Legal & Compliance> Medical Records
Medical Records in North Carolina
Medical Records in North Carolina
This is a rather large list. Clearly, medical records serve many purposes to a variety of people and entities. Therefore, it is essential that documentation is thorough in content, legible, and timely. In addition, there must be an appropriate process for authentication and corrections.
What exactly is a thorough medical record? It is a document that should record patient history, physical findings, an assessment of the findings, and a plan for treatment. There are many methods to document such items. The Board recommends the Problem Oriented Medical Record method known as SOAP (developed by Lawrence Weed). The S refers to "subjective information" (patient history and testimony about feelings). The O refers to objective material and measurable data (height, weight, respiration rate, temperature, and all examination findings). The A is the assessment of the subjective and objective material that can be the diagnosis but is always the total impression formed by the care provided after review of all materials gathered. And finally, the P is the treatment plan presented in sufficient detail to allow another care provider to follow the plan to completion. The plan should include a follow-up schedule.
The Board also identifies the following items that should be included in a record with every patient visit:
Other examples of items that should be included in the record are telephone calls from the patient, documentation regarding missed appointments, follow-up on test results, and any patient reminders.
The record should be legible. This may seem obvious, but physicians are notorious for having very poor handwriting. Medicare is very clear that when it comes to documenting services for billing purposes; if you cannot read it or if it is not there, it did not happen. Even if a physician spent an hour with a patient and can remember almost every word of the conversation, if an auditor can't read about the encounter the physician might not be paid for it.
To meet the definition of legible, an outside party (not the long-time office manager who serves as the doctor's handwriting interpreter) must be able to read any notes, signatures, dates, and times. If a provider is unable to meet that standard, dictation or an alternative method should be used. As practices convert to electronic medical records, this problem should decrease.
Legibility is also a function of the language a provider chooses to use. Clear and concise wording is important. All staff members providing treatment should be able to understand what is written. If abbreviations are used, there should be a list available for anyone who needs it.
Physicians should record entries in the medical record when a treatment is given or observations are made. Federal programs require that hospitals complete records within thirty days of discharge. Late entries can have negative consequences when defending a malpractice suit. Non-timely records are usually less accurate and will have less credibility. If an entry is made after a lawsuit is filed, it looks like it is self-serving for purposes of a defense and not for true documentation.
Authentication and Corrections:
There are no state law restrictions on who may write in the chart. This is usually a matter of facility policy. In general, any person providing care to a patient should be able to document it. Staff must be very careful to function within their scope of duties as limited by law or license. Certain individual entries should require a countersignature. A physician must authenticate the record with his or her signature. If signature is by method other than handwriting, safeguard measures should be implemented.
Likewise, NC does not have a rule regarding documentation of corrections. Certain states require that a single line be drawn through the mistake, it be marked as an error, corrected, and dated. It is a good practice to have rules regarding who can correct what type of error. These rules should be based on a person's scope of practice. For example, an RN should not amend an MD's medication order. Even though it is not mandated in NC, it is usually best not to erase errors, but rather use the single line mark-through approach. If patient requests a change, make sure it is noted that it is the patient's request. Note that HIPAA addresses the patient requested amendment process in detail. Remember, incorrect records can have a variety of consequences including loss of licensure, jail, fines, and sanctions.
Electronic Medical Records:
Electronic medical records (EMR) are permitted in NC, and a separate paper record need not be maintained. However, when consent to treatment or a release is on paper, it should be preserved and also noted in the EMR. Electronic signatures are acceptable, but the records still must maintain legibility, accuracy and confidentiality.
Electronic medical records have numerous advantages, and many practices are making the switch. Most electronic medical records companies assure providers of improved efficiency and better quality of care. For providers who have difficulties with documentation, EMRs proceed step by step through the decision-making process and record pertinent information.
A potential disadvantage of EMRs is increased exposure to liability for improper disclosure of personal health information. Special safeguards should be implemented to protect the system and the data within. These may include the use of passwords, audit trails, monitoring use and access of information, and encryption. Be sure to address security issues with your EMR vendor. HIPAA will also have an affect on what safeguards are required, as final security standards have been published.
Access to Physician Records
A patient has the right to access his or her medical records. This means that within a reasonable time of the request, a provider must supply a patient with either a copy or a summary of the medical record. If a summary is provided, it should be detailed enough to allow for continuity of care by another provider.
Patient access is an area where HIPAA impacts what must be provided to the patient. Providers will have to define what constitutes their "designated record set". For providers, a designated record set usually refers to treatment and billing records.
Providers should define what a designated record set will include as well as what it will exclude. For example, a provider may decide to assert that designated record sets will not include psychotherapy notes, education records exempt from HIPAA, and records put together in anticipation of litigation. Other things that a provider may choose to exclude are requests for prescription refills or call log records for appointment setting.
When providing a record to a patient, the physician may charge a reasonable fee for the preparation and/or the photocopying of the materials, with three exceptions explained below. The Board has requested that if a physician is going to charge a fee, that physician should be willing to review the materials with the patient if the patient makes such a request. A physician should never deny a patient 's request for their medical records for nonpayment issues.
There are three circumstances in which certain rules must be followed regarding charges for medical records. First, if records are sought in connection with personal injury or Social Security disability claims, there is a statutory maximum fee schedule that applies. The maximum charge for the first 25 pages is $0.75, $0.50 for the next 75 pages, and $0.25 for pages over 100. The statute also allows the physician to charge a reasonable fee for review and preparation of a narrative summary.
Second, if a physician is seeking a medical lien for payment of services rendered on any award the patient may receive, the medical record should be provided to the patient 's attorney free of charge. Finally, if records are sought in connection with a Workman 's Compensation case, the Industrial Commission may impose a maximum fee schedule.
Medical Records and Privacy
The security of patient information is of utmost importance. HIPAA even contains civil and/or criminal penalties for violations. There are some basic protections practices can implement now that can go a long way in preventing inadvertent disclosures. For example:
One of the most important protections is having a signed statement from the patient describing what information can be released to whom. This may be one of the most essential forms used in the practice.
The Board and HIPAA both make very clear that the medical record is a confidential document and should only be released with proper written consent or authorization of the patient. Physicians should not distribute their patients' medical records to third parties unless there is an enforceable agreement that includes adequate provisions to protect patient confidentiality and to ensure patients' access to their records. A release should contain the following:
HIPAA addresses releases in great detail, and makes a distinction between two types of releases: consents and authorizations. It is important to know the difference between them. A consent (very different from an informed consent which involves treatment risks and alternatives) is a general release signed by the patient stating that his or her health information may be disclosed for treatment, payment or healthcare operations. Consents are not mandatory as was stated in an early version of the rule. An authorization, which is required in certain circumstances, is a very specific release that must include an expiration date, a limit on what parts of the record may be released, or name a particular purpose of the release such as marketing. It is a limited release for a certain purpose.
There may be times that records are required to be released pursuant to a court order or a state statute. If there is not a release on file for the records requested, it is a good idea to have a legal professional review the order to be sure it is legitimate and the minimum necessary is released.
Minors and their records:
In general, a parent has access to a minor 's medical record. However, in NC there are certain treatments for which a minor does not need parental consent. The records for these services are generally protected unless the child gives his or her consent for the parent to view the record. A minor may give consent for the prevention, diagnosis and treatment of (1) venereal disease (2) pregnancy (3) abuse of controlled substances or alcohol or (4) emotional disturbance. Medical records involving these treatments should not be released without a signed statement from the minor. An emancipated child can consent to any medical treatment, and therefore the parent should have no access to records without a release.
Privacy and HIPAA:
HIPAA has been referenced throughout this article, but it is important to understand the basics behind the privacy rules to grasp the impact it will have. HIPAA has many facets, but the privacy portion is of most importance here. The deadline for compliance was April 14, 2003.
HIPAA applies to health plans, health care providers, and health care clearinghouses (covered entities) that transmit health information in electronic form. HIPAA protects certain individually identifiable information, protected health information (PHI), relating to a person 's health. The broad privacy rule is that a covered entity may not use or disclose PHI unless the patient agrees or the regulation specifically permits it. HIPAA also gives patients certain rights with respect to their information and requires covered entities to implement policies to protect this information.
Covered entities are now required to provide patients with a notice of their privacy practices. Providers must permit patient access to records, and even permit requests for amendments. Other duties include appointing a privacy officer, developing privacy policies, establishing a complaint mechanism for privacy concerns, and provide privacy training for its employees.
Retention of Medical Records
North Carolina does not have a statute defining the length of time medical records should be kept. Some physicians keep their records indefinitely, however, for many practices this is cost prohibitive due to sheer volume. They key is to develop a policy and follow it. If the policy is to retain records for ten years past the last date of service, set up a system that ensures that shredding or destruction occurs at that point. Do not implement such a policy if some will be shredded at ten years and others at fifteen.
It is a good idea to consult an attorney or call your medical malpractice carrier on this subject. He or she will most likely base the retention policy on medical malpractice statute of limitations. Records should be kept long enough to be able to defend a malpractice action. Other things to consider are federal laws (Medicare requires records be kept for five years), research, and storage limitations. There are many companies that specialize in storing medical records and are very aware of the important confidentiality considerations.
Some basic minimum guidelines are:
The North Carolina Medical Board supports Section 7.05 of the American Medical Association's current Code of Medical Ethics regarding the retention of medical records by physicians. It states:
7.05: Retention of Medical Records
Physicians have an obligation to retain patient records which may reasonably be of value to a patient. The following guidelines are offered to assist physicians in meeting their ethical and legal obligations:
Before discarding old records, patients should be given an opportunity to claim the records or have them sent to another physician, if it is feasible to give them the opportunity.
Medical records play a crucial role in the delivery of health care services. They facilitate and improve patient care by presenting a more complete and accurate history both within a practice and to other physicians. They document services rendered for payment purposes. Medical records can be instrumental in defending a medical malpractice action. With the continued emphasis by the government on fraud and abuse, and more recent attention to HIPAA and privacy, there is every reason for physicians to make medical records a priority. Fortunately, due to the mandatory compliance requirements of HIPAA, more guidance on medical records is available than ever before. Even as privacy becomes a primary focus, providers must remember to scrutinize all aspects of their medical record policies to be truly in compliance: documentation, providing appropriate access to patients, safeguarding patient information, and retention policies.