HIPAA Compliance: Texting Regulation and Guidance

Almost all home health agencies have one thing in common: staff text each other about patients. But the methods in which they text each other has now created a new COP. While the initial COP was released for hospitals, we can expect that the application of the COP will be followed by all state surveyors. Following the COP regardless is a good way to ensure your agency protects itself against any HIPAA breaches.

Section 489.24(b) states that a provider “must maintain a medical record for each inpatient”. The standard goes on to clarify that the “medical record must be accurately written, promptly completed, properly filed and retained, and accessible”. Therefore, a home health agency’s staff who send texts to one another to communicate the status of a patient or provide information on changes to orders or frequency are not meeting this standard if the agency isn’t taking screenshots of those messages and placing them in each patient’s chart. For agencies that rely on a software’s messaging software, the messages can be attached to the patient in most circumstances, meeting the standard. Most software providers do offer this feature and agencies should be using this method!

The COP also states that “medical records must be retained in their original or legally reproduced form for a period of 5 years”. Most agencies hold onto records for many years and follow a strict timetable of archival and then proper disposal. But with text messages that aren’t captured and then placed in the record, an agency could be cited for not having complete patient records.

With this new pronouncement, which took effect immediately, agencies must be aware that their next survey could include questions on this policy. A smart surveyor, who is aware of the regulations and aware of how an agency operates, may ask what the policy is on staff texting. For agencies that do not have a texting communication policy in place and included in their orientation or in-service training, we recommend you do so as soon as possible.

For agencies that must continue to use texting as a form of communication, we suggest that you have staff install a secure texting app that will work with both Apple and Droid based phones. Most apps don’t rely on the network the device connects through so it’s a wise decision to add the secure app to tablets used by staff in the field.

CMS does recognize the importance of using texting as a tool to communicate and provide patient care. However, CMS also wants to make sure that patients don’t miss out or not receive proper care because their complete condition isn’t documented. The same goes for orders – texting orders is never appropriate and shouldn’t be done, but CMS recognizes that discussion of changes or important information sometimes has to be communicated by text.

The best advice: use a secure app that is encrypted and do not send anything that isn’t already in the medical record. New information that is texted should be copied to the patient’s chart. Existing information or changes that have been documented but need to be communicated is ok – but don’t push it too much. If you are unsure, use your EMR messaging feature or pick up the phone and have your staff speak to one another.

Leave a Reply