Use of secure text messaging for patient information and orders

Effective immediately, The Joint Commission updated its position about texting to communicate patient information and orders. Joint Commission-accredited healthcare organizations that implement a secure texting platform (STP) may text patient information and orders to members of the care team. Although computerized provider order entry (CPOE) remains the preferred method of order entry, organizations are permitted to text orders via an STP that transfers the information into the electronic health record (EHR).

Organizations that choose to text patient information and orders are required to do the following:

Implement an STP that meets the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, the Health Information Technology for Economic and Clinical Health (HITECH) Act Amendment 2021, and U.S. Centers for Medicare & Medicaid Services (CMS) Conditions of Participation (CoPs) addressing medical records. The STP must be secure, encrypted, and ensure the integrity of author identification to minimize patient privacy and confidentiality risks.
Implement policies and procedures to routinely assess the security and integrity of the STP.
Confirm that texted orders transmitted via the STP are dated, timed, authenticated, and promptly captured in the EHR.
Ensure that the information transmitted into the EHR is accurately written, promptly completed, properly filed and retained, and accessible.

Previously, healthcare organizations were permitted to use secure text messaging to communicate patient information among members of the healthcare team; however, texting patient orders had been prohibited because of concerns related to the capability of texting platforms to protect information privacy and security and to incorporate texted information into the EHR.

On Feb. 8, 2024, CMS released a quality, safety, and oversight (QSO) memorandum – QSO-24-05-Hospital/[Critical Access Hospital] CAH – acknowledging the significant advancements in the current STPs. As a result, CMS revised its policy to state that texting patient information and orders is permissible if accomplished through a HIPAA-compliant STP and if in compliance with the CoPs at 42 CFR Part 482.24 and 41 CFR Part 485.638.

In response to the revised policy, The Joint Commission recently released Frequently Asked Questions (FAQs) related to using secure text messaging for patient information and orders. The following are links to FAQs by program:

For additional information or questions about texting patient orders, contact the Joint Commission Standards Interpretation Group.

Who We Work With

Why Work With Us

How We Can Help

Accreditation Guide

Health Care Equity

Sustainability

National Patient Safety Goals

FAQs about the Standards

Measures

Pioneers in Quality

News & Multimedia

Patient Safety Topics