Texting in Healthcare

In December of 2017, several hospitals received a letter from The Centers for Medicare & Medicaid Services (or CMS) stating that texting in a clinical setting is not approved, even on “encrypted” or “secured” texting platforms. A number of hospitals quickly updated their policies and called for an immediate cease of texting. But many in the healthcare industry responded quite negatively to this adjustment.

After all, an increasing number of healthcare facilities are using texting to communicate patient information. Though they would be considered as not keeping up with security protocols, more than 50% of hospital-based clinicians use standard text messaging for patient-related communication. (According to a survey done by the Journal of Hospital Medicine)

Secure texting has been used to replace pagers in healthcare, as a means to connect healthcare providers, patients, and other industry members. The CMS acknowledged this, and reconsidered expanding medical communication to include texting.

Restricting texts for hospitals becomes a major hindrance to workflow. One attorney stated that prohibiting texting completely would be like “going back to the dark ages”. The CMS had previously viewed texting as an exposure of patient data just waiting to happen. But they did then recognize texting as having become essential.

So as it stands, messages sent between clinicians using a secure platform are allowed. But texting patient orders is still prohibited. The stances of the CMS and the Joint Commission are therefore now aligned. They acknowledge texting as commonplace in medical facilities, but they take a firm stand regarding patient orders.

But there are some new elevated standards these organizations will have to meet if they want to keep up with protocol. For example, they’re expected to routinely assess the security and integrity of the texting platforms being used. Text messages also need to be entered into patient records for later reference. When available, computerized provider order entry (or CPOE) remains the preferred method of communication.

Healthcare providers are expected to do everything in their power to minimize availability, confidentiality, and integrity of PHI. There’s comfort in knowing that protecting PHI is taken very seriously. Texting in healthcare is considered a rather complicated and controversial topic, so there are still concerns that need to be addressed before it can be considered a fully accepted mode of communication.

Need help analyzing cyber vulnerabilities like this? Contact us today.


You Might Find These Articles Interesting:

Texting in Your Healthcare Facility: Part 1

CMS Texting Guidelines Bring Clarity to Healthcare Security: Part 2

A Full Risk Assessment is Needed in Healthcare: Part 3