MEDICAL RECORDS STANDARDS

Effective Date: 
Mon, 08/01/2011
Reviewed: 
Sun, 12/04/2011
Revised: 
Wed, 12/19/2012
Policy: 

PURPOSE

To establish guidelines for the contents, maintenance, and confidentiality of patient Medical Records that meet the requirements set forth in Federal and State laws and regulations, and to define the portion of an individual’s healthcare information, whether in paper or electronic format, that comprises the medical record. Patient medical information is contained within multiple electronic records systems in combination with financial and other types of data. This policy defines requirements for those components of information that comprise a patient’s complete “Medical Record.”

Procedure: 

I. Maintenance of the Medical Record

A. A Medical Record shall be maintained for every individual who is evaluated or treated as an outpatient at the UCSC Student Health Services clinics.

B. Currently, the Medical Record is considered a hybrid record, consisting of both electronic and paper documentation. Documentation that comprises the Medical Record may physically exist in separate and multiple locations in both paper-based and electronic formats.

C. The medical record contents can be maintained in either paper (hardcopy) or electronic formats, including digital images, and can include patient identifiable source information, such as photographs, films, digital images, and fetal monitor strips and/or a written or dictated summary or interpretation of findings.

D. The current electronic components of the Medical Record consist of patient information from multiple Electronic Health Record source systems. The intent of UCSC is to integrate all electronic documents into a permanent electronic repository.

E. Original Medical Record documentation must be sent to the designated Medical Records department. Whenever possible, the paper chart shall contain original reports.

F. All paper reports / documents/ CD Reports will be scanned into the EMR by the trained Medical Records Assistants at the Student Health Center and Counseling & Psychological Services.

II. Confidentiality

The Medical Record is confidential and is protected from unauthorized disclosure by law. The circumstances under which UCSC may use and disclose confidential medical record information is set for in the Notice of Privacy Practices. (see: “Notice of Privacy Practices”).

III. Content

A. Medical Record content shall meet all State and Federal legal, regulatory and accreditation requirements.

B. All documentation and entries in the Medical Record, both paper and electronic, must be identified with the patient’s full name and a unique UCSC SID. 

C. All Medical Record entries should be made as soon as possible after the care is provided, or an event or observation is made. An entry should never be made in the Medical Record in advance of the service provided to the patient. Pre-dating or backdating an entry is prohibited.

IV. Medical Record vs. Designated Record Set

A. Under the HIPAA Privacy Rule, an individual has the right to access and/or amend his or her protected health (medical record) information that is contained in a “designated record set.” The term “designated record set” is defined within the Privacy Rule to include medical and billing records, and any other records used by the provider to make decisions about an individual. In accordance with the HIPAA Privacy Rule, UCSC has defined a “designated record set” to mean the group of records maintained for each individual who receives healthcare services delivered by a healthcare provider, which is comprised of the following elements:

1. The Medical Record whether in paper or electronic format, to include patient identifiable source information such as photographs, films, digital images, and fetal monitor strips when a written or dictated summary or interpretation of finding has not been prepared;

2. Billing records including claim information

3. All physician or other provider notes, written or dictated, in which medical decision-making is documented, and which are not otherwise included in the Medical Record (e.g., outside records when applicable for treatment).

B. The Medical Record generally excludes records from non-UC providers (i.e., health information that was not documented during the normal course of business at a UCSC facility or by a UCSC provider). However, if information from another provider or healthcare facility, or personal health record, is used in providing patient care or making medical decisions, it may be considered part of the UCSC Designated Record Set, and may be subject to disclosure on specific request or under subpoena. Disclosures from medical records in response to subpoenas will be made in accordance with applicable Campus policies.

V. Who May Document Entries in the Medical Record: Multidisciplinary Notes

Only the following types of UCSC employees and/or employees of UCSC contracted clinical providers may document entries in the Multidisciplinary Notes section of the Medical Record:

1.      Clinical Care Partners

2.      Licensed Vocational Nurses

3.      Medical Assistants

4.      Nurse Practitioners

5.      Pharmacists

6.      Physician Assistants

7.      Physicians including MD’s and DO’s

8.      Psychologists

9.      Registered Nurses

10.      Mental Health Practitioners

11.      Licensed Psychiatric Technicians

12.      Others as designated by Medical Center Policies and /or Medical Staff Bylaws

Completion, Timeliness and Authentication of Medical Records

A. All Medical Records must be completed within one day of the encounter.  Transcriptions should be edited and signed within one day of receipt.

B. All Medical Record entries are to be dated, the time entered, and signed.

C. Certain electronic methods of authenticating the Medical Record, including methods such as passwords, access codes, or key cards may be allowed provided certain requirements are met. The methodology for authenticating the document electronically must comply with UCSC electronic signature standards.

VII. Routine Requests for Medical Records for Purposes of Treatment, Payment and Healthcare Operations

The Health Information Management Services staff will process routine requests for Medical Records. Only authorized UCSC workforce members may access Medical Records in accordance with Privacy Policy.  UCSC Workforce members who access Medical Records for healthcare operations are responsible to access only the amount of information in medical records, which is necessary to complete job responsibilities.

A. Access to Medical Records for Treatment Purposes.

B. Healthcare providers who are directly involved in the care of the patient may access the full Medical Record.

C. Payment Purposes.

D. Authorized and designated UCSC workforce members may access the patient’s medical record for purposes of obtaining payment for services, including the following uses:

1. Coding and abstracting;

2. Billing including claims preparation, claims adjudication and substantiation of services;

3. Utilization Review.

E. Healthcare Operations. Patient medical records may be accessed for routine healthcare operation purposes, including, but not limited to:

1. Peer Review Committee activities;

2. Quality Management reviews including outcome and safety reviews;

3. Documentation reviews

F. Requests for Electronic Components of the Medical Record.

Personnel who access the electronic Medical Record are required to have a unique User ID and password, and access to information is limited according to the minimum necessary rule and managed by role, as approved by designated management personnel.

VIII. Ownership, Responsibility and Security of Medical Records

A. All Medical Records of UCSC patients, regardless of whether they are created at, or received by, UCSC, and patient lists and billing information, are the property of UCSC and The Regents of the University of California. The information contained within the Medical Record must be accessible to the patient and thus made available to the patient and/or his or her legal representative upon appropriate request and authorization by the patient or his or her legal representative.

B. Responsibility for the Medical Record. The UCSC  Medical Records \ Systems Administrator (MRSA) is designated as the person responsible for assuring that there is a complete and accurate medical record for every patient. The medical staff and other health care professionals are responsible for the documentation in the medical record within required and appropriate periods to support patient care.

C. Original records may not be removed from UCSC Student Health Center except by court order, subpoena, or as otherwise required by law. If an employed physician or provider separates from or is terminated by the University for any reason, he or she may not remove any original Medical Records, patient lists, and/or billing information from UCSC Student Health Center. For continuity of care purposes, and in accordance with applicable laws and regulations, patients may request a copy of their records be forwarded to another provider upon written request to UCSC.

D. Medical records shall be maintained in a safe and secure area. Safeguards to prevent loss, destruction and tampering will be maintained as appropriate. Records will be released from Medical Records only in accordance with the provisions of this policy and other UCSC Privacy Policies and Procedures.

E. Special care must be exercised with Medical Records protected by the State and federal laws covering mental health records, alcohol and substance abuse records, reporting forms for suspected elder/dependent adult abuse, child abuse reporting, and HIV-antibody testing and AIDS research.

F. Chronology is essential and close attention shall be given to assure that documents are filed properly, and that information is entered in the correct encounter record for the correct patient, including appropriate scanning and indexing of imaged documents.

IX. Retention and Destruction of Medical Records

All Medical Records are retained for at least as long as required by State and federal law and regulations, and UCSC policies and procedures. The electronic version of the record must be maintained per the legal retention requirements of 10 years after last record activity for students, 30 years after last record activity for employees.

X. Maintenance and Legibility of Record

All Medical Records, regardless of form or format, must be maintained in their entirety, and no document or entry may be deleted from the record, except in accordance with the destruction policy (refer to section IX).

Handwritten entries should be made with permanent black or blue ink, with medium point pens. This is to ensure the quality of electronic scanning, photocopying and faxing of the document. All entries in the medical record must be legible to individuals other than the author.

XI. Corrections and Amendments to Records

When an error is made in a medical record entry, the original entry must not be obliterated, and the inaccurate information should still be accessible.

The correction must indicate the reason for the correction, and the correction entry must be dated and signed by the person making the revision. Examples of reasons for incorrect entries may include “wrong patient,” etc. The contents of Medical Records must not otherwise be edited, altered, or removed. Patients may request a medical record amendment and/or a medical record addendum.

A. Documents Created in Paper Format:

1.      Do not place labels over the entries for correction of information.

2.      If information in a paper record must be corrected or revised, draw a line through the incorrect entry and annotate the record with the date and the reason for the revision noted, and signature of the person making the revision.

3.      If the document was originally created in a paper format, and then scanned electronically, the electronic version must be corrected by printing the documentation, correcting as above in (2), and rescanning the document.

B. Documents that are created electronically must be corrected by one of the following mechanisms:

1.      Adding an addendum to the electronic document indicating the corrected information, the identity of the individual who created the addendum, the date created, and the electronic signature of the individual making the addendum.

2.      Preliminary versions of transcribed documents may be edited by the author prior to signing.  If the preliminary document is visible to providers other than the author, then this document needs to be part of the legal health record.

3.      Once a transcribed document is final, it can only be corrected in the form of an addendum affixed to the final copy as indicated above. Examples of documentation errors that are corrected by addendum include: wrong date, location, duplicate documents, incomplete documents, or other errors. The amended version must be reviewed and signed by the provider.

4.      Sometimes it may be necessary to re-create a document (e.g., wrong work type) or to move a document, for example, if it was originally posted incorrectly or indexed to the incorrect patient record.  In the event that a visit  note is created and signed on the wrong patient chart, the following procedure must be followed:

a.      Mitigate harm.  The first priority is to check to see if either patient involved in the documentation error suffered any harm as quickly as possible.  This might include inappropriate injections, vaccinations, filled prescriptions, surgical procedure or radiation exposure, phlebotomy, lab tests, referrals or a delay in timely provision of these services to the correct patient.  Taking timely action to mitigate harm is essential once the error is recognized.

b.      File an Incident Report.  After insuring the safety of both of the involved patients, an Incident Report should be initiated and forwarded to the Assistant to the Director for logging and review by the Risk Management Committee.  A copy of the erroneous EMR entry should be printed and attached to the Incident Report, as well as reference to the correct patient SID #.  If the error is caught prior to any resultant harm, an “Opportunity for Improvement” form should be completed with an attached copy of the erroneous note and the SID # of the correct patient.   It is the responsibility of the staff member who made the documentation error to forward either the Incident Report or the “Opportunity for Improvement” form to the Assistant to the Director for reporting to the QM committee.

c.      Notify Health Information Management (HIM).  The HIM administrators (Medical Records/System Administrator or Business and Information Systems Coordinator) should be notified the same day the erroneous entry is recognized.  After review with the Medical Director, the HIM staff will print a copy of the erroneous entry for a Medical Records log and delete the erroneous entry from the EMR.  The MRSA will facilitate the deletion of any resulting erroneous diagnoses, orders, billing, referrals, and secure messages in the EMR that may have resulted from the erroneous signed entry.

d.      Correct Documentation of the Encounter.  It is the responsibility of the clinician to transfer the contents of the erroneous entry into the correct patient’s medical record, using the appropriate template with a diagnosis, encounter code and electronic signature on the same day the error is recognized.  Use of copy and paste functions may lessen the time to transfer some of the information but some items such as vital signs may need to be entered manually.  This staff member must also delete any resultant erroneous Problem List entries. 

C. When a pertinent entry was missed or not written in a timely manner, the author must meet the following requirements:

1.      Identify the new entry as a “late entry”

2.      Enter the current date and time – do not attempt to give the appearance that the entry was made on a previous date or an earlier time. The entry must be signed.

3.      Identify or refer to the date and circumstance for which the late entry or addendum is written.

4.      When making a late entry, document as soon as possible. There is no time limit for writing a late entry; however, the longer the time lapse, the less reliable the entry becomes.

D. An addendum is another type of late entry that is used to provide additional information in conjunction with a previous entry.

When writing an addendum, complete it as soon as possible after the original note.

E. Errors in Scanning Documents

If a document is scanned with wrong encounter date or to the wrong patient, the following must be done:

1.      Notify the MRSA

2.      The MRSA will electronically reassign the document to the correct patient, documenting the error

F. Electronic Documentation – Direct Online Data Entry

Note: The following are guidelines for making corrections to direct entry of clinical documentation, and mechanisms may vary from one system to another.

一.   In general, correcting an error in an electronic/computerized medical record should follow the same basic principles as corrections to the paper record.

一.   The system must have the ability to track corrections or changes to any documentation once it has been entered or authenticated.

一.   When correcting or making a change to a signed entry, the original entry must be viewable, the current date and time entered, and the person making the change identified.

一.   G. Copy and Paste Guidelines

The “copy and paste” functionality available for records maintained electronically eliminates duplication of effort and saves time, but must be used carefully to ensure accurate documentation and must be kept to a minimum.

一.   Copying from another clinician’s entry: If a clinician copies all or part of an entry made by another clinician, the clinician making the entry is responsible for assuring the accuracy of the copied information.

一.   Copying test results/data: If a clinician copies and pastes test results into an encounter note, the clinical-provider is responsible for ensuring the copied data is relevant and accurate.

一.   Copying for re-use of data: A clinician may copy and paste entries made in a patient’s record during a previous encounter into a current record as long as care is taken to ensure that the information actually applies to the current visit, that applicable changes are made to variable data, and that any new information is recorded.

XII. Authentication of Entries

A. Electronic signatures must meet standards for:

Data integrity to protect data from accidental or unauthorized change (for example “locking” of the entry so that once signed no further untracked changes can be made to the entry);

Authentication to validate the correctness of the information and confirm the identity of the signer (for example requiring signer to authenticate with password or other mechanism);

Non-repudiation to prevent the signer from denying that he or she signed the document (for example, public/private key architecture).

At a minimum, the electronic signature must include the full name and either the credentials of the author or a unique identifier, and the date and time signed.*

B. Electronic signatures must be affixed only by that individual whose name is being affixed to the document and no other individual.

C. Countersignatures or dual signatures must meet the same requirements, and are used as required by State law and Medical Staff Rules and Regulations.

D. Initials may be used to authenticate entries on flow sheets or medication records, and the document must include a key to identify the individuals whose initials appear on the document.

E. Rubber stamp signatures: Refer to Section VI (D).

F. Documents with multiple sections or completed by multiple individuals should include a signature area on the document for all applicable staff to sign and date. Staffs who have completed sections of a form should either indicate the sections they completed at the signature line or initial the sections they completed.

G. No individual shall share electronic signature keys with any other individual.

XIII. Designation of Secondary Patient Information

The following three categories of data contain secondary patient information and must be afforded the same level of confidentiality as the LMR, but are not considered part of the legal medical record.

A. Patient-identifiable source data are data from which interpretations, summaries, notes, etc. are derived. They often are maintained at the department level in a separate location or database, and are retrievable only upon request. Examples:

  • Photographs for identification purposes
  • Audio recordings of dictation notes or patient phone calls.
  • Video recordings of an office visit, if taken for other than patient care purposes

* Acknowledge that there may be older systems that do not have this capability. Future plans for all system to meet this minimum requirement.

1.      Video recordings/pictures of a procedure, if taken for other than patient care purposes

2.      Video recordings of a telemedicine consultation

3.      Communication tools (i.e., Kardex, patient lists, work lists, administrative in-baskets messaging, sign out reports, FYI, drafts of notes, or summary reports prepared by clinicians, etc.)

4.      Protocols/clinical pathways, best practice alerts, and other knowledge sources.

5.      A Patient’s personal health record provided by the patient to his or her care provider.

6.      Alerts, reminders, pop-ups and similar tools used as aides in the clinical decision making process. The tools themselves are not considered part of the legal medical record. However, the associated documentation of subsequent actions taken by the provider, including the condition acted upon and the associated notes detailing the exam are considered as component of the legal medical record. Similarly, any annotations, notes and results created by the provider because of the alert, reminder or pop-up are also considered part of the legal medical record.

Some source data are not maintained once the data has been converted to text. Certain communication tools are part of workflow and are not maintained after patient's discharge.

B. Administrative Data is patient-identifiable data used for administrative, regulatory, healthcare operations and payment purposes. Examples include but are not limited to:

一.   Authorization forms for release of information

一.   Correspondence concerning requests for records.

一.   Birth and death certificates.

一.   Event history/audit trails.

一.   Patient-identifiable abstracts in coding system.

一.   Patient identifiable data reviewed for quality assurance or utilization management.

一.   Administrative reports.

一.   C. Derived Data consists of information aggregated or summarized from patient records so that there are no means to identify patients. Examples:

一.   Accreditation reports

一.   Best practice guidelines created from aggregate patient data. Public health records and statistical reports.

D. Draft Documents / Work in Progress. Electronic processes and workflow

Management requires methods to manage work in progress. These work-in-progress documents often are available in the system as “draft documents, viewable to a limited number of users. They generally are not viewable to clinicians until the document is sent for final signature. Draft documents are not considered an official medical record document until it has been signed by an authorized signer.

XIV. ENFORCEMENT, CORRECTIVE & DISCIPLINARY ACTIONS

Compliance with the above policy is monitored by UCSC Student Health Center. Violations of any of the above policy will be reported to the appropriate supervising authority for potential disciplinary action, up to and including termination and/or restriction of privileges in accordance with UCSC Medical Staff Bylaws, and Human Resource / Personnel Policies.

XV. ADVANCE DIRECTIVES

If a student/patient presents to the UCSC SHS with a written advance directive, the paperwork will be sent to Medical Records for scanning into the patient’s medical record. 

Any discussions of advance directives will be incorporated into the patient's clinical record.

A link to information on writing an advance directive is available on the UCSC SHS website under Patient Rights and Responsibilities.

XVI. DEATH OF A STUDENT

The Medical Records Systems Administrator or the Business and Information Systems Coordinator, in the MRSA's absence, will be notified of the Death of a Student.  Once notified, they will access PnC OpenRegistration, make the record Sequestered and check the Patient is Deceased box and complete DOD (Date o Death) box if known. They will also send the SHS billing office and SHS Insurance office an IM notification of death.