CMS takes texting to task

by Julia Kyles, CPC on Dec 29, 2017
Practices in search of a texting policy should look no further than CMS' guidance to state survey agency directors, published Dec. 28. Even though medical practices aren't required to followed the guidance, doing so will make life easier for clinicians who won't have to remember one rule when they're at the practice and another rule when they are in a facility such as a hospital or an ambulatory surgical center.
Best of all, the guidance is fairly straight-forward:
  • OK - Texting patient information through a secure platform to other members of the care team.
  • Not OK - Texting patient orders.
Here's a bit more detail from the guidance, which went into effect immediately:
CMS recognizes that the use of texting as a means of communication with other members of the healthcare team has become an essential and valuable means of communication among the team members. In order to be compliant with the CoPs or CfCs, all providers must utilize and maintain systems/platforms that are secure, encrypted, and minimize the risks to patient privacy and confidentiality as per HIPAA regulations and the CoPs or CfCs. It is expected that providers/organizations will implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms that are being utilized, in order to avoid negative outcomes that could compromise the care of patients.
A quick internet search turned up a variety of text encryption apps, but medical providers should stick to those that are labeled HIPAA-compliant. They should also be prepared to do a little research before they download a new app: for example, how is the vendor guaranteeing HIPAA compliance and how often does it update its system to stay compliant? What kind of backup services are included, and are the backups encrypted?
Health care entities should also make sure the system is easy to use. A platform that is difficult to use will drive clinicians back to the regular, insecure texting service.
Blog Tags: Privacy, security
The information contained herein was current as of the publication date. © Copyright DecisionHealth, all rights reserved. Electronic or print redistribution without prior written permission of DecisionHealth is strictly prohibited by federal copyright law.