A medical record is systematic documentation of a patient’s medical history and care. It usually contains the patient’s health information (PHI) which includes identification information, health history, medical examination findings, and Medical billing information.
Medical records were traditionally kept in paper form, with tabs separating the sections. As printed reports were generated, they were moved to the correct tab. With the advent of the electronic patient record, these sections may still be found but as tabs or menus within the electronic record.
1. Patient Demographics:
- Face sheet, Registration form
- Patient Name
- Address and phone numbers (home and mobile)
- Email address
- Sex, Age, Birthday, and Race (Ethnicity)
- Occupation and Employer name, address, and phone number
- Spouse Name and contact information in case of emergency contact
2. Financial Information:
- Insurance payer’s name, address, and phone number
- Subscriber name
- Policy number
- Responsible party name, address and phone number
- Responsible party employer, occupation and employer phone number
- Patient’s relationship to the insured
3. Consent and Authorization Forms:
Consent for treatment: For any course of treatment that is above routine medical procedures, the physician must disclose as much information as possible so the patient may make an informed decision about his/her care. This information should include:
- Diagnosis and chances of recovery
- The recommended course of treatment
- Risks and benefits involved in the treatment
- Risks if no treatment is taken
- Probability of success if treatment is taken
- Recovery challenges and length of time
- Assignment of benefits: the patient or guarantor authorizes their health insurance company to make payments directly to the physician, medical practice, or hospital for the treatment received.
4. Release of information:
A valid authorization to release protected health information includes:
- Identity verification such as a driver’s license.
- A description of the information to be used or disclosed.
- The name of the person or organization authorized to disclose the information.
- The name of the person or organization that the information is to disclose.
- Signature of the person authorized to release the information.
5. Treatment History:
- Chief complaints
- History of illness
- Vital signs
- Physical examination
- Surgical history
- Obstetric history
- Medical allergies
- Family history
- Immunization history
- Habits such as exercise, diet, alcohol intake, smoking, and drug use/abuse
6. Progress Notes:
Progress notes include new information and changes during patient treatment. They are written by all members of the patient’s treatment team.
Some of the information included in progress notes includes:
- Observations of the patient’s physical and mental condition
- Sudden changes in the patient’s condition
- Vital signs at certain intervals
- Food intake
- Bladder and bowel functions
7. Physician’s Orders and Prescriptions:
Physician’s orders for the patient to receive testing, procedures, or surgery including directions to other treatment team members. Prescriptions for medications and medical supplies or equipment for the patient’s home use.
Consults: Findings opinions from consulting physicians.
Lab Reports: Record of findings from lab testing.
8. Radiology Reports:
Record of findings from radiology testing.
9. Nursing Notes:
Nurse’s notes include documentation separate from the physician including:
- Patient assessment
10. Medication List:
Prescription and nonprescription medication including dose, method of intake, and schedule.
11. HIPAA Notice of Privacy Practices:
This notice, as required by the HIPAA Privacy Rule, gives patients the right to be informed about their privacy rights as it relates to their protected health information (PHI).
12. Patient Confidentiality:
Each medical office has a responsibility to their patients by federal law to keep their personal health information private and secure. Disclosures made regarding a patient’s protected health information without their authorization is considered a violation of the Privacy Rule under HIPAA. Most privacy breaches are not due to malicious intent but are accidental or negligent on the part of the organization.
Develop a formal security management process including the development of policies and procedures, internal audits, contingency plan and other safeguards to ensure compliance by medical office staff.
Develop policies for verifying access authorizations, equipment control, and handling visitors.
Develop and provide documentation including instructions on how your medical office can help to protect PHI (for example, logging off the computer before leaving it unattended).
Establish unique user identification including passwords and pin numbers.