The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has recently updated its policy on the texting of patient information and patient orders among members of the healthcare team, permitting clinical teams to engage in the texting of patient information, provided they use a secure texting platform (STP) compliant with HIPAA regulations and that the practice aligns with the Conditions of Participation (CoPs), and this permissibility extends to the texting of patient orders.
This development arises from the recognition by the CMS, outlined in a memorandum dated January 5, 2018, that text messaging had evolved into a mode of communication among healthcare teams within both hospitals and critical access hospitals (CAHs). The initial constraints on the texting of patient orders were primarily rooted in apprehensions surrounding privacy, record retention practices, and the overall security of existing systems. During that period, a substantial number of healthcare institutions faced limitations in utilizing secure texting platforms, preventing the seamless integration of messages into electronic health records (EHRs). Over the years, technological advancements have been valuable in mitigating these concerns. Advancements in encryption methodologies and the improved application interface capabilities of texting platforms have emerged as robust solutions, alleviating the challenges that once prevented the widespread adoption of secure texting practices in the healthcare domain. This evolution demonstrates a change to healthcare provision, as the integration of secure texting platforms becomes more feasible and aligned with technological advancements. ultimately improving communication efficiency and data security within healthcare teams.
While the recent update allows for the permissibility of texting patient orders, it is necessary to emphasize that the favored mode of order entry by healthcare providers continues to be the Computerized Provider Order Entry (CPOE) system. Orders entered through CPOE, then downloaded into the electronic health record (EHR) systems of hospitals or CAHs, are acknowledged as compliant with the CoPs, ensuring meticulous documentation and data security. It is important for healthcare providers to adhere to the stipulation of utilizing and upkeeping secure and encrypted systems/platforms. This not only guarantees the integrity of author identification but also serves to mitigate potential risks to patient privacy and confidentiality, in strict accordance with HIPAA regulations. The emphasis on secure and encrypted platforms demonstrates a commitment to maintaining the highest standards of data protection and security in the healthcare sector, highlighting the ongoing efforts to align technological advancements with regulatory compliance for the safeguarding of patient information and the integrity of healthcare records.
Healthcare providers are also strongly urged to institute comprehensive procedures and processes for the regular assessment of the security and integrity of the texting systems/platforms they employ. This proactive approach is designed to preemptively identify and rectify potential vulnerabilities, avoiding negative outcomes that could compromise the quality of patient care. It is necessary for providers to take a vigilant approach to ensuring that their chosen texting systems/platforms consistently meet the highest standards of security. CMS highlights the expectation that providers, choosing to implement texting patient information and orders into their EHRs, should opt for platforms that align with the stringent requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act and are in full compliance with HIPAA. These updates reflect CMS’s commitment to balancing technological advancements with stringent privacy and security standards in healthcare communication practices.