Section 405.10 - Medical records

405.10 Medical records. The hospital shall have a department that has administrative responsibility for medical records. An accurate, clear, and comprehensive medical record shall be maintained for every person evaluated or treated as an inpatient, ambulatory patient, emergency patient or outpatient of the hospital.

(a) General requirements. (1) Medical records shall be legibly and accurately written, complete, properly filed, retained and accessible in a manner that does not compromise the security and confidentiality of the records.

(2) The hospital shall establish, implement and monitor an effective system of author identification for medical records and/or medical orders to ensure the integrity of the authentication and protect the security of all transmissions, records and record entries. This system shall identify those categories of practitioners and personnel who are authorized to utilize electronic or computer authentication systems.

(3) The hospital shall ensure that all medical records are completed within 30 days following discharge.

(4) Medical records shall be retained in their original or legally reproduced form for a period of at least six years from the date of discharge or three years after the patient's age of majority (18 years), whichever is longer, or at least six years after death.

(5) The hospital shall have a system of coding and indexing medical records. The system shall allow for timely retrieval by diagnosis and procedure, in order to support quality assurance studies.

(6) The hospital shall ensure the confidentiality of patient records. Original medical records, information from or copies of records shall be released only to hospital staff involved in treating the patient and individuals as permitted by Federal and State laws.

(7) The hospital shall allow patients and other qualified persons to obtain access to their medical records and to add brief written statements which challenge the accuracy of the medical record documentation to become a permanent part of the medical record, in accordance with the provisions of Part 50 of Chapter II of this Title and the provisions of Public Health Law, section 18(4).

(b) Content. (1) The medical record shall contain information to justify admission and continued hospitalization, support the diagnosis, and describe the patient's progress and response to medications and services.

(2) All records shall document, as appropriate, at least the following:

(i) evidence of a physical examination, including a health history, performed no more than thirty days prior to admission or within 24 hours after admission and a statement of the conclusion or impressions drawn;

(ii) admitting diagnosis;

(iii) results of all consultative evaluations of the patient and findings by clinical and other staff involved in the care of the patient;

(iv) documentation of all complications, hospital acquired infections, and unfavorable reactions to drugs and anesthesia;

(v) properly executed consent forms for procedures and treatments;

(vi) all practitioners' diagnostic and therapeutic orders, nursing documentation and care plans, reports of treatment, medication records, radiology, and laboratory reports, vital signs and other information necessary to monitor the patient's condition;

(vii) discharge summary with outcome of hospitalization, disposition of case and provisions for follow-up care; and

(viii) final diagnosis.

(c) Authentication of medical records, record entries and medical orders.

(1) Upon completion of ordering or providing or evaluating patient care services, each such action shall be recorded and promptly entered in the patient medical record. All entries shall be legible and complete and shall be authenticated by the person entering, ordering or completing such action. Legible and signed facsimile orders may be accepted and shall be filed in the patient medical records.

(2) Written signatures, or initials and electronic signatures or computer generated signature codes shall be acceptable as authentication when utilized in accordance with hospital policy.

(3) Each electronic or computer entry, order or authentication shall be recorded in the medical record as to date, time, category of practitioner, mode of transmission and point of origin.

(4) Safeguards to ensure security and confidentiality shall include but not be limited to:

(i) the assignment, as appropriate, of a unique identifier that is assigned in a confidential manner;

(ii) the certification in writing by the hospital's designee and the user that each identifier assigned is confidential and is available and accessible only to the person authorized to use the electronic or computer authentication system;

(iii) policies and procedures to ensure the security of electronic or computer equipment from unwarranted access;

(iv) policies and procedures that restrict access to information and data to those individuals who have need, reason and permission for such access; and

(v) the implementation of an audit capability to track access by users.

(5) Hospitals shall implement an ongoing verification process to ensure that electronic communications and entries are accurate, including but not limited to:

(i) protocols for ensuring that incomplete entries or reports or documents are not accepted or implemented until reviewed, completed and verified by the author; and

(ii) a process implemented as part of the hospital's quality assurance activities that provides for the sampling of records for review to verify the accuracy and integrity of the system.

(6) Written notice from the author shall be required should the author/user wish to terminate participating in the electronic or computer authentication system.

(7) The hospital shall have procedures in place to modify or terminate use of any assigned identifier in cases of abuse or misuse or if practice privileges are suspended, restricted, terminated or curtailed or employment or affiliation ends.

(8) The hospital shall implement policies and procedures regarding the use and authentication of verbal orders, including telephone orders.  Such policies and procedures must:

(i) Specify the process for accepting and documenting such orders;

(ii) Ensure that such orders will be issued only in accordance with applicable scope of practice provisions for licensed, certified or registered practitioners, consistent with Federal and State law; and

(iii) Specify that such orders must be authenticated by the prescribing practitioner, or by another practitioner responsible for the care of the patient and authorized to write such orders and the time frame for such authentication.

(9) All orders for controlled substances shall be carried out in accordance with provisions of Part 80 of this Title.

Effective Date: 
Wednesday, May 17, 2017
Doc Status: 
Complete