CMS Clarifies Texting Rules for Healthcare Providers

Dentistry Today


As texting becomes a preferred form of communication even among healthcare professionals, the Centers for Medicare & Medicaid Services (CMS) at the Department of Health & Human Services has issued a memorandum reminding medical and dental care providers that patient privacy and security concerns remain paramount.

“CMS recognizes that the use of texting as a means of communication with other members of the healthcare team has become an essential and valuable means of communication among the team members,” said David R. Wright, director of the CMS Survey and Certification Group.

“It is expected that providers/organizations will implement procedures/processes that routinely assess the security and integrity of the texting systems/platforms that are being utilized in order to avoid negative outcomes that could compromise the care of patients,” Wright said.

The CMS Conditions of Participation and Conditions for Coverage prohibit healthcare providers such as dentists from texting orders to members of the care team. However, members of the healthcare team may text patient information as long as they are using a secure platform. CMS also prefers providers to use the Computerized Provider Order Entry (CPOE).

According to CMS, providers should enter orders into the medical record via handwritten orders or a CPOE. Orders entered via CPOE, with an immediate download into the provider’s electronic health records, would be permissible because they would be dated, timed, authenticated, and promptly placed in the medical record.  

Furthermore, CMS requires hospitals to maintain medical records for each inpatient and outpatient. These records must be accurately written, promptly completed, properly filed and retained, and accessible. A system of author identification and record maintenance also must be used to ensure the authentication’s integrity and ensure the records’ security.

Records must be retained in their original or legally reproduced form for at least five years. Information from these records, or copies of them, only may be released to authorized individuals. Original medical records only may be released in accordance with federal or state laws, court orders, or subpoenas.

Related Articles

Don’t Fear a HIPAA Audit—Fear Being Uninformed

Fact Sheet Details How Electronic Information Can Be Shared

Data Security Assessment Examines Ransomware Vulnerabilities