Inpatient Facility Coding & Compliance Alert

Read the fine print and skip the HIPAA trap.

There is good news for the providers who have wanted to use more convenient methods of communication such as texting for patient related information dissemination. According to the Joint Commission’s latest stand, providers may now be permitted to text patient related orders.

Too good to believe? With the advent of better technology, we now have better and more secure text messaging platforms.

“The technology is available, BUT it will all depend on how the technology is utilized,” explains Duane C. Abbey, PhD, president of Abbey and Abbey Consultants Inc., in Ames, IA. “I think that we can all envisage breaches with stiff penalties. One of the issues will be with the users. The users will simply want the technology to do everything for them, whereas some common sense and caution may be necessary.”

Take Heed of the Prerequisites

Before jumping to conclusions, do take note of the fine print. Here are a few things that you must follow, so as not to land up with a HIPAA violation, given your overenthusiasm at this new found freedom.

Who can take advantage of this benefit: Licensed independent practitioners in all accreditation programs, in accordance with applicable standards of regulations, practice, policies and procedures are eligible.

When does it become applicable: With immediate effect.

What you can text: Transmission of orders for care, treatment, and services via text messaging.

Prerequisites: The list is long, for obvious reasons. You need to go through this carefully, so as to be really sure you can meet the safety standards for this joyride. The primary concerns of Joint Commission are:

1. A secure text messaging platform is used
2. The required components of an order are included.

Further on you also need to ensure that you and your organization follow the standards of safe and secure messaging such as secure sign-on process, encrypted messaging, delivery and read receipts, and date and time stamps.

You will also need to have customized message retention time frames, as well as maintain a specified contact list for individuals authorized to receive and record orders.

Background: Back in 2011, The Joint Commission did not allow providers to use mobile texting for giving patient orders for treatment, because of safety and security concerns, as well as inability to verify the original sender of a message.

Questions and Issues to Consider

This convenience needs to be studied in great detail, and you need to prepare your systems to be fool proof from any kind of a possible breach. Here the HIPAA challenge is twofold— one, the obvious PHI safety challenge. The other one is about ensuring completeness of patient care documentation. Are you sure your short text message can replace the age old detailed patient record, replete with all details that auditors are so used to reading? This needs introspection and self-analysis.

Start by checking whether you comply with the Joint Commission’s standards on Medication Management (MM) — MM.04.01.01, which addresses the required elements of a complete medication order. Moreover, you may also like to refer to the Provision of Care, Treatment, and Services [PC] Standard PC.02.01.03, addressing verbal orders.

“There are other concerns, too, but what is here is an appropriate start,” says Abbey. “One of my big concerns is security in transmission. In theory, encryption should handle this. I think that HIPAA privacy and security personnel/companies will have a great deal of work to accomplish in making certain that proper policies and procedures are in place along with constant monitoring.”

Here Is What Joint Commission Wants You To Do

• Do a self-analysis and create a self-attestation, stating the capabilities of your organization regarding texting orders.
• Develop a policy on how the texting orders will be dated, timed, confirmed, and authenticated by the ordering practitioner. Will the text message be directly integrated into the patient’s EHR? Or will it be entered manually? Also mention circumstances or conditions when texting may not be appropriate, so as to avoid its indiscriminate use.
• Monitor the frequency of texting and compliance with texting policies at your organization level.
• Perform a risk assessment along with a risk management strategy (as per HIPAA requirements).
• Conduct a staff training, so that everyone is on the same page.

You may also “routinely repeat staff training and audit for compliance with any policies and procedures,” says Abbey.

Final takeaway: “Now is the time to assess your organization’s capabilities for possible use of texting,” tells Abbey. “Proceed with due care and make certain that appropriate policies and implementing procedures are in place.”