Healthcare Information Security

Mobile News

48% of Providers Use Device Encryption for Texted Orders

A survey found under half of providers received texted orders while utilizing device encryption and that standard devices are often used for such matters.

device encryption not always utilized in texting medical orders

Source: Thinkstock

By Elizabeth Snell

- As more healthcare providers utilize secure texting for patient care, it is imperative that they consider PHI security. Technical safeguards, such as device encryption, will be essential in keeping sensitive data secure. However, a recent survey indicates that convenience may sometimes trump security.  

Approximately half of providers – 48 percent – reported that they used device encryption when they received texted orders, according to an Institute for Safe Medication Practices (ISMP) survey.

Sixty-nine percent of facilities where texted orders have been received during the past year stated that the standard use of cell phones is allowed, with 42 percent saying that standard cell phones are the only device from which texted orders have been received in the past year.

“Given that texting is just too convenient, many in healthcare feel that the text messaging of orders is unlikely to go away, despite policies prohibiting their use or the known safety concerns,” the researchers stated. “Our survey results tend to support this conclusion, although more scientifically rigorous research should be conducted to further confirm the scope of current use.”       

ISMP interviewed 778 respondents in healthcare, including nurses, pharmacists, physicians and other prescribers, medication/patient safety officers and quality/risk managers, and others.

READ MORE: How Healthcare Secure Texting, Messaging Impact the Industry

Just over half – 55 percent – of all medication/patient safety officers and risk/quality managers, reported that medical orders should not be texted under any circumstances. However, 33 percent of all respondents felt the same way. Forty percent of those surveyed said that texting medical orders is only acceptable when using device encryption.

In terms of texting policies and procedures, 53 percent said that texted medical orders are not allowed at their facility. Nineteen percent stated that their organization had no medical order texting policy and 16 percent reported they were unsure if such a policy existed.

Respondents were also asked to rank potential concerns about risks with texting orders on a scale of one through five, with one being a low concern and five is a high concern. The top five areas respondents were most concerned on (where they ranked it a four or five) were the following:

  • Phone/device autocorrection leading to wrong drug/patient names – 70 percent
  • Use of potentially confusing abbreviated text terminology – 66 percent
  • Patient misidentification – 60 percent
  • Misspellings – 58 percent
  • Incomplete orders – 56 percent

Forty-nine percent of respondents said that a lack of PHI security was a top concern from texting medical orders.

Respondents also discussed how texting is used with clarifying medical orders. Fifty-five percent of surveyed providers said they have sent text messages to prescribers to ask questions or to clarify orders that may be unclear, incorrect, or inappropriate. Sixty-five percent of pharmacists reported that they asked for clarification, with 62 percent of physicians and 47 percent of nurses stating the same.

READ MORE: How Can Expanded Secure Text Messaging Affect Healthcare?

“Many respondents commented that nurses who enter the texted order into the prescribing system, and pharmacists who verify the order, should receive any alerts and clarify the orders if concerns arise,” the research team explained. “However, other respondents commented that the lack of decision support when prescribing could lead to unnecessary variation in practices and transfer responsibility for the correctness of the order from the prescriber to the nurse (or pharmacist).”

Even with many providers saying that they sometimes use texting for sending medical orders, the Joint Commission still considers the practice not acceptable.

The Commission reinstated its ban on texting orders in 2016, explaining that some concerns still remained when it came to transmitting text orders even when a secure text messaging system is used.

The Joint Commission collaborated with CMS in December 2016 to show that certain components must be in place for secure texting to be safely utilized.

“All health care organizations should have policies prohibiting the use of unsecured text messaging — that is, short message service (SMS) text messaging from a personal mobile device — for communicating protected health information,” a Joint Commission newsletter said.

READ MORE: Utilizing Secure Texting for Efficient, Simple Communications

PHI security can be ensured by implementing limitations on unsecured text messaging, and all practitioners and staff must also be properly and routinely trained. Furthermore, computerized provider order entry (CPOE) “should be the preferred method for submitting orders as it allows providers to directly enter orders into the EHR.”

“CPOE helps ensure accuracy and allows the provider to view and respond to clinical decision support (CDS) recommendations and alerts. CPOE is increasingly available through secure, encrypted applications for smartphones and tablets, which will make following this recommendation less burdensome,” the Commission maintained.

Overall, the Commission said the ban on texting for clinician orders must remain because it is unclear what kind of an impact secure texting orders would have on patient safety.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks