What are the conditions for use of secure messaging within healthcare settings?

We all understand the critical importance of secure messaging within healthcare settings. Indeed, secure messaging has become integral to streamlining care coordination between care teams as well as with other hospital staff.

Less clear, however, are the conditions for its use. All too often, we’re asked the question: just what, exactly, are the conditions for use of secure messaging within healthcare settings?

This confusion was compounded recently when a number of health systems underwent compliance audits that produced conflicting information about using secure messaging applications, such as Imprivata Cortext or others, within their clinical environments. 

Given the growing uncertainty, and the critical importance of operating efficiently and in a compliant manner through the use of secure messaging, we thought we could provide some clarity.

In fact, on December 28, 2017 CMS distributed a memorandum throughout their organization that clarifies the conditions for use of secure messaging within healthcare settings. The following are guidelines as determined by CMS:

  • Texting patient information among members of the health care team is permissible if accomplished through a secure platform.
  • Texting of patient orders is prohibited regardless of the platform utilized.
  • Computerized Provider Order Entry (CPOE) is the preferred method of order entry by a provider.

For information on specific requirements for an approved, secure communications platform please download our whitepaper A CIO’s Guide to HIPAA Compliant Text Messaging.

For further details regarding the ban on texting of patient orders as set forth by CMS and the Joint Commission please refer to an article posted by Fierce Healthcare last year – Joint Commission reaffirms ban on texting orders.