To text or not to text…that is a good question. And on December 28th, CMS came out with a memorandum addressing this very topic. The short answer is yes and no.
CMS does allow texting of patient information among health care team members. “All providers must utilize and maintain systems/platforms that are secure, encrypted, and minimize the risks to patient privacy and confidentiality as per HIPAA regulations and the Conditions of Participation (CoPs) or Conditions for Coverage (CfCs).” Clinicians should be mindful of protecting patient identifiable information in the content of the text as well as security of the devices. Employees must take reasonable steps to ensure HIPAA protected information remains confidential. Some things you can do are:
- Use alternative identifiers for patients such as initials, abbreviations, or medical record numbers,
- Keep your device secure by having it locked at all times when not in use,
- Ensure that the receiving device is secure,
- Verify the receiving device’s number verbally with the receiver,
- Double-check the entry of the receiving device’s number before sending any communication,
- Transcribe any medically relevant text messages into communication notes to go into the official medical record, and
- Delete patient-related texts from your device when they are no longer needed.
“CMS does not permit the texting of orders by physicians or other health care providers.” Please keep this in mind when communicating orders. Orders must be communicated either in writing, verbally (with written order for the medical record to follow), or through Computerized Provider Order Entry (CPOE). CMS prefers CPOE by the physician as this minimizes the chance for errors.
We recommend that agencies review their policies and procedures to ensure that they include guidelines on texting. Don’t forget to communicate any updated policies to all employees who transmit confidential information. It would be advisable to include this in your annual HIPAA training for all employees as well.
If you are a contract therapist for home health agencies, you should ask to see the agency’s policy on texting. While they are responsible for enforcing policies and keeping information secure, you have the responsibility of being aware of the policy and staying in compliance with it. Surveyors expect you to follow agency policy and procedure as if you were a directly-hired employee.
therapyBOSS has a built-in, secure messaging feature for care-related communication. This conveys information in a HIPAA-compliant manner, reducing your exposure to liability. Clinicians can communicate easily with their therapy staffing company, the contracting agency, another clinician on the care team, and even the entire care team at once.