These days, most of the discussion about medical records involves the “big” issues like privacy and electronic health records. While these are certainly challenging issues that require much discussion and planning, we have found that basic safeguarding of medical records can get overlooked. In all the discussion about privacy security, it is essential to take care of the basics.
In fact, HIPAA and The Joint Commission require it. They specify that medical records must be adequately protected from fire and water damage, erroneous destruction and outright theft.
If you are unsure whether your physical medical records are protected and compliant, the first step is to sit down and review the applicable legislation. The requirements can differ from state to state, so it is important to be clear on what is expected in your particular area.
Regardless of what your specific requirements may be, there are some straightforward steps you can take to secure your patients’ vital information and protect it from damage or destruction. These guidelines are not a guarantee compliance but they will take you most of the way there.
A needs assessment takes into account the current state of your records storage practices and identifies the areas that need attention in order to achieve compliance. By prioritizing the list, the needs assessment acts as a roadmap for your compliance efforts.
Ensure that all of your paper medical records are protected from basic environmental hazards. This includes: storing them away from air conditioners, heathers, and sources of water; and ensuring that they are stored at temperatures between 65 and 70° F at 55% relative humidity.
A retention schedule identifies how long certain medical records need to be retained based on the applicable legislation and regulations. Along with a retention schedule, it is important to create policies and procedures to ensure that it is applied consistently. Together, these steps ensure that records won’t accidentally be destroyed prematurely.
To best protect your records, your file room should be secured by a monitoring or card entry system. At a minimum, it should be supervised during working hours.
Larger organizations with sufficient resources should appoint a risk manager responsible for protecting the records storage site. This individual would typically establish contingency plans for protecting records and making them accessible when emergencies are imminent or occurring. In lieu of a risk manager, the office administrator or manager could establish the required emergency protocols.
Obviously there is a lot to consider when safeguarding paper records and ensuring compliance, but these five steps provide a great starting point. You can use them as a high-level checklist to make sure you cover all the bases.