Record custodians have the important task of storing and managing records, including medical records. A 2012 survey found that medical records make up 30 percent of the world’s total data storage.
Because medical records contain sensitive personal information — known as “protected health information” (PHI) under federal law — it’s critical for record custodians to have policies in place that ensure PHI doesn’t fall into the wrong hands.
At the same time, it’s also important for custodians to have the capability to promptly turn over records when a patient or a patient’s authorized representative requests them. Here is an overview of the best practices for records custodians, based on federal privacy laws. Organizations that seek to establish best practices for records custodians should also check state requirements to make sure they’re in compliance with both federal and state law.
Have a Uniform Policy in Place
Perhaps the most important policy for a record custodian is to have a concrete process in place. Records custodians should create uniform procedures for the handling and storing of records. The policy should clearly spell out protocols for common situations, such as responding to subpoenas and records requests from record retrieval companies.
The policy should also clearly define the responsibilities of records custodians, which can include:
- Implementing accountability
- Maintaining
- Determining the appropriate length of time to retain
- Providing access to records when appropriate and authorized, and in accordance with proper legal authority.
- Ensuring that records are purged once they have reached the end of their retention period.
- Using technology to streamline records management.
- Storing records safely.
- Regularly reviewing and updating records management policies.
With a comprehensive policy in place, error rates are reduced and PHI is more secure. The policy should also encourage employees to ask for help from a manager or supervisor in the event they encounter a situation the policy doesn’t address. Additionally, it’s a good idea to require employees to acknowledge in writing that they have read the policy and understand its requirements.
It’s also important for record custodians to be selective when hiring staff who will have direct contact with and access to records. As employees are onboarded, they should be carefully trained in proper procedures for handling records and responding to record retrieval service requests.
Ensure Policies Comply with HIPAA Rules
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) imposes strict requirements on record custodians. Per HIPAA rules, record custodians must have safeguards in place that comply with both the HIPAA Privacy Rule and Security Rule. In the case of both rules, “best practices” are really a matter of strict requirements under federal law.
The Privacy Rule includes national standards put in place to protect a person’s medical records and other health information and “requires appropriate safeguards to protect the privacy of personal health information.” It also “sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.”
The Security Rule applies to electronic records and “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of protected health information.”
Make Accountability and Consistency Top Priorities
Once a comprehensive records management policy is in place, best practice suggests that any organization serving as a records custodian should designate key personnel to oversee the policy and be a point of contact for the entire records management program.
Records custodians must be consistent when it comes to fulfilling records requests from retrieval companies. Whether the requester is a law firm, insurance professional, or record retrieval service, policies should allow the custodian to fulfill requests within appropriate time limits and without unnecessary delay.
In many cases, records custodians can ensure accountability and consistency by developing relationships with national providers of record retrieval services. A professional document support service provider and record retrieval company should have tools and systems in place that allow for the seamless transfer of records between the records custodian and the record retrieval company.
Best Practices for Managing Mental Health and Psychotherapy Notes
There are many reasons why a law firm, insurance provider, or other entity may request access to mental health records or psychotherapy notes. These records can provide vital information in legal disputes, insurance claim analysis, and other situations. Due to the sensitive information these records contain, however, records custodians must be well-versed in the different rules for standard medical records versus records that pertain to mental health and psychotherapy.
The Department of Health and Human Services (HHS) gives special protection to psychotherapy notes, which it defines as “notes recorded by a health care provider who is a mental health professional documenting or analyzing the contents of a conversation during a private counseling session or a group, joint, or family counseling session and that are separate from the rest of the patient’s medical record.”
The key section to note is that HHS distinguishes psychotherapy notes as “separate from the rest of the patient’s medical record.”
Special Rules for the Confidentiality of HIV-related Information
Records custodians should also note that federal law, as well as the law in many states, requires special protection for medical records that contain information about a patient’s HIV status. Public policy dictates that HIV-related records must be kept confidential in an effort to reduce discrimination; otherwise, individuals may forego HIV testing for fear of having their status exposed.
Adopt Paperless Technology
Statistic shows that electronic medical records are here to stay. Data from the Office of the National Coordinator for Health Information Technology shows that 90 percent of hospitals in the U.S. are using electronic medical records. In 2015, 64 percent of physicians’ offices had transitioned to electronic health records.
The benefits of going paperless include:
- Less likelihood of human error (losing records, misplacing records, etc.).
- Lower costs.
- Ability to store almost unlimited records.
- Greater accessibility, especially in cases where knowing a patient’s health history is important.
- Easier compliance.
- With encryption, records are more secure.
- Automated systems make it easy to fulfill records requests.
Of course, records custodians that transition to electronic health records must still stay compliant with HIPAA regulations and other requirements.
Contact ABI Document Support Services to Learn More
ABI Document Support Services is the leading provider of nationwide record retrieval and document support services. We work with records custodians across the country. Call today at 800-266-0613 or contact us online to learn more.