CMS Changes Longstanding Policy, Allows Providers to Text Patient Information and Orders

By Brian Murphy

Ladies and gentlemen, start your texts.

Texting patient information and the texting of patient orders among members of the health care team is now permissible, if accomplished through a HIPAA compliant secure texting platform (STP) and in compliance with the Conditions of Participation (CoPs), according to a recent CMS memorandum. See link below.

Sometimes healthcare does catch up to the present. I can almost picture the CMS boardroom meeting two weeks ago, an administrator standing up and saying:

“Can I have your attention please? A new device has come to my attention. Ladies and gentlemen, I bring you… the Blackberry!”

But seriously, CMS permitting texting of orders is a big deal.

How the text then gets into the medical record is the next problem to be solved. But baby steps. Some hospitals and EHR vendors have already figured this out.

Other noteworthy guidance from the transmittal:

• Effective date is immediate (as of Feb. 8, 2024)
• Computerized Provider Order Entry (CPOE) continues to be the preferred method of order entry by a provider, per CMS.
• To comply with the CoPs, all providers must utilize and maintain systems/platforms that are secure and encrypted and must ensure the integrity of author identification as well as minimize the risks to patient privacy and confidentiality, as per HIPAA requirements.
• Providers should implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms to avoid negative outcomes that could compromise the care of patients.
• Send your questions to QSOG_Hospital@cms.hhs.gov.

After I first posted this article I received a number of perceptive comments, most of them centered around some version of the notion that “this is great, but implementing it won’t be easy.” Here is a sample:

• I understand the premise of adding the security layer to texting with encryption apps, but I’m also in the field and know this will not happen without accountability and consequences driving IT to make their case(s) to leadership and boards. This costs money, alignment and adoption. 
• My concern about the texting is, what if they get a new phone number and will they keep it updated so nobody else would get the text? What rules and regulations will they have?

Read the full memorandum here: https://www.cms.gov/files/document/qso-24-05-hospital-cah.pdf