To Text or Not to Text: Clarification for Healthcare Providers on Texting Patient Information

On December 28, 2017, the Centers for Medicare & Medicaid Services (CMS) released a Memorandum (the “Memo”), effective immediately, that represents a clear change to previous guidance on the use of SMS Text Messaging or “texting” by healthcare providers to transmit patient information to other providers that are part of a patient’s care team. While texting patient orders is still strictly prohibited on any platform, texting of patient information among members of a healthcare team is allowed when accomplished via a secure platform. The Memo primarily serves to clarify why texting patient orders is not permissible among members of a health care team, and this article will highlight its key points.

Texting Patient Orders Prohibited

Texting patient orders among members of a patient care team is prohibited under the Conditions of Participation (CoPs) and Conditions for Coverage (CfCs). Under the CoPs, “practitioners’ orders” must be accurately documented in a patient’s medical record, and a patient’s medical records must meet several standards regarding form and retention. For example, a medical record must be accurately written, retained in its original or legally reproduced form for at least five years, and may only be released to authorized individuals. According to CMS, texting patient orders fails to comply with these requirements and is thus prohibited.

Instead of texting, the Memo suggests that Computerized Provider Order Entry (CPOE) is the preferred method for entering orders into a patient’s medical record. An order entered via CPOE with an immediate download into the provider’s electronic health records (EHR) would be dated, timed, authenticated, and promptly placed in the medical record, thereby compling with CoPs and CfCs. 

Texting Patient Information Securely

Unfortunately, the Memo does not offer substantial guidance regarding what CMS considers a “secure” platform for texting patient information. However, CMS noted in the Memo that in order to be compliant with CoPs or CfCs, “providers must utilize and maintain systems/platforms that are secure, encrypted, and minimize the risks to patient privacy and confidentiality as per HIPAA regulations and the CoPs or CfCs.” They also expect providers to routinely assess the security and integrity of texting platforms being used in order to avoid negative outcomes that may compromise patient care.

CMS recognizes that texting among healthcare providers has become an essential and valuable means of communication among patient care team members. Providers should be sure to properly vet any texting platform they plan to use for security measures, including HIPAA compliance. Nixon Law Group attorneys are experts in healthcare security regulations and are familiar with secure texting platforms. Please contact us if you are interested in learning more about HIPAA and secure, approved methods of transmitting patient health information.  

Need help setting up compliant data privacy tools and processes? Click here to find out how we can help.