CMS: Texting Patient Information and Patient Orders is Now Permitted

The Centers for Medicare and Medicaid Services (CMS) have updated their policy on texting patient information and patient orders. In a recent memo, the CMS Quality, Safety & Oversight Group explained that its policy was updated on February 8, 2024, with immediate effect, and providers at hospitals and critical access hospitals are now permitted to text patient information among care team members and can text patient orders without violating Medicare’s Conditions of Participation. There is one caveat, however, and that is that standard text messages cannot be used as they are not secure. Texting is only permitted if a HIPAA-compliant secure text messaging platform is used.

The CMS previously issued a memo in 2018 that acknowledged that many healthcare providers were using text messaging platforms for internal communications and that these platforms had become essential to their operations. However, at the time, the CMS was concerned about privacy and security and there were issues with record retention and the integrity of existing systems, so its policy on texting patient information was not changed. Since 2018 there have been considerable technological advances in encryption and text messaging platforms now have application interface capabilities that allow patient data to be directly transferred to electronic health records. As such, the time has come for a change to the CMS policy on texting.

The CMS said that any provider that chooses to incorporate texting into their workflows and EHRs must ensure that they use a platform that is compliant with the requirements of HIPAA, the HITECH Act, and the Medicare Conditions of Participation. If such a platform is used, providers should routinely assess the platform to avoid negative consequences that could compromise the care of patients.

The CMS also said that while texting patient orders and sharing patient information via a secure, HIPAA-compliant texting platform is permitted, the CMS prefers that providers enter their orders into the medical record via a computerized provider order entry or a handwritten order. The policy change has been welcomed by the American Hospital Association (AHA) which said the change will be good for patients and providers.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/