<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=176170952734135&amp;ev=PageView&amp;noscript=1">


Un-complicating Healthcare IT

CMS Clarification on Texting

Jan 10, 2018 2:51:06 PM Posted by Jim Tufts | Leadership Solutions Team Lead


On December 28, 2017, CMS posted a clarification letter that was stated to be effective immediately.  You can find the PDF document here.  A quick summary of the clarification is as follows:

  • This indicates that texting of patient information is permissible as long as the platform is secure.  In other words, standard (native) text functionality is not considered secure, which means use of a secure texting solution is necessary to meet the secure requirement.
  • CMS had previously sent emails to at least two hospitals indicating texting was not permitted, even through secure means, which seemed to contradict other sources, including the Joint Commission.
  • Texting  of patient orders is still prohibited.

One thing to keep in mind is that secure texting systems generally require the sender of the text to use a specific system or app, so disciplined staff action will be key to prevent inadvertent texting of patient information outside secure capability.  In other words, training and regular reminders should be incorporated into your current security best practices regarding proper texting protocols and restrictions.  If secure texting is used, consideration should be given to the type of information sent and whether the communication should be included in the patient’s electronic record.

A June 2017 survey of CHIME CIO's by Spok found that 71% indicated that EHR integration with secure messaging was a base consideration for decisions on communications-related technologies .  Conversely, an early 2017 Journal of Hospital Medicine study found that secure messaging was not a main form of communication for providers (26% said their hospital had implemented secure messaging that was being used by some clinicians, with just 7% indicating secure messaging was being used by most clinicians).

So, while this does not appear to currently be a wide-spread area of concern, we felt it was a helpful clarification and one that was worth passing along.

If you have questions about this or any security related Health IT issue, please feel free to reach out, as always.

Jim Tufts | Leadership Solutions Team Lead

Jim, along with the Leadership Solutions team, leads, guides healthcare providers, in user education, consulting, process improvement, disaster recovery planning, strategic IT planning and more. Jim is the author of the whitepaper, “Guide to the HIPAA Security Rule,” and is often found in healthcare association meetings, national conferences, or in a healthcare board room educating on protecting electronic patient health information.