Confidentiality, Privacy and Security

Recording destruction of paper record scanned into EHR

Kimberly J. Martinez, Health Care Administration,RHIT,BSHA02-05-2019 17:14

Kimberly J. Martinez, Health Care Administration,RHIT,BSHA02-28-2019 13:03

  • 1.  Recording destruction of paper record scanned into EHR

    Posted 02-05-2019 17:14
    Hello
    We are revamping our destruction log of paper documents that have been scanned into our EHR. I would like to learn what other facilities are tracking regarding these documents. What information are you including?
    Thank you
    Kim

    ------------------------------
    Kimberly
    ------------------------------


  • 2.  RE: Recording destruction of paper record scanned into EHR

    Posted 02-06-2019 11:48
    ​I had asked a similar question last year, but unfortunately I did not receive any response.   I am still very interested in the entire process of scanning, logging destroying, etc with paper charts and the EHR.

    ------------------------------
    Karen Evans
    Him Director
    Yuma District Hospital
    ------------------------------



  • 3.  RE: Recording destruction of paper record scanned into EHR

    Posted 02-06-2019 18:03
    ​Karen, hopefully we will find some guidance, glad I'm not the only one.

    ------------------------------
    Kimberly
    ------------------------------



  • 4.  RE: Recording destruction of paper record scanned into EHR

    Posted 02-07-2019 23:05
    As we transitioned from paper to e-record we determined what parts of the record would be readily needed to provide ongoing care and scanned only those parts to the e-record, shredding the paper once they were scanned. The rest of the paper record was then stored (onsite, fortunately for us).
    We did not keep any part of the paper records that were scanned to the electronic record. We also did not log that we destroyed the paper records. Those records are now electronic so we still have them.

    ------------------------------
    Pamela [LastNam
    Medical Records Tech/Privacy Officer
    ------------------------------



  • 5.  RE: Recording destruction of paper record scanned into EHR

    Posted 03-01-2019 09:31
    ​Hi,

    We have a hybrid record too.  Most documentation is electronic but there is still a lot on paper. Since we are an outpatient facility many documents come in to our dept. to be scanned daily.  We have one person that QAs every document scanned and once it is determined it is in the right record, the image is satisfactory and scanned to the correct location we destroy.  I cannot imagine the manpower we would need to log each document and prepare for storage.
    I would like to know if others are keeping e-records indefinitely, whether entered electronically or scanned.  If not kept indefinitely how are you managing a retention program with electronic records?  I have asked peers in my community and they do not know either.  I have searched for reference material on this subject with not much luck.
    Thank you,

    ------------------------------
    Kathryn Boyes
    Director, HIM
    ------------------------------



  • 6.  RE: Recording destruction of paper record scanned into EHR

    Posted 02-07-2019 14:44
    ​Hi:  Not sure what you are specifically asking about, but I can share that our process is that we box up and log scanned documents by service type and by discharge date.   The vendor assigns a box number/bar code and then if we have to retrieve we reference that is how we reference what box they need to return to us.  We destroy 6 months after scanning.  We do not log specific documents that were scanned.

    I hope this helps.

    ------------------------------
    Marcia Matthias
    Corporate Director Health Information/Privacy Officer
    Southern Illinois Healthcare
    ------------------------------



  • 7.  RE: Recording destruction of paper record scanned into EHR

    Posted 02-28-2019 13:03
    Thank you everyone for your responses.

    Our facility has added to our already existing Record Destruction Policy the retention period for paper records scanned into the EMR. We will retain the paper document for 90 days, destruction on day 91. We will record on our Destruction Form the time frame(s) of the documents going for destruction. This document will be permanently retained electronically. The Policy will include verbiage on how to pull an audit trail of what was scanned in during a designated time frame should we need that detail.

    ------------------------------
    Kimberly
    ------------------------------



  • 8.  RE: Recording destruction of paper record scanned into EHR

    Posted 11 days ago
    Would you be interested in sharing your policy? The facility I work for is transitioning to destroy the paper records because the documentation is scanned into the EHR. Thanks so much in advance.

    ------------------------------
    Sandra Dickerson
    Him Manager
    ------------------------------



  • 9.  RE: Recording destruction of paper record scanned into EHR

    Posted 11 days ago
    Yes, I would be interested in seeing your policy if you are willing to share.  Thank  you,

    ------------------------------
    Kathryn Boyes
    Director, HIM
    ------------------------------



  • 10.  RE: Recording destruction of paper record scanned into EHR

    Posted 10 days ago
    Sandra, we are revising our policy, as we had a software change, but will share it as soon as the revision is complete.
    Kim

    ------------------------------
    Kimberly
    ------------------------------



  • 11.  RE: Recording destruction of paper record scanned into EHR

    Posted 7 days ago
    Thank you so much.. That is greatly appreciated!

    ------------------------------
    Sandra Dickerson
    Him Manager
    ------------------------------



  • 12.  RE: Recording destruction of paper record scanned into EHR

    Posted 6 days ago
    After paper records have met the allowed destruction date i.e. in KS it is 10 years past the last date of service and/or for minors one year past the age of majority, which ever is greater.  There is also a caveat if a record request has been sent for a patient then it is an additional 5 years from the date of the record request, if the time remaining on the original retention is less than 5 years.

    It is my understanding then if it is time to purge a file the patient should be contacted and asked if they want the file and give them a reasonable time frame to come pick it up.  The contact to client should be in writing and sent to the last know address on file.

    ------------------------------
    Melissa Alley
    Client Records Coordinator
    ------------------------------



  • 13.  RE: Recording destruction of paper record scanned into EHR

    Posted 02-28-2019 19:13
    How are you all handing the destruction of records after the retention policy has been met when you have a hybrid chart? The paper is easily destroyable but what about the parts of the record that are also stored electronically in your EHR?

    ---------------------------------
    Deanna Heinrich
    Director of HIM/Privacy Officer
    ---------------------------------





  • 14.  RE: Recording destruction of paper record scanned into EHR

    Posted 03-01-2019 13:49
    Hi Deanna,

    I also wonder about this.

    Our current EHR vendor tells me there is no way to delete what info has been entered into the electronic part of the record without also deleting the MPI.

    I've also been told that we cannot destroy the paper portion and still have the electronic portion and continue to respond to requests that the record has been destroyed after our retention time is up.

    I've been looking for guidance, but have not been able to find anything.

    Teri

    ------------------------------
    Teri Smith
    Health Information Administrator
    ------------------------------



  • 15.  RE: Recording destruction of paper record scanned into EHR

    Posted 03-04-2019 13:07
    We scan in paper documents and they are run through the QA process for accuracy. We do hang onto the originals for three months and then document what ever the scanned date range was plus the date we shredded them. Why would we hang onto these longer if they are already in the Medical Chart? Would be interested in how other sites and programs are handling this process.

    ------------------------------
    Linda Pooler
    Him Manager
    ------------------------------



  • 16.  RE: Recording destruction of paper record scanned into EHR

    Posted 11 days ago
    It is actually refreshing to see people purge paper!  At one University hospital in So. Cal...there was a medical records department that had over 12,000 linear feet of shelf space with records that were well beyond their purge date.

    I still remember my conversation with the HIM director who told me that the reason they didn't destroy them was because "just in case"...with nothing more specific than that.  So much space...and expensive square footage...to hold records that were far beyond their retention period.

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 17.  RE: Recording destruction of paper record scanned into EHR

    Posted 11 days ago
    We are dealing with the same issue and similar issue.  Most of our paper records are awaiting destruction dates at off site storage.  Our hybrid records are on site but we have been all paper for 3+ years so  we have very few patients with paper records still on site.   Would you suggest we go ahead and scan the remaining onsite paper records?

    Also, still wanting to know how to manage retention of electronic records?

    Lynn Boyes, RHIT

    Health Information Management Director,

    HIPAA Privacy Officer

    7010 S. Yale Ave | Tulsa, OK 74136
    lboyes@crsok.org 918.236.4135

    918.494.9870

    Website Facebook Twitter LinkedIn | Instagram

     







  • 18.  RE: Recording destruction of paper record scanned into EHR

    Posted 10 days ago
    Hi,

    In a nut shell, HIPAA has no requirements for a medical record but do have requirements for HIPAA documents. For Oklahoma, retention period is 6 years if I remember correctly. There is a site online, that gives each states online reference and states the retention period. I apologize as I can't find hat website at this moment. I was online looking at other topics and stumbled upon it that day.

    My two cents says to scan those records you are inquiring about.

    Try these sites for further info
    http://www.okdhs.org/library/policy/pages/oac317030030015000.aspx
    https://www.okmedicalboard.org/laws
    https://www.hipaaguide.net/hipaa-records-retention-requirements/
    https://www.recordnations.com/articles/record-retention-guidelines-by-state/

    ------------------------------
    Kelly Randell
    DRG Analyst
    [G2 Corporation]
    ------------------------------



  • 19.  RE: Recording destruction of paper record scanned into EHR

    Posted 9 days ago
    Hi Kelly & everyone,

    Is one of these among site(s) or references you were referring to?  I use these as 'starting points' for research when dealing with record retention issues; they contain good statutory info.  Retention requirements definitely vary by state and by provider settings within states.

    Health Info Law's Analysis of Medical Record Retention Required by Health Care Providers (This is one my favorites:)  http://www.healthinfolaw.org/comparative-analysis/medical-record-retention-required-health-care-providers-50-state-comparison
    (I have also attached a PDF of this file, but the source link is above.)

    Here's one on HealthIT.gov --> https://www.healthit.gov/sites/default/files/appa7-1.pdf (Also very useful, but possibly dated; still a great reference, also attached.)

    There are definitely also retention differences that exist among provider agreements, like those that are 'Managed Care Providers': CMS requires Managed Care Program providers to retain records for 10 years, from MLN Matters Article SE1022 --> https://www.cms.gov/outreach-and-education/medicare-learning-network-mln/mlnmattersarticles/downloads/se1022.pdf -- (also dated but still good info, attached).


    Hope this helps!  



    ------------------------------
    A. Andrews Dean, CPHIMS, CHDA, CPHI, CPPM, CPC
    AHIMA-Approved Data Analytics Trainer
    Health IT Regulatory Affairs & Healthcare Compliance Consultant
    ------------------------------



  • 20.  RE: Recording destruction of paper record scanned into EHR

    Posted 9 days ago
    We have a 10 year retention across the board.  It's easier than trying to juggle all the different retention periods.  My question is how to do you destroy electronic records when they meet their retention period?  Do you have to have a multimillion $ system to alert you when it is time for records to be destroyed?  We still keep retention spreadsheets outside of our EHR.

    Lynn Boyes, RHIT

    Health Information Management Director,

    HIPAA Privacy Officer

    7010 S. Yale Ave | Tulsa, OK 74136
    lboyes@crsok.org 918.236.4135

    918.494.9870

    Website Facebook Twitter LinkedIn | Instagram

     







  • 21.  RE: Recording destruction of paper record scanned into EHR

    Posted 9 days ago
    Hi Lynn,

    "Deleting electronic charts' is a significant, industry-wide problem, partially because the concept of 'physical destruction' isn't relevant for data that exists in a 'cloud' or database (unless you can actually destroy the hard-drive where the ePHI is located, which isn't possible if that drive is part of a cloud service and/or not exclusively 'yours') and separating  the 'old' records from the new would also to be done first, which is where data archival efforts would come into play, and would involve working with your EHR vendor.

    Of the EHRs I have seen, all have had a 'Deactivate' function for old records, similar to marking a record as deceased, but none allowed users (even super-users) to actually delete a patient record.  (Much of this has to do with liability, audit trails, and database referential integrity considerations.)

    You would likely have to work with your EHR vendor on this, unless it was developed in-house.  Also, there are many scenarios where medical professionals do not want records truly 'deleted' (especially researchers), as this would make long-term research with records in EHRs impossible if records are not maintained somehow instead of just potentially being de-identified.

    Over time and with the implementation of EHRs, some providers have been retaining information longer than state law or HIPAA and federal mandates require to meet other goals, like research and clinical trials mentioned above, where having a lengthy patient history can be a major benefit.  This is also true of patients who had major past or childhood diseases or traumas; for example, a neurologist can benefit from viewing MRIs, EEGs, and other scans over a lengthy period of time to review how the patient's condition has progressed over the years to address chronic, life-long conditions, such as epilepsy or multiple sclerosis. 

    As EHRs have advanced, it's become easier and a more viable option to permanently retain a continuity of care document (CCD) that includes critical details such as medications, allergies, and an encounter date listing when the rest of the record is purged.  Some provider organizations already keep some elements, like an abstract, of the record, including a face sheet and discharge records, while destroying the rest of the PHI.  At the least, providers should retain a register of births, deaths, procedures, as well as the master patient index when purging old records or systems.  

    Some EHR systems do include record management features that can make destruction easier, such as enabling metadata to calculate retention schedules in compliance with various variables.  In an EHR, critical metadata are usually considered to be the patient ID, name, address, date of birth, and date of last visit. The retention triggers could be customized to be dependent on the date of the last visit or whatever criteria are desired – if the EHR supports that capability, or it could possibly be programmed as an add-on.  

    Other Retaining Issues to Consider -->  Will you retain and capture the EHR metadata?  Will you retain any alternate media, logs, or records from other facilities?

    Also of significant importance is the May 2019 decision on Cochise Consultancy Inc. v. United States, ex rel. Hunt that impacted medical record retention law and changed how long provider organizations and offices might want to keep medical records (beyond state/HIPAA statutory requirements).  Last year's decision in the Cochise case set a new medical record retention standard for how long providers should keep patient records -- > 10 years. For providers, the Cochise medical record retention standard means that providers/organizations may be vulnerable to FCA claims for up to ten years after an alleged violation.

    The decision info on that case is here --> https://www.natlawreview.com/article/unanimous-supreme-court-ruling-expands-statute-limitations-filing-qui-tam-cases

    Records should only be 'automatically' and fully purged from an EHR after review of the chances for pending or future litigation, a government investigation, audits, expanding quality reporting programs, population health efforts, precision medicine, and other concerns. (Example:  Would a provider want to delete the results of a patient's genetic profile, just because it was done eight years ago, or past whatever the retention schedule indicated, and then have to repeat the genetic testing because the results were gone?  A brain surgeon who implants an anuerysm clip in a patient's brain is another example of a medical record that it would be beneficial to maintain for a lengthy period of time, so that the alloys used in the clip will be on file to determine safety of future MRIs or other brain scans and diagnostics for the patient.)

    Unfortunately, providers and HIM professionals seeking a simple, one-size-fits-all answer to the question of record retention will be frustrated because a single, common/universal record retention schedule just doesn't exist.  There are so many factors that must be taken into consideration, not to mention different systems, and there are a lot of best practices and recommendations that you can review, but, ultimately, a provider's risk management and legal counsel at their facility should draft its own definitions. Every provider's situation could be unique depending on the EHR system, practice setting, state laws, payor contracts, and potentially other reporting programs, and activities like MA/ACO program participation, who are required to keep their records ten years.

    When medical records are destroyed (or de-identified or converted to CCD subset), a PHI Destruction/ Archival Log should ideally also be maintained, containing the information destroyed or archived, when, how, and who did it, along with a witness, so that proof of the destruction or archival is readily available.  If you are using an external destruction service, I would recommend looking for one that is NAID-certified to ensure that guidelines are followed, although this shouldn't be an issue with EHR data.

    Hope this helps!



    ------------------------------
    A. Andrews Dean, CPHIMS, CHDA, CPHI, CPPM, CPC
    AHIMA-Approved Data Analytics Trainer
    Health IT Regulatory Affairs & Healthcare Compliance Consultant
    ------------------------------



  • 22.  RE: Recording destruction of paper record scanned into EHR

    Posted 9 days ago
    Good Morning Everyone,

    This isn't my field of work primarily, but I dabble when necessary. One of the things that strikes my attention is when CEs and BAs and other pertinent entities may switch from one EHR platform to another. Short Example:  From one EHR system to a new EPIC/3M 360 Encompass or to Cerner. This obviously would be something to consider in handling records that fall under retention. The organization would most likely want to discuss this with potential new vendors and how the interface for this aspect of transfer would occur.

    Have a nice week!

    ------------------------------
    Kelly Randell
    DRG Analyst
    [G2 Corporation]
    ------------------------------



  • 23.  RE: Recording destruction of paper record scanned into EHR

    Posted 9 days ago
    oh, yes, our state, as far as I know doesn't address my question.

    Lynn Boyes, RHIT

    Health Information Management Director,

    HIPAA Privacy Officer

    7010 S. Yale Ave | Tulsa, OK 74136
    lboyes@crsok.org 918.236.4135

    918.494.9870

    Website Facebook Twitter LinkedIn | Instagram

     







  • 24.  RE: Recording destruction of paper record scanned into EHR

    Posted 9 days ago
    Hi Ashley,

    Thanks for your input. Always a pleasure to get some solid resources from a resourceful guy!

    Have a nice week Everyone!

    ------------------------------
    Kelly Randell
    DRG Analyst
    [G2 Corporation]
    ------------------------------



  • 25.  RE: Recording destruction of paper record scanned into EHR

    Posted 03-05-2019 08:14
    Sorry I'm late to this conversation.
    If im understanding, paper is scanned then destroyed after QA?   That makes sense.   Your legal record as defined by your policies should indicate that the EHR as your legal business document. As long as you have paper available, even if it is scanned, you have to produce it if it is requested, so don't save paper if you know it has been scanned accurately.  90 days seems reasonable.
    Second question in this conversation is destruction of electronic records.    Why would you want to do that?   You only hide records if they are edited, but don't delete.  The cost of data storage is so low, why destroy it?   Old electronic files should simply be moved to a secure server that limited people have access to.   Old paper records were on a retention cycle mainly due to space concerns.  It is my understanding that if we had unlimited space, paper would not be destroyed so why would we want to destroy/delete electronic records?

    wil

    ------------------------------
    Wil Limp
    Program Manager
    University of Wisconsin

    Bachelor Degree - Health Information Management and
    Technology
    Master's Degree - Healthcare Administration
    ------------------------------



  • 26.  RE: Recording destruction of paper record scanned into EHR

    Posted 03-06-2019 10:41
    This is an issue that has been around since the early 90's when we started scanning for real with hospital records because the technology became feasible and record copy laws allowed the use of WORM (write once, read many) optical disks for archival storage). I created the one of the first well functioning system for hospital scanned records in 1994. Through the 1990's we used to destroy scanned images at about a year our if there had not been any quality issues detected in the scanning, that was too long and we eventually wound down to a timeframe between 90 days to 6 moths in keeping the paper until QA had been assured. There are legal reasons why the paper should be destroyed, since both images can be called if they are in existence and that can raise all kinds of red herring type issues, so the shorter that time until paper destruction should be as short as possible. Of course have the time-frames well documented in your retention schedules and the discussion is spot on with the thoughts on the legal record implications.

    For the retention of the scanned images, that is a harder call. I've been practicing for over 40 years and we used to keep medical records basically indefinitely as we moved paper to microfilm after however much paper storage area we had was full, usually 2-5 years. Of course we destroyed the paper records then too after QA, but that was usually after at least 6 months. We had it drilled into us to keep the records,, we all had stories about pulling old records for special requests, mine was ladies in the 19450's whose Mom's had had DES (a pregnancy drug) and were at higher risk of cancer. We had all the MPI and records from 25+ years earlier and found some records that were requested. it worked.

    Sometimes in the late 1990's or 2000's I started seeing destruction of the original medical record info, regardless of it's format, paper or electronic or a hybrid mix, at 7 or 12 years after discharge (or after age of majority) based on legal advice that stated that for liability purposes the info should not be held indefinitely (although research institutions may have been excluded). Iv'e never been a fan of that philosophy, but it has been widely adopted now, although allergies and a limited data set may be excluded (I certainly would want any old anesthesia allergies to be kept if I had any).

    I think it's pretty well accepted that whenever any EHR data is destroyed it would also include the scanned paper associated with those records.

    ------------------------------
    Kelly McLendon, RHIA, CHPS
    Managing Director
    CompliancePro Solutions
    kmclendon@complianceprosolutions.com
    321-268-0320
    ------------------------------



  • 27.  RE: Recording destruction of paper record scanned into EHR

    Posted 03-12-2019 09:16
    Our records are destroyed according to our states retention schedule.  Electronic records solve the space issue, however, there are legal reasons to continue following the retention schedule.  The more files we have to keep secure and private the more susceptible we are to having problems.  Such as the discovery phase of litigation or the number of records if a breach occurred.
     
    Christina M. Upton, RHIT
    HIM, Coordinator
    Student Health Services