On December 28, 2017, the Center for Medicare and Medicaid Services (CMS) announced that texting patient information among healthcare providers is acceptable if done through a secure platform, but the texting of orders is prohibited - even if the orders are encrypted. Computerized Provider Order Entry (CPOE) is the preferred method of order entry. Although CMS has gone back and forth on this issue, it is now clear that texting orders is not in compliance with the Conditions of Participation (CoPs) and Conditions for Coverage (CfCs). A copy of the CMS Memorandum can be found here.
In 2016 The Joint Commission (TJC) clarified its position, which also prohibits the use of secure text orders. The Joint Commission further recommended that all healthcare organizations have policies prohibiting the use of unsecured text messaging for communicating protected health information (PHI). Its recommendations can be found here.
One of the concerns surrounding the texting of orders is that the information may be lost or compromised if it has to be manually entered into the medical record from a text message. Other healthcare providers will not have access to this information if it is not in the medical record, which could affect patient care. The medical record must contain all information upon which treatment decisions are based, and patients have the right to access this information pursuant to HIPAA.
In addition, there are several privacy and security concerns. When a text message appears on a phone it may be possible for others to see PHI. A phone may lack proper authentication and without access PHI may be disclosed improperly. Lastly verification of the recipient and verification of receipt may be challenging.
The debate over texting orders will likely continue. As technology advances, the recommendations and guidance regarding electronic communications among healthcare providers will continue to evolve as well. The Institute at MagMutual will monitor this issue and keep our PolicyOwners informed.