On February 8, 2024, the Centers for Medicare and Medicaid Services (CMS) issued a quality standard memorandum (QSO Memo) updating and revising a memorandum it issued on January 5, 2018, to now permit the texting of patient orders among members of the patient’s health care team. CMS’s 2018 memorandum clarified CMS’s then-current position that texting of patient orders did not comply with the hospital and critical access hospital (CAH) Medicare conditions of participation (CoPs) regarding medical records. Among other things, the applicable CoPs require hospitals and CAHs to retain medical records in a manner that retains author identification information and protects the security of the records. The CoPs also require that records are promptly completed and filed. In 2018, CMS believed that few hospitals and CAHs had the technological capability to integrate text messages into a patient’s medical record in a manner compliant with the CoPs and the Health Insurance Portability and Accountability Act (HIPAA). As a result, CMS stated that orders should either be handwritten into the medical record or transmitted via computerized provider order entry (CPOE) and placed into the medical record.
In reversing its 2018 guidance, CMS now recognizes advances in technology, including encryption and interfaces between texting platforms and electronic health record systems (EHRs) can enable hospitals and CAHs to comply with the CoPs through the texting of patient orders. CMS cautions hospitals and CAHs that permit texting of orders to ensure that they use secure, encrypted platforms, maintain the integrity of author identification and comply with HIPAA, including the HIPAA security rule. Texted orders must also be promptly filed in the EHR. The CMS expects that hospitals and CAHs will regularly review the security and integrity of their texting platforms.
While CMS still prefers the use of CPOEs when providers submit patient orders, the QSO Memo allows hospitals and CAHs additional flexibility, subject to the conditions of the QSO Memo, including HIPAA compliance.