May 2017
Is Texting Physician Orders 2G2BT?
By Kayla Matthews
For The Record
Vol. 29 No. 5 P. 18
First it was banned, then it was given the green light. Now, it's been banned again. What's the future look like for text messaging PHI in a health care environment?
Text messaging has become so ingrained in our daily lives that it's hardly a surprise the communication tool has made its way into the medical industry. While text messaging holds promise to improve care processes, it also is a major privacy concern with skeptics concerned about the consequences of physicians and nurses text messaging physician orders and other protected health information (PHI) on a regular basis.
While the practice was initially banned in 2011, it was permitted again in May 2016, with the thought that technology had advanced enough to allow for completely secure text messaging. Then, in December 2016, the practice was once again banned, with federal officials saying more time is needed for secure implementation.
Is banning the practice of text messaging PHI the best idea, or are there merely a few hurdles that need to be cleared before it can be implemented?
Why Was Secure Text Messaging Banned?
The use of secure text messaging was banned in 2011 due to a lack of usable security protocols. The text messaging applications were unable to verify the sender or store information as a record.
Additionally, any information from a text message had to be manually entered into the patient's EHR. Information and care orders being sent by text message are difficult to verify, and there's the potential for patient information to be compromised or lost, or care orders to be incorrectly received or carried out based on a text message. It also was too difficult to verify that the person sending the orders was indeed the attending physician.
The ban was lifted briefly in 2016 but then reinstated a few months later. The Joint Commission determined that more information was needed before a secure text-messaging program could be successfully implemented.
Secure Text Messaging Challenges
Before regaining the trust of The Joint Commission, the secure text messaging of PHI presents health care organizations with several issues, including the following:
• Identity verification: For the concept to be viable, a mechanism must be in place to verify the identity of both the sender and the recipient to ensure the information is going to the correct person.
• Message encryption: Messages sent on the system must be secured through the highest level of encryption.
• Message archiving: Messages should be archived on the device when possible and in the patient's EHR.
• Secure facility-specific contact lists: Users should not be able to add or delete contacts.
• Accuracy: Transferring the information from text messages to a patient's EHR leaves the information open to potential transcription errors. With some industry sources estimating an average of 80% of all medical bills contain errors, accurate information transfer or transcription is essential.
It can also be argued that requiring nurses to manually transfer or transcribe information from a text message adds to their already significant workload, making their busy days and nights that much more difficult. Also, skeptics have raised concerns about potential treatment delays in cases where nurses or other health care professionals must text the physician to clarify an issue.
Matthew Werder, chief technology officer at Hennepin County Medical Center in Minnesota, says the challenges are nothing out of the ordinary. "Because the market is still maturing and new players enter the market regularly, challenges are inevitable, but they are being overcome as the technology features are fine-tuned," he says. "The good news is that there are numerous options, so while it may take some time to make a good choice, it is actually rather exciting to have so many good options to consider."
Finding Answers
Once the challenges have been identified, how can they be overcome? Is it possible to create a secure text messaging system that protects patient data while still being functional? According to The Joint Commission, the following is a rundown of problems and their possible solutions:
• Identity verification is one of the easiest questions to answer. Most new commercial smartphones are equipped with fingerprint scanners. Pairing a fingerprint scan with a unique alphanumeric password can both secure the device and be used to verify the sender and/or recipient's identity. These passwords should be changed on a random but regular basis.
• Message encryption should be included on both the sender's and recipient's devices, and wireless transmissions must have the highest level of encryption possible. While encryption can be applied individually, employing a security or encryption specialist may achieve better results.
• A message archive should be kept for a specific amount of time as determined by an administrator. The archive must be kept on record in the patient's EHR and deleted only after either a specific amount of time or at the administrator's discretion.
• The contact list should be facility specific and incapable of being edited or altered.
• Patient data transferred from a secure text message to an EHR must be accurate. Some form of quality assurance must be performed before the PHI is submitted to the patient's EHR. If the facility opts not to use transcriptionists or other HIM professionals, it's possible to implement technology that can transfer PHI directly from a phone to a patient's file.
"Any new solution such as secure text messaging requires the application of a comprehensive communications strategy," Werder says. "I personally underestimated the strength of the richness of the pager culture, which has stood the test of time and remains a highly reliable and cost-effective communication solution. Secure texting—like earlier advances—merits a broad view of the benefits it offers to improve enterprise collaboration. Otherwise, it will face some resistance, as previous advances did, because some will view it as unneeded change. In my experience, the technologies on the market today are very intuitive and require little training. Depending on the institution, various policies may need to be modified to establish the guardrails for effective communication through text messages."
Privacy Concerns
Text messaging in a health care environment raises security questions, mostly due to the nature of the messages, the majority of which are anonymous and impersonal, and can be sent by anyone with a phone. Even after health care organizations have taken steps to secure the transmission of text messages, security lapses can occur. For example, text messages may be directed to the incorrect party.
"It is important for the health care industry—particularly organizations like The Joint Commission—to recognize that secure, ephemeral, and compliant messaging platforms mitigate modern cyber threats, which are increasing in frequency and complexity," says Galina Datskovsky, PhD, CRM, FAI, CEO of Vaporstream. "An example of one of these threats is mobile ransomware, a recent trend gaining popularity that targets vulnerable SMS communications, which 95% of health care workers use when they don't have a secure solution available.
"To address the threats head-on, organizations should not only embrace but also require the implementation of secure messaging platforms to collaborate between care giving teams, physicians, specialists, pharmacists, payers, and the patient, since they are specifically designed to utilize text in a HIPAA-compliant manner. These platforms leverage the convenience of mobile text messaging while ensuring the protection of PHI, personally identifiable information, and internet protocol, and seamlessly integrate with EHR systems to streamline workflows and compliance. Once that hurdle is removed, it is important to simplify rollout and integrate into all existing systems to accelerate adoption and increase participation."
Benefits
Secure text messaging would seem to have a place in the near future of health care. For example, in a fast-paced environment, such as an emergency department, a quick text message can be an ideal platform to keep physicians and nurses in touch with each other.
"Secure text messages that are immediately and automatically routed to the correct care team member for the particular clinical situation at hand allow care team members to easily communicate and collaborate without the needless disruption that 'blind' phone calls/pages create—forcing physicians and nurses to answer calls even if the correspondence is not urgent in nature," explains Michelle McCleerey, PhD, MA, MEd, MBA, RN, vice president of product management at PerfectServe.
As more vendors target solutions, the push to allow PHI in text messaging will likely grow much stronger, she says. "Given that there are cloud-based secure messaging vendors that have assumed and overcome the challenges of archiving and documenting PHI from text messages, the benefits of text messaging far outweigh any obstacle it would pose to a health care organization," McCleerey says. "These types of intelligent messages alleviate the need for care team members to search and struggle for the right individual to contact, prevent the wrong individual from being contacted, and eliminate the patient care time wasted waiting for a return call—all of which significantly delay patient care and degrade the patient experience."
Moving away from and supplementing traditional communication methods has improved workflow at Hennepin County Medical Center, where staff have found text messaging to be effective for mass alert notifications, patient throughput problem solving, quick questions, and patient status updates. "Secure text messaging brings the opportunity for improved collaboration among caregivers and the extended care team," Werder says. "Traditionally, communication among nurses, physicians, support staff, and others utilized and still use a plethora of technologies, from pagers to overhead announcements. At Hennepin County, we are fully embracing secure messaging for our health care system to improve collaboration and communication pathways among our care teams."
Work to Be Done
Throughout the business world, text messaging has become a common, convenient communications tool used to keep colleagues connected throughout the day. While text messaging can be just as useful in a medical setting, steps must be taken to ensure patient information is protected before, during, and after transit.
The Joint Commission is in the process of researching and determining the best way to implement secure text messaging in a health care environment. Once a secure system can be ensured, experts believe it may have a significant impact on patient care. However, until issues concerning data security can be resolved, the prospect of health care professionals exchanging patient data via text remains just out reach.
— Kayla Matthews is a writer contributing to conversations about health, technology, and new developments in science. You can follow her on ProductivityBytes.com or on Twitter @KaylaEMatthews.