CMS clarifies HIPAA compliance rules for texting patient information

Health
By Liam

The Centers for Medicare and Medicaid Services Quality, Safety & Oversight Group immediately sent a memo to state investigative agency directors clarifying HIPAA compliance for texting patient information and hospital orders at critical access hospitals.

WHY IT MATTERS

CMS text messaging guidance released to hospitals in 2018 indicated that while texting patient information had become essential for operations, texting patient orders from a provider to a healthcare team member was not consistent with the agency’s conditions of participation.

The CoPs regulations for hospital and CAH medical records require that “inpatient and outpatient medical records be accurately written, completed promptly, properly maintained and preserved, and accessible,” CMS said in a new SMS protocol for patient data that was released Thursday.

CMS said in the new memo, Texting of Patient Information and Orders for Hospitals and CAHs, that in 2018 it had concerns about “data retention, privacy, confidentiality, security, and the integrity of systems in place at the time.”

Although automated order entry by a provider is still the provider’s preferred method for order entry, those who choose to incorporate texting of patient information and orders into electronic health records must use and maintain data security and encryption, and ensure the integrity of author identification on the electronic medical records. secure text messaging platforms that comply with the Health Insurance Portability and Accountability Act of 1996, CoPs and the HITECH Act, according to CMS.

“Providers must implement procedures/processes that routinely assess the security and integrity of the text messaging systems/platforms used to prevent adverse outcomes that could compromise patient care,” CMS said.

THE BIG TREND

CMS’s stance on texting patient information in 2018 came shortly after a report from the Health Care Compliance Association that raised concerns about the agency’s secretive policies.

In that report, the association said some hospitals had received emails from CMS indicating that “texting is not allowed” regardless of the security of a request, citing medical record retention and confidentiality as factors in the agency’s decision not to text.

Despite the prevalence of texting among healthcare teams since that time, a 2022 study from the Regenstrief Institute, Indiana University School of Medicine, and Indiana University Health Methodist Hospital found that while physicians were eager to replace pagers with clinical texting systems, were critical of the large number of messages.

“We found that there is a lack of shared understanding among physicians about the use of clinical text messaging,” said study corresponding author Joy L. Lee, research scientist at the Regenstrief Institute and assistant professor at the University of Massachusetts Chan Medical School , in an announcement about it. clinical SMS study.

ON THE RECORD

“CPOE remains a provider’s preferred method of order entry, but we recognize that alternatives now exist, as well as significant improvements in the encryption and application interface capabilities of text messaging platforms to transfer data to electronic health records,” CMS said. in the note.

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

You might also like More from author