“The 411 On Using Text Messages To Issue Physician Orders”
Law360 09/08/16 Sarah E. Coyne, Jon R. Kammerzelt
Imagine ripping the smartphone from the clenched hand of your teenager and telling her that instead she was going to have to schedule her weekend plans with friends by tapping out Morse code or penning a letter to be sent via carrier pigeon. We imagine that this is similar to the way the electronically connected young residents of today feel when they enter their first clinical rotation and are told they must abandon their smartphones in favor of email, medical record notations or (gasp!!!) the telephone. Thankfully (at least for the residents' sake), much like the printing press, the typewriter and the telegram, the rigid adherence to outdated technology in hospitals is about to be a thing of the past.
We know that the road of texting clinical information in hospitals is a long and winding one, and we are here to help you navigate. The bottom line is that we are waiting for guidance from the Joint Commission and the Centers for Medicare and Medicaid Services that will come in the form of FAQs. So, although we are very close to coming out of the dark ages, hospitals may wish to wait a bit longer before texting their entire medical staff a little "thumbs up" emoji on this subject.
Texting orders has all the best advantages and all the scariest disadvantages of transmitting clinical information in general — so let's take a step back and look at that bigger picture. Most hospitals disallow texting of any clinical information, at least according to their policies, which were probably written before the latest round of technological advances and which were certainly written without the benefit of the forthcoming guidance, given that it has not yet come forth. However, whether or not hospitals actually allow physicians and other clinicians to text regarding clinical care, it is certainly happening.
Why is texting prohibited in so many clinical settings when there are such clear advantages? For example, communicating by text is fast, efficient, likely to reach its target, does not necessarily depend on cell service or internet connection, does not require being near a desk or an office, and is not likely to get lost in a junk filter. When a physician needs to know if a patient has regained consciousness in the post-anesthesia care unit or whether a medication has arrived from pharmacy, an extremely effective way of finding out includes sending a text message.
Some of the downsides of texting in the health care workplace are obvious — the information may remain on the device indefinitely and without appropriate security, can be easily misdirected, and the content of the messages is not controlled by the organization's security officer or usually even the IT department. Other downsides are not as obvious, at least not to the readers out there who are not "Health Insurance Portability and Accountability Act geeks" (a term of endearment).
Any communication between clinicians that has to do with clinical care is arguably part of the patient's "designated record set" or legal medical record. To the extent that it is part of that record, the patient has rights of access and rights to request amendment. Moreover, the texted communications must be part of the organization's required ongoing risk analysis to identify gaps in security (risk of loss of the device, misdirection of the text, hacking, etc.) The carrier for the texting platform must be evaluated to determine whether it is a "conduit" only such that a business associate agreement is not required. For all of these reasons, many hospitals have prohibited the use of text as a means of communication.
All of these same advantages and disadvantages apply to texting orders, along with additional considerations. For example, hospitals and physicians attempting to "meaningfully use" electronic health records (to avail themselves of incentive payments and avoid reimbursement deductions from the federal government) must use computerized physician order entry (CPOE) technology. Orders by text would have to fit the structural parameters of the entity's electronic medical record. If such orders are necessarily submitted as free text rather than structured orders as part of the CPOE, there could be an increased margin for error.
Advantages and disadvantages aside, health care practitioners, administrators and compliance officers (and, cough, health lawyers) have been struggling with whether texting orders is legal and acceptable from an accreditation standpoint. And for good reason. This road has taken a number of crazy twists and turns. For example, one way to summarize the history of the Joint Commission's position on texting orders is:
- Up until 2011: "What is texting?"
- 2011: "No texting!"
- May, 2016: "You will be able to text if you use a secure platform."
- July 2016: "No, no, no, you cannot text until you get guidance from us, along with our good friends at CMS. Hold your horses until September!"
On July 26, 2016, the Joint Commission announced a decision to delay the ban removal on physician order texting (got that?). This announcement came a mere few months after the Joint Commission had announced that for all accredited providers, physician order texting would be permissible so long as a secure platform was used.
CMS and the Joint Commission plan to release joint guidance (purportedly sometime this month) to ensure consistency between the accreditation standards and the Medicare conditions of participation on this issue. The guidance will contain a set of FAQs. The ultimate goal is to lift the ban and allow hospitals (and other organizations) to use secure text messaging to transmit orders.
The guidance is likely to address certain gaps in the regulatory and accreditation landscape on the issue of texting orders. For example, the guidance will presumably address the differences in order types and perhaps identify certain categories of orders that should not be issued by text. The guidance will hopefully address the myriad requirements of counter-signature if the order is issued by a nonphysician practitioner. The guidance will also hopefully expand on the previously articulated minimum requirements for a "secure" texting platform.
Previous Joint Commission guidance has addressed certain minimum elements of the platform that would facilitate security and privacy of the texted orders: (1) a secure sign-on process; (2) encrypted messaging; (3) delivery and read receipts (side note: Do you ever wonder what happens if you say "no" to one of these things?); (4) date and time stamp; (5) customized message retention time frames; and (6) a specific contact list of individuals authorized to receive and record texted orders.
Once the guidance issues and the ban lifts, hospitals and other entities will have comfort from a regulatory and accreditation standpoint, but must still rigorously operate within the confines of HIPAA and parallel state laws, and with vigorous attention to patient safety.
In the interim, hospitals and other entities would be well served to internally audit compliance with applicable TJC standards: MM 04.01.01 (medication orders), IM 02.01.01 (privacy of protected health information), IM 02.01.03 (security and integrity of protected health information), IM 02.02.01 (abbreviations), and RI 01.01.01 (patients' rights to privacy). Hospital policies addressing these standards or parallel provisions of the conditions of participation will need to significantly update their policies after the guidance is released.
Another preparatory step for health care entities is to update the HIPAA-required risk assessment to include the use of texting through a secured platform. The Joint Commission also recommends developing and training on policies specific to texting. Hopefully, physicians will be clearer in their texts than the three young daughters of one of your authors, who write things like "IDK! GTG! BRB!" — which would not be extremely informative for the individual receiving the order, unless that individual happened to be 17 years old.