CMS has issued clarification of its position regarding the use of text messaging with patient information between providers, saying it is “permissible if accomplished through a secure platform.”
The clarification came after hospitals reported receiving emails from CMS that essentially said it had a zero-tolerance policy on text messaging and that it violated the HIPAA Security Rule and the Conditions of Participation (CoPs) or Conditions for Coverage (CfCs).
CMS now is backtracking on that stance, saying text messages are allowed if they are secure.
(The CMS memo is available online at: http://go.cms.gov/2As9SJ2.)
“CMS recognizes that the use of texting as a means of communication with other members of the healthcare team has become an essential and valuable means of communication among the team members. In order to be compliant with the CoPs or CfCs, all providers must utilize and maintain systems/platforms that are secure, encrypted, and minimize the risks to patient privacy and confidentiality as per HIPAA regulations and the CoPs or CfCs,” according to the memo.
“It is expected that providers/organizations will implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms that are being utilized in order to avoid negative outcomes that could compromise the care of patients.”
However, CMS underscored text messaging is not allowed for patient orders under any circumstances, even with a secure platform.
The CMS clarification is consistent with The Joint Commission (TJC)’s statement on text messaging from December 2016, which specifies that text messaging cannot be used to order patient care, treatment, or healthcare services. (The TJC statement is available online at: http://bit.ly/2DTISsD.)
TJC and CMS say they prefer computerized provider order entry because orders can be entered directly into the electronic health record.