Last month we looked at some of the challenges facing the health professions, and dentistry in particular, as we transition into electronic record keeping and the storage of other vital information. This month we will look at HIPAA privacy recommendations, national provider identifier (NPI) numbers, and patient record essentials, whether paper or digital.
HIPAA PRIVACY RECOMMENDATIONS AND GEORGE CLOONEY’S MEDICAL RECORDS
Illustration by Nathan Zak
Wherever records are compiled and housed, HIPAA provides general privacy recommendations for their confidentiality. One of these recommendations is that each office, hospital, or clinic have a written Notice of Privacy Practices that, among other things, typically spells out which employees are allowed access to patient records, whether paper or computer. To simplify matters, many medical/dental locations specify that all health personnel may have access to a patient’s record. Therefore, employees may look at paper charts and/or electronic records whenever necessary. Regardless of whether it is specified in a Notice of Privacy Practices, does this mean that all health personnel in a particular location may have a legitimate reason to look at a particular record? Maybe, maybe not!
Several months ago George Clooney, the famous actor, was involved in a motorcycle accident and was treated at the Palisades Medical Center in North Bergen, NJ. According to the medical center’s Notice of Privacy Practices, any med-ical employee of the hospital has the right to access a patient’s record. So, 27 employees looked at George Clooney’s electronic chart. While no one apparently violated HIPAA, why were all of these people looking at George Clooney’s record? (Paper charts could probably have been accessed as easily, however a record of who looked and when they looked would probably not have been as evident or accurate.)
As far as privacy goes, HIPAA regulations do little or nothing to protect privacy within a hospital or dental office. However, a digitized system can at least make it possible to uncover “peekers” at a facility. Privacy beyond the confines of a facility is important, but can it really be consistently implemented? Could George Clooney’s electronic health record also have been accessed outside of the hospital? The answer probably is “Yes!” Many such systems have been hacked into before.
PRIVACY AND NPI NUMBERS
Whether private facilities, the Internet, or another type of repository (as we discussed in Part 1 of this article) is ultimately used for private information storage, the NPI number for dentists is a reality right now. The deadline for obtaining this number was May 23, 2008. According to the ADA, the NPI is a “unique, standard identification number for healthcare providers” to use on all HIPAA transactions. The NPI number is said to replace “legacy” identifiers such as license numbers and social security numbers on electronic claims and other patient encounters. The NPI number supposedly does not provide details about a dentist such as his or her name, location, specialty, or qualifications. However, at least one “sales lead and mailing list” supplier is advertising labels that contain provider NPI numbers in addition to names, addresses, and degrees. (This implies that in the future, additional confidential provider identifier numbers will be required in order to access patient records in a repository or Internet location. Otherwise anyone who purchased such a mailing list would also know that provider’s identifier number.)
The current version of the ADA dental claim form (2006) provides a section for NPI numbers, legacy numbers or other numbers previously used by the dentist, license numbers, and social security or tax ID numbers. All bases are covered. Treating dentists or individual practitioners need a NPI Type 1. Hospitals, clinics, group practices, and corporations, including individual corporations, need a NPI Type 2. Dentists who treat patients and who have individual corporations need to have two numbers: a NPI Type 1 and NPI Type 2. (Note: It is important for dentists to remember that some dental plans base their payments on the network status of the treating dentist, not the billing entity. This means that they may not pay in-network amounts and/or may send the reimbursement check directly to the patient, if the treating dentist is not participating.)
MANAGING DIGITIZED RECORDS
The ADA provides standards and reports for records software that can be found at ADA.org. The ADA Council on Dental Practice and the Division of Legal Affairs has also produced a 37-page document that gives general guidelines on dental records, both paper and digital. However, digitized records do have their own special concerns.
Of interest to many dentists is the current status of the “written signature” requirement on a patient’s record. Previously, in most states, if a dentist had not provided his or her signature, or initials in some cases, on a written record of progress notes, any notations made by others were not considered legal documentation. Some states continue to require a written signature by the dentist or authorized provider on progress notes. However, many states have devised parameters for electronic signatures, “stamps,” or “keys” that can be associated with a patient’s dental record and given the same “force and effect” as a hand-written signature. You can look up your own state requirements by using an Internet search engine such as Google and typing in “regulations for electronic signatures.” (The American Health Information Management Association (AHIMA) used to provide a general Web site for this information, but recent inquiries show that it has been changed.)
Suggested features for computerized systems include time-sensitive lock-out elements, automatic terminal log-outs, password parameters, and fingerprint identification. Time sensitive lock-out features may include an automatic, full-system lock on the ability for anyone to make changes to a digital record, or simply a special password that is required to make such changes after a certain amount of time. Special passwords may also be required for activities such as taking a payment, making an appointment, or making entries into a patient record. Frequent password changes are recommended as well as consistent logging off by individuals once they are finished working on a certain computer terminal. If all office personnel have access to all terminals, the use of an automatic log-off function that goes into effect after a designated time period may be preferred. It is also possible to utilize a USB biometric fingerprint scanner to determine who is logging in and out.
Even if progress notes are digitized or “packaged,” it is important that adequate notations be provided to address important details of diagnosis, treatment, and recommendations. Standardized progress notes are not adequate, and may even be dangerously incorrect. For example, standardized notes may indicate “#3MOD-composite, 2 carpules of anesthetic.” What happens if #2-crown preparation, #3MOD, #4MOD, #5MOD, #14MOD, and #15MOD are performed at the same appointment, and each standardized entry includes 2 carpules of anesthetic? The patient’s record will indicate that 12 carpules of anesthetic have been injected! Treatment-specific and patient-specific notes are essential, no matter the method used to make the notes.
Digital records as a part of a computerized management system may be expensive. While many dentists are aware of software packages for purchase that include management, charting, e-insurance claim filing, and others, they may not know that there are companies who can provide all these types of programs for download off the Internet. Typically dentists pay for whatever program “modules” they want on a month-to-month basis. The company provides a monthly software license for the modules, delivers the software electronically, and provides Internet and/or phone support.
WHAT NEEDS TO BE INCLUDED IN PAPER OR ELECTRONIC RECORDS?
|Table. Required Information for Patient Records.*|
|*According to the ADA document Dental Records (2007).|
Regardless of whether an office is using a paper chart or a computerized format, certain elements need to be part of any patient’s dental chart (Table).
According to the ADA, it is not necessary to keep financial information, including benefits, claims, or payment vouchers, as a part of a patient’s treatment record. While many of the items noted in the Table can be easily accessed using a paper chart, digitized records must be able to provide access to all of these as well. If you are using computerized records, your software provider should be able to help.
And if your office is still using a paper record, you are in good company. The majority of medical offices, hospitals, and dental offices still use paper. Paper charts have the advantage of being inexpensive, familiar, easy to use, easy to retrieve, and difficult to alter without discovery. Despite these facts, as time goes on, more and more practices will become computerized. The world is becoming more automated, not less. Privacy issues will always be of concern, and, no matter how records are kept, electronically or by paper, the key elements of an accurate record are not likely to change in the near future.
Ms. Tekavec is the author of the Dental Insurance Coding Handbook, as well as the designer of a dental chart that has been endorsed by the Colorado Dental Association and others. She is also the author of a series of patient brochures explaining various dental procedures. Ms. Tekavec practices as a dental hygienist and is the president of Stepping Stones to Success. She has appeared at all major US dental meetings and is a presenter for the ADA Seminar Series. She can be reached at (800) 548-2164 or via her Web site at steppingstonestosuccess.com.