How to Prepare Patient Records for a Court Order in Your Healthcare Practice

How to Prepare Patient Records for a Court Order in Your Healthcare Practice

How to Prepare Patient Records for a Court Order in Your Healthcare Practice

You are working at the reception desk of a healthcare practice. Suddenly, there is a police officer giving you a court order! Do you know how to prepare patient records for a court order?

panic button

Don’t Panic!

Take a deep breath. Then, follow these steps to help you to respond to a request for patient records for a court order with confidence!

Listen to the Design Your Practice Podcast with Kayla Das!

Episode 76: How to Prepare Client Records for a Court Order with Jean Eaton

 
designer practice podcast logo court order

Listen to the Podcast Here

You can also find the podcast on Apple Podcast, Spotify, and YouTube. Simply search for “Designer Practice Podcast” on your preferred platform.

 

Follow These Steps

In this article, I am not discussing a situation which relates to a life-threatening situation that requires an immediate response. I am also not discussing when the order relates to the type or quality of healthcare provided to the patient or when the actions of the healthcare provider or clinic is being challenged or reviewed. These are topics for a different article.

Your reception staff should not accept the court order but, instead, immediately ask the officer to wait for a few minutes so that they can request their supervisor or privacy officer meet with them.

When the court order is an administrative request for information, the supervisor or privacy officer will accept the court order from the officer. Before the officer leaves, make sure that you read the court order carefully and ensure:

  • Who is named in the court order.
    • This is often the clinic manager of the clinic. Your clinic should be specifically named or, perhaps, the name of your lead physician or healthcare provider.
  • Record the date and time that you received the order.
  • Clarify when the response is required.
  • Name and contact information.
    • This could be of the officer that delivered the court order (if possible).
    • At minimum, it should include the contact information of the court, for example, the court clerk’s office or the witness co-ordinator, or the sheriff’s office.
  • The province or jurisdiction of the court.
  • In general, this should be the same province where your clinic operates. If not, contact your lawyer for advice on how to respond.

Review Your Policies and Procedures

This is not a routine request from a patient to access their health records or a request to disclose their records to a third party like a lawyer or insurance company. In those routine requests, patients are generally required to provide a written, signed consent before you can disclose their records.

When you receive a court order or subpoena to produce patient records at a court or other legal proceeding, you are not required to get a signed consent from the patient.

Each healthcare practice should have detailed policies and procedures on how to prepare patient records for a court order. Review these now.

If you don’t have up-to-date policies and procedures, see the Practice Management Success Tip, How to Prepare Patient Records for a Court Order.

Validate the Court Order

Read the court order carefully. In particular,

  • Phone the contact number on the court order.
  • Confirm the date, time, and location that you are required to appear.

Locate the Patient Record

Find the patient information maintained in an electronic database, electronic medical record (EMR) and/or paper records. Remember to look for both active and inactive patient records as needed by the court order.

Read the patient record carefully, line by line, to ensure that the record is complete. For example, make sure that all lab reports, prescriptions, consultation notes, etc. are included in the record.

Secure the record to prevent snooping or modification to the record. Also ensure that the record is available for continuing care and treatment of the patient, if needed.

In an electronic record, prepare an audit log of all the transactions on that patients’ chart.

Ensure there is no duplicate or second chart for the patient that may have been created in error. Search by alternate names, spellings, date of birth, etc.

Ensure that each custodian included in the patients’ care and your healthcare practice’s privacy officer is informed of the court order to produce the record. The custodian should be provided an opportunity to review their clinic notes. Remind the custodian that they cannot further disclose the patient’s record.

Prepare the Patient Record

Review the court order and identify exactly what information is requested. It might be for specific dates or a condition or treatment.

Keep complete and detailed notes about how you prepared your response to the court order. You will bring your notes with you to court to assist you in your testimony about how your clinic creates and maintains patient records and what you did to respond to the court order. After your court appearance, you will maintain your notes as part of the business records for the clinic.

Collect the information and record each of your steps and your results, including the records that you searched for as well as those that you did not find any results for.

If you maintain your patient records in an electronic medical record (EMR) or digital practice management software, print out a hard copy of all the information that responds to the information that is requested.

Sever (also known as redact or black-line) any information that is not appropriate to include in the disclosure. Cross-reference each redacted entry to the legal authority not to include the information in the disclosure.

illustration of text that has black lines through sections sever or redact part of How to Prepare Patient Records for a Court Order
If you are using an EMR, organize the paper print-out in a format that makes sense. This might be in chronological date order, or by grouping like records (clinic notes, lab results, etc.) together.

Create a ‘Table of Contents’ of the information in the patient record. This will help you in your testimony to quickly find requested information, and to help the court to locate information in the records that you have prepared.

At the same time, handwrite in ink at the bottom of each page the sequential page number in the package. Update the table of contents with the page numbers.

Stamp ‘COPY’ on each page.

When the package is complete, make a photocopy (or two) of the entire package. The ‘original’ paper copy will be maintained at the clinic. Bring the original and the copy to court and ask the court to accept your copy. Return the original package to the clinic and securely maintain this as part of the business records of the clinic until the court file is complete.

When You Attend At Court

As the clinic manager, your role at the court is to tell the court how patient information is collected and maintained in your healthcare practice. Your job is not to interpret the content of the clinic notes.

A few days prior to the court date indicated on the court order, phone the clerk’s office or witness support office to confirm the date, time, and location of the proceedings and if you are still required to attend.

image of 3d figure in a witness box in court raising hand to affirm testimony How to Prepare Patient Records for a Court Order
On the day of the proceedings, report to the clerk of the court.

Bring with you the court order, your photo ID, the patient record, and your notes. Bring a good book to read in case you have a long wait.

You will be advised (again) if you are required that day. If you are not required, the clerk will make a notation on your court order to appear that you attended and that you have been dismissed. Keep this in your business records with the patient record.

If your testimony and the patient records are required, you will be called as a witness during the court proceeding.

You will be asked to swear or affirm an oath to speak honestly during your testimony.

Typical questions that you should be prepared to answer include:

  • Your name.
  • Your role at the clinic, how long you have been in that role, your routine tasks and responsibilities at the clinic.
  • Describe how patient records are maintained. Be prepared to explain your EMR or computer patient management system (if you have one).
  • Bring your notes about the steps that took to prepare for the court order. You may ask permission of the court to refer to your notes that you created when preparing to respond to the court order during your testimony, if necessary.
  • Explain that the patient records are kept electronically and that you have prepared a paper print-out of those notes.
  • Be prepared to explain how you know that the records are complete, not missing any details, etc.
  • If the court asks you to enter the records into evidence, explain that you have an ‘original’ and a ‘copy’ and ask the court to accept the ‘copy’ into evidence.

When You Return to the Clinic

Complete your notes by documenting your day at the court. Write a short summary of your day including:

  • Did you give a copy of the patient records to the court? To whom?
  • Remember to add this notation to the patients’ record that you disclosed this information according to the court order.
  • Any follow-up required for this disclosure?
  • Review your procedures. Anything that you would edit or provide additional instructions that will help you to be better prepared for next time you receive a court order?
  • Submit a copy of your out of pocket expenses (parking receipts, meals, etc.) for re-imbursement by your employer, if applicable.

What You Should Do Now

  1. Review your policies and procedures now to ensure that it includes how to respond to a court order.
  2. Train your reception staff on what to do if they receive a court order.
  3. Train your privacy officer and clinic manager on how to prepare a patient record for a court order.

Depending on where you work, you may receive a court order regularly or it might be a once-in-a-career experience. When you have policies and procedures and a little bit of training to assist you, you can respond to a court order calmly and confidently.

If you are a member of Practice Management Success, login and access the ’Procedure:  Preparing Patient Records for a Court Order’ template and the replay of the tutorial video.
 
image Jean L. Eaton

When we know better, we can do better…

Jean Eaton is constructively obsessive about privacy, confidentiality, and security especially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

Do You Use Employee Privacy and Security Policy and Procedure Checklist Templates?

Why Do You Need Policy and Procedure Checklists for Onboarding and Exiting Employees?

There is much excitement when we welcome a new hire to our team and there are many administrative tasks that need to take place to get this individual up and running. An employee policy and procedure checklist will help!

Policies and procedures must be in writing, available to employees, and monitored to ensure that they are followed to protect patient privacy as required by our professional colleges and privacy legislation. Otherwise, you face all sorts of risks, including privacy breaches and other legal problems.

To ensure that onboarding a new employee is a smooth transition, it is imperative to follow a practical checklist procedure to make sure no important steps are missed. There are also many other managerial benefits to adopting this high-quality process:

  • Better job performance and satisfaction
  • Greater commitment to protecting privacy in the organization
  • Reduced stress and better staff retention

Employee Privacy and Security Policy and Procedure Checklist

Policies and procedures are reasonable safeguards to protect the personal and health information entrusted to us. But polices and good intentions alone are not enough; we also need to take action to ensure our policies are understood and are being followed by all our employees.

Training new and existing staff on privacy and security best practices is instrumental in making your healthcare practice a success and maintaining its fine reputation. Following a systematic approach to welcoming a new employee, transitioning an existing employee into a new position, or offboarding an employee who is exiting will guarantee that valuable privacy and security training and accesses are completed.

Read this Privacy Breach Nugget that explains what can happen if you don’t have these good practices in place. Do You Know Where Your Policies And Procedures Are? 

New Employee Orientation / Onboarding

New employees are a welcome addition to any team and there is a vast amount of training that needs to take place from general procedures on how to handle phone calls to signing confidentiality oaths to becoming familiar with all policies and procedures, in addition to learning the everyday job duties for their own position.

Since privacy is good for business, we do not want to miss any important opportunities to train our new staff on privacy and security best practices. Using the Employee Privacy and Security Checklist will help facilitate training discussions and document the authorized accesses of each employee.

Existing Employees / Annual Review

The checklist will also act as a tool for each employee at their performance review. Provide positive feedback and observations of an employee’s successes in protecting personal information. Discuss opportunities for improvement, too. This is also a good time to review an employee’s current authorized role-based accesses and determine if any changes are needed to match the employee’s current job duties.

Ensure that the employee still has ‘tokens’ that they were given at the time of their hire, like identity badge, keys to the clinic or Alberta Netcare RSA fob.

Privacy and security best practices dictate that confidentiality oaths should be signed on an annual basis and annual privacy awareness and security refresher training should also be provided to all employees. In the event of a privacy incident or breach, it is imperative that a healthcare practice can prove by their documentation that regular privacy and security training is provided to their staff.

Transferring / Exiting Employees

When an employee transitions into a new role or is terminated, review and update the privacy and security checklist to ensure that access and permissions are appropriately modified or terminated.

Custodian Responsibility

Custodians have an obligation to ensure reasonable safeguards to protect the privacy and security of health information. This includes having appropriate policies and procedures in place, as well as demonstrating and documenting that you have implemented your plans. This is a requirement of professional college standards of practice and privacy legislation like the Health Information Act (HIA).

See the article Do You Know Where Your Policies And Procedures Are? to learn what can happen to you if you don’t have your employee training process well documented

The Employee Privacy and Security Checklist will make it easy for you to ensure your new hires, existing employees, and transferring or exiting employees are privacy and security compliant.

 

 

Your practice also needs to have policies and procedures that set out how you ensure the privacy, confidentiality, and security of the health information you collect, use, and disclose. Don’t know which policies and procedures you need? Download the Privacy and Security Policies and Procedures Checklist below!

 

Practice Management Success

If you are a member of Practice Management Success, login and access the webinar replay, and the policy, procedure, and checklist template.

Not a member? Join today!

 

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS

 
Can You Use Text Messaging With Patients?

Can You Use Text Messaging With Patients?

Have you ever said…

“If only I had someone to ask!”

Each month, we discuss your questions about practice management, human resources issues, clinic management best practices, procedures, resources, practical privacy tips, and more in Practice Management Success membership.

 

In this Q&A, we’re talking about:

Can you use text messaging with patients?

 

Can you use text messaging with patients?

The short answer is, ‘Yes’.

The longer answer is ‘Yes, but . . .  make sure that you are really clear about why you want to use text messaging, carefully plan the implementation and monitor its use.’

What is the Purpose for Texting?

Clinics are feeling pressured to provide texting as a communication option to their patients.

It is important to be clear about why you want to use texting.

Texting from the Patient to the Clinic

What is the primary purpose for patients to text the clinic? It may be because they are in a remote community and texting is the only way to keep in touch with their healthcare provider. You might choose to accept text messages for appointment requests or continuing care and treatment.

Texting is generally not a secure communication method. It is difficult to confirm the identity of both the sender and receiver which can result in both communication and medical error.

 

Emoji

It is difficult to communicate clearly using text short form and emoji!

 

What Are the Risks?

As the custodian, you need to weigh the risks of using texting vs not using texting. For example, if your work includes assisting people who are in crisis or are otherwise at risk, you may decide that the risk to the patient who has access to their healthcare provider using unsecured text messaging is less of a risk than the patient who experiences a critical incident and does not have other access to their healthcare provider.

You must decide what are the acceptable risks and appropriate use of text messaging.

I find that creating scenarios is a good way to do help you set up your boundaries. In what situations is using text messaging OK? In what scenarios is it not appropriate to use text messaging? Are there alternative technologies that can better, and more securely, meet these needs?

Record your reasons about what you will – and what you won’t – accept in your text messaging solution as part of your project documentation and implementation training.

text messaging risks

Workflow When You Receive Text Messages from the Patient

Consider how you will document the communication from your patient into the patient’s health record.

  • Is the device to receive the text message registered with the clinic?
  • Who will receive the text message from the patient?
  • How will you transpose that meaningful communication with the patient to the patients’ health record?

Be guided by the discussions in your team and with your patients to develop your policies and risk mitigation plans.

 

Texting From the Clinic to the Patient

Is your goal of a text solution to automate a workflow like routine appointment reminders? Or, perhaps, some episodic messaging like offering follow up appointments to discuss test results?

Authorization

Remember that the custodian (physician, pharmacist, dentist, dental hygienist, chiropractor, and more) assumes the risk of using unsecure technology. You can’t transfer the risk to the patient. However, you can mitigate the risk of error and unauthorized use of the health information by creating rules for use and ensuring that the patient understands:

  • how the technology is used,
  • your offer to use the technology in your healthcare practice,
  • the risks to the patient’s privacy and security of their personal information,
  • the patients’ role to prevent misuse of their personal health information, and
  • an agreement to follow the rules about the technology solution.

If you are a member of Practice Management Success, click here to access the sample authorization agreement.

Mitigation strategies

Alternate Technology Solutions

There are some third party vendors that can help you with routine text messaging with your patients. Wherever possible, use two factor authentication. For example, you might have a system where the patient must enter a PIN number before they can read the entire message from the clinic.

There are trusted technology solutions that you can use for text messaging. Many EMR providers now allow the clinic to text message your patients right from the EMR or patients can access the EMR using a patient portal. This is, by far, the most efficient workflow. It is usually the most secure technology and integrates the communication into the patients’ health record without copying and pasting, uploading, or re-typing into the patient record.

Microquest’s Healthquest EMR, for example, offers integrated appointment reminders via email, text, or voice messaging. Clinics can also allow patients to book their own appointments online with an online calendar integrated to the clinic’s Healthquest EMR.

Alternate third party texting solutions from trusted vendors that we have interviewed on our podcast, Practice Management Nuggets for Your Healthcare Practice, include Bleen and ezReferral.

Bleen is a third party patient appointment management application that allows patients to register with your clinic to receive appointment reminders by text message or phone call. The system also provides a self-help solution to patients to schedule their own appointment with their healthcare providers.

Clients with Bleen have seen dramatic changes in their patient management resources – reducing 40% to 60% of phone calls and 75% of no shows.

Click here to listen to the Practice Management Nuggets interview with Chris Narine and Robert Cove of Bleen.

ezReferral provides a third party referral management application that improves communication  between the patient and the referring and consulting providers. The system saves an average of 60 minutes of staff time for each referral and improves the patients’ access to health care in a timely, efficient manner. It also includes a built-in secure fax solution.

This solution is ideal for healthcare practices with referrals within the medical community and even better when you are working with multidisciplinary referral teams. ezReferral works well for both paper based and electronic medical record based practices.

Click here to listen to the Practice Management Nuggets interview with Dr. Denis Vincent of ezReferral.

Privacy Impact Assessment

Before you implement a text solution to your practice you need to update your privacy impact assessment (PIA) or prepare a new, project based PIA. This doesn’t have to be a big undertaking but it is really important that you take the time to design and document your application and implementation.

Privacy Impact Assessment

If you need some help with your PIA, I encourage you to take a look at our on-line e-course, Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments.

Efficient work flow, clear procedures, and rules of use authorization with your patients improves the likelihood that text messages will be used the way that you intended. However, these practices does not make the technology breach-proof. Carefully consider the merits of text messaging and how you can mitigate the risks before implementing text messaging in your healthcare practice.

If you are a member of Practice Management Success, login and access the webinar replay, and the patient authorization form template.

 

When we know better, we can do better…

Jean L. Eaton is constructively obsessive about privacy, confidentiality, and security expecially when it comes to the handling of personal health information. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.

Jean L. Eaton
Your Practical Privacy Coach
INFORMATION MANAGERS