Healthcare Information Security

Mobile News

Secure Texting Rules Clarified in Joint Commission Newsletter

In collaboration with CMS, the Joint Commission clarified its rules for secure texting, explaining that it cannot be used for patient care orders.

By Elizabeth Snell

Using secure texting for patient care orders is still not acceptable, the Joint Commission explained in its December newsletter.

Secure texting ban still in place, clarified by Joint Commission

While the Joint Commission had reinstated its ban on the mHealth platform earlier this year, it stated that some concerns still remained when it came to transmitting text orders even when a secure text messaging system is used.

When it reinstated the secure texting ban, the Commission maintained that more guidance was needed “to ensure a safe implementation involving the secure texting of orders for those organizations desiring to employ technology supporting this practice.”

Now, in collaboration with the Centers for Medicare and Medicaid Services (CMS), the Commission said that certain components must be in place for secure texting to be safely utilized.

“All health care organizations should have policies prohibiting the use of unsecured text messaging — that is, short message service (SMS) text messaging from a personal mobile device — for communicating protected health information,” the newsletter reads.

Healthcare organizations need to have limitations on unsecured text messaging use to ensure PHI security. All practitioners and staff working in a facility should also be properly and routinely trained.

Both the Commission and CMS believe that computerized provider order entry (CPOE) “should be the preferred method for submitting orders as it allows providers to directly enter orders into the EHR.”

“CPOE helps ensure accuracy and allows the provider to view and respond to clinical decision support (CDS) recommendations and alerts. CPOE is increasingly available through secure, encrypted applications for smartphones and tablets, which will make following this recommendation less burdensome,” the Commission wrote.

However, a verbal order is acceptable if a CPOE or a written order cannot be submitted.

Finally, the Commission explained that it is currently unclear what kind of an impact secure texting orders would have on patient safety. Therefore, the ban continues to remain in place.

The Commission highlighted the following factors that helped sway the decision:

  • The implementation of an additional mechanism to transmit orders may lead to an increased burden on nurses to manually transcribe text orders into the EHR.
  • The transmission of a verbal order allows for a real-time, synchronous clarification and confirmation of the order as it is given by the ordering practitioner.
  • In the event that a CDS recommendation or alert is triggered during the order entry process, the individual manually entering the order into the EHR may need to contact the ordering practitioner for additional information.

The Commission said that it will continue to work with CMS to monitor the secure texting advances, to see how the guidance may need to be updated in the future.

It is important to note the guidelines that the Commission had established in April, which had allowed secure texting to possibly be used. Even if not using it for physician orders, both covered entities and their business associates should consider these steps when debating a secure messaging option.

The Commission explained that an acceptable and secure environment for secure texting should include the following:  

  • A secure sign-on process
  • Encrypted messaging
  • Delivery and read receipts
  • Date and time stamp
  • Customized message retention time frames
  • A specified contact list for individuals authorized to receive and record orders

Some industry stakeholders were pleased when the secure texting ban had been lifted, calling the mHealth tool an area that many providers were beginning to consider.

“Ultimately, what this does now is really open up the floodgates to all kinds of incredible improvements to be realized around healthcare workflow,” TigerText CEO Brad Brooks told in a May 2016 interview.

“Having the ability to connect those systems to the messenger in a comprehensive end to end workflow capability, the result of that is going to be incredible amount of time savings.”

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks