2. Today’s Date: January 31, 2013
Effective Date: January 31, 2013
Author: David Battle
Purpose of Records Management Plan
The primary purpose of a Records Management Plan is to organize records in a way that
they improve the overall quality of an agencies operation. RMPs focus on improving the way
information is accessed. In the today’s society paper records are being digitalized helping save
space taken up by materials and reducing operating costs. Creating digital records expands the
amount of security that can be placed on information and minimizes the litigation risks that
usually come with classified records.
Principles/Guidelines
1. When creating a RMP they have to be implemented by everyone who has access
to the patients and their records. A CIO will be over the records management
system which will enable them to set policies on who will have access to which
records. This policy will apply to all doctors, nurses, and receptionists if they
have access to the EMR system.Receptionists are usually required make
appointments using the EMR system. They will have limited access to the
applications within the EMR. Medical doctors will have access to everything
being that they lead the office. They will be able to see everything about a
patient. Once they close a note about a patient during a visit it will be locked
permanently and can only be unlocked by the CIO, IT staff, or the medical
records staff. Nurses will have access to most information minus a few options.
Nurses will be able to see everything about a patient but they won’t be able to
see things like prescriptions being that they are not allowed to prescribe
medicine. They will be able to update information about the current medication
the patient is taking though which is usually done before the doctor sees the
patient. Everything will be handled by the IT staff and medical records staff
inside the office minimizing the risks of HIPAA violations of using an outside
source. Under the CIO will be the IT staff and the doctors as far as permissions
go. The reason IT staff will have more permissions is because they are the ones
who have to fix the system if something goes wrong and they know the most
about the EMR system. There will be a person handling records outside of
3. medical related information that doesn’t require an EMR system for example
inventory lists. They will have access to that and the IT staff. There’s no reason
for anyone else to have access to it.
2. All records regarding any medical information will be documented and
digitalized. That includes conversations between patients and providers (virtual
visits, telephone encounters, and emails) diagnostic images, all paper records,
and faxes that the office may receive. These records will also include personal
information about employees to help make things simpler for the human
resources department. The digital system will not be limited to just medical
information and personal information about employees. It will also include other
information about the inventory of office equipment, software used by the
company, and other information about the facility. The information will be
stored on servers within the building. These servers will also be used to operate
the facility. There will be backup servers inside the building as well as an offsite
location for emergencies. Being that accidents happen a cloud account will be
set up with SkyDrive. Having all these different mediums to store information
will provide a better security and peace of mind knowing that the info will always
be available somewhere. A backup of the information will be performed
periodically to ensure no data is lost.
3. Medical related paper documents will be scanned by the computer and turned
into a PDF file. That includes faxes from other doctor offices, records brought in
by the patient, and paperwork filled out by the patient at the medical facility. It
will then be uploaded to the EMR, saved, and locked. The patient’s records will
be stored under their name in a file system to be accessed by doctors if needed.
Each folder will be labeled according to which department handles the record for
example immunization records will be in the compliance folder and x-ray images
will be in the diagnostic imaging folder. All non-medical records will also be
stored according to the department but outside of the EMR system.
4. As far as the retention period goes all medical records will be kept for a period of
7 years. For minors the records will be kept for a period of 7 years unless the
period ends while they are under 18 then it will be kept until they reach that age.
Records will be stored in a secure location. It will be secured from natural
occurrences such as water as well as other threats like humans. All digital
records will be stored on the servers and backed up, the same as the more
current records. Any computers that have information stored on them will also
4. be retained. Non-medical information will be kept until they are no longer
needed.
5. When the retention period ends for the paper documents they will be shredded
by our facility and then burned by an outsourced company. Computers with
information on the hard drives will be wiped clean before being tossed.
Contacts and Staff Roles
The CIO will oversee all operations. The medical records staff is responsible for creating
documents, retaining the documents, and processing the data medical related. All paper
documents will be turned into PDF files then stored. They will process all data received from
patients as well as other medical facilities and distribute it to where it needs to go. If it regards
using the EMR system doctors and nurses have the ability to create notes about the patient
during visits. After the notes have been closed they cannot be opened back up unless it is by a
medical record staff or someone from the IT staff. The IT staff cannot create any information
within the EMR system unless assisting a doctor or nurse. Non-medical documents can be
created by whomever needs the document for example if someone needs to create an
inventory list they have the ability to do it whenever required. They will also have the ability to
store it on their local device if it is non-medical information.
References
"A 10-Step Records Management Plan for Your Office." EPA. Environmental Protection Agency,
3 Mar. 2012. Web. 31 Jan. 2013. <http://www.epa.gov/records/tools/10plan.htm>.
Kelly, Chris. "Records Management Plan." Personal interview. 31 Jan. 2013.
"Records Management Policy." The National Archives. N.p., 31 Aug. 2010. Web. 31 Jan. 2013.
<http://www.nationalarchives.gov.uk/documents/information-management/rm-code-
guide3.pdf>.