Medicare Compliance & Reimbursement

Physician orders should never be sent via text, CMS advises.

Texting remains a thorn in healthcare's side. This popular form of communication is the most prized by patients - but, the feds remind Medicare providers that it is not secure and must be properly monitored to ensure both Conditions of Participation and HIPAA compliance.

Background: For years, CMS, accrediting body The Joint Commission, and others have warned against regulatory violations brought about by texting. Now, after a confusing month of mixed messages from CMS on the issue, the agency has issued some guidance on the matter of texting between healthcare organizations in the form of a new "Survey & Certification" memo.

"Over the last few years, health care providers have watched with interest as The Joint Commission wrestled with its stance on texting patient information," notes attorney Jennifer Nelson Carney with law firm Brickler & Eckler. While the Commission indicated that its most recent guidance was developed in collaboration with CMS, "CMS recently issued its own guidance to clarify its position on texting patient information," Nelson Carney says in analysis on the firm's website.

In early December 2017, "CMS communicated essentially a zero-tolerance policy on secure text messaging to a handful of hospitals via email," note attorneys Emily Wein, Alisa Chestler and Matthew Horton with law firm Baker Donelson. But then in the Dec. 28 memo, "CMS clarified that text messaging amongst health care providers 'is permissible if accomplished through a secure platform,'" the counselors note.

However: That permission doesn't extend to all communications. The memo makes clear that "CMS strictly prohibits the texting of patient orders, regardlessof the platform utilized," notes attorney Sumaya Noush with Drinker Biddle & Reath.

Instead: Rather than texting patient orders, "CMS states that its preference is for health care providers to either hand-write an order into the patient's medical record or enter the order via computerized provider order entry (CPOE)," explains attorney Nathan Arden with law firm Robinson+Cole. "The CPOE should allow for an immediate download into the provider's electronic health record system."

The memo shows that "CMS is maintaining a hardline approach with respect to patient orders," Arden says. But CMS also "recognizes the prevalence of texting as an important means of communication among providers."

Important: While the subject line of the S&C Memo relates to all health care providers, "CMS appears to rely only on the hospital CoPs to enforce this prohibition on texting orders," observe attorneys Stephanie Sprague Sobkowiak, Dena Castricone, and Daniel Kagan with law firm Murtha Cullina. "However, it is likely that CMS will extend this guidance to other provider types."

What You Need To Do

Take advice from CMS and legal experts to chart your path to compliance with your texting policies and procedures.

Providers that are currently texting physician orders will need to stop that practice, the legal experts note.

Staff can engage in non-orders-related texting, but providers will have to ensure the texting meets some requirements. "All providers must utilize and maintain systems/platforms that are secure, encrypted, and minimize the risks to patient privacy and confidentiality as per HIPAA regulations and the CoPs or CfCs," CMS warns in the memo.

"This means that providers currently using secured text messaging platforms should continue to monitor and assess the platforms' accessibility, security and integrity," advise the Murtha Cullina lawyers.

Don't think you can just assess your texting system once and be done. CMS "expects that health care providers and organizations will routinely assess the texting platforms for security and integrity," Arden points out.

Now is a good time to "revisit ... compliance policies related to text messages and other messaging platforms for communicating health information," suggest the Baker Donelson attorneys. And be prepared to address issues that arise from the review.

Plus: Perform and document a risk analysis for incorporating text messaging platforms as part of your health care organization, Wein, Chestler, and Horton advise. Then "ensure that an appropriate risk management strategy is implemented and followed."

Resource: To read CMS's memo on texting, visit www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/Downloads/Survey-and-Cert-Letter-18-10.pdf.

To look at the Joint Commission's texting guidance, updated in December 2016, visit www.jointcommission.org/assets/1/6/Update_Texting_Orders.pdf.