearly impossible in our situation as we use Cerner as our EHR and Imprivata Cortext as the secure texting solution. We can store the text, but it won’t be attached to a record. Not sure how that will fly with everyone.
    4. Simple orders are fine, but we have those that push it and we can see problems with complex orders and large order sets.
    All in all, the physicians are all for it, but we have a number of hurdles prior to getting anywhere near that possibility.

  • I would think that each and every order should automatically be passed on to the patient’s EHR records as it is being processed; that’s the only way to make sure the record is complete. I understand what meltoots is saying, but to me this is far too dangerous without such a link. Having said that, I’d feel a lot better if the provider was using a secured remote access to the EHR to issue the order, not a separate texting app.

  • Everything sounds good if the Physician has to do all the data entry. But we get many easy one time “orders” that can be solved efficiently and safely by secure texting communication. Can we remove the Foley on Mr John Smith in Room 533? Why do I have to stop what I am doing, do some fancy minutes long remote access to the EHR, find the patient, Find the order, execute the order, etc. When its just as easy to say, “Yes, pull the Foley” and they confirm the order and I say yes again. We should not be the data entry person. There is nothing perfect out there, but physicians are nearly damaged beyond repair with the current state of EHRs and all the clerical duties piled on us, along with transcription, pharmacy, IT support, counting numerators, denominators, attesting, clicking, logging in and out, being measured to death with sketchy data, rated online, you have to do this now and that extra steps because someone thinks its a good idea. Please give us a break.

  • As per your example; nurse puts in a request for an order into the EHR; it transmits to the app on your smartphone, you look, you pick YES or NO, the order is either cancelled or properly entered into the EHR. Takes minimal ‘effort’ on your part except for the decision itself – just logging in to the secure app to see the actual message, and tapping the correct button, and perhaps a ‘confirm’ button’. Solves both problems. Of course, the EHR would have to support this.

Click here to post a comment