Information Management (IM) (Critical Access Hospitals / Critical Access Hospitals)
Q: We contract with an after hours cleaning service. Our medical records are stored in an unlocked area or on open shelves with in a secure area. The after hours cleaning crew members sign confidentiality statements. Is this acceptable or should we store the records under lock and key?
Medical Record Security After Hours
Updated | November 24, 2008
A: While the Joint Commission does not survey against specific HIPAA regulations, the standards do require compliance with applicable law and regulation. IM.02.01.01 requires organizations to maintain the privacy and confidentiality of information. When an organization's staff is not present to monitor medical records storage areas, alternative approaches may be employed to protect privacy and confidentiality. Examples of such approaches may include ensuring that any individuals who are authorized to perform their duties in areas where medical records are stored, including contracted staff, understand their role in maintaining security and confidentiality, having such individuals sign a confidentiality statement, and ensuring that all medical records should be closed and stored appropriately so that patient information would not be visible to unauthorized individuals.The organization needs to ensure that the medical records area is secured once the cleaning crew members have completed their duties.