Sunday, March 16, 2008

Records Management policies

Developing comprehensive, enterprise-wide policies by consensus in any organization is challenging. Over the past 3 years, BIDMC has developed a policy on records management that I think is valuable to share. This policy ensures compliance with applicable laws and regulations, accreditation standards, and additional requirements governing the management of records that are created or received for patient care, research activities, hospital operations, legal, or other purposes.

Given recent high-profile corporate scandals involving the inappropriate management of business records such as Arthur Andersen (Enron), Morgan Stanley (Sunbeam), and even the recent inappropriate disposal of hospital records in Florida, corporations are realizing the need to establish and enforce vigorous records management policies. This is especially important within highly-regulated industries like healthcare, which are subject to a wide variety of competing (and sometimes conflicting) Federal, State, local, and other standards.

At BIDMC, the Office of Business Conduct, Office of General Counsel, and Health Information Management collaborated to create a records management policy for BIDMC.

They also began the careful and time-consuming process of coordinating with specific departments to research and identify the appropriate standards governing the records created and used by each department. To begin, they prioritized records related to patient care and human resources, because records in these two areas are very highly regulated and often contain particularly sensitive information. Work with additional departments is continuing.

Important aspects of the new policy include –

*Coverage of records related to patient care including those maintained apart from the hospital’s official medical record, e.g. radiology films, scans, EEG/EKG tracings and so forth.

*Coverage of records related to non-patient care activities that serve research, legal, business, and other operational functions.

*Destruction procedures for hospital medical records as well as other medical, financial, and business records that contain personal information of our patients and employees.

*Formal procedures for the management of records relevant to an investigation, audit, or other legal proceeding.

*The policy applies equally to electronic and paper records and provides guidance for the appropriate use of digital scanning and other imaging technologies to replace original documents.

*It clarifies the retention requirements for e-mail and other communications containing important messages of significant business, legal, or medical value.

*Ensures compliance with new e-discovery laws such as the December 2006 Federal “Rules of Civil Procedure” that clarified the rights and obligations of parties related to the discovery of electronic records.

*It promotes efficient and cost-effective records management techniques. The proposed policy will prevent the unnecessary accumulation of records that are no longer needed or otherwise useful. At BIDMC, we spend millions per year storing paper and electronic records.

*Requires appropriate handling of the personal information entrusted to BIDMC by our patients and employees and thereby decrease their risk of identity theft.

The entire text of the policy and its supporting appendix A and appendix B took us years to develop. Hopefully, our work on this policy will be helpful to you.

2 comments:

Lisa said...

Hi John, this is my first reply to your blog. I have to say I am learning very much from it

In relation to retention and records management, I find it amazing how out of touch many healthcare providers are with this very necessary area.

I was in Chicago this week training with an EMR software company and asked a question about how the software is set up to handle just this issue, the trainer looked at me like I was from another planet and said "well it is always there, it never goes away" So I inquired about the legalities of that and for instance the issue of court orders or lawsuits and the liability of retaining records longer than the law requires, again, no answer.

Then the physician sitting next to me got very upset and said that not retaining records longer than the time requires is tantamount to hiding things from people.

He couldn't see my side of it as an HIM professional and the potential liability to his practice. Sigh... long way to go in this electronic world. I am looking forward to reading your policy.

Lisa said...

Hi John, this is my first reply to your blog. I have to say I am learning very much from it

In relation to retention and records management, I find it amazing how out of touch many healthcare providers are with this very necessary area.

I was in Chicago this week training with an EMR software company and asked a question about how the software is set up to handle just this issue, the trainer looked at me like I was from another planet and said "well it is always there, it never goes away" So I inquired about the legalities of that and for instance the issue of court orders or lawsuits and the liability of retaining records longer than the law requires, again, no answer.

Then the physician sitting next to me got very upset and said that not retaining records longer than the time requires is tantamount to hiding things from people.

He couldn't see my side of it as an HIM professional and the potential liability to his practice. Sigh... long way to go in this electronic world. I am looking forward to reading your policy.