CMS Says No to Texting Orders (What Emoji Would That Be, Anyway?)

texting in healthcare

If providers want official proof they shouldn’t be texting orders, direct them to a recent memo from CMS, “Texting of Patient Information Among Healthcare Providers.”

Memo summary: Nope. Just don’t do it. Don’t text orders. And if you’re going to text other members of the healthcare team about patients, keep security in mind.

Here’s Why CMS Says No to Texting Orders

One reason CMS gives for not permitting orders to be texted is that texting doesn’t comply with hospital Conditions of Participation (CoPs) for medical records. In particular, the memo points to these requirements for medical records, including orders:

  • Accessible
  • System of author identification
  • Retained for at least five years.

Hospitals also must be able to ensure patient record confidentiality, making sure unauthorized people don’t have access to the records.

So What Does CMS Want to See for Orders?

Computerized Provider Order Entry (CPOE) should be your go-to for order entry. The longtime stance of CMS, the memo states, is that physicians and Licensed Independent Practitioners should use CPOE or enter a hand-written order in the record.

When you use CPOE with immediate download into your EHR, you cover all those bases of having the order show the date, time, and authentication.

Don’t Assume This Is for Hospitals Only

You may have noticed all the references in the memo to hospital rules. Does that let physician offices off the hook? A National Law Review article says … no. The article’s authors point out that the memo’s subject line refers simply to “Healthcare Providers” without limiting the type and that CMS is likely to extend this guidance beyond hospitals.

Otherwise You’ve Got the Green Light to Text, Sort Of

The memo indicates that CMS accepts that texting about patients happens and can be a valuable method of communication. But before your team texts, make sure you’ve met these criteria for the systems and platforms involved:

  • Secure
  • Encrypted
  • Complies with HIPAA requirements, CoPs, and Conditions for Coverage (CfCs) to reduce risks to patient privacy.

And don’t make that check for security and confidentiality a one-time thing. You need to “routinely” evaluate system and platform security and integrity to keep your patients safe. Document that risk analysis, too. Orders aren’t the only things you need to be sure you have accessible, retained records for.

What About You?

Does your team use texting to communicate about patients? How do you ensure security and confidentiality?


Deborah works on a wide range of TCI SuperCoder projects, researching and writing about coding, as well as assisting with data updates and tool development for our online coding solutions. Since joining TCI in 2004, she’s covered the ins and outs of coding for radiology, cardiology, oncology and hematology, orthopedics, audiology, and more.

, , ,

Leave a Reply