Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Joint Commission Now Allows Texting Of Orders

Posted on May 17, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For a long time, it was common for clinicians to share private patient information with each other via standard text messages, despite the fact that the information was in the clear, and could theoretically be intercepted and read (which this along with other factors makes SMS texts a HIPAA violation in most cases). To my knowledge, there have been no major cases based on theft of clinically-oriented texts, but it certainly could’ve happened.

Over the past few years, however, a number of vendors have sprung up to provide HIPAA-compliant text messaging.  And apparently, these vendors have evolved approaches which satisfy the stringent demands of The Joint Commission. The hospital accreditation group had previously prohibited hospitals from sanctioning the texting of orders for patient care, treatment or services, but has now given it the go-ahead under certain circumstances.

This represents an about-face from 2011, when the group had deemed the texting of orders “not acceptable.” At the time, the Joint Commission said, technology available didn’t provide the safety and security necessary to adequately support the use of texted orders. But now that several HIPAA-compliant text-messaging apps are available, the game has changed, according to the accrediting body.

Prescribers may now text such orders to hospitals and other healthcare settings if they meet the Commissioin’s Medication Management Standard MM.04.01.01. In addition, the app prescribers use to text the orders must provide for a secure sign-on process, encrypted messaging, delivery and read receipts, date and time stamp, customized message retention time frames and a specified contact list for individuals authorized to receive and record orders.

I see this is a welcome development. After all, it’s better to guide and control key aspects of a process rather than letting it continue on underneath the surface. Also, the reality is that healthcare entities need to keep adapting to and building upon the way providers actually communicate. Failing to do so can only add layers to a system already fraught with inefficiencies.

That being said, treating provider-to-provider texts as official communications generates some technical issues that haven’t been addressed yet so far as I know.

Most particularly, if clinicians are going to be texting orders — as well as sharing PHI via text — with the full knowledge and consent of hospitals and other healthcare organizations — it’s time to look at what it takes manage that information more efficiently. When used this way, texts go from informal communication to extensions of the medical record, and organizations should address that reality.

At the very least, healthcare players need to develop policies for saving and managing texts, and more importantly, for mining the data found within these texts. And that brings up many questions. For example, should texts be stored as a searchable file? Should they be appended to the medical records of the patients referenced, and if so, how should that be accomplished technically? How should texted information be integrated into a healthcare organization’s data mining efforts?

I don’t have the answers to all of these questions, but I’d argue that if texts are now vehicles for day-to-day clinical communication, we need to establish some best practices for text management. It just makes sense.

7 Mobile Apps Every Doctor Should Have

Posted on June 16, 2014 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest blog post by Cliff McClintick, chief operating officer of Doc Halo. Cincinnati-based Doc Halo sets the professional standard for health care communication offering secure messaging for physicians, medical practices, hospitals and healthcare organizations. The Doc Halo secure messaging solution is designed to streamline HIPAA-compliant physician and medical clinician sharing of critical patient information within a secure environment.

For many physicians, the days of manila folders and paper charts are a distant memory.

For many others, they never existed.

But patient records are only one area where technology is redefining how doctors work. Newer tools, especially mobile apps, are taking the place of 3,000-page reference books, phone-tag inducing pagers and even plastic anatomical models.

About 78 percent of physicians in a Kantar Media survey released in January said they used smartphones for both professional and personal tasks. They had downloaded an average of seven apps in the last six months.

Here are a few app categories that can make any doctor’s life easier:

  • Drug database. The old way to find out about a drug — what it does, proper dosing, potential interactions — was to flip through a rather large tome. Web-based drug databases eliminated much of the page-turning, and now mobile apps are making the process even handier.
  • Journal reference. Doctors are increasingly relying on mobile devices to help them keep up with research in their field. About 21 percent of physicians use smartphones to read medical journals, according to Kantar Media, and 28 percent use tablets to read them. The New England Journal of Medicine makes recent articles, along with images, audio and video, available through its free NEJM This Week app for iPhone and iPod Touch. Many other medical publishers have similar offerings.
  • Secure texting. Physicians text as much as anybody. Regular SMS text messages, however, are not HIPAA-compliant. Physician messaging platforms developed by companies such as Doc Halo allow doctors to text about work while keeping their patients’ health information safe. Features to look for include encryption with federally validated standards, limited data life for messages and a remote mobile wipe option in case the phone is lost. Secure texting eliminates the games of phone tag caused by the pagers that are still in use at many hospitals.
  • EMR. Records are going mobile, too, with large and small EMR vendors alike releasing mobile apps. In a survey last year, Black Book Rankings found that only 8 percent of doctors used a mobile device for accessing patients records, ordering tests, viewing results or ordering medications. But 83 percent said they would do so if their current EMR had the capability.
  • Image viewer. Several apps now let doctors view X-ray, CT, MRI and other diagnostic images on their mobile devices. Physicians get an initial impression based on the app and then take a closer look when they get to a full imaging workstation with higher resolution. The U.S. Food and Drug Administration regulates these apps as medical devices.
  • Billing. These apps help physicians capture diagnoses and billing codes on the go, such as when seeing patients in the hospital. Doctors can instantly transmit the data to their front desk or a billing company, speeding up payment and reducing the chance of lost charges.
  • Patient education. These apps, which are often specialty-specific, allow doctors to call up images and even videos of body parts and their functions — and malfunctions. For example, a cardiologist might use a video showing what mitral valve prolapse looks like. Plastic models look nice, and they’re a great way for patients to get a hands-on sense of certain conditions and treatments. But they’ll never match the number of structures and processes these apps can illustrate.

No app can replace the knowledge and skill that a physician develops through years of training and experience. These mobile tools provide convenience and remove barriers to efficient practice, allowing doctors to spend more time on patient care.

Doc Halo, a leading secure physician communication application, is a proud sponsor of the Healthcare Scene Blog Network.

In 2014, Health IT Priorities are Changing

Posted on January 30, 2014 I Written By

The following is a guest blog post by Cliff McClintick, chief operating officer of Doc Halo. Cincinnati-based Doc Halo sets the professional standard for health care communication offering secure messaging for physicians, medical practices, hospitals and healthcare organizations. The Doc Halo secure texting solution is designed to streamline HIPAA-compliant physician and medical clinician sharing of critical patient information within a secure environment.

2014 is a major year for health care, and for more reasons than one.

Of course, some of the most significant reforms of the Affordable Care Act take effect this year, affecting the lives of both patients and providers.

But it’s also a year in which health care institutions will come to grips with IT issues they might have been putting off. Now that many organizations have completed the electronic health record implementations that were consuming their attention and resources, they’re ready to tackle other priorities.

Expect to see issues related to communications, security and the flow of patient information play big in coming months. At Doc Halo, we’re already seeing high interest in these areas.

Here are my predictions for the top health IT trends of 2014:

  • Patient portal adoption. Web-based portals let patients access their health data, such as discharge summaries and lab results, and often allow for communication with the care team. Federal requirements around Meaningful Use Stage 2 are behind this trend, but the opportunity to empower patients is the exciting part. The market for portals will likely approach $900 million by 2017, up from $280 million in 2012, research firm Frost & Sullivan has predicted.
  • Secure text messaging. Doctors often tell us that they send patient information to their colleagues by text message. Unfortunately, this type of data transmission is not HIPAA-compliant, and it can bring large fines. Demand for secure texting solutions will be high in 2014 as health care providers seek communication methods that are quick, convenient and HIPAA-compliant. Doc Halo provides encrypted, HIPAA-compliant secure text messaging that works on iPhone, Android and your desktop computer.
  • Telehealth growth. The use of technology to support long-distance care will increasingly help to compensate for physician shortages in rural and remote areas. The world telehealth market, estimated at just more than $14 billion in 2012, is likely to see 18.5 percent annual growth through 2018, according to research and consultancy firm RNCOS. Technological advances, growing prevalence of chronic diseases and the need to control health care costs are the main drivers.
  • A move to the cloud. The need to share large amounts of data quickly across numerous locations will push more organizations to the cloud. Frost & Sullivan listed growth of cloud computing, used as an enabler of enterprise-wide health care informatics, as one of its top predictions for health care in 2014. The trend could result in more efficient operations and lower costs.
  • Data breaches. Health care is the industry most apt to suffer costly and embarrassing data breaches in 2014. The sector is at risk because of its size — and it’s growing even larger with the influx of patients under the Affordable Care Act — and the introduction of new federal data breach and privacy requirements, according to Experian. This is one prediction that we can all hope doesn’t come true.

To succeed in 2014, health care providers and administrators will need to skillfully evaluate changing conditions, spot opportunities and manage risks. Effective health IT frameworks will include secure communication solutions that suit the way physicians and other clinicians interact today.

Doc Halo, a leading secure physician communication application, is a proud sponsor of the Healthcare Scene Blog Network.

A CIO Guide to Electronic Mobile Device Policy and Secure Texting

Posted on January 6, 2014 I Written By

The following is a guest blog post by Cliff McClintick, chief operating officer of Doc Halo. Doc Halo provides secure, HIPAA-compliant secure-texting and messaging solutions to the healthcare industry. He is a former chief information officer of an inpatient hospital and has expertise in HIPAA compliance and security, clinical informatics and Meaningful Use. He has more than 20 years of information technology design, management and implementation experience. He has successfully implemented large systems and applications for companies such as Procter and Gamble, Fidelity, General Motors, Duke Energy, Heinz and IAMS.
Reach Cliff at

One of the many responsibilities of a health care chief information officer is making sure that protected health information stays secure.

The task includes setting policies in areas such as access to the EMR, laptop hard drive encryption,  virtual private networks, secure texting and emailing and, of course, mobile electronic devices.

Five years ago, mobile devices hadn’t caught many health care CIOs’ attention. Today, if smartphones and tablets aren’t top of mind, they should be. The Joint Commission, the Centers for Medicare and Medicaid Services and state agencies are scrutinizing how mobile fits into organizations’ security and compliance policies.

Be assured that nearly every clinician in your organization uses a smartphone, and in nearly every case the device contains PHI in the form of email or text messages. That’s not entirely a bad thing: The fact is, smartphones make clinicians more productive and lead to better patient care. Healthcare providers depend on texts to discuss admissions, emergencies, transfers, diagnoses and other patient information with colleagues and staff. But unless proper security steps are being taken, the technology poses serious risks to patient privacy.

For creating a policy on mobile electronic devices, CIOs can choose from three broad approaches:

  • Forbid the use of smartphones in the organization for work purposes. This route includes forbidding email use on the devices. Many companies have tried this approach, but in the end, it’s not a realistic way to do business. You may forbid the use of the technology and even have members of your organization sign “contracts” to that effect. But even for the people who do comply out of fear, the organization sends the message that it’s OK to violate policy as long as no one finds out.
  • Allow smartphones in the organization but not for transmitting PHI. This approach acknowledges the benefits of the technology and provides guidelines and provisions around its use. This type of policy is better than the first option, as the CIO is taking responsibility for the use of the devices and providing some direction. In most cases there will be guidelines regarding message life, password format, password timeout, remote erase for email and other specifics. And while the sending of PHI would not be allowed, protocol and etiquette would be in place for when the issue comes up. Ultimately, though, this approach can be hard to enforce, and the possibility remains that PHI will be sent to a vendor or out-of-IT-network affiliate.
  • Create a mobile device strategy. This option embraces the technology and acknowledges that real-time communication is paramount to the success of the organization. In healthcare, real-time communication can mean the difference between life and death. With this approach the technology is fully secured and can be used efficiently and effectively.

Recent studies have shown that more than 90 percent of physicians own a smartphone. Texting PHI is common and helps clinicians to make better decisions more quickly. But allowing PHI to be transmitted without adequate security can compromise patient trust and lead to government penalties.

Fortunately, healthcare organizations can take advantage of mobile technology’s capacity to improve care while still keeping PHI safe. In a recent survey of currently activated customers of Doc Halo, a secure texting solution provider, 70 percent of respondents using real-time secure communication reported better patient care. Seamless communication integration and a state-of-the-art user experience ensure that the percentage will only rise.

Doc Halo, a leading secure physician communication application, is a proud sponsor of the Healthcare Scene Blog Network.

Should Patients Care About Their Doctors’ Text Messages?

Posted on November 25, 2013 I Written By

The following is a guest blog post by Dr. Jose Barreau, CEO of Doc Halo.

For all the money they spend on state-of-the-art EMRs, compliance officers and other measures to ensure they’re protecting their patients’ medical information, many healthcare organizations have a gaping hole in their security.

Physicians and other clinicians are as apt as anyone to send a quick text to a colleague. Maybe an attending physician wants to ask a resident about test results or an office worker needs to pass along a patient’s question.

But standard SMS text messages are not HIPAA compliant. Communicating protected health information in this way could compromise patient privacy and expose your organization to substantial fines.

That’s not to say doctors shouldn’t text. Because of its instantaneous nature, mobile messaging can improve efficiency and quality of care. But healthcare providers should make sure they’re using a secure texting platform.

If you have a non-HIPAA-compliant texting habit, you’re in good company. In research last year, nearly 60 percent of physicians at children’s hospitals said they sent or received text messages for work.

It’s easy to view text messages as “off the record.” Chances are they aren’t going into an EMR, and there’s a sense that no one but the sender and recipient will see them.

But when you fire off a text, you don’t know where it will end up. Some of these text messages contain sensitive details of diagnosis and treatment that have been discussed.  Also it’s hard to say whose servers the messages might be stored on, or for how long.  When patients entrust healthcare providers to care for them, they expect their data to be cared for, too.

The Department of Health and Human Services certainly knows about the problem. Last year the agency told an Arizona physicians practice to address the issue in a risk-management plan. The group “must implement security measures sufficient to reduce risks and vulnerabilities to ePHI to a reasonable and appropriate level for ePHI in text messages that are transmitted to or from or stored on a portable device.”

Healthcare providers can text about their patients without violating HIPAA — but only with secure messaging technology. Here are features to look for in a healthcare texting solution:

  • Encryption at all levels — database, transmission and on the app — with federally validated standards
  • Tracking of whether messages have been delivered, with repeated ping of the user
  • A secure private server that is backed up
  • Remote mobile app wipe option if a phone is lost or stolen
  • Automatic logout with inactivity
  • Ability to work on all spectrums of cell data and Wi-Fi for broad coverage
  • Limited data life — for example, 30 days — for messages

Patients benefit when their healthcare providers have quick and secure ways to stay in touch. A secure text messaging platform can help you to provide better care while avoiding HIPAA violations.

Doc Halo, a leading secure physician communication application, is a proud sponsor of the Healthcare Scene Blog Network.