to main content Medical Record - Security | Advanced DSC - Comprehensive Stroke | Clinical Information Management DSCT | The Joint Commission
Medical Record - Security

The organization contracts with an after hours cleaning service.   The organization's medical records are stored in an unlocked area or on open shelves within a secure area. The after hours cleaning crew members sign confidentiality statements. Is this acceptable or should the organization store the records under lock and key?

Any examples are for illustrative purposes only.
While The Joint Commission does not survey to specific HIPAA regulations, the standards do require compliance with applicable law and regulation. Standard DSCT.1 requires organizations to maintain the privacy and confidentiality of information. When an organization's staff is not present to monitor medical records storage areas, alternative approaches may be employed to protect privacy and confidentiality. Examples of such approaches may include ensuring that any individuals who are authorized to perform their duties in areas where medical records are stored, including contracted staff, understand their role in maintaining security and confidentiality, having such individuals sign a confidentiality statement, and ensuring that all medical records are closed and stored appropriately so that patient information would not be visible to unauthorized individuals. The organization needs to ensure that the medical records area is secured once the cleaning crew members have completed their duties.
Manual: Advanced DSC - Comprehensive Stroke
Chapter: Clinical Information Management DSCT
First published date: April 11, 2016 This Standards FAQ was first published on this date.
This page was last updated on November 16, 2021

If no, please comment on how we could improve this response.

If you have additional standards-related questions regarding this topic, please use the Standards Online Submission Form