CMS Updates Policy to Allow Texting Patient Information and Patient Orders
The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has updated its policy on texting patient information between members of the care team and texting patient orders. Clinical teams are now permitted to text patient information provided they use a HIPAA-compliant texting platform to do so, and provided they are in compliance with the Conditions of Participation (CoPs). The CMS also permits the texting of patient orders.
In January 2018, the CMS issued a QSO-19-10-Hospital, CAHs Revised memorandum – Texting of Patient Information among Healthcare Providers in Hospitals and Critical Access Hospitals (CAHs) – acknowledging that many hospitals had adopted a secure text messaging platform for communicating among hospital and CAH team members; however, the CMS stated that texting patient orders from a provider to a member of the care team was not compliant with the CoPs due to concerns about privacy, record retention, and the confidentiality, security, and integrity of systems at the time. When the memorandum was written, most hospitals did not have the capability to use secure text messaging platforms to incorporate messages into electronic health records (EHRs). Improvements in technology over the past 6 years, such as the use of encryption, ensure that sensitive health information can be transmitted and stored securely and advances in technology, especially the application interface capabilities of text messaging platforms, allow data to be transferred into EHRs.
While texting patient orders is now permitted, Computerized Provider Order Entry (CPOE) is the preferred method of order entry by a provider. If an order is entered via CPOE and immediately downloaded into the hospital’s or CAH’s EHR system, it is permitted under the CoPs because the order is dated, timed, authenticated, and promptly placed in the medical record. However, providers must utilize and maintain systems/platforms that are secure and encrypted. They must ensure the integrity of author identification and minimize risks to patient privacy and confidentiality, as required by HIPAA.
In addition, procedures and processes should be implemented that routinely assess the security and integrity of the texting systems/platforms to avoid negative outcomes that could compromise the care of patients. Any provider that opts to incorporate texting patient information or orders into the EHR should ensure that the platform is compliant with the requirements of the HITECH Act and HIPAA.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy