In its December 2016 newsletter, the Joint Commission (formerly known as “JCAHO”) specified that its ban on the use of secure text messaging platforms for patient care orders would remain in place.
In April 2016, the Joint Commission had decided to allow the use of a secure texting platform for sending orders. It did not totally lift the ban on the use of such platforms, but required certain components to be in place and certain standards to be followed to ensure that patient health and safety were not at risk.
The Joint Commission originally put the ban in place because secure text messages were not really secure and because the entities could not verify the sender of a message or retain the message for auditing purposes. After the Joint Commission had introduced its original ban, various IT companies developed secure text messaging platforms that incorporated all of the necessary security features to ensure that text messages could not be intercepted.
Those messaging platforms also allowed the identity of the sender to be verified, ensured that messages were retained for auditing purposes, and incorporated a slew of other privacy and security controls to ensure compliance with HIPAA’s Privacy and Security Rules.
The advances made in secure text messaging technology led to the Joint Commission’s decision to lift the ban, which it announced in its May perspectives newsletter. Then in July 2016, the Joint Commission reversed its decision and reinstated the ban, calling for further guidance for health care organizations because of concerns over patient privacy.
Guidance for health care organizations on the use of secure text messaging platforms would be developed in collaboration with the Centers for Medicare & Medicaid Services (“CMS”). Those guidelines were expected to be released by September 2016 (it seems, however, that we are past September and that no new guidelines have been forthcoming).
The Joint Commission said in its December 2016 newsletter that its position has not changed and that the ban is to remain in place, although it will continue to monitor the advances in secure texting technology and may update its position in the future.
Thus, CMS and the Joint Commission continue to ban the use of unsecure SMS messages and secure messaging platforms for sending patient care orders, although clinicians are permitted to use HIPAA-compliant secure messaging platforms to send messages to one another.
The decision to further delay the lifting of the ban on secure text messaging for orders stems from the Joint Commission’s still having a number of concerns over privacy and security.
This action by the Joint Commission underscores the point that HIPAA compliance does not mean that a particular technology is compliant. One must also consider whether another federal or state law affording more privacy protection “trumps” HIPAA—no comment on the results of the recent presidential election. Further, also consider whether any accreditation standards, such as this one by the Joint Commission, “trump” HIPAA and prohibit the use of a device that HIPAA would permit.
Reminder: Don’t forget to use your 10% discount on everything in our HIPAA compliance store through the end of January 2017. Just apply the code HIPAA2017 at checkout, and let us help you achieve your HIPAA compliance goals for 2017. Again, Happy New Year!
