Proper management of patient medical records helps analyze the treatment results, decide on the further treatment modalities, better evaluate patient profiles, and avoid legal issues. As medical records act as a crucial piece of evidence in medical malpractice and negligence cases, any errors in them can lead to a breach of duty of care to the patient, cause serious injuries or other forms of negligence. To perform medical record review for attorneys, the relevant medical records have to be obtained from various healthcare provider facilities and medical record custodians.

Medical record errors are considered the third leading cause of death in the United States (2019 statistics). As per a Johns Hopkins study, about 250,000 people in the US die every year from problems arising from medical mistakes. Inaccurate medical records contribute to most of these errors. For instance, even minor errors in medical records like a spelling mistake can have serious consequences. In the event of a medical malpractice lawsuit, medical records will be primarily used to determine how and why the healthcare professional made the medical error. Only when all patient care information is correctly recorded, physicians can monitor what is being done and prevent the risk of further medical errors. It is very important to identify these errors before they cause any specific damage to the patient. To ensure proper management of patient records and avoid getting into unnecessary legal hassles, healthcare providers need to be compliant with HIPAA regulations.

Here discussed are some common legal errors healthcare practices could make while handling patient medical records -

• Failure to Obtain Proper Authorization to Release Patient Records - Healthcare practices frequently receive medical record release requests from diverse sources – attorney letters, subpoenas or even patients themselves. Apart from HIPAA regulations, healthcare entities have to adhere to the concerned state’s laws and requirements. Written authorizations are required for the release of patient records or other information for treatment, payment, or healthcare operations in a number of situations. Additionally, while the HIPAA privacy regulations do not restrict communications with family members, many states have laws and regulations that prohibit physicians from releasing patient information and medical records to a family member or relative without a written consent or authorization from the patient. Failure to comply with these laws and regulations can lead to severe consequences such as civil lawsuits for breach of privacy or even administrative action by state and federal agencies. To avoid such issues, healthcare providers and their staff need to ensure that they are well-trained and educated on the current state and federal laws and regulations governing the proper release of patient information and medical records.
• Improper Handling of Confidential Information – In most states, additional protection under applicable laws and regulations is recommended to secure certain patient information such as reports of conditions such as – HIV/AIDS, sexually transmitted diseases, substance abuse or mental health and psychiatric disorders. To release confidential categories of patient information, detailed and specific written consent and authorization are essential. Due to the high sensitivity of confidential information, any unauthorized release of information could lead to even greater civil and administrative liabilities. Therefore, healthcare practices and concerned physicians are fully responsible for protecting the privacy and confidentiality of patient’s medical records. Physicians should ensure that their employees are properly trained on the handling and release of such confidential information.
• Improperly Responding to Subpoenas - Subpoenas are issued in civil, administrative, and criminal cases at both the state and federal levels. A subpoena refers to the request for production of documents. Failing to respond to subpoenas can result in the lawyer or law enforcement agency approaching the court and reporting that the practice failed to respond. When responding to subpoenas, make sure to determine whether it was from a federal or state court or a law enforcement authority. When complying with a subpoena, make sure to provide only the specific patient information that was requested.
• Poor Management of Old Medical Records – The disposal of old and outdated patient medical records is an important aspect in any healthcare practice as physicians cannot afford to store forever all the medical records they have created. Failure to properly store, retain, and dispose of old medical records could lead to privacy violations that may subject a physician to severe legal consequences. In most cases, state laws require hospitals to maintain patient records for at least six years from the date of the patient’s last visit.
• Failure to Adhere to Patients’ HIPAA Privacy Rights - The HIPAA privacy regulations allow patients the right to access their medical records, request - amendments to their records, accountings of certain disclosures of their medical records, and restrictions on the release of their medical records; and file complaints with a physician’s practice or the federal Office of Civil Rights about alleged privacy violations. Providers failing to observe the technical requirements associated with patient rights could be violating HIPAA, though unintentionally. Physicians need to ensure that they and their staff are familiar with these regulations and receive training on the various patient rights under HIPAA.
• Making Improper Telephone Disclosures of Patient Information- Due to the busy nature of physician practices, many physicians are required to disclose confidential patient information by telephone on a regular basis. However, during such telephonic conversations, many privacy violations and improper disclosures of patient information tend to occur. This is because the staff either fails to properly identify the individual to whom they are speaking. They need to confirm that the individual is authorized to receive the patient’s information. Physicians must implement proper policies and procedures for their staff to follow when making telephone disclosures of patient information.
• Ignoring or Improperly Handling Patient Complaints – Generally, physicians receive some complaints from patients about privacy and medical records issues. Failure to properly respond to patient complaints in a timely manner could lead to additional issues when patients forward their complaints to an attorney, a state regulatory agency or licensing board. Physicians must develop and implement a well-thought-out policy and procedure for responding to and handling patient privacy complaints at the earliest. Physicians should designate a dedicated grievance resolution officer to handle such issues. A person in that position should not only have extensive knowledge of applicable federal and state privacy laws, but also a very patient and understanding approach towards resolving patient complaints.

Healthcare practices dealing with patient medical records need to stay compliant with HIPAA privacy rules and the concerned state laws and regulations. Physicians should be careful to avoid these mistakes and take appropriate steps as outlined to ensure the privacy of their patients’ medical records. Attorneys collecting relevant medical records for litigation purposes can consider professional medical review solutions from reputable providers who can fully understand the details of the case and determine its strengths and weaknesses.

Disclaimer: The content in the above blog is sourced from reliable internet resources and is meant for informative purposes only. For a professional opinion on the same, please consult an experienced medical malpractice attorney.