Our third article discussing the status of texting in healthcare is an ongoing conversation prompted by a CMS notice stating that text messaging for patient orders is now a prohibited practice. The announcement in late December 2017 by CMS (Medicare/Medicaid) sparked controversy around this new decision, as it greatly impacts workflow within the healthcare industry. But it was ultimately decided that texting patient orders bring too many security risks at this time.

Text messaging has been gaining popularity in healthcare settings around patient-centered care. An article released by the Health Care Compliance Association (HCCA) points out that most hospitals are using it among staff to carry out the functions of their jobs. Secure text messaging has been adopted to replace pager culture in healthcare, bringing connectivity to a space that relies on quick reactivity and the ability to share information across healthcare providers, patients, and other industry members.

The use of bidirectional encryption of point-to-point delivery, stored on a secured network server allows for safe delivery with secure texting platforms. This is one aspect of ensuring that the care of patients isn’t compromised, but providers and organizations must also implement comprehensive procedures/processes that establish strict regulation of patient information.

For now the CMS, in alignment with the Joint Commission, recognizes that text messaging plays an important role in effective communication among healthcare team members, but explains that “[i]t is expected that providers/organization will implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms that are being utilized, in order to avoid negative outcomes that could compromise the care of patients.”

The CMS guidelines around texting in healthcare call for a full risk assessment

In the article “Texting in Your Healthcare Facility” that was posted earlier this year after the new regulations were clarified by the CMS, we mention that we received information from an OCR manager who explains that had the proper risk assessment been carried out by the facilities that received the emails from CMS, there would not have been an issue. Beyond the requirement that secure text messaging platforms should encrypt in transit, healthcare providers must do everything in their power to minimize availability, confidentiality, and integrity of PHI. CMS expressed that the concern about security wasn’t just about transmission, a lack of access controls from the devices of the sender and receiver could also put patient privacy at risk. There was also concern about the information being communicated through text also being entered into a database for retrieval.

With the constant evolution of technology within an industry that previously used pagers as a means of immediate connectivity, it’s easy to see why many professionals within healthcare feel the decision is controversial. However, there is comfort in knowing that securing sensitive PHI is taken very seriously and the protection of patients in healthcare is the deferential goal of these stringent regulations. There are still concerns about the security of patient information that need to be addressed before texting can be considered a compliant mode of communication in healthcare.

The future of text messaging in healthcare

Conversations of using text messaging in other capacities within the healthcare industry continue to surface, months after the decision was made by CMS. This goes to show that the decision has made a huge impact on the overall view of using text messaging in healthcare. Text messaging, even outside of patient orders, needs to be carefully considered with strict considerations for the protection of individuals’ personal information. The trend is likely to expand, but it’s nice to know that patient safety is still the number one concern for clinicians. HIPAA and other regulatory standards prevent the compromise of PHI and a high standard of patient care. Texting has become such a versatile use of communication in healthcare, but adherence to patient privacy is of utmost importance and these ongoing conversations are key to upholding a high level of caution when it comes to sensitive information.

For more information on performing a full risk assessment on your organization, or to speak with Digital Forge, Advisory Services Division, contact us at 1(877) 369-1831 or info@dfcyber.com.


You Might Find These Articles Interesting:

Texting in Your Healthcare Facility – Part 1

CMS Texting Guidelines Bring Clarity to Healthcare Security – Part 2

Texting in Healthcare – Video