This week on the HIPAA Insider Show, we delve into the Centers for Medicare & Medicaid Services’ (CMS) recent clarification on the permissible use of texting for patient information and orders. With advancements in secure communication platforms, CMS has updated its guidelines, allowing healthcare providers to utilize texting within specific parameters. Join us as we explore the implications of this update, the requirements for maintaining HIPAA compliance, and best practices for integrating texting into patient care workflows.
Transcript
Adam Zeineddine
Hello, and welcome to the HIPAA Insider show, where we break down the latest in HIPAA compliance and healthcare data security. I’m your co host, Adam Zinedine.
Gil Vidals
And I’m Gil Vidals, your other co host. And today we’ve got some major developments to review with you.
Adam Zeineddine
Yeah, that’s right. We’re discussing a significant update from CMS regarding the use of texting for patient information and orders. Before we dive in, don’t forget to like this video, subscribe to our channel and hit the notification bell so you never miss an update on all things HIPAA compliance and healthcare technology. Gil, can you provide some context on CMS’s previous position regarding texting patient information and orders?
Gil Vidals
Certainly. In 2018, the CMS prohibited texting of patient orders even through secure platforms. They were concerned about record retention, privacy, confidentiality, those kind of things. So while texting patient information among healthcare team members was allowed if done through a secure platform, however, orders were expected to be entered via a cpoe, which is a computerized provider order entry system. So that. That’s the background information.
Adam Zeineddine
Okay, and what’s changed with the new guidance?
Gil Vidals
Yeah, what’s changed at the cms, which, by the way, CMS is the Centers for Medicare Services, and they’ve recognized advancements. You know, things are becoming more modern and the secure texting technology has been updated or has evolved to where it is secure, and their policy is matching that now, where texting patient information and orders is permissible if conducted through a HIPAA compliance secure texting platform that meets the guidelines, which are under conditions of participation, they call that cop. However, CMS still prefers COP for order entries.
Adam Zeineddine
Okay, so what do healthcare providers need to do to ensure compliance when texting patient information and orders?
Gil Vidals
Sure. Providers should start by using a secure platform. Adam, that means they’re using a platform that implements the encryption to comply with HIPAA and the COP that we just mentioned. Secondly, ensure author identification integrity. That means they’re going to maintain the integrity of who’s sending the text. That’s the author identification. And you need that to prevent unauthorized people or you don’t want just anyone using your secure platform to send a text number. Three, regularly assess security measures. So, routinely evaluate the security integrity of your texting system to prevent any potential risk. Make sure, in other words, you keep the platform up to date. If your vendor has provided software support, make sure you pay for it and update it timely. Finally, integrate with EHRs. Ensure that the text orders are promptly integrated to your EHR to maintain accurate and complete patient records.
Gil Vidals
So you don’t want your staff doing out things outside the system where they’re texting on their own phone privately. You want to make sure the text come through the platform and are integrated to ehr. We have a record of all the text sent and received.
Adam Zeineddine
Okay. And when it comes to best practices, what kind of practices should the organizations be following to incorporate texting into the workflow?
Gil Vidals
Well, you’ll need a policy that establishes a clear and acceptable use of texting for patient information. When is it appropriate to text how to text? Can you do it just from your personal cell phone or where can you do it from? Trained staff provide the training they’ll need to ensure they understand how to do this, how to secure text the patients and then monitor compliance, Implementing monitoring to ensure the adherence to these policies and then react quickly if someone violates one of those policies. And then stay updated. Keep abreast of any further updates from CMS or other regulatory bodies regarding communication technologies.
Adam Zeineddine
Yeah, I mean, that all seems like common sense. I think the key point there is it’s, you know, it’s fine saying it’s common sense, but document it and have a policy so that, you know, it’s clearly there in black and white. Okay, well, thanks for shedding some light on this update, Gil. And of course, as technology evolves, it’s crucial for healthcare providers to adapt when. While maintaining compliance.
Gil Vidals
Yeah, absolutely, Adam. I think just to wrap things up, I’d like to just make a comment that we do see customers that are still old school, where the doctor, the medical professional will just be texting from their personal phone and that message is sent. Maybe it’s secure, maybe it’s not. And it’s not reported in their platform. So there are a lot of cases, a lot of medical professionals that need to come up to speed to make sure they follow the right regulations.
Adam Zeineddine
Well, that wraps up today’s episode of the HIPAA Insider show. Don’t forget to like the video. Subscribe to our channel Notification bell so you never miss a moment of HIPAA insights. If you have any questions or topics you’d like us to cover, drop them in the comments below. And until next time, stay compliant and stay informed.