North Shore LIJ Health System, Inc. Facility Name



Similar documents
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application

ALASKA. Downloaded January 2011

HIPAA COMPLIANCE. What is HIPAA?

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS

HIPAA-Compliant Research Access to PHI

LOUISIANA STATE UNIVERSITY HEALTH SCIENCES CENTER - SHREVEPORT MEDICAL RECORDS CONTENT/DOCUMENTATION

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

HIPAA OVERVIEW ETSU 1

LEGAL HEALTH RECORD: Definition and Standards

HIPAA Compliance for Students

Winthrop-University Hospital

HIPAA Notice of Privacy Practices

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Regulatory Compliance Policy No. COMP-RCC 4.17 Title:

4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.

IRB Application for Medical Records Review Request

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

UPMC POLICY AND PROCEDURE MANUAL

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance

2 nd Floor CS&E Building A current UMHS identification badge is required to obtain medical records

2. Electronic Health Record EHR : is a medical record in digital format.

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits

What is Covered by HIPAA at VCU?

De-Identification of Clinical Data

ColumbiaDoctors, the Physicians and Surgeons of Columbia University define the health record as follows:

Malpractice Issues for the Radiologic Technologist

University of Cincinnati Limited HIPAA Glossary

a) Each facility shall have a medical record system that retrieves information regarding individual residents.

Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities

Statement of Policy. Reason for Policy

Clinician s Guide to HIPAA Privacy. I. Introduction What is HIPAA? Health Information Privacy Protected Health Information

MEDICAL CENTER POLICY NO A. SUBJECT: Documentation of Patient Care (Electronic Medical Record)

AKRON CHILDREN'S HOSPITAL MEDICAL STAFF BYLAWS, POLICIES, AND RULES AND REGULATIONS MEDICAL STAFF RULES AND REGULATIONS

Patient Privacy and HIPAA/HITECH

Guidelines for Defining the Legal Health Record for Disclosure Purposes

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

Legal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA

HIPAA 101: Privacy and Security Basics

HIPAA and You The Basics

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

Memorandum. Factual Background

7CHAPTER EXAMINATION/ ASSESSMENT NOTES, GRAPHICS, AND CHARTS

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

Professional Practice Medical Record Documentation Guidelines

POLICY and PROCEDURE. TITLE: Documentation Requirements for the Medical Record

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

Health Insurance Portability and Accountability Policy 1.8.4

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

A Privacy and Information Security Guide for UCLA Workforce. HIPAA and California Privacy Laws

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)

POLICY and PROCEDURE. TITLE: Documentation Requirements for the Medical Record. TITLE: Documentation Requirements for the Medical Record

HIPAA ephi Security Guidance for Researchers

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations.

Special Topics in Vendor- Specific Systems. Outline. Results Review. Unit 4 EHR Functionality. EHR functionality. Results Review

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

LA BioMed Secure

Business Associate Agreement

PROTECTED HEALTH INFORMATION AND THE JHSPH

HIPAA SELF STUDY TRAINING GUIDE

PEPPERDINE UNIVERSITY HIPAA Policies Procedures and Forms Manual

(HEALTH INFORMATION MANAGEMENT SERVICES (HIMS)) MEDICAL RECORDS POLICY AND PROCEDURE

acknowledgment of health center privacy policy, privacy practices, and privacy procedures PATIENT PRIVACY

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

Series # Records Series Title Description Minimum Retention Disposition Notes and Citations

[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

MCCP Online Orientation

Harris County - Texas HIPAA Notice of Privacy Practices

HIPAA PRIVACY SELF-STUDY MATERIALS

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

Transcription:

North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: The Medical Record POLICY #: 200.10 Approval Date: 2/14/13 Effective Date: Prepared by: Elizabeth Lotito, HIM Project Manager ADMINISTRATIVE POLICY AND PROCEDURE MANUAL Section: Administration DEPARTMENT: HIM Last Revised/Reviewed: 2/2011 Superseded Policy(s)/#: Previously Titled: #200.10 Legal Health Record Defined for Disclosure GENERAL STATEMENT of PURPOSE This policy identifies the elements of the North Shore-Long Island Jewish Health System medical record that constitute the Legal Health Record and which will be disclosed upon request. SCOPE This policy applies to all members of the North Shore LIJ Health System workforce including, but not limited to, employees, medical staff, volunteers, students, physician office staff, and other persons performing work for or at North Shore LIJ Health System. DEFINITIONS Designated Record Set ( DRS ): A group of records maintained by or for the Health System which are medical or billing records about the Patient which are maintained by or for the Health System and used, in whole or in part, by or for the Health System to make decisions about the Patient. Disclosure: The release, transfer, provision of, access to, or divulging in any other manner of information outside the entity holding the information. Electronic Document Management (EDM): is a document management system that manages scanned as well as electronically captured documents. Electronic Health Record (EHR): The aggregate electronic record of health-related information on an individual that is created and gathered cumulatively across one or more health Page 1 of 8 200.10 2/14/13

care organizations and is managed and consulted by licensed clinicians and staff involved in the individual's health and care. Electronic Medical Record (EMR) An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within a single organization. Medical Record: A subset of the Designated Record Set, the Medical Record is the collection of information concerning a Patient and his or her health care that is created and maintained in the regular course of a Health System facility s business in accordance with Health System policies, made by a person who has knowledge of the acts, events, opinions or diagnoses relating to the Patient, and made at or around the time indicated in the documentation. The Medical Record may include records maintained in paper format, electronic document management system, or an electronic Medical Record system. The Medical Record may include records that were not created by the Health System to the extent used in providing clinical care and continuity of care. To the extent such records are included; the Health System cannot authenticate the accuracy and completeness of such records. The Medical Record is also sometimes referred to as the Legal Health Record and is the record that will be released for legal proceedings or in response to a request to release patient Medical Records. Patient: Every individual who is evaluated or treated including a research participant. Protected Health Information or PHI : Any oral, written or electronic individually identifiable health information collected or stored by a facility. Individually identifiable health information includes demographic information and any information that relates to the past, present or future physical or mental condition of an individual. HIPAA details eighteen items that render health information identifiable. (Reference: Appendix A) POLICY / PROCEDURES I. Maintenance of the Medical Record A. A Medical Record shall be maintained for every Patient of a Health System Facility and shall contain sufficient, accurate information to identify the Patient, support the diagnosis made, justify the treatment recommended or provided, document the course pursued and the results, and promote continuity of care among health care providers. B. The Medical Record contents can be maintained in either paper (hardcopy) or electronic formats, including digital images and scanned documents, and can include Patient identifiable source information, such as photographs, films, digital images, fetal monitor strips, and a written or dictated summary or interpretation of findings. C. The electronic components of the Medical Record consist of Patient information from multiple Electronic Health Record source systems. Page 2 of 8 200.10 2/14/13

II. Confidentiality A. The Medical Record is confidential and is protected from unauthorized disclosure by law. The circumstances under which the Health System may use and disclose confidential Medical Record information is set forth in the Notice of Privacy Practices and in other Health System privacy policies and procedures. III. Content A. All documentation and entries in the Medical Record, both paper and electronic, must be identified with the Patient s full name and a unique facility identifier. Each page of doublesided or multi-page forms must be marked with both the Patient s full name and the unique facility identifier, since single pages may be photocopied, faxed or imaged and separated from the whole. B. All Medical Record entries should be made as soon as possible after the care is provided, or an event or observation is made. IV. Medical Record vs. Designated Record Set A. Under the HIPAA Privacy Rule, a Patient has the right to access and/or request to amend his or her protected health information (Medical Record) that is contained in a designated record set. B. Information from another provider or healthcare facility, or a personal health record that is used in providing Patient care or making medical decisions, it may be considered part of the Health System s Designated Record Set, and may be subject to Disclosure on specific request or under subpoena. V. Designation of Patient Information The following records are part of the Medical Record: The Medical Record shall include, at a minimum, the following items (if applicable): 1. Name. 2. Address on admission. 3. Identification number (if applicable). a. Medicare / Medicaid, etc b. Hospital Number 4. Date of Birth. 5. Sex. 6. Marital status. 7. Legal status. 8. Mother s Maiden name. a. Place of Birth 9. Legal Authorization for admission (if applicable). 10. School Grade, if applicable. 11. Religious Preference. Page 3 of 8 200.10 2/14/13

12. Date and time of admission (or arrival for outpatients). 13. Date of time discharge (departure for outpatients). 14. Name, address, and telephone number of person or agency responsible for Patient. 15. Name of Patient s admitting/attending physician. 16. Initial Diagnostic impression. 17. Discharge or final diagnosis and disposition. 18. Allergy records. 19. Medication Reconciliation Records. 20. Advance Directives (if applicable). 21. Medical History including, as appropriate: immunization record, screening tests, allergy record, nutritional evaluation, psychiatric, surgical and past medical history social and family history and for pediatric patients a neonatal history. 22. Physical examination. 23. Consultation reports. 24. Orders including those for medication, treatment, prescriptions, diet orders, lab, radiology and other ancillary services. 25. Progress notes including current or working diagnosis (excluding psychotherapy notes). 26. Nurses notes, which shall include, but not limited to, the following: a. Nursing assessment including nutritional, psychosocial and functional assessments. b. Concise and accurate record of nursing care administered. c. Record of pertinent observations including psychosocial and physical manifestations and relevant nursing interpretation of medications and treatment. Route of administration and site of injection shall be recorded if other than by oral administration. d. Record of type of restraint and time of application and removal. e. Record of seclusion and time of application removal. 27. Graphic and vital sign sheet. 28. Results of all laboratory tests performed. 29. Results of all radiologic examinations performed. 30. Consent forms for care, treatment and research, when applicable. 31. Problem list (outpatient records only). 32. Emergency Department Record. 33. Anesthesia record including preoperative and postoperative diagnosis, description of findings, technique used, and tissue removed or altered, if surgery was performed. 34. Operative and procedures report including preoperative and postoperative diagnosis, description of findings, technique used, and tissue removed or altered, if surgery was performed. 35. Pathology report, if tissue or body fluid was removed. 36. Written record of preoperative and postoperative instructions. 37. Labor record, if applicable. 38. Delivery record, if applicable. 39. Physical, occupational, and/or respiratory therapy assessments and treatment records, when applicable. Page 4 of 8 200.10 2/14/13

40. Patient/Family Education Plan. 41. Clinical Data set from other providers. 42. Master Data Sets (as applicable to record type) including but not limited to: (Skilled Nursing), (Home Health), (Rehabilitation). 43. Patient Photographs when used for identification or treatment. 44. Master Treatment Plan and Reassessment. 45. Discharge Instructions. 46. A discharge summary which shall briefly recapitulate the significant findings and events of the Patient s hospitalization, final diagnosis, his/her condition on discharge and the recommendations and arrangements for future care. If applicable, it shall include diet and self-care instructions. 47. Communications of clinical nature including lab and diagnostic results, between the patient and the provider. 48. Telephone Encounters. Documentation is required for telephone encounters with patients and/or their caregivers, or other care providers that: a. Provide new or renewal of prescription for medications. b. Alter the current plan of care, including treatments and medication. c. Identify a new system or problem and provide a plan of care. d. Provide home care advice for symptom/problem management. e. Provide authorization for care. f. Provides or reinforces Patient education. g. Documentation should include the date and time of call, name of caller and relationship to Patient (if different from Patient), date and time of the response (or attempts to return call), the response given, and the signature and professional title of provider or clinic staff handling the call. 49. Primary language. 50. Ethnicity. The following records are not part of the Medical Record: A. Administrative Data is Patient-identifiable data used for administrative, regulatory, healthcare operations and payment purposes. Examples include but are not limited to: 1. Authorization forms for release of information. 2. Correspondence concerning requests for records. 3. Birth and death certificates. 4. Event history/audit trails. 5. Patient-identifiable abstracts in coding system. 6. Patient identifiable data reviewed for quality assurance or utilization management. 7. Administrative reports. 8. Patient complaints and grievances. Page 5 of 8 200.10 2/14/13

B. Derived Data consists of information aggregated or summarized from Patient records so that there are no means to identify patients. Examples: 1. Accreditation reports 2. Best practice guidelines created from aggregate Patient data. 3. ORYX reports, public health records and statistical reports. C. Draft Documents / Work in Progress. Electronic processes and workflow management require methods to manage work in progress. Draft documents are not considered to be included in the official Medical Record until signed by an authorized signer. The Health System shall maintain the confidentiality of any patient data that falls into any of the above categories. VI. ENFORCEMENT, CORRECTIVE & DISCIPLINARY ACTIONS Violations of any of this policy will be reported to the appropriate supervising authority for potential disciplinary action, up to and including termination and/or restriction of privileges in accordance with Health System Medical Staff Bylaws, and Human Resource / Personnel Policies. REFERENCES to REGULATIONS and/or OTHER RELATED POLICIES 800.02 -Use, Access and Disclosure of PHI with Valid Authorization 800.46 -Patients rights to request Confidential Communication, Restrictions of PHI 800.45 - Notice of Privacy Practices 800.42 Confidentiality of PHI 100.12-Management of Complaints and Grievances HR V-3- Conduct in the Workplace/Progressive Discipline GR048-Certificates of Confidentiality GR052-Maintenance, Storage, and Archiving of Clinical Research Data Health Insurance Portability and Accountability Act (HIPAA) Privacy & Security Rule, 45 CFR 160-164 Medicare Conditions of Participation, 42 CFR Section 482.24 Business Records Exception, Federal Evidence 803(6) Page 6 of 8 200.10 2/14/13

CLINICAL REFERENCES N/A APPROVAL: System P&P Committee 1/31/13 System PICG/Clinical Operations Committee 2/14/13 Appendix A HIPAA details eighteen items that render PHI identifiable: 1. Names 2. Geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code in certain situations. 3. All elements of date (except year) for dates directly related to an individual, including birth date, discharge data, date of death; and all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older. 4. Telephone numbers 5. Fax numbers 6. Electronic mail addresses 7. Social security numbers 8. Medical Record numbers Page 7 of 8 200.10 2/14/13

9. Health plan beneficiary numbers 10. Account numbers 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers 13. Medical Device Identifiers 14. Web Universal Resource Locators (URLs) 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger and voice prints 17. Full face photographic images and any comparable images 18. Any other unique identifying number, characteristic, or code Page 8 of 8 200.10 2/14/13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information