Records Management policies

Developing comprehensive, enterprise-wide policies by consensus in any organization is challenging. Over the past 3 years, BIDMC has developed a policy on records management that I think is valuable to share. This policy ensures compliance with applicable laws and regulations, accreditation standards, and additional requirements governing the management of records that are created or received for patient care, research activities, hospital operations, legal, or other purposes.

Given recent high-profile corporate scandals involving the inappropriate management of business records such as Arthur Andersen (Enron), Morgan Stanley (Sunbeam), and even the recent inappropriate disposal of hospital records in Florida, corporations are realizing the need to establish and enforce vigorous records management policies. This is especially important within highly-regulated industries like healthcare, which are subject to a wide variety of competing (and sometimes conflicting) Federal, State, local, and other standards.

At BIDMC, the Office of Business Conduct, Office of General Counsel, and Health Information Management collaborated to create a records management policy for BIDMC.

They also began the careful and time-consuming process of coordinating with specific departments to research and identify the appropriate standards governing the records created and used by each department. To begin, they prioritized records related to patient care and human resources, because records in these two areas are very highly regulated and often contain particularly sensitive information. Work with additional departments is continuing.

Important aspects of the new policy include –

*Coverage of records related to patient care including those maintained apart from the hospital’s official medical record, e.g. radiology films, scans, EEG/EKG tracings and so forth.

*Coverage of records related to non-patient care activities that serve research, legal, business, and other operational functions.

*Destruction procedures for hospital medical records as well as other medical, financial, and business records that contain personal information of our patients and employees.

*Formal procedures for the management of records relevant to an investigation, audit, or other legal proceeding.

*The policy applies equally to electronic and paper records and provides guidance for the appropriate use of digital scanning and other imaging technologies to replace original documents.

*It clarifies the retention requirements for e-mail and other communications containing important messages of significant business, legal, or medical value.

*Ensures compliance with new e-discovery laws such as the December 2006 Federal “Rules of Civil Procedure” that clarified the rights and obligations of parties related to the discovery of electronic records.

*It promotes efficient and cost-effective records management techniques. The proposed policy will prevent the unnecessary accumulation of records that are no longer needed or otherwise useful. At BIDMC, we spend millions per year storing paper and electronic records.

*Requires appropriate handling of the personal information entrusted to BIDMC by our patients and employees and thereby decrease their risk of identity theft.

The entire text of the policy and its supporting appendix A and appendix B took us years to develop. Hopefully, our work on this policy will be helpful to you.