|
re sarbains oxley act - record retention and Hippa confientiality Posted: 21 Jul 2009 03:31 PM |
HI not sure it this is the right place for this question. I am wondering about two things in regards to procedural issues.
First- we are supose to retain records for 7 yrs ( unless minors then longer)
We keep part of our charts in Ekyros and part are paper charts only and currently are not coping out the Ekyros portion into paper form at all. Will the records be kept by you a set amount of time like this on line or should be be printing them out? If we were say to get a records request for a court incident say 6 yrs later would we still be able to access this file. and should we be deleting our own files at the 7 yr point ( realize this is a couple years away for us still ) And how would we know how ole the chart is without opening up each file ? Could this be marked on the main file page in some way by last date accessed or something. Or can we just keep them forever electronically?) I would think we would still want to distroy them wouldnt we?
Second- Are these e-files kept confidential so no one else can access them besides us here at the center. in other words are the Hippa compliant. thanks for this insight. Blessing Gail Peterson Nurse Manager Real Choices PMC DFW |
|
|
|
|
|
Re: re sarbains oxley act - record retention and Hippa confientiality Posted: 21 Jul 2009 06:45 PM |
Hi Gail-
I will go ahead and answer your question, but I think it would be best for you to contact your account manager directly for a more detailed explanation.
Question 1: Currently the “Date Created” is not shown on the file. I will pass this suggestion along to our development team. You do have the ability under Reports & Statistics, Client Files Report, to select the “Date Created” which is a date range. For example it is 2009, you want to pull everyone from 2001 and purge these files, you could select the date range “01/01/2008-12/31/2008.” It is your choice when to remove files from CenterPiece. They do not expire after a certain amount of time as each state could be different as far as requirements. Best practices is to NOT delete so you do not lose that history of the client, but also for the reports and statistics.
Question 2: The ONLY person(s) that can access your database, is you. Whoever you provide a user id and password with will gain access to your information, therefore it is your responsibility to protect this information. We do not share detailed information with any outside companies and/or agencies.
Blessings,
Ashleigh |
|
|
|
|