The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

CMS Updates Policy to Allow Texting Patient Information and Patient Orders

Posted By on Feb 12, 2024

The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has updated its policy on texting patient information between members of the care team and texting patient orders. Clinical teams are now permitted to text patient information provided they use a HIPAA-compliant texting platform to do so, and provided they are in compliance with the Conditions of Participation (CoPs). The CMS also permits the texting of patient orders.

In January 2018, the CMS issued a QSO-19-10-Hospital, CAHs Revised memorandum – Texting of Patient Information among Healthcare Providers in Hospitals and Critical Access Hospitals (CAHs) – acknowledging that many hospitals had adopted a secure text messaging platform for communicating among hospital and CAH team members; however, the CMS stated that texting patient orders from a provider to a member of the care team was not compliant with the CoPs due to concerns about privacy, record retention, and the confidentiality, security, and integrity of systems at the time. When the memorandum was written, most hospitals did not have the capability to use secure text messaging platforms to incorporate messages into electronic health records (EHRs). Improvements in technology over the past 6 years, such as the use of encryption, ensure that sensitive health information can be transmitted and stored securely and advances in technology, especially the application interface capabilities of text messaging platforms, allow data to be transferred into EHRs.

While texting patient orders is now permitted, Computerized Provider Order Entry (CPOE) is the preferred method of order entry by a provider. If an order is entered via CPOE and immediately downloaded into the hospital’s or CAH’s EHR system, it is permitted under the CoPs because the order is dated, timed, authenticated, and promptly placed in the medical record. However, providers must utilize and maintain systems/platforms that are secure and encrypted. They must ensure the integrity of author identification and minimize risks to patient privacy and confidentiality, as required by HIPAA.

In addition, procedures and processes should be implemented that routinely assess the security and integrity of the texting systems/platforms to avoid negative outcomes that could compromise the care of patients. Any provider that opts to incorporate texting patient information or orders into the EHR should ensure that the platform is compliant with the requirements of the HITECH Act and HIPAA.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist