Written by Aaron J. Beresh, Esq., The Health Law Partners, P.C.
On January 5, 2018, the Centers for Medicare & Medicaid Services (“CMS”) issued a Memorandum to State Survey Agency Directors advising that: i) texting is a permissible means of communicating patient information among Hospital and Critical Access Hospital (“CAH”) team members (whom are involved in the patient’s care) if such team members use a secure and encrypted platform; and ii) texting patient orders—irrespective of the platform used for texting—remains impermissible as such actions are violative of the hospital/CAH Conditions of Participation (“CoPs”).
Texting of Patient Information:
On December 28, 2017, CMS issued its initial Memorandum that was broadly written to permit healthcare team members (in general, without limitation to specific healthcare settings or entities) to utilize secure/encrypted text messaging for exchanging patient information. However, on January 5, 2018, CMS revised (and limited) its initial December 28, 2017 Memorandum to specifically clarify that its policy only recognizes secure/encrypted text messaging among Hospital and CAH team members. While CMS’ initial Memorandum provided helpful guidance (given CMS’ prior position on the impermissibility of texting patient information), the revised Memorandum creates further ambiguity as it relates to CMS’ policy, in general, as it now bifurcates the permissibility of exchanging patient information via secure/encrypted text messaging among Hospital and CAH team members (which is permitted) and the remainder of healthcare covered entities (to which CMS’ Memorandum does not apply). Additionally, CMS’s Memorandum does not specify the providers it considers to be within the Hospital and CAH “healthcare team” or whether such providers need to be in a Hospital or CAH at the time the messages are exchanged. Thus, CMS may provide additional clarification regarding its policy in the future.
For Hospitals, CAHs, and Hospital/CAH team members intending to exchange patient information via secure/encrypted text messaging platforms based on CMS’ revised Memorandum, CMS advises that in order to remain compliant with Hospital CoPs, providers must utilize secure and encrypted platforms that maintain patient confidentiality (and otherwise comply with HIPAA and CoPs) and implement policies/procedures to routinely assess the security and integrity of the secure texting platform. While CMS’ Memorandum “recognizes that the use of texting as a means of communication with other members of the hospital and CAH healthcare teams has become an essential and valuable means of communication among the team members”, it requires that such communications be conducted through an encrypted/secure platform.
Order Entry:
CMS reiterated its position that texting patient orders is impermissible, regardless of the platform utilized. In fact, CMS states that orders should be entered via hand written order or Computerized Provider Order Entry (“CPOE”) (which is the preferred method for order entry) with an immediate, dated, timed, and authenticated entry in the patient’s medical record.
Aaron J. Beresh, Esq. is an attorney with The Health Law Partners, P.C., and represents healthcare providers and practices in almost all areas of healthcare law with a particular focus on corporate/transactional matters, regulatory, and privacy/security matters. Aaron can be reached at (248) 939-0463.
This blog post is for general informational purposes only, and does not constitute legal advice.
On January 5, 2018, the Centers for Medicare & Medicaid Services (“CMS”) issued a Memorandum to State Survey Agency Directors advising that: i) texting is a permissible means of communicating patient information among Hospital and Critical Access Hospital (“CAH”) team members (whom are involved in the patient’s care) if such team members use a secure and encrypted platform; and ii) texting patient orders—irrespective of the platform used for texting—remains impermissible as such actions are violative of the hospital/CAH Conditions of Participation (“CoPs”).
Texting of Patient Information:
On December 28, 2017, CMS issued its initial Memorandum that was broadly written to permit healthcare team members (in general, without limitation to specific healthcare settings or entities) to utilize secure/encrypted text messaging for exchanging patient information. However, on January 5, 2018, CMS revised (and limited) its initial December 28, 2017 Memorandum to specifically clarify that its policy only recognizes secure/encrypted text messaging among Hospital and CAH team members. While CMS’ initial Memorandum provided helpful guidance (given CMS’ prior position on the impermissibility of texting patient information), the revised Memorandum creates further ambiguity as it relates to CMS’ policy, in general, as it now bifurcates the permissibility of exchanging patient information via secure/encrypted text messaging among Hospital and CAH team members (which is permitted) and the remainder of healthcare covered entities (to which CMS’ Memorandum does not apply). Additionally, CMS’s Memorandum does not specify the providers it considers to be within the Hospital and CAH “healthcare team” or whether such providers need to be in a Hospital or CAH at the time the messages are exchanged. Thus, CMS may provide additional clarification regarding its policy in the future.
For Hospitals, CAHs, and Hospital/CAH team members intending to exchange patient information via secure/encrypted text messaging platforms based on CMS’ revised Memorandum, CMS advises that in order to remain compliant with Hospital CoPs, providers must utilize secure and encrypted platforms that maintain patient confidentiality (and otherwise comply with HIPAA and CoPs) and implement policies/procedures to routinely assess the security and integrity of the secure texting platform. While CMS’ Memorandum “recognizes that the use of texting as a means of communication with other members of the hospital and CAH healthcare teams has become an essential and valuable means of communication among the team members”, it requires that such communications be conducted through an encrypted/secure platform.
Order Entry:
CMS reiterated its position that texting patient orders is impermissible, regardless of the platform utilized. In fact, CMS states that orders should be entered via hand written order or Computerized Provider Order Entry (“CPOE”) (which is the preferred method for order entry) with an immediate, dated, timed, and authenticated entry in the patient’s medical record.
Aaron J. Beresh, Esq. is an attorney with The Health Law Partners, P.C., and represents healthcare providers and practices in almost all areas of healthcare law with a particular focus on corporate/transactional matters, regulatory, and privacy/security matters. Aaron can be reached at (248) 939-0463.
This blog post is for general informational purposes only, and does not constitute legal advice.