Physicians and in-home care providers can use a secure, encrypted texting application to discuss patient conditions with each other, take photographs of wounds or medicine bottles, or attach documents for signature. Physicians cannot, however, send patient orders by text, even via an encrypted system. On December 28, the director of the CMS Survey and Certification Group issued a clarification to state survey agency directors regarding texting of patient information among healthcare providers.
In an effort to clarify the position of the Centers for Medicare & Medicaid Services (CMS) as it relates to texting, CMS does not permit the texting of orders by physicians or other health care providers. The practice of texting orders from a provider to a member of the care team is not in compliance with the Conditions of Participation (CoPs) or Conditions for Coverage (CfCs). The following CMS hospital Condition of Participation for Medical Records requirements apply:
§489.24(b) Standard: Form and retention of record. The hospital must maintain a medical record for each inpatient and outpatient. Medical records must be accurately written, promptly completed, properly filed and retained, and accessible. The hospital must use a system of author identification and record maintenance that ensures the integrity of the authentication and protects the security of all record entries.
"What CMS is doing is aligning its policy with those of the the Joint Commission," explained John Skowlund, VP of Business Development with QliqSoft, a secure texting application. "The goal has been to ensure that Computerized Provider Order Entry (CPOE) remains the standard for critical documents. Orders entered into the physician's EMR are dated, signed, uneditable, and permanent. Text messages, even in a secure system, cannot have those safeguards."
The CMS directive added that physicians must maintain medical records in their original or legally reproduced form for a period of at least five years. The document also reiterated the CMS position that
"CPOE is the preferred method of order entry by a provider. CMS has held to the long standing practice that a physician or Licensed Independent Practitioner (LIP) should enter orders into the medical record via a hand written order or via CPOE. An order, if entered via CPOE, with an immediate download into the provider’s electronic health records (EHR), is permitted as the order would be dated, timed, authenticated, and promptly placed in the medical record.
CMS recognizes that the use of texting as a means of communication with other members of the healthcare team has become an essential and valuable means of communication among the team members. In order to be compliant with the CoPs or CfCs, all providers must utilize and maintain systems/platforms that are secure, encrypted, and minimize the risks to patient privacy and confidentiality as per HIPAA regulations and the CoPs or CfCs. It is expected that providers/organizations will implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms that are being utilized, in order to avoid negative outcomes that could compromise the care of patients."
©2017 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Tim Rowan's Home Care Technology Report. homecaretechreport.com One copy may be printed for personal use; further reproduction by permission only. email@example.com