We have
discussed choosing the right EMR. You have picked your system, gotten the training, and gone
live. You are living happily-ever-after with your electronic charts. But what
about all of those paper charts that are lurking in your practice? What should
happen to them? There are rules and regulations about when and how they can be
disposed of.
When?
There are
several factors that dictate how long a practice must retain paper records. It
is important to look at state laws, Medicare and Medicaid and insurance
regulations, and the statute of limitations for malpractice or other legal
actions. The North Carolina Medical Board guidelines, updated in 2009, state:
- Medicare and Medicaid: 7 years
- Medical Malpractice: consult your malpractice insurance carrier
- Immunization Records: must be kept indefinitely
How?
The destroying
of records is strictly governed by HIPAA regulations. According to the US
Department of Health and Human Services, the entity that implements HIPAA,
“covered entities must implement reasonable safeguards to limit incidental, and
avoid prohibited uses and disclosures of PHI, including in connection with the
disposal of such information.” It is illegal to dispose of any PHI, including
paper charts, in a way that is accessible to the public. That includes, but is
not limited to, dumpsters, recycling centers, and public trashcans. There is no one way that charts must be
disposed of, as long as they are rendered “unreadable, indecipherable, and
otherwise cannot be reconstructed.” The most popular way to accomplish this is
to have the records shredded. Burning, pulping, and pulverizing are also
options. The company that is hired to destroy the records is considered by
HIPAA to be a business associate, and a contract for safe and appropriate
disposal must be created. For more information see this entry about
vendor agreements.
Once you are
prepared to destroy your practice’s paper charts, contact your attorney.
Together you can form an action plan that includes an appropriate vendor and
meets the requirements for what information needs to be saved and what does
not. It is important to consult with an experienced healthcare lawyer who is
well versed in the latest state law. Fines for misappropriation of PHI are
steep, and the negative exposure that surrounds breaches is immense. Protect
your patient’s privacy rights and keep your practice safe by following the law
to the letter.
Sources
Waller Lansden Dortch & Davis LLP.
(March 26, 2008). Retaining Medical Records: How Long is Long Enough. FindLaw.
Retrieved November 8, 2012. http://corporate.findlaw.com/law-library/retaining-medical-records-how-long-is-long-enough.html
Retention of Medical Records. (May 1, 1998, modified May 2009). North Carolina Medical Board. Retrieved
November 8, 2012. http://www.ncmedboard.org/position_statements/detail/
retention_of_medical_records/
Department of
Health and Human Services. (n.d.) Frequently Asked Questions About the Disposal
of Protected Health Information. HHS.gov.
Retrived November 8, 2012. http://www.hhs.gov/ocr/privacy/hipaa/
enforcement/ examples/disposalfaqs.pdf
No comments:
Post a Comment