Can organizations use texting to communicate patient care information and orders?

Any examples are for illustrative purposes only.

Centers for Medicare & Medicaid Services (CMS) revised its position on the use of texting in a February 8, 2024, memorandum stating that texting patient information and orders is permissible in hospitals and critical access hospitals if accomplished through a Health Insurance Portability and Accountability Act (HIPAA)-compliant Secure Texting Platform (STP) and in compliance with the Conditions of Participation at 42 CFR 482.24 and 41 CFR 485.638.   

Therefore, CMS states that when certain conditions are met, organizations may choose to text patient care information and orders. While there is no specific requirement that the secure text must be electronically transmitted into the electronic health record, these messages are still subject to HIPAA regulations.

According to the CMS memorandum, organizations that choose to use texting for patient information and orders are required to do the following:

• Utilize and maintain systems/platforms that are secure and encrypted and must ensure the integrity of author identification as well as minimize the risks to patient privacy and confidentiality, as per the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. 
• Confirm that texted orders are promptly placed in the medical record dated, timed, and authenticated.
• Make sure that the information transmitted into the EHR is accurately written, promptly completed, properly filed and retained, and accessible. 

Additionally, providers should implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms that are being utilized to avoid negative outcomes that could compromise the care of patients.

Please refer to the CMS memo for further details: Texting of Patient Information and Orders for Hospitals and CAHs