The Centers for Medicare & Medicaid Services (“CMS”) issued a formal memorandum to state hospital survey agency directors on Dec. 28, 2017, clarifying its position on the texting of patient information. CMS acknowledged in the memorandum that texting among healthcare professionals has become an essential and valuable means of communication. In order for such texting of patient information to be compliant, CMS confirmed that such communication must be done via secure and encrypted systems to minimize the risks to patient privacy and confidentiality per the HIPAA regulations and the CMS Conditions of Participation and Conditions for Coverage for hospitals.
CMS’ memorandum was issued not long after an article was published in the Dec. 18, 2017 issue of the Report on Medicare Compliance. The article detailed two recent instances in which CMS’ survey and certification team sent emails to two hospitals (that wished to remain anonymous) stating that “texting [was] not permitted,” including the use of secure text messaging applications between healthcare providers. The reported emails came as a surprise to many health systems in which texting has become commonplace for the effective and efficient treatment of patients. The correction and clarification in the recent CMS memorandum has certainly brought relief to healthcare providers who rely on such secure text messaging in their day-to-day operations.
The memorandum also reiterated CMS’ (and The Joint Commission’s) current position that that the texting of orders is prohibited regardless of the platform utilized, as such practice does not comply with the Conditions for Coverage and the Conditions of Participation for medical record retention and content. CMS emphasized that computerized provider order entry (“CPOE”) is still the preferred method of order entry by a provider. CMS reaffirmed that licensed independent practitioners should enter orders into the medical record via CPOE, with an immediate download into the provider’s electronic health record, as such order would be dated, timed, authenticated and promptly placed in the medical record.