MOM Integrates SMS Text Messaging With EMRs To Boost Compliance

Across the United States, it can be hard to find a common fixture in the physician’s office. With regulations and requirements differing from city to city and from state to state, equipment, specialties and services can radically vary from any given practice to another. But hidden in a room next to the janitor’s closet or tucked away under the admin’s desk is a hunk of plastic and aluminum that one can now expect in any doctor’s office: a server running the office’s Electronic Medical Records (EMR) system.

Electronic Medical Records comprise all the information necessary to deliver quality healthcare to patients. From known allergies to past X-rays to the date and time of their next appointment, the data stored in the EMR can be confidential and is vital to their medical care. Despite the critical value of this data, the modern American practice relies on EMR technology that is monolithic, feature-scant and embarrassingly out-of-date.

The Problem With EMR Data

Mike Neighbors knows the pains of this out-dated system all too well. His wife’s practice in Hunstville, Alabama had an old-school EMR with a big-time problem to be solved: getting data hidden from the patients that need it. The data in most Electronic Medical Records systems is stuck in monolithic, proprietary software, effectively locking valuable information patients need inside a dusty old Dell. Mike found that lack of portability impaired the quality of care a physician could provide. “Really, when was the last time the doctor said to Grandma, ‘Now I know you may forget a few things I mentioned today so I’ll ring you up on Tuesdays and Fridays about medicine X and on Thursday and Saturday about medicine Y?'” asked Mike.

Messaging is an important driver to “compliance,” the measure by which physicians judge a patient’s frequency of following medical instruction. SMS and phone reminders for recurring medical advice can create huge differences in care. Mike’s solution is MOM – the Medical Office Messenger. This cleverly named Twilio application interfaces with the EMR system in the practice and delivers much needed reminders via phone and SMS to patients.

Solving The EMR Quandary With Twilio SMS

EMR SMS notifications with MOMThe technology driving MOM is tailored for the infrastructure common among EMR vendors. Mike describes, “[t]he portion of the software that resides in the physician’s office is written in Microsoft Access and runs on any internet connected PC that supports an ODBC connection to the practice management database.” Access/ODBC requirements are common in the EMR space, making MOM easily adaptable to most practices. “The fact that MOM does it all with only data read from an existing EMR makes adapting it to new EMRs very easy,” Mike explained.

To find a good solution to connecting the data from the Electronic Medical Records to phone systems, Mike conducted a nationwide survey. Mike discovered few options that he liked until a blog comment pointed him to Twilio and to Kevin Morrill, who connected the dots that became the MOM service. “I guess Kevin and I are the team as in ‘Ma, Pa and I shot a bear,'” Mike laughed. “Well, I was there but Kevin was doing the shooting.” 20,000 messages and $10,000 in cost savings later, MOM has become an irreplaceable part of the practice’s infrastructure.

The Start of a Must Have EMR Plugin Feature

“MOM’s SMS and phone-based Quick Messages and Care Messages are revolutionary ideas in a physician’s office although seemingly common place in other venues,” Mike explained, “In five clicks on the laptop, Grandma’s compliance shoots from 25% to 95%.” He continued, “I would encourage Twilio developers to look for opportunities in the medical market. I have yet to see an Electronic Medical Record vendor with a really nice solution for integrated communications. MOM is just the tip of the iceberg.”

  • http://twitter.com/conlon30 Ben

    My company has done similar systems funded by government research
    grants, in fact we have one running on the Twilio platform right now in
    conjunction with a major medical center in the south.  

    The HIPPA regulations in the United States
    makes it hard to create these sorts of systems, I would be interested in
    hearing how the MOM system stays compliant?  

    It is great to hear of others working on the same problem we are!

  • http://twitter.com/conlon30 Ben

    My company has done similar systems funded by government research
    grants, in fact we have one running on the Twilio platform right now in
    conjunction with a major medical center in the south.  

    The HIPPA regulations in the United States
    makes it hard to create these sorts of systems, I would be interested in
    hearing how the MOM system stays compliant?  

    It is great to hear of others working on the same problem we are!

  • LP

    I would also like to understand the HIPAA side of this.  I have many ideas for the medical field that Twilio could be used for, but with Twilio not maintaining HIPAA or PCI compliance (are there other 3rd party audits that Twilio adheres to for security?).  Im very interesting in the call recording capabilities but with recordings on Twilio servers, if Twilio cannot agree to a BA and provide some documentation that they can provide internal security protection of the data, then Im afraid most of the medical industry would not be able to utilize this very cool web service/api

    • Quickmail

      It’s important to understand that HIPAA has no specific data security reirements aside from reasonable care of information.  There is no HIPAA data security certification and reasonable practices are just fine.  In my opinion, with Twilio you can meet and exceed these requirements.  The bottom line is that basic telephone service meets the reasonable security notions.  For anyone wishing to cover the never ending possibilities, it’s best to disclose to patients the intent to use commercial grade telephone service, email, etc and offer anyone declining the standard office policy for a friendly face to face talk on their time and their nickle.  You may reasonably expect almost no one in today’s “Facebook World” gives a hoot about the nightmare of never ending hacker surpizes that might occur.  To be sure, they care a lot about their charge card but far far less about their medical info.  Really, who hasn’t mention their health information to family in email or talked about it on a phone?  Why most practices get lost listening to data security experts with a huge feeling of self importance and no understanding of HIPAA is a mystery.  To be sure, leaving all you data on a laptop that can be stolen or on a hard drive someone can walk off with is a no-no.  Feel free to give me a call if you need more info.  I’m always glad to hear other opinions but find that few have read and understand what HIPAA requires vs what the security industry tauts as HIPAA for the sake of sales it helps them make.  Just ask for Mike at 256-650-3116.   Be sure to mention it’s about Twilio/HIPAA topic if you leave a message.  As a novice Twilio developer, I’m certainly open to learn more, so let me hear more ideas.

      • L P

        Thanks for the reply.  I am located very near to Huntsville and am more novice Twilio than you :) I have only done some sample/testing apps…  However i’m intrigued with the product and agree there are so many places in medical field it could be used.  I think the current issue with Twilio and HIPAA is with recorded data stored on their servers (think about an automated answering service platform).  I know they use AWS, which is a HIPAA compliant infrastructure, but I have to believe their (Twilios) employees have some theoretical access to data for support reasons, etc. That being the case, HIPAA does request business associate agreement documentation in place so that associates that may have access or care of your data will agree to protect it as if it were their own.   Finally, when contracting with larger medical providers many will require 3rd party security audits, and those typically require audits of associates that you utilize if they have access to protected data.

  • LP

    I would also like to understand the HIPAA side of this.  I have many ideas for the medical field that Twilio could be used for, but with Twilio not maintaining HIPAA or PCI compliance (are there other 3rd party audits that Twilio adheres to for security?).  Im very interesting in the call recording capabilities but with recordings on Twilio servers, if Twilio cannot agree to a BA and provide some documentation that they can provide internal security protection of the data, then Im afraid most of the medical industry would not be able to utilize this very cool web service/api

    • Quickmail

      It’s important to understand that HIPAA has no specific data security reirements aside from reasonable care of information.  There is no HIPAA data security certification and reasonable practices are just fine.  In my opinion, with Twilio you can meet and exceed these requirements.  The bottom line is that basic telephone service meets the reasonable security notions.  For anyone wishing to cover the never ending possibilities, it’s best to disclose to patients the intent to use commercial grade telephone service, email, etc and offer anyone declining the standard office policy for a friendly face to face talk on their time and their nickle.  You may reasonably expect almost no one in today’s “Facebook World” gives a hoot about the nightmare of never ending hacker surpizes that might occur.  To be sure, they care a lot about their charge card but far far less about their medical info.  Really, who hasn’t mention their health information to family in email or talked about it on a phone?  Why most practices get lost listening to data security experts with a huge feeling of self importance and no understanding of HIPAA is a mystery.  To be sure, leaving all you data on a laptop that can be stolen or on a hard drive someone can walk off with is a no-no.  Feel free to give me a call if you need more info.  I’m always glad to hear other opinions but find that few have read and understand what HIPAA requires vs what the security industry tauts as HIPAA for the sake of sales it helps them make.  Just ask for Mike at 256-650-3116.   Be sure to mention it’s about Twilio/HIPAA topic if you leave a message.  As a novice Twilio developer, I’m certainly open to learn more, so let me hear more ideas.

      • L P

        Thanks for the reply.  I am located very near to Huntsville and am more novice Twilio than you :) I have only done some sample/testing apps…  However i’m intrigued with the product and agree there are so many places in medical field it could be used.  I think the current issue with Twilio and HIPAA is with recorded data stored on their servers (think about an automated answering service platform).  I know they use AWS, which is a HIPAA compliant infrastructure, but I have to believe their (Twilios) employees have some theoretical access to data for support reasons, etc. That being the case, HIPAA does request business associate agreement documentation in place so that associates that may have access or care of your data will agree to protect it as if it were their own.   Finally, when contracting with larger medical providers many will require 3rd party security audits, and those typically require audits of associates that you utilize if they have access to protected data.