The state of secure messaging

Aug. 30, 2016

Earlier this year, The Joint Commission announced that it planned to lift a ban on texting patient care-related orders, citing an increase in secure texting options. Fast-forward to the non-profit agency’s recent statement that it was delaying the move – The Joint Commission stated that it will collaborate with the Centers for Medicare & Medicaid Services (CMS) to further strengthen guidance, which it expects to release by September.

This recent decision, which signals that the first set of provisions didn’t adequately address the nuances of communicating a medical order via secure texting, is a wise one. Still, even once more detailed guidelines are available and the texting ban is lifted, health systems should avoid taking a “check the box” approach to choosing a secure texting solution. Doing so could strand their organizations with a solution that doesn’t meet long-term needs and creates a whole new set of challenges.

Beyond secure texting

EHRs and Meaningful Use offer an all-too-recent example of what not to do when it comes to compliance and clinician workflows. Although EHRs fundamentally changed the way healthcare is delivered on a daily basis, selection criteria was based largely on a solution’s ability to meet and attest for Meaningful Use thresholds, rather than the ability of the product to meet those requirements in a manner that engaged and improved provider workflow. How the solution would end up affecting day-to-day workflow was a lesser consideration – and a costly mistake for many. Healthcare organizations that take a similar approach in choosing a communication solution – that is to say, focus almost solely on complying with secure texting mandates – could end up learning a comparable lesson.

While texting patient care-related orders introduces unprecedented convenience and speed, secure texting on its own doesn’t prevent the communication misunderstandings that drive the majority of medical errors. Simply encrypting a texted order or including a date and time stamp – both requirements included in The Joint Commission’s previous set of guidelines – doesn’t assure the order will go to the right person at the right time, or even that it will be properly carried out by the person receiving it. In short, secure texting of a medical order is not the same as revamping the order workflow to help speed the patient’s outcome.

The good news is that hospitals and health systems can achieve these goals using secure texting as one of the mechanisms – but not by downloading a solution from an online app store that claims to meet a series of compliance requirements. Instead, progressive healthcare organizations are adopting a holistic enterprise communication platform that adds all the convenience of smartphones and texting, while strengthening communication between care team members.

Healthcare is inherently collaborative – a dynamic that communication between care team members should foster. A standalone texting solution that doesn’t support all types of communication or work in seamless concert with other devices and systems is just one more island – an isolated component to work around in the hospital. No doubt it offers convenience, but only within the narrow confines of a particular moment or experience.

By contrast, an enterprise communication platform enables an unbroken flow of communication about a patient from one care setting to the next, especially during the most urgent minutes or hours. Such a solution allows caregivers to effortlessly collaborate across devices and interactions, using smartphones, tablets, PCs, or the voice-activated, hands-free communication badges that are so popular in many hospitals.

Importantly, an enterprise communication platform should also connect care team members to the data and systems that make up their daily workflow.

Three fundamental planks of texting a medical order 

The intention behind secure texting is to help hospital staff provide efficient care. But just firing off a text to a group of people isn’t sufficient. If it’s a medical order, it must have a mechanism to facilitate interaction. This is essential for texting an order to the right person at the right time that will be addressed in the right way.

As such, an enterprise communication platform should include three key capabilities for texting:

  1. A continuously updated master directory that identifies who is authorized and available. This insight can mean the difference between a texted order for pain meds that is carried out within 10 minutes and one that drags out for half an hour, or even longer.
  2. A structured template to text the order. Such a template will provide response options to assure the order was received by the right person, has all the required information, and is correctly interpreted.
  3. Connections to other systems. This interoperability provides key contextual data about the patient, while creating a record of the order so that care team members stay on the same page about a patient’s current condition.

Note that none of these capabilities were included in The Joint Commission’s prior guidelines for secure texting – and they may not be highlighted in the next. This gap illustrates why taking a narrow, compliance-centric approach to secure texting is inadvisable. Instead, hospitals should expand their secure texting solution criteria to include how well the technology does or doesn’t facilitate a smart workflow for communication.

That said, safeguarding patient data is paramount.

Mid-grade safety

The plain reality is that, even in the absence of The Joint Commission’s official permission to text patient orders, it’s happening anyway. It’s simply too convenient of a way to quickly send and receive information about patients. Of course, without institution-wide adoption of security measures, this practice is also a quick way to make patients vulnerable to a devastating breach of their personal health information – or, with the emergence of ransomware and the resulting shutdown of critical IT systems, something even worse.

As such, we can expect that The Joint Commission may add to their guidelines for secure texting. Many texting vendors will claim to meet these guidelines, but hospitals and health systems need to seek concrete evidence that these vendors really understand and are addressing today’s security threats. Vendors should meet a high bar when it comes to proving security, beginning with showing proof of government and commercial security-related certifications and passed third-party audits. They should also employ an enterprise communication platform, which unlike a single texting app, can support adoption of security best practices across the hospital, regardless of device.

We are all excited about the potential to securely text orders to speed up communication. When doing so within an enterprise communication platform, hospitals can also enjoy the benefits of institution-wide patient data security and smarter collaboration among team members. That’s one change that hospitals will be happy with for years to come.