Texting Orders: Minimizing the Risk to Patients

Ever since the first text message was sent in 1992, the popularity of text messaging has exploded. Today, some people prefer text messaging over other forms of communication, and it is easy to see why: It’s quick, convenient, and does not require real-time interaction between sender and receiver. Despite its many advantages, text messaging also has its drawbacks, especially when healthcare practitioners use it to communicate vital clinical information, such as orders. Disadvantages that can expose both patient and practitioner to risk include:

• Inadvertent HIPAA violations due to misdirected texts or interception of text messages by cyber criminals.
• Miscommunication due to the inability to verify receipt and comprehension of the information transmitted—especially the need to respond to that information.
• Accuracy issues due to shortcuts, abbreviations, or autocorrections.
• Difficulty in documenting and integrating sent or received information into the medical record.
• Orders that are sent by text, like verbal orders, can bypass safeguards that are built in to the Electronic Health Record (EHR) and jeopardize patient safety. 

In reaction to the soaring popularity of text communication, the Centers for Medicare & Medicaid Services (CMS) weighed in on the use of texting to convey clinical information among practitioners. In its 2018 memorandum, CMS stated that a healthcare team could text patient information among its members if they did so through a secure platform. However, texting orders was prohibited regardless of the type of platform being used, primarily due to authentication, integrity, and security concerns. CMS stressed that computerized provider order entry (CPOE) was the preferred method of order entry. 

Early last year, however, CMS reversed course on the issue. On February 8, 2024, CMS issued a memorandum updating its order texting guidance. In it, CMS stated that texting patient information, including orders, is permissible if done using a secure testing platform (STP). Again, CMS stressed that CPOE was the preferred method of order entry by a healthcare provider. 
 

Risk Recommendations: 

 
Well-designed policies and processes can help ensure that text communication regarding patient care, including orders, can be accomplished in a way that is consistent with CMS regulations and minimizes patient risk. Consider the following when reviewing or updating your policies and practices regarding the texting of orders in clinical practice: 

• Develop a texting policy. Provide clear guidance to practitioners regarding the use of texting to communicate clinical information. Include guidelines in your policy for when texting can be used to place orders; the modality used to text; avoidance of the use of unapproved abbreviations, slang, or “text-speak” for clarity; how the content of texted orders should be reviewed/verified; and the method for documenting texted orders in the EHR.
• Encourage CPOE use. Unlike texting, the numerous safeguards that are integrated into the CPOE system make it more difficult to make an error while placing orders. These safeguards include alerts for allergies and drug interactions, clinical decision support tools, and standard order sets. In addition, orders entered by CPOE are immediately downloaded, dated, timed, and authenticated into the EHR system. Design workflows to make CPOE user-friendly and encourage CPOE use whenever possible.
• Provide proper equipment and/or software. If your organization chooses to allow order entry by text, work with your IT department to implement a HIPAA-compliant STP for practitioner use. Ensure that the STP minimizes risks to patients’ privacy and confidentiality. Educate practitioners on STP use and the necessity of texting only within the STP. Regularly update the software and equipment to maintain compliance.
• Implement a method to authenticate and integrate texts. CMS requires that medical records be accurate; completed in a timely fashion; and properly filed, secured, and retained. Organizations must also have a system of identifying an entry’s author and ensuring authentication integrity. If your organization chooses to permit order texting, establish a method for properly authenticating, integrating, and retaining text messages within the EHR platform in a timely fashion.
• Communicate in person when necessary. Text messaging is particularly vulnerable to miscommunication due to an inability to verify that the recipient understood the message. Do not text orders or communicate clinical information when that information is critical, high risk, or requires specific, time-sensitive follow-up to avoid an adverse result. Use real-time communication for all critical communications.
• Audit for compliance. Routinely assess the security and integrity of your STP to avoid negative outcomes. Conduct regular audits to ensure that practitioners follow organizational policies and procedures regarding the use of texting as a method of communication. 

Text messaging is a convenient, efficient way to communicate, but texting important clinical information, such as orders, can create privacy and safety concerns. Good policies and processes help minimize the impact on the patient.