Texting at Work / Tech & Security Legal Matters for 2018

TLP White

Happy New Year, everyone. Welcome back to Hacking Healthcare:

Hot Links –

  1. Texting at work: CMS recently released a letter clarifying its stance on texting within a clinical environment. Topline takeaways:


  1. “Texting patient information among members of the health care team is permissible if accomplished through a secure platform.
  2. Texting of patient orders is prohibited regardless of the platform utilized.
  3. Computerized Provider Order Entry (CPOE) is the preferred method of order entry by a provider.”


You can find the letter here: https://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/Downloads/Survey-and-Cert-Letter-18-10.pdf


  1. Our day (year) in court: 2018 will bring us a number of tech and security related legal matters. We have previously highlighted[1] the biggest case involving a healthcare company – CareFirst’s petitioning of the Supreme Court to review the standard for demonstrating future damages due to a data breach. We are likely to hear later this month whether the court will hear that case (they extended a previous deadline). Some expect the court to pass on the case (See Alison Frankel’s piece[2]). The impact of this decision will establish precedent for individuals seeking damages when personal data (including protected health information) is lost or exposed.

[1] On November 14: https://nhisac.org/were-taking-you-to-court/

[2] https://uk.reuters.com/article/us-otc-databreach/new-scotus-brief-no-circuit-split-on-standing-in-data-breach-class-actions-idUKKBN1ES1V8

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

Read full blog below: