Texting by physicians and other health care providers has long been a hot topic due to the privacy and security considerations involved, although HIPAA and state laws have generally been at the center of this discussion. Health care providers should be aware that the Centers for Medicare and Medicaid Services ("CMS") recently weighed in on this issue.
After corresponding with several hospitals about texting, CMS recently issued a memorandum to state survey agency directors, stating that CMS does not permit texting of orders by physicians or other health care providers. Rather, providers should enter orders into the medical record by hand or by Computerized Provider Order Entry (CPOE).
In stating its position, CMS also clarified that texting, nonetheless, remains an "essential and valuable" means of communication among health care team members. Thus, CMS is not prohibiting texting of patient information in all circumstances. However, when texting information other than orders, CMS's expectation is that providers will utilize platforms that are "secure, encrypted, and minimize the risks to patient privacy and confidentiality…" These expressed positions on texting of patient orders and the use of encryption are particularly notable because they may prove to be stricter than HIPAA and state requirements in some circumstances.
As authority for its position in the memorandum, CMS cited specifically to Medicare and Medicaid Conditions of Participation ("CoPs") for hospitals. Thus, the memorandum is particularly noteworthy for health care practitioners rendering services in the hospital context. However, other providers should also view the memorandum as indicative of CMS's views on texting. Thus, all providers should be aware of the need to evaluate their texting practices in light of this CMS position and not only under HIPAA and state laws.