The recent discussions regarding texting in healthcare, driven by a CMS (Medicare/Medicaid) letter that was publicly released at the end of last year, has caused an ongoing discussion about regulations on texting to relay patient information. This is the first article in a series about texting in healthcare and the risks inherent in using it as communication for sensitive patient information. The released portion of the letter stated that texting in a clinical setting is not approved, even on encrypted or “secured” texting platforms.

We are seeing more and more hospital and healthcare facility employees using text messaging to communicate patient information. Unfortunately, these facilities are not keeping up with appropriate security protocols. According to a survey published in the Journal of Hospital Medicine, more than half of hospital-based clinicians are using standard text messaging for patient-related communication.

After the release of the letter, hospitals quickly updated policies and sent letters calling for an immediate cease of all texting. We have since called the Department of Health and Human Services to get more information on the matter. For enforcement questions, we were forwarded to the Office of Civil Rights. There, we spoke with an OCR manager and were informed that if a medical agency had done a full risk assessment, including a concentration on texting, and incorporated an encrypted texting solution, they would likely not take action against the agency.

With the increasing advancement in technology, as well as our dependency upon it, the American Medical Association is currently considering expanding its advice on email communication with patients to include text messaging. You can find their current advice in the AMA Principles of Medical Ethics 2.3.1. Please note, the opinions in this chapter of the AMA Principles of Medical Ethics are offered as ethics guidance for physicians and are not intended to establish standards of clinical practice or rules of law.

Digital Forge offers cybersecurity assessments and packages that meet the individual needs of every business, no matter your size or industry. Contact us today for more information, call us at (877) 369-1831 or email info@dfcyber.com.