Dental records have changed significantly over time due to federal regulations and advancements in technology. Not many years ago, a patient record may have consisted of paper forms held together in a paper filing chart with written notes, some radiographic films, and maybe a few poured casts were cross referenced to a storage area of the lab. The record has transformed to an electronic document including digital images and photographs while all under the protection of security standards and privacy rules.
The dental record contains personal and dental treatment information generated by the practice. The original documents of the record are owned by the dental practice with the dentist of the practice considered to be the legal guardian.1 The patient can have access to, and request copies of, this information at any time, even if they have a monetary balance with the practice. The original documents must remain with the practice and the requested copies must be sent within a reasonable time frame. Should the patient move or change to a different dental practice, copies should be forwarded. A cost-based fee can be charged to cover the copying and postage and could be regulated according to limits set by the state.2
The dentist owns the patient’s dental record as they have ordered the treatment and diagnosed the findings. Patients cannot have or keep their original record, but they have the right to review and request a copy of their record components. Knowing this, professionals must only use factual statements when documenting treatment, correspondence, etc. A dentist cannot refuse to release any portion of a patient’s record because of an outstanding financial account, especially if another dentist is requesting the information or the patient is transferring to another practice for care. At all cost, any interruption in patient care should be avoided.
Radiographic images are a vital component of a patient’s clinical record and only a licensed dentist can interpret them. When radiographic images are obtained, the patient is paying for the interpretation of the image(s) and not the actual film itself. Therefore, in most states, dentists typically maintain ownership of patient radiographs.
Original records are never to be released, including radiographs, to any party. No matter how formal a request for the originals may seem, only copies should be sent. The one exception to this rule is Subpoena Duces Tecum, which requires that the dentist or representative present original records to a court of law. In such an event, copies of the original records must be kept in the dental office and the process must be documented in full.2
A properly documented record is the best defense against malpractice litigation. Every member of the dental team is equally responsible for recording pertinent facts about a patient’s visit on the chart. Every member of the dental team is also responsible for protecting and securing all vital patient information. While the ultimate responsibility resides with the owner dentist(s), all of the dental office professionals must be trained to understand the federal and state laws.
Malpractice cases can be addressed and won according to the inclusions to and the omissions from the dental record. Risk management involves a processes to minimize the possibility of malpractice and includes specific steps regarding record keeping. Poor records often involve inconsistences, are sloppy and illegible, and do not fully support treatment with incomplete entries. Through routine checks, the practice can ensure that records are complete and legible. These routine tasks can include the review of patient demographics and identification, their health history, and entries in progress notes. Other notations regarding information such as telephone conversations, missed appointments, and failures to follow directions must be included under the concept of complete records.
The Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA, has impacted the dental record to require more record safety and patient privacy. The law is meant to protect patient privacy while health information is being shared among providers and insurance companies. All employees must be trained in following all HIPAA standards. Any violations in these policies must be documented and reported according to the law and procedures set forth by the dental office. While the whole dental team has a role in compliance, the dentist is ultimately responsible for enforcement. All patients must receive a copy of the office’s HIPAA practices and must sign a form verifying the receipt.2
There are two major focuses, portability and accountability, covered in four basic sets of HIPAA standards. The first HIPAA standard, titled Transaction and Code Sets, requires dental procedure terminology and their corresponding insurance code numbers to be standardized for all of dentistry and dental-related procedures. Dentistry currently follows the codes provided in the American Dental Association publication titled Current Dental Terminology, or CDT, which is usually updated biannually. This change was intended to streamline the process of creating a claim and also processing the claim by via insurance companies.1 Offices not filing electronic claims do not need to comply with this one standard. However, any dental office intending to file with Medicaid must submit all claims in electronic format.3
The second standard, known as the Privacy Standard, deals with the right to privacy and the office’s requirement to tell patients how they will do it. Each provider must name a Privacy Officer and must prepare a written policy. This policy must be offered to every patient and posted in the office. When received, the patient must sign a document that they have received the policy so the office can document compliance.
The third standard is the Security Rule. Security in this case refers to protecting the confidentiality and integrity of the record while always knowing the location of the record for retrieval. Each type of information should require a necessity to access it, often via a protected password or pass-phrase. Dental team members should only have access to those portions of records that are essential for providing quality dental treatment. Physical protection requires equipment free from compromise and environmental hazard, as well as additional back up of information should the electronic system go down. Protection also means that records must not be in view of other patients or office visitors, such as posted daily schedules viewed via monitor or paper.
The final standard requires each provider have a National Provider Identifier. This unique and permanent 10-digit number identifies the dentist or practice where treatment was provided. It is not meant to be used for other purposes such as tax identification or practitioner license number.3
With the development of the electronic health record (EHR), several governmental orders have been initiated. One of particular importance to dentistry is the Health Information Technology for Economic and Clinical Health Act, or the HITECH Act. The HITECH Act promotes the meaningful use of patient information and gives even more power for HIPAA enforcement.4
Portability is important for reasons of access and job transfer. HIPAA ensures portability for employees when they change employment and possibly receive a change in coverage. Also, a record that is electronic has the additional ease of portability. Being able to forward digital images and documents adds efficiency when a patient requires referral or moves away from an area.
The National Health Information Infrastructure (NHII) is a concept of total health communication. Along with the patient’s medical information, the dental records could also be available to all health practitioners in an effort to provide quality healthcare. The ultimate goal of each record is that it will be controlled by the patient, but each provider must maintain their own portions. The record requires continued safety protocols to maintain confidentiality. Dentistry has not been forced to comply as of this time but having electronic records will make this transition easier for the practice should that time come.1