Legal Issues: Patient Charting

Meticulous patient charting protects both patients and providers. Here’s what you need to include.
Patient Charting

All medical aesthetic practices and medspas are required to keep detailed medical records for all patients, and those records must be carefully protected. Following is a primer on what should be included in patient medical charts in a medical aesthetics environment as well as some guidelines on how to protect and relay patient information in an environment with multiple providers.

Charting Basics

A properly maintained medical chart should contain the full story of each patient encounter—who the patient is, why he or she came in, what the diagnosis was, and what the treatment plan is. The medical record is critical to ensuring continuity in patient care.

“Professionals need to open up that medical record and be able to discern all the relevant information that they’re going to need in order to make an informed decision as to the course of treatment for whatever the patient approached them for,” explains Jay D. Reyero, partner with national medical aesthetics law firm, ByrdAdatto.

Many state medical boards have rules that dictate what an adequate medical record should contain and, while there may be some differences in minutiae from state to state, these guidelines tend to include certain key items—the patient’s history, identifying information, the diagnosis, supporting documentation, signed consent, any prescriptions given, and any referrals or consultations provided.

In total, a patient chart reflects the administering physician’s professional medical judgment. If the physician deems the information relevant, it is added to the record. There are, however, certain common omissions that make charts significantly less useful, from both a legal and patient care perspective.

Coming Up Short

Lack of documentation of informed consent is one of the primary shortcomings in medical records. Generally speaking, physicians need to show that they have followed the standard of care by fully informing a patient about the risks and potential complications of the course of action they are recommending.

“Documentation of informed consent is critical to de–fend yourself,” Reyero says. “Whether it’s malpractice litigation or a medical board complaint issue, these are the most important documents you have to show that you advised the patient, as much as possible, as to what you were going to do, and that the patient consented to the procedure performed.”

Additionally, lack of supporting documentation for diagnoses or treatments administered can impact reimbursement, since the physician cannot corroborate the codes that are being billed to the insurance providers.

Of particular importance to aesthetic practices, many physicians and mid-level practitioners fail to properly document their supervision and oversight of providers to whom they have delegated treatments. Documentation of supervision and oversight demonstrates that the proper steps were taken for all procedures performed. Lack of it can be a red flag if something goes wrong with a treatment.

For Your Eyes Only

In medical aesthetic practices, it is not uncommon for both licensed medical and non-medical personnel to work with patients. However, due to the privacy protection requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), some of the information on patient charts must be withheld from non-medical personnel at the practice.

“HIPAA generally allows workforce members who are employees of the entity [medical aesthetic practice] to have access to patient records, although the entity does have to have proper policies and procedures in place to limit the amount of information accessible by those individuals to what’s known as the ‘minimum necessary,’” Reyero says. “Essentially, employees should only have access to information that is necessary to do their jobs, or practices can be exposed to risk. Improper access by employees to information that they don’t otherwise need can give rise to HIPAA breach issues. You see that a lot with the celebrity HIPAA breaches, where employees who have no relation to the treatment or care given to a celebrity access their information, and the hospital or facility didn’t have the proper policies or procedures in place to prevent that from occurring.”

State laws regulating patient privacy may be even more stringent than HIPAA, so it is important to consult a healthcare attorney familiar with your state guidelines to establish policies and procedures to prevent employees from accessing information that they do not need.

If a practice is using electronic medical records (EMR), the system typically can restrict access to certain information from users who do not have authorization to view it. If you do not know whether your system includes such features (or if you do not know how to use them), consult your EMR vendor to learn how to set them up.

If your practice does not use EMR, it is critical to establish strong internal procedures and to properly train employees. “Training can take the form of a lunch meeting where everyone reviews the policies and procedures, or online questionnaires where you print out a certificate at the end of the test, or one-on-one training where you sit down with the individual and walk through their daily routine to make sure that everything they’re doing is in line with the policies and procedures in place,” says Reyero. “You can customize it to each individual employee’s relevant situation and circumstances, so that when you walk through their daily routine, you’re sure that you’re talking about—and educating them on—the policies that will impact them on a daily basis, rather than overwhelming them with 20 different policies when maybe only two are applicable.”

The practice must continually update and assess the risks of employees improperly accessing confidential medical records, and implement appropriate safeguards in order to prevent that access. The practice also must hold employees who improperly access confidential medical information accountable. HIPAA and state patient privacy violations can alter a medical aesthetic practice forever, so it is critical that they be prevented.

Keep in mind that, while HIPAA violations are costly and damaging to a practice’s reputation, they are not the No. 1 reason to take patient-charting procedures seriously. These records are created and maintained in order to protect the patient and help providers deliver the best care. Those who create and maintain medical records have a duty to make sure that the information on the chart is complete and accurate. It should tell the patient’s entire medical story, so that any physician who opens up that document has all the information needed to make an informed decision about the patient’s health care.

Alex R. Thiersch, JD, is a Chicago-based healthcare attorney with ByrdAdatto Law Firm, and founder and director of the American Med Spa Association (AmSpa), which was created to provide legal and business resources for medspas and medical aesthetic physicians in the U.S. Contact him at alex@americanmedspa.org.

Image copyright Getty Images