Download presentation
Presentation is loading. Please wait.
Published byStella Sullivan Modified over 9 years ago
1
Piedmont Community Services An Overview of the Medical Records Policy Effective: Sept. 1, 2012
2
Authority This policy has been approved by: – Medical Records Committee – Directors Team Official records policy for PCS Most recent version on the PCS Intranet: – http://www.piedmontcsb.org/intranet/policies.htm http://www.piedmontcsb.org/intranet/policies.htm
3
Purpose Establish guidelines for the contents, maintenance and confidentiality of Records. Sets requirements for State and Federal laws and regulations. Defines components of the “Legal Medical Record” Protects our patients right to confidentiality.
4
Definitions: Authentication: Process to assure only authorized persons access the EHR. Covered Entity: Any provider who transmits health information in an electronic format. EHR: Electronic Health Record. HIPAA: Health Insurance Portability and Accountability Act ( enacted 1996 )
5
Definitions: Medical Record: Collection of information ( paper or electronic ) concerning an individual’s health care. PHI: Protected Health Information is any information that identifies a person or their health information. Signature: Identifies the author or the responsible party who takes ownership of and attests to the information in the EHR.
6
The Electronic Health Record: Credible Behavioral Health Software: – Implemented in July, 2009 – Official medical record for all consumers – Certified by: Certification Commission for Health Information Technology (CCHIT) Supports Stage 1 meaningful use measures
7
Security: System Admin: – The IT Department is responsible for all aspects of system administration. User Accounts/Passwords: – Issued by the IT Department – Passwords Expire > 90 days – 8 characters, one special character, no real words – Forgotten password reset on home page – Contact IT for issues – User ID’s control access & security
8
Security: Termination of Access: – HR will notify IT upon termination – All access to the EHR will be disabled by IT Security Matrix: – Sets permission to allow or restrict access within the EHR – Each user is assigned to an appropriate security matrix based on job requirements – Assignments are maintained by IT in consultation with QA and Supervisors
9
Security: HIPAA Logs: – Track all access to the EHR – Logs all user actions within the EHR Location and Use: – All PHI must remain confidential – Staff should only log into the EHR on trusted computers / locations – All PCS laptop computers must be encrypted – Tampering with or disabling encryption is prohibited
10
Electronic Signatures: All health information which requires signature shall be authenticated by an electronic signature. The electronic signature will suffice as the written signature of the provider. DO NOT Share user id’s or login information with other users.
11
Electronic Signatures ( procedure ) : Staff must go to their Employee Profile in the EHR and record their signature(s). Staff are required to complete the: – “Electronic Signature Attestation Form” indicating they will not share login information with anyone – Forward this form to Human Resources At termination, IT will deactivate the user’s login.
12
Use of the Electronic Health Record: This section of the policy outlines procedures for the following activities in the EHR: – Adding Individuals to the EHR – Team Assignments – Emergency Access to Records – Case Load Assignments – Discharging Individuals from Services – Transferring within the Same Program – Completion, timeliness and authentication – Case Review Process – Corrections and Ammendments
13
Confidentiality: Electronic Health Records contain private and confidential information. Lack of trust could result in the client’s failure to share information. All information must have proper consent prior to releasing.
14
Disclosure with Consent: In most cases, confidential information may be disclosed with proper written consent from the: – Consumer – Guardian – Legally authorized representative Minimum requirements for the consent are outlined in the policy. If the written consent does not meet the minimum requirements, no information may be disclosed.
15
Minor Consumers ( under 18 ) Disclosure of PHI for a minor consumer requires written consent of a parent, guardian or legal representative, except: – When the minor has presented as an adult – When the minor has been emancipated – When the minor is or has been married – When the minor is receiving Substance Use Svcs.
16
Deceased Consumers: Written consent to release PHI for deceased consumers should be obtained in the following order of priority: – Executor / Administrator of the Estate – Spouse – Adult Son or Daughter – Either Parent – Adult Brother or Sister – Other relative in descending order of blood relation
17
Revocation of Consent: Consent to release PHI may be revoked at any time, except to the extent that the disclosure has already been made in accordance with the consent.
18
Disclosure without Consent: Under certain circumstances, PHI may be disclosed without the consumer’s consent. Any such disclosure must be limited to that information necessary to carry out the purpose of the disclosure. Any disclosures made without consent must be documented in the consumers record.
19
Disclosure in Medical Emergency: PHI may disclosed to any treating provider or official who has a need for the information about the consumer in order to treat a condition which poses an immediate threat to the health of the consumer or other individual(s). The disclosure should only include information necessary to treat the medical emergency.
20
Disclosure to Courts ( subpoenas ): Properly executed subpoenas will be responded to within the time frame specified PCS legal counsel will be consulted when a service provider questions the merit of a subpoena. In civil matters, certain information ( see policy ) is deemed privileged. Exceptions to privilege include: – Physical/mental condition is at issue – Matters related to child abuse and neglect – Court deems disclosure is necessary
21
Disclosure to Courts ( SA Records ): If a consumer’s records contains information regarding Substance Abuse Disorder Diagnosis, information can only be released: – When it is accompanied by a: Subpart E Court Order (Ref.42 CFR, Part 2 Subpart E) If no court order is included, staff shall move to have the subpoena quashed. If a written release is on file specifically releasing SA Information, no court order is necessary for the release.
22
Disclosure to Courts ( Court Orders ): When in receipt of a properly executed court order, the requested information may be released in accordance with the order. No release of information is necessary. A copy of the court order should be scanned and maintained in the individual’s record.
23
Disclosure Payers: When a consumer requests that a claim be submitted for payment, information released should be limited. – Information outlined in the policy If additional information is required, a physician from the payer must request the additional information before it can be released.
24
Disclosure to State Hospitals: PCS may release without authorization, PHI to those service providers and human service agencies identified in the discharge plan only the information needed to secure those services specified in the plan.
25
Disclosure to Accrediting/Licensure: CSB accreditation, federal and state licensure surveyors may have access to PHI to the extent necessary to enable the surveyors to conduct reviews. A confidentiality statement must be signed by the surveyor.
26
Adult/Child Abuse & Neglect: All staff who has reason to suspect abuse or neglect shall immediately report the matter to the local Department of Social Services. No consent or authorization is required for this reporting.
27
Disclosure to Medical Examiner: The medical examiners office is authorized to investigate the cause and manner of death of any person. No consent to release is necessary for the Medical Examiner’s Office.
28
Re-Disclosure of PHI: Information received from other providers shall be maintained permanently in the consumer’s record. Staff shall not re-disclose or otherwise reveal health records on an individual from another service provider, without obtaining consent from the consumer.
29
Faxing of PHI: Faxing of PHI shall only occur when the printed copies from the EHR or mailed delivered copies cannot meet the needs of immediate emergency care: Receiving fax machines must be located in a secure area with limited access. A cover letter must be included with the required elements listed in the policy.
30
Disclosure Process: All requests for information shall be processed through the medical records department. Medical records staff will review the request to determine whether or not it meets minimum criteria. Approval of the service provider(s)is required prior to releasing any information. All disclosures of PHI must be documented in the EHR.
31
Business Associates Agreement: Business Associates Agreements (BAA) governs the relationship between two parties who exchange PHI. Required by HIPAA PCS will execute a BAA with any entity in which routine exchange of information will occur. The HIPAA Security Officer will be responsible for completing and maintaining BAA’s.
32
Right to Access PHI: Individuals served has a right to inspect and/or obtain a copy of their medical record. An individual’s legal AR has the same right as the consumer. Step-by-step procedures are outlined within the policy for consumer access.
33
Request for Amendment: Individuals have a right to inspect and request an amendment be made to their medical record. Step-by-step procedures are outlined within the policy for amendments to the record.
34
Minimum Necessary Policy: HIPAA requires covered entities to take reasonable steps to limit the use or disclosure of PHI. This policy provides detail information regarding: – Exceptions to Minimum Necessary Standard – Use & disclosure of PHI Internal to PCS – Use & disclosure of PHI External to PCS
35
Retention and Disposition: Medical records including Protected Health Information will be purged as follows: – Closed for a minimum of 6 yrs from last service – Retain until age 18, then minimum of 6 yrs – Longer retentions periods may exist based on payer requirements. – Information permanently retained: Last Psychiatric Evaluation Last Discharge Summary Last Hospital Discharge
36
Emergency Access/Disaster: PCS utilizes an EHR in which data is stored off-site. In the event of an emergency or disaster, the IT department will secure internet access and re-establish access as soon as possible. If access is not readily available, staff should use the mobile version of the EHR until full access is re-established.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.