The Importance of Secure Texting Policies

Dr on Electronic Device LHATF Blog Post Images

The healthcare landscape is continually evolving, and recent updates from the Centers for Medicare & Medicaid Services (CMS) and the Joint Commission reflect this shift. Organizations that implement Secure Texting Platforms (STPs) are now able to text patient information and orders to care team members – offering a new mode of communication within healthcare settings. However, it’s vitally important that you know the guidelines and requirements that you must follow when using this type of communication.

Updated Guidelines

Under the latest CMS guidelines, healthcare organizations are permitted to use STPs to text patient information and orders, provided the platform meets stringent requirements. Computerized Provider Order Entry (CPOE) remains the preferred method for entering orders into the system, due to its structured, error-reducing design. However, when STPs are used, they must integrate with Electronic Health Records (EHRs) to ensure continuity and accuracy of patient data.

Requirements When Texting Patient Information

For organizations opting to use STPs, several critical requirements must be met:

  1. Compliance with Regulations: The STP must adhere to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, the Health Information Technology for Economic and Clinical Health (HITECH) Act Amendment 2021, and CMS Conditions of Participation (CoPs). This ensures the platform is secure, encrypted, and maintains the integrity of author identification to protect patient privacy.
  2. Security and Integrity: Organizations are required to implement policies and procedures to routinely assess the security and integrity of the STP. This includes confirming that texted orders are dated, timed, authenticated, and promptly captured in the EHR.
  3. Accurate Information Handling: Texted information must be accurately written, promptly completed, properly filed, retained, and accessible within the EHR.

Potential Risks

While texting patient information can be efficient and convenient, it does introduce certain risks, including:

  • Unsecure Platforms: If not properly secured, texting can compromise patient confidentiality.
  • Integration Issues: Texting platforms not linked to EHRs may result in fragmented or inaccurate patient records.
  • Communication Errors: Text messages may be too brief, imprecise, or contain autocorrections and unapproved abbreviations, leading to potential medical errors.
  • Legal Concerns: Texts are not always permanently deleted and can be accessed in malpractice litigation. The use of personal cell phones and unprofessional communication may also create barriers between healthcare providers and patients, potentially impacting patient care and satisfaction.

Implementing Texting Policies

If your organization is considering the use of texting patient information, you must establish clear policies and ensure compliance with all relevant regulations. It's crucial to evaluate whether the STP meets all security and integration requirements, and to continuously monitor its effectiveness and safety. Remember that while texting patient information offers new opportunities for streamlined communication, it must be managed with careful attention to security, accuracy, and regulatory compliance to avoid potential pitfalls and enhance patient care.

Questions?

Do you still have questions about secure messaging risks? Feel free to contact us for assistance – or you can learn more by checking out our related articles on text messaging in healthcare and social media best practices.