After an announcement in late December, 2017 by CMS (Medicare/Medicaid) that secure text messaging for patient orders is no longer allowed in healthcare organizations, there have been many conversations among healthcare professionals regarding the decision, the impact it has on workflow within the industry, and the security risks associated.
Text messaging has been gaining popularity in healthcare settings around patient-centered care. An article released by the Health Care Compliance Association (HCCA) points out that most hospitals are using it among staff to carry out the functions of their jobs. Secure text messaging has been adopted to replace pager culture in healthcare, bringing connectivity to a space that relies on the quick reactivity and the ability to share information across healthcare providers, patients, and other industry members.
The use of bidirectional encryption of point-to-point delivery, stored on a secured network server allows for safe delivery with secure texting platforms. This is one aspect of ensuring that the care of patients isn’t compromised, but providers and organizations must also implement comprehensive procedures/processes that establish strict regulation of patient information.
For now the CMS, in alignment with the Joint Commission recognizes that text messaging plays an important role in effective communication among healthcare team members, but explains that “[i]t is expected that providers/organization will implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms that are being utilized, in order to avoid negative outcomes that could compromise the care of patients.”
A Full Risk Assessment is needed regarding texting in healthcare
In the article “Texting in Your Healthcare Facility” that was posted earlier this year after the new regulations were clarified by the CMS, we mention that we received information from an OCR manager who explains that had the proper risk assessment been carried out by the facilities that received the emails from CMS, there would have not been an issue. Beyond the requirement that secure text messaging platforms should encrypt in transit, healthcare providers must do everything in their power to minimize availability, confidentiality, and integrity of PHI. CMS expressed that the concern about security wasn’t just about transmission, a lack of access controls from the devices of the sender and receiver could also put patient privacy at risk. There was also concern about the information being communicated through text being entered into a database for retrieval.
With the constant evolution of technology within an industry that previously used pagers as a means of immediate connectivity, it’s easy to see why many professionals within healthcare feel the decision is controversial. However, there is comfort in knowing that securing sensitive PHI is taken very seriously and the protection of patients in healthcare is the deferential goal of these stringent regulations. There are still concerns about the security of patient information that need to be addressed before texting can be considered a compliant mode of communication in healthcare.
For more information on performing a full risk assessment on your organization, or to speak with Crossroads Technologies, Advisory Services Division, contact us at 1 (800) 548-3893 or This email address is being protected from spambots. You need JavaScript enabled to view it..
Articles You Might Find Interesting:
Net Neutrality and The Cloud
What could the Lack of Net Neutrality Mean for You?-Video
Update Your Cyber Security Measures in 2018
A Closer Look at the New CMS Texting Guidelines for Healthcare