(Rev. 173, Issued: 11-22-17, Effective: 11-28-17, Implementation: 11-28-17)
§483.20(f)(5) Resident-identifiable information.
§483.70(i) Medical records.
§483.70(i)(1) In accordance with accepted professional standards and practices, the facility must maintain medical records on each resident that are—
§483.70(i)(2) The facility must keep confidential all information contained in the resident’s records, regardless of the form or storage method of the records, except when release is—
§483.70(i)(3) The facility must safeguard medical record information against loss, destruction, or unauthorized use.
§483.70(i)(4) Medical records must be retained for—
§483.70(i)(5) The medical record must contain—
GUIDANCE §483.70(i)
The medical record shall reflect a resident’s progress toward achieving their person- centered plan of care objectives and goals and the improvement and maintenance of their clinical, functional, mental and psychosocial status. Staff must document a resident’s medical and non-medical status when any positive or negative condition change occurs, at a periodic reassessment and during the annual comprehensive assessment. The medical record must also reflect the resident’s condition and the care and services provided across all disciplines to ensure information is available to facilitate communication among the interdisciplinary team.
The medical record must contain an accurate representation of the actual experiences of the resident and include enough information to provide a picture of the resident’s progress, including his/her response to treatments and/or services, and changes in his/her condition, plan of care goals, objectives and/or interventions.
Except for the annual comprehensive assessment, periodic reassessments when a significant change in status occurs, and quarterly monitoring assessments, regulations do not define the documentation frequency of a resident’s progress. Professional standards of practice however suggests documentation include a resident’s care plan implementation progress.
Resident Assessment Instrument (RAI) data is part of a resident’s medical record and is protected from improper disclosure by facilities under current Federal law. Facilities are required by §§1819(c)(1)(A)(iv) and 1919(c)(1)(A)(iv) of the Act and §483.70(l)(2) and (l)(3) to keep confidential all information contained in the resident’s medical record and to maintain safeguards against the unauthorized use of a resident’s information, regardless of the storage method of the records.
At §483.20(f)(5), Resident-identifiable information, it requires that a facility may not release information that is resident-identifiable to the public and that the facility may release information that is resident-identifiable to an agent only in accordance with a contract under which the agent agrees not to use or disclose the information except to the extent the facility itself is permitted to do so. If a deficiency is identified related to this regulation cite the deficient practice here at F842.
Electronic Health Records (EHR) - Facilities using an electronic format for medical or other resident documentation (for example, documenting progress notes, medication administration, electronic claims filing, etc.) must comply with the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules 45 CFR Parts 160 and 164. Surveyors are not responsible for assessing compliance with these rules. The Department of Health and Human Services’ Office for Civil Rights has primary responsibility for enforcing the HIPAA Privacy and Security Rules. The surveyors’ responsibility is to assess compliance with the regulatory requirement for maintaining the content and confidentiality of the medical record. If there are concerns that the facility’s practice may constitute violations of the HIPAA privacy or security rules, refer these concerns to HHS’ Office for Civil Rights.
The facility is responsible for ensuring the backup of data and security of information. CMS encourages the development of systems that permit appropriate sharing of clinical information across providers, if the development of such systems is fully consistent with the requirement for protecting the confidentiality of the medical record.
Surveyors should not evaluate the features of the EHR system. Instead focus on how the EHR system is being used in the facility.
Use of Electronic Signatures – Electronic signatures are acceptable whether or not the record is entirely electronic. If a facility uses these signatures, they must have policies that identify those individuals who are authorized to sign electronically and describe the security safeguards to prevent unauthorized use of these signatures. Such security safeguards include, but are not limited to, the following:
When rubber stamp signatures are authorized by the facility’s management, the individual whose signature the stamp represents shall place in the administrative offices of the facility a signed statement to the effect that he/she is the only one who has the stamp and uses it. A list of computer codes and written signatures must be readily available and maintained under adequate safeguards. Refer to §483.30(b) Physician Visits, for additional guidance.
INVESTIGATIVE PROCEDURES §483.70(i)
When reviewing a resident’s medical record, determine if the record, including any archived information, is accessible to and provides sufficient information for appropriate staff to respond to the changing status and needs of the resident. For example:
Interview facility staff to determine the facility’s policies and practice for maintaining confidentiality of resident’s records. Concerns regarding medical record confidentially, storage (including archiving) should be reviewed under this tag.
Determine through observations, record review and interviews:
Use of Electronic Records in the Survey Process
There are no requirements for the use of Electronic Health Record (EHR) systems, however if a facility uses an EHR system, it must grant access to the survey team timely (i.e., before the end of the first day of the survey). If access to an EHR is required by the surveyor, the facility will:
The facility must make available to surveyors upon their request, a printout of any record or part of a record. Surveyors should only request printed copies when needed to support a potential deficient practice or if additional information is needed that is not contained in the EHR.
If facility staff impedes the survey process by purposefully and/or unnecessarily delaying or restricting access to records this may lead to noncompliance and potential enforcement actions. If this situation occurs surveyors should contact their supervisors and if needed they would then contact the CMS Regional Office for assistance.
KEY ELEMENTS OF NONCOMPLIANCE
To cite deficient practice at F842, the surveyor’s investigation will generally show that the facility failed to do any of the following: