By Jordan Parnell

Medical records management can be a minefield for many long term care operations, and the complications have only expanded with electronic medical records. Too many long term care providers lack the infrastructure to develop and follow a protocol for sharing them externally that is compliant with HIPPA rules. It may make them vulnerable to litigation.

Addressing the vulnerabilities starts with legally defining medical records. This covers the specific components of your records that are considered medical records. It outlines how information is collected, protected and archived according to local, state and federal requirements, including compliance with HIPAA rules on privacy.

The next step is to develop and communicate procedures that meet HIPAA rules on record sharing and follow them consistently to offset the legal risks. Here are three best practices:

  1. Formalize your medical records request process. HIPAA, along with state and federal guidelines, identifies who has authority to access records. Your process should include a one-page summary of the law, and specify that no record will be released without first undergoing an internal review by a designated individual at the facility level. If the request is HIPAA-authorized and not litigious in nature, the records can be released and you have 15 days to do so if the resident is deceased. If the request is by a plaintiff attorney, or the request involves a resident who is part of a grievance or incident, assume it has litigation potential. These records should be vetted, ensuring they are complete. They also should be reviewed by your organization’s attorney for Bates labeling (indexing) purposes.
  2. Paper records need to be neat and well organized. Disorganized records can give the impression that something is missing and serve as red flags to plaintiffs’ attorneys who might conclude that the records are incomplete. Page numbers, for example, should be consistent. Again, Bates labeling is a good failsafe.
  3. Avoid providing audit trails. Every time the electronic record is opened, it is data stamped. The trail contains a long list detailing everyone who has accessed a record, and the specific date and time. Audit logs provide a rich area for plaintiffs’ attorneys to explore. But they can be misinterpreted when viewed outside the context of their intended environment. Consider instituting a policy for retaining audit logs (or not) in accordance with state and federal laws. You should also have a plan for dealing with audit log requests. It also helps to have your own experts who are able to accurately interpret your logs.

Lawsuits have become a fact of life for today’s long-term care facilities – one reason why insurance is one of their biggest operating costs. Putting more rigor behind your procedures for handling legal medical record requests will go a long way toward offsetting the litigation risk.

HUB International’s team is ready to help your organization anticipate and manage the risks in today’s long term care environment.