In January of 2015, The Joint Commission invited HCA and Mobile Heartbeat to present our successes and results with HCA’s iMobile project. We co-presented with leadership from HCA on deploying smartphones equipped with clinical communication and collaboration software to HCA’s clinicians. The audience was Ana Pujols McKee, MD, the Chief Medical Officer and Executive Vice President at the Joint Commission, along with 10 members of her team.

At the end of our results presentation, the Q&A session centered around the text transmission of orders between clinicians. We talked through security (physical device and data), audit trails and user verification.

Last week, in the Joint Commission’s monthly publication, Joint Commission Perspectives®, an article entitled Update: Texting Orders included much of what we discussed in that meeting. This important update revised the Joint Commission’s position on the texting of orders with the conditions that both technology and standard operating procedure guidelines are followed.

Although information and communication security is the responsibility of the hospital and individual providers, I will focus on the technology requirements listed in the Joint Commission’s update and walk through each line item and how our MH-CURE software meets and exceeds these requirements.

Via The Joint Commission:

Health care organizations may allow orders to be transmitted through text messaging provided that a secure text messaging platform is implemented that includes the following:

– Secure sign-on process
– Encrypted messaging
– Delivery and read receipts
– Date and time stamp
– Customized message retention time frames
– Specified contact list for individuals authorized to receive and record orders

These requirements are driven by two major tenets:

  • The hospital has put in place a policy related to the security of health information
  • The hospital protects against unauthorized access, use, and disclosure of health information

The first requirement, “Secure sign-on process”, means that there must be a way of ensuring that only authorized users can get access to the secure text messaging platform. At Mobile Heartbeat, we believe that we are well ahead of the industry on this requirement. Our patent-pending QuickLaunch sign-on process is the gold standard for secure sign-on. Via its “tap and go” capability, and two-factor authentication, QuickLaunch adds the same level of physical security to our secure text messaging platform as the hospital uses to protect access to sensitive areas within the facility. For even more security, QuickLaunch uses the hospital’s Active Directory capability to ensure that potential users are credentialed before they gain access to the software.

Next up is “Encrypted Messaging”. Since the first release of our software in 2011, our text platform has been built using the most highly regarded security standards for encrypting messages. We also regularly test our message security using “hackers for hire” to ensure compliance.

For “Delivery and read receipts”, MH-CURE offers:

  • Detailed message statuses such as: Delivered, Read, Sending, Waiting Delivery, and Failed to Send.
  • Color-coded messages for a better user experience that indicate the status of a message so users can quickly identify successful, sending or failed messages.
  • “Tap to Retry” functionality.

Meeting the “Date and time stamp“ requirement is also inherent in MH-CURE. We provide a date and time stamp for all messages and an audit trail from the sender to the server to the recipient. This information is easily accessible to hospital administrators in our admin console with customized reporting.

The need to include “Customized message retention time frames” may have come directly from our discussion with The Joint Commission. We were adamant about allowing each hospital to set (and change) its message retention policy. As a software developer, our aim is to support hospital policy and not to set it. We demonstrated to The Joint Commission how customized message retention timeframes could be set within our hospital admin console and we are delighted to see that this is now a requirement.

The final requirement, “Specified contact list for individuals authorized to receive and record orders,” falls under the guidelines of knowing exactly who you are sending each text to. Are they a fellow clinician or are they a sales clerk in the hospital’s gift shop?

Here is where the MH-CURE Dynamic Care Team really shines. For each patient under their care, a clinician can see the list of other clinicians who are currently on the care team of that patient and their status. Before sending a text message containing patient information (such as an order), the clinician sees a contact list for that specific patient that is kept up-to-date in real time.

The Dynamic Care Team is a core technology for Mobile Heartbeat and we would challenge you to ask the question, “All hospital software should be patient-centric, that is a given,but what makes the software patient-specific for each and every patient?”

Needless to say, we were excited to see this update on the secure texting of orders published by The Joint Commission last week. We encourage each and every hospital to adhere to their requirements.