How We Got Here

Back in May 2016, the Joint Commission (JC) issued an update in their Perspectives publication describing their new position on allowing the secure texting of physician orders. (You can download a PDF of the update here.) This update reversed a position the JC laid out in 2011, "...stating that it is not acceptable for physicians [...] to text orders for patient care, treatment, or services to the hospital or other health care settings." The May 2016 update stated, "...effective immediately, the JC has revised its position on the transmission of orders for care, treatment and services via text messaging for all accreditation programs." "...practitioners [...] may text orders as long as a secure text messaging platform is used and the required components of an order are included." (Emphasis in the original.)

While poorly organized and written, the update does describe a seemingly adequate process and set of requirements for the implementation of texting orders.

Since this update, numerous blog posts and news stories (examples here, here and here) have reported on the JC update. Most focused on a list of 6 secure messaging system requirements included in the Joint Commission update for safely sending secure text messages of doctor orders. Here's the list, from the May update in Perspectives:

  • Secure sign-on process
  • Encrypted messaging
  • Delivery and read receipts
  • Date and time stamp
  • Customized message retention time frames
  • Specified contact list for individuals authorized  to receive and record orders (aka, role based messaging)

These posts and stories left this reader with the impression that as long as a messaging system had these basic features, a provider would be good to start letting physicians text orders. Astute readers will note that the above list describes the basic entry-level secure messaging requirements for health care from the JC update, and almost nothing about the JC requirements for safe and reliable generation and communication of doctor's orders. Oops. Much more is required of hospitals wishing to text orders besides having  a messaging system that is secure.

After some further thought (and perhaps a call from CMS) the JC reversed their position on texting orders. From the June 8, 2016 Joint Commission Online newsletter:

Delayed implementation of removing ban on secure text orders until September 2016

The Joint Commission has determined that additional guidance is required to ensure a safe implementation involving the secure texting of orders for those organizations desiring to employ technology supporting this practice. The Centers for Medicare & Medicaid Services (CMS) will collaborate with The Joint Commission on the development of additional guidance for text orders to ensure congruency with the Medicare Conditions of Participation. The Joint Commission and CMS will develop a comprehensive series of Frequently Asked Questions (FAQ) documents to assist health care organizations with the incorporation of text orders into their policies and procedures. This guidance information is designed to supplement the recommendations in the May 2016 Perspectives article permitting the use of secure text messaging platforms to transmit orders. As an update to the May 11, 2016 issue of Joint Commission Online, the goal for this additional guidance is a release date by late September 2016.

Additional guidance is certainly needed. The main problems with texting orders are not whether the messaging system mets the 6 listed feature requirements (although there are still systems sold to hospitals that lack some of these features). The essential requirements are effective workflow that is safe and reliable in conveying orders, and adequate policy and procedures to implement and manage an order texting capability.

What follows is a roundup of all the things a provider organization would have to do to reliably implement a safe and effective texting orders process.

Messaging Requirements

Certain capabilities of your secure messaging and collaboration system are required, and some are preferred. The difference is that there are no work arounds for the first category of features, and there are potential work arounds for the second category. Work arounds tend to be bad because they often rely on users taking additional manual steps to complete a process, which takes longer and is prone to human error.

  • Required features
    • Secure sign-on and user authentication
    • Encrypted messaging
    • Delivered and read receipts
    • Configurable message retention (the JC mentions this, but depending on the final disposition of your orders and how they're processed, this feature may not be needed)
  • Preferred features
    • Role based messaging
    • Message (order) escalation
    • Messaging system reporting by message type
    • Support for message forms that contain required fields for specific message types (orders)
    • Push orders to EMR for clinical documentation in the patient's chart
    • Receive and process CPOE alerts into the message workflow

The update specifically calls out for support of the, "...Medication Management Standard MM.04.01.01, which addresses the required elements of a complete medication order and actions to take when orders are incomplete or unclear." Not mentioned are any JC standards for required fields for other types of orders. This is a gap in the May update that will hopefully be plugged by JC in their next installment on texting orders.

EMR Requirements

The efficiency and reliability of workflows for texted orders are also impacted by EMR capabilities. Because this is such a new market requirement, low expectations are advised.

  • Receive order messages from messaging system to document the order in the patient's chart
  • Receive order messages from messaging system into CPOE for order processing
  • Generate CPOE alerts and allow users to receive and respond to alerts via messaging system

Policy and Procedure Development

This is where the real magic happens. Really. Here we figure out how everything's going to work together in an overall process, based on how the foregoing requirements are met and how you want to handle any required work arounds. This is an iterative process as a balance is sought between system features, workflow, work arounds and risk management.

  • Determine and document which types of orders may be texted
  • Determine and document the required data fields for each text-able order
  • Define and document the texting orders process in a formal use case and/or process flow - this is your main policy document
  • Define the texting orders documentation requirements and process
  • Conduct a rigorous risk assessment following a standard like ISO 14971, and define a risk management policy for texting orders going forward
  • Define training requirements and training records
  • Define a method to measure and report compliance with texting orders policy and procedures


These are the basic steps required to implement texting orders.

  • Assess the secure messaging and collaboration platform
  • Assess the EMR and CPOE systems
  • Develop the policy and procedures
  • Conduct risk assessment
  • Configure messaging system as needed
  • Configure EMR and CPOE systems as needed
  • Complete and test systems integration
  • Develop, conduct and document training
  • Launch
  • Ongoing monitoring, reporting and CQI

What Now?

The JC's update was pretty solid, just poorly organized and unclear as to what was recommended and what was required. That said, there is still important information that's missing:  examples. A great example here is the risk analysis. Without an example of a risk analysis that includes a comprehensive list of risks, the first risk analysis on texting orders completed by a majority of provider organizations will likely be pretty weak. And JC survey teams won't be much better, unless they're coached by the JC with their own crib sheets. Examples of a complete set of policy and procedures could also serve as a benchmark agains which providers could compare their own efforts.

The experience level with secure messaging and collaboration systems among provider organizations (and the JC) is limited. Most providers have yet to buy and implement their first secure messaging and collaboration system intended for use in health care. And those providers who have bought, have likely only bought their first such system and are still coming to grips with all the things they didn't know they didn't know, but wish they had known before they bought. This situation is typical of emerging markets.

All this focus on the requirements for a secure messaging system in the update (and many of the following posts and articles) are a bit of a red herring. Back in 2011, and before, secure messaging and collaboration systems intended for health care existed that met all the requirements described in the JC update. Apparently, the JC was not aware of this.

In summary, we've reviewed the latest in the JC's love/hate relationship with texting orders. We also took a closer look at the capabilities and effort required to implement texting orders. Like much technology in health care, the real issue is developing effective policy and procedures that will result in an efficient workflow that is safe and effective.