On February 8, 2024 the Centers for Medicare and Medicaid Services (CMS) issued a quality standard memo that updates and clarifies the rule regarding HIPAA compliance when texting patient orders.
In 2018 CMS found that texting was becoming an essential part of hospital operations. At the time, however, CMS found that the practice of texting patient orders from a provider to a member of the care team was not in compliance with the agency’s Conditions of Participation (CoPs) and so was not allowed. This was mostly due to there being few hospitals with the ability to use secure texting platforms to incorporate messages into the medical record and the resulting record retention issues, privacy concerns, security risks, and concern for confidentiality.
In the new memo, CMS acknowledges that secure texting platforms now exist that can transfer data into EHRs and comply with the CoPs. The released update encourages providers to ensure that their processes comply with HIPAA regulations, data security, and encryption if they decide to incorporate the texting of patient information such as orders.
While texting patient orders is now allowed, CMS continues to assert that a computerized provider order entry (CPOE) is the preferred method of entering an order. If an order is entered via CPOE and immediately downloaded into the covered entity’s EHR system, it is allowed under the CoPs because the order is dated, timed, authenticated, and promptly placed in the medical record.
Consider these strategies to reduce risk:
We strive to keep you informed of developments that affect our insureds by providing you with essential information and risk mitigation strategies to help you support compliance and reduce risk. For assistance or questions contact the ProAssurance Risk Management Department at 844-223-9648 or RiskAdvisor@ProAssurance.com.
More Information About Texting in Healthcare