September 17, 2018
Author: Kelly S. Lawrence
Organization: Frantz Ward LLP
WHAT IS A MEDICAL RECORD?
A medical record is \"all communications related to a patient's physical or mental health or condition that are recorded in any form or medium and that are maintained for purposes of patient diagnosis or treatment, including medical records that are prepared by a health care provider or by other providers.\"
• Recorded in any form or medium
• Includes records of other providers
• Includes all X-rays, MRIs, lab results, etc.
\"Medical records do not include materials that are prepared in connection with utilization review, peer review or quality assurance activities, . . . . Medical records do not include recorded telephone and radio calls to and from a publicly operated emergency dispatch office relating to requests for emergency services or reports of suspected criminal activity, but shall include communications that are recorded in any form or medium between emergency medical personnel and medical personnel concerning the diagnosis or treatment of a person.\"
• Excludes utilization review, peer review or quality assurance A.R.S. § 12-2291(5).
WHAT ABOUT PAYMENT RECORDS? ARE THEY PART OF THE MEDICAL RECORD?
No. \\\"Payment records\\\" are all communications related to payment for a patient's health care that contain individually identifiable information and are not considered part of the medical record. A.R.S. § 12-2291(6). However, they are also privileged and do receive the same confidentiality protections as a medical records.
ORGANIZATION AND OVERSIGHT
(NOW THAT I KNOW WHAT A MEDICAL RECORD IS, HOW DO I ORGANIZE IT SO IT IS AN ADEQUATE MEDICAL RECORD?)
The Arizona Medical Board deems a record adequate if it is legible, contains at a minimum, sufficient information to identify the patient, support the diagnosis, justify the treatment, accurately document the results, indicate advice and cautionary warnings provided to the patient and provides sufficient information for another practitioner to assume continuity of the patient's care at any point in the course of treatment. A.R.S. § 32-1401(2).
• No indecipherable writings - if provider has horrible handwriting, go electronic!
• SOAP format recommended
• CYA recommended
• No shorthand or \"secret\" codes meanings - the \"what if I were hit by a bus today?\" standard.
Generally, if it is not documented in the record, it did not happen. However, the Medical Board will accept sworn testimony as evidence that something did happen/was said. Even so, a provider may still face Board action for not maintaining an adequate record. Other Boards follow the \"if it is not written, it did not happen\" credo.
Most electronic records software takes care of the organization issue as far as directing the provider's placement of certain information, however, hard copy records should be organized so that the record meets the standards for an adequate record. Seem somewhat circular? What this means is that if someone reviewing the record cannot look at the record and identify the patient, support the diagnosis, justify the treatment, and find results and cautionary advice, the record is not organized, and, therefore inadequate. Patient notes should be segregated from lab and/or test results. The record should flow chronologically. In essence, another provider must be able to pick up the record chart and be able to assume the patient's care with minimal review and no \"hunting and pecking.\"
Both medical records and payment records are privileged and confidential and must be secured from unauthorized access. As such, \"paper\" records need to be
located in an area not accessible by unauthorized persons.
• The only record in an exam room with a particular patient should be that patient's record. Other patient records should not be in the exam room, even if they are there to expedite the provider's visits.
• With electronic records, only the particular patient's record should be visible
o Patient should not be able to see what other patients are on the provider's calendar for that day.
• Any records left in \"hanging bins\" outside exam rooms should be placed in such a way that the patient's name is not visible to passing patients.
• Staff should take care when working with patient records that the records are not visible to other patients or other persons in the provider's office.
o Do not allow the receptionist to work with patient records at the front desk.
• Access to all records should be restricted only to those who truly require access.
o Records are not for casual reading or amusement
o Records or information in them is not for sale to tabloids
OWNERSHIP OF MEDICAL RECORDS
\"Health care providers\" are obligated to keep and maintain records and they own the records. Patients have a right of access. What if a provider works in a hospital or other institutional setting - who owns those records?
A \"health care provider\" includes individually licensed health care professionals who maintain records and any place, institution, building or agency, whether for profit or not-for-profit, that provides facilities with medical services, nursing services, health screening services, other health-related services, supervisory care services, personal care services or directed care services. A.R.S. § 12-2291(4). As such, a provider who works for another \"health care provider\" who is also obligated to keep records is not considered the owner of the records.
For example, providers who compile records at hospitals do not own those records and are not responsible for storing or retaining the records. A.R.S. § 12-2297(C).
REQUESTS FOR ACCESS
Both the medical record and payment record are privileged and confidential. As such, a health care provider may only disclose that part or all of a patient's medical records and payment records as authorized by state or federal law or written authorization signed by the patient or the patient's health care decision maker.
A verbal request for medical records is not sufficient, but there is no \"magic\" form or request terms. There is no specified time period within which the records must be released (regulatory boards use \"promptly\"), but three weeks is generally considered the maximum time frame. The \"promptness\" of the release is going to be impacted be several factors:
• Is the patient an active patient whose record is on the premises?
• Is the patient a former patient whose records are in storage and must be retrieved?
• Is the record voluminous, such that it requires extensive time to duplicate?
If the request for the records is for the purpose of continuity of care - the patient wants to seek a second opinion or the patient is moving out of state or switching providers, or another provider seeks the record - record must be provided free of charge. However, if the patient wants the record for other purposes, the provider can charge a \"reasonable fee\" to produce the record. Be wary here. If the record is simple, and it requires minimal time to copy, a minimal service charge and paper charge would be reasonable. If the record is extensive and requires specialized copying services, it would be reasonable to pass these costs along. A provider may want to consider the patient's personality and circumstances.
Absorbing a copy charge may be less costly in the long run then defending a regulatory board complaint for charging an unreasonable fee for providing a copy of a record.
What must be included when the record is provided? Does it include only the part of the record that the provider personally created or does it also include any records in the provider's record that may have come from other providers?
The record must include the entirety of the provider's record and this includes any records the provider may have received from other providers. Whether or not the provider created the particular portion of the record, if it is contained in the provider's record, it is part of the record and must be released.
A provider may deny a request for records in six specific instances:
• Access is reasonably likely to endanger the life or physical safety of the patient or another person
• The records refer to another person other than a health professional and access is reasonably likely to cause substantial harm to that other person
• Access is reasonably likely to cause substantial harm to the patient or another person
• Access would reveal information obtained under a promise of confidentiality with someone other than a health professional and access would be reasonably likely to reveal the source of the information
• The information was created or obtained during clinical research and the patient agreed to the denial of access when consenting to participate in the trial
• The provider is a correctional institution or acting at the direction of such an institution and access by the patient (inmate) would jeopardize the health, safety, security, custody or rehabilitation of the patient or other inmates or the safety of an officer, employee or other person at the institution. A.R.S. § 12-2293(B) & (C).
These are the only reasons a request for records can be denied. For instance, the request cannot be denied because the patient owes the provider money – in essence the records cannot be held for \"ransom.\" If a records request is denied for any of the six listed reasons, the reason for the denial must be noted in the record and the patient must be given a written explanation for the denied access. A.R.S. § 12-2293(D).
What if the patient has died? Who is entitled to the records?
In the case of deceased patients, a provider may release the record to the patient's personal representative or the administrator of the estate. Alternatively, the records can be released to a patient's health care decision maker (heath care power of attorney) at the time of the patient's death; or to the following persons in this specific order:
• Spouse, unless legally separated at death
• Acting trustee of patient's trust
• Adult child
• Adult brother or sister
• Guardian or conservator
A.R.S. § 12-2294
Records can also be released pursuant to court order.
Records Management When a Practice Closes
After dealing with numerous instances wherein records were found in dumpsters and other inappropriate places, the Legislature had enough and enacted requirements governing record storage, transfer and access.
Providers must prepare a written protocol for the \"secure storage, transfer and access\" of records. The protocol must specify:
• The procedure by which the provider will notify each patient in a timely manner, in advance of any termination or sale of the practice, if the records will not remain in the same physical location, where the records will be and how the patient can access the records.
• The procedure by which the provider may dispose of unclaimed records after a specified period of time and after the provider has made good faith efforts to contact the patient
• How the provider will timely respond to requests from patients for copies of or access to their records A.R.S. § 32-1211.
This requirement does not apply to providers who are employed by a \"health care institution\".