- Home
- » e-Newsletters
Manage subpoenas with a clear legal record definition
HIPAA Training Advisor, September 6, 2007
As providers replace traditional paper records with electronic document management systems (EDMS), many privacy officials are consulting with legal counsel to make certain they'll be prepared in case they ever receive a subpoena for a patient's medical record.
It's a bit unclear what providers need to supply if they ever face a subpoena, considering that many providers have destroyed patients' paper records after scanning them into their EDMS. Answering legal health record questions isn't easy, and rules can vary from one state to the next and from provider to provider. Health information management experts agree that you should first examine state and federal laws for guidance, then develop and consistently follow your own policies.
Define a legal record
It is, ultimately, each healthcare provider's responsibility to define its legal health record, says Deborah Adair, MPH, MS, RHIA, director of health information services for Massachusetts General Hospital (MGH) in Boston and coauthor of HCPro, Inc.'s The Legal Health Record Companion: A Case Study Approach. "That definition will change, and you should continue to massage the definition as long as you have to-especially as you convert to electronic health records (EHR)-to maintain the integrity of the information you keep," Adair says.
The good news is that courts are accepting electronic records in an increasing number of states. Most of the legal documentation standards that have traditionally applied to paper medical records are also applicable to documentation in EHRs, according to the American Health Information Management Association (AHIMA) in Chicago. AHIMA's guidelines state the following:
The legal health record is individually identifiable data, in any medium, collected and directly used in and/or documenting healthcare or health status . . . Some types of documentation that comprise the legal health record may physically exist in separate and multiple paper-based or electronic/computer-based databases.
Providers should define in their policies the parts of a medical record that are included in a legal record, says consultant Kelly McLendon, RHIA, president of the consulting company Information Evolution Management in Titusville, FL. Under new federal guidelines, considering the whole record to be the legal record is "too broad," he says.
If you receive a subpoena, you only have to give the court the portion of the medical record you have defined as the legal record, he explains. Any other information the court wants to view goes into discovery, and the court must justify its request for additional information and/or records. "Lawyers can't just go on a fishing expedition through your medical records," McLendon says.
Remember HIPAA
Providers also should make certain they observe state and federal regulations in regard to patient confidentiality and privacy, as well as HIPAA, when responding to subpoenas, adds Jayme Matchinski, Esq., a healthcare attorney for the Chicago firm Hinshaw & Culbertson and former vice president of a national healthcare consulting firm.
"Make sure the subpoena has been issued correctly," she cautions. Scrutinize the subpoena to make sure that it's not overly broad. Overarching subpoenas are the number-one HIPAA-compliance problem that Matchinski finds. Matchinski strongly advises providers to ask for safeguards in the subpoena process.
"Who will receive the information when [you produce] the documents? Do the records go directly to the requesting attorney-and no one else? Is there a court order of protection?" she asks. "Under HIPAA, information can't be disseminated to just anyone, so you have to make sure the requesting attorney has taken steps to protect the information you're providing. I always ask the judge to issue a protective order to be certain all of the parties are aware of HIPAA safeguards."
Matchinski notes that it is also important to determine what will happen to the subpoenaed medical record once the case is over. Find out if the court will return the record or destroy it themselves. "I ask that it be sent back when the case is over, so I'll know it's protected," she says.
Some subpoenas are now requesting all of a facility's electronic records, raising a host of new concerns.
"With the electronic discovery process, we're facing how organizations will handle subpoenas for everything in their computers," Matchinski says. "How do you prepare for that? What's your exposure, given that we all use e-mail? Can the court discover all that?" Thankfully, for the many facilities still working with paper or mixed records, concerns remain more basic.
Respond to subpoenas
"In Massachusetts, if your records are subpoenaed, you're allowed to produce a reliable reproduction. A copy is admissible," says Adair. "Right now at MGH, half of the inpatient record is paper, and half is electronic. When we receive a subpoena, we print as much as possible from the electronic record and copy anything else that's needed from the paper record."
"[Although the facility currently has a hybrid record,] we consider the electronic record to be our legal record, as long as everything is complete," Adair says, noting that the hospital is scanning its paper records to free up storage space. "When we scan records, we do a full quality review," she explains. "After that, we destroy the paper record."
According to Matchinski, many of her clients keep their paper records for up to a year before destroying them.
Although that may not be feasible for every provider, she typically recommends keeping paper records for nine months to a year. But, she notes that it "really comes down to your comfort level with your EDMS." For example, facilities that haven't fully adjusted to their EDMS may wish to hold on to paper records longer than one year.
However, McLendon argues that once you've scanned an entire record, and the record is complete within the EDMS, you should destroy paper records as soon as possible-and definitely within 30 days.
"I say that because the paper record will be different from the scanned, electronic record once [authorized users make] additions such as discharge summaries and signatures. So faster is better, if you trust your system," he says. "This is about accuracy, trustworthiness, and reliability-that this document, under hospital policy, is the record kept in the normal course of daily business."
"With the right controls in place, there's no reason not to be confident in your electronic system and record," he continues. "The final copy of the record after imaging is the legal, permanent record. It will stand as the hospital's business record." The longer you maintain the paper record, the greater the chance an attorney can come after you and raise concern about any differences.
Matchinski agrees that discrepancies can create problems. She says that "there shouldn't be a disparity between the paper and electronic versions." Many of her clients conduct utilization reviews and frequent audits to make certain that there are no discrepancies. "They should match up, and I would be very concerned if they don't," she says.
Consider your unique needs
Adair recommends that providers have "procedures that have functionality" in place for managing record amendments. She adds that they should also employ best-practice operational standards. "We debated [about how long to keep the paper record] for a long time," Adair concedes. "But for years, we used microfiche. Once the records were on microfiche, we destroyed them-so what's the difference?"
Adair finds many providers are "afraid to let go of the paper. People like to print . . . and hold [paper]," she says.
"It's cultural," agrees Matchinski. "We often see it in older physicians and care providers, and a lot of clients like to be able to pick up and hold a record. We all like paper, and we like having something tangible. But if you have good backup and a good IT staff, you can get to a comfort level [with the electronic system]. We may have to be a little more technologically savvy to get to that point, and that comes back to training and education."
Matchinski adds one last piece of advice to providers who are preparing for a possible subpoena: When determining your record retention policy, "be aware of the statute of limitation provisions, in case of a future claim of negligence," as well as state and federal requirements, she says. Those statutes will vary by state.
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- Capturing all necessary codes for IUD insertion and removal can be challenging
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- HIPAA Q&A: Level of encryption needed for email
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- What does case-mix index mean to you?
- Q&A tackles coding questions about injections and infusions
- Joint Commission Center announces handoff communication solutions
- Inside best practice: Reduce patient falls with a stoplight
- Identify modifiable risk factors to prevent patient falls
- HIPAA Q&A: Level of encryption needed for email
- Searched