Quality Resource Guide
l
Dental Record Keeping 3rd Edition
6
www.metdental.com
Treatment Plans
Best practices for record keeping include a section
for treatment plans. They should be supported by
documentation of pathology and conditions. The
treatment plan and/or the progress note should
denote alternative treatments discussed with
the patient. Treatment plans should also include
referrals, observations, and re-assessments.
Treatment plan documentation should state that
variation may occur as treatment is delivered.
Ideally, the number and length of appointments
and an estimate of fees should be part of the
treatment plan and its presentation to the patient.
The treatment plan should be dated and signed by
the patient and the provider. Tracking completion
of the treatment line items aids improved patient
management. This process is facilitated by
electronic records.
Maintenance of Dental Record
A dental record must be highly protected; it is
considered a “vital” record because it cannot
be replaced. Original records should never be
released unless subpoenaed or required by
federal of state law. Patients must authorize
the release of their record. The authorization
should be part of the dental record.
Dental
records must be protected in accordance with
federal and state privacy rules. If a practice
transmits health information in an electronic form,
it must also follow Health Insurance Portability
and Accountability Act (HIPAA) rules. Released
in 1996, HIPAA established national standards
for the protection of certain health information
referred to as protected health information (PHI).
The HIPAA Administrative Simplification Interim
Rule released in 2009, established a national
set of security standards for protecting certain
health information that is held or transferred in
electronic form (E-PHI). An updated or “Final Rule”
went into effect March 26, 2013 to strengthen
the privacy and security protections for PHI and
tighten HIPAA enforcement provisions. Dental
records must be stored in a manner that is secure,
yet easily accessible to those authorized to view
them. There is no “one size fits all” plan to ensure
compliance with HIPAA. Individual offices need to
determine the most reasonable and appropriate
protocols to ensure the confidentiality of protected
health information (PHI and e-PHI). Administrative
requirements pertaining to HIPAA are summarized
in
Table 3
.
The U.S. Department of Health and Human
Services (HHS) Office for Civil Rights (OCR)
is responsible for enforcing compliance of the
HIPAA Privacy Rule. There are several categories
of HIPAA noncompliance that reflect increasing
levels of culpability. The penalty minimums and
maximums are summarized in
Table 4
. Cases
of willful negligence may be prosecuted by the
Department of Justice, resulting in potential
monetary fine and/or imprisonment.
There are common sense elements to HIPAA as
it relates to patient records:
•
keep files out of view other patients
•
use minimum necessary information when
disclosing information
•
implement both physical and information
technology security
The American Dental Association Nine Step
HIPAA
checklist is a quick reference for
dental
practices.
Due to the increased public awareness concerning
identify theft, many patients are reluctant to
release their Social Security Number (SSN). A
unique patient ID, in lieu of the SSN, should
identify each patient’s physical or electronic
record. State laws and provider contracts define
the regulations controlling ownership and retention
of dental records. In multi-practitioner practices,
responsibility pertaining to the maintenance and
ownership of dental records should be spelled
out in a legal agreement or contract. Each office
should have a clear policy addressing how and
when dental records can be disposed. Typically,
after 2 years of inactivity, a dental record may
be considered inactive. HIPAA generally requires
that inactive records be maintained for 6 years,
or 2 years after a patient’s death. However, some
risk managers recommend records be maintained
indefinitely. The practitioner should know the
specific rules in their own state as they do vary,
or consult an attorney. If the practitioner chooses
to maintain dental charts (either physical or
electronic) beyond the aforementioned timelines,
he or she should consult an attorney to determine
if there are medico-legal concerns, such statute of
limitations, to consider. Charts maintained beyond
the timelines, must be as securely maintained as
active records. An attorney should be contacted
when a dental office permanently closes to ensure
that patients have continued access to their health
information.
The disposal of physical records must be
accomplished in a manner that ensures the
protection of the patient’s privacy. The most
commonly employed method of record disposal is
shredding, which may be accomplished in-office
or out-sourced to a professional shredding
service. Recycling of intact records or record
contents is discouraged, as confidentiality may
be compromised. Physical radiographs should be
removed, de-identified and submitted for silver
recovery or disposal by a certified waste hauler.
An important aspect for managing protected health
information in the era of electronic records is the
data protection. ePHI should be protected both
at rest (while being stored) and in transit. Today
this done through appropriate and up-to-date
firewalling and encryption.
Summary
The dental record (or chart) is the official document
that houses all demographic and diagnostic
information, clinical notes, treatment performed,
implanted material and devices utilized, and
patient-related communications, including patient
recommendations and consents to treatment. This
Quality Resource Guide briefly reviews the basic
elements of documenting and managing a dental
record. Practitioners are encouraged to access
other topic-specific Quality Resource Guides and
the references provided at the end of this Guide for
further guidance.