Lesson 1, Topic 1
In Progress

Special Issues in Documentation

May 1, 2021

Record Ownership and Access

The original health care record or chart is the property of the institution or the health care provider. On admission to the health care facility, the patient is usually asked to sign a form granting permission for appropriate people, such as insurance carriers, to have access to the record as necessary. Patients may not have immediate access to their full records, depending on the agency policy. Lawyers, with the patient’s written permission, are given access to the patient’s medical records. Courts have the legal right to obtain records for their review and use in the case of a lawsuit.

Patients have gained access rights to their records in most states, but only if they follow the established policy of each facility. A written request for chart access may be required, and institutions can specify a period that allows the physician and the facility to review the record and give a response. Sometimes the institution requires that a staff member or physician be present while the individual looks through the chart to answer questions and to protect the integrity of the record. Patients may also ask for a copy of their medical records. The Office of the National Coordinator for Health Information Technology (ONC), which is part of the Department of Health and Human Services, is continually working on making access to medical records easier and less time consuming for patients, including electronic access. The department is currently focusing on the issue of personal health records (PHC) (Daniel, 2012).


Health care personnel are mandated to respect the confidentiality of the patient’s record. The Patient Care Partnership (information given to patients when admitted to a facility that informs them of their rights and responsibilities) and the law guarantee that medical information is kept private, unless the information is needed in providing care or the patient gives permission for others to see it (American Hospital Association, n.d.). The Health Insurance Portability and Accountability Act (HIPAA), an act of Congress passed in 1996, affords certain protections to persons covered by health care plans, including continuity of coverage when changing jobs, standards for electronic health care transactions, and primary safeguards for the privacy of individually identifiable patient information (see Chapter 2).

Ethical codes of practice also emphasize the LPN/LVN’s obligation to preserve patient privacy by holding patient information in highest confidentiality. Health care personnel may not read a record, or allow others to do so, without a clinical reason, and personnel must hold the information regarding the patient in confidence. Furthermore, trust is necessary for good nurse-patient relationships, and breaking confidences is a way to lose patient trust. Breaking laws concerning patient confidentiality often leads to job termination, lawsuits, or both (see Chapter 2).

Student nurses are also reminded that no information is to leave the clinical site and that any documents that have patient identifying information must be closely guarded at all times within the facility. Any printouts or notes with patient identifiers that have been used by the student must be shredded before leaving the clinical agency. In addition, the student must be vigilant in keeping documents in a safe place when in the clinical agency; documents with patient identifiers should never be left anywhere unattended, such as on bedside tables in the patient’s room, at the nurse’s station, or on conference room tables. Any information that the student does need for course assignment purposes regarding assigned patients should have no identification information on the documents.

Electronic Documentation Safeguards

Charting with an electronic system is an efficient method of documentation, but the security of the system must be considered when considering legal and ethical issues. Confidentiality, access to information, and inappropriate alterations in patient records are areas of concern. Networks are typically protected by a firewall from illegitimate outside access. Some computer systems permit online access from remote sites, but this further complicates the task of keeping the system secure. To protect the patient’s rights and keep the patient’s record confidential, anyone who enters data into or consults a computerized record has to log on to the system with a secure password. The institution may require the user to change passwords at certain time frames, such as every 90 days, to maintain security. Because the password is assigned only to individual health care personnel, any data entered are automatically credited to whoever signed in; thus, personnel must never share the password with anyone. The LPN/LVN must be sure to log off the system before leaving the terminal to ensure that information about a patient does not remain on the monitor display for others to view.

It is also necessary to protect computer-generated printouts and prevent the indiscriminate duplication or distribution of information about patients. Most facilities that use computer charting incorporate a system for logging and tracking computer printouts (Box 3-5) and have protocols for shredding the copies that are made.

Use of Fax Machines

Fax machines send written documents over telephone lines to quickly transmit data between health care facilities, such as health care provider’s offices, hospitals, long-term care facilities, and laboratories. HIPAA rules allow for a patient’s medical records and information to be faxed. Information can be transmitted from health care providers to health care facilities and vice versa. For example, laboratory results can be sent via fax, e-mail, or phone to a health care provider, or a health care provider may fax medical information to another professional for consultation. Various safeguards must be in place to maintain patient confidentiality and privacy. Some facilities require that the sender verify the fax number with the recipient.

Box 3-5 Guidelines for Safe Computer Documentation

•Do not share with another caregiver the password that you use to enter and sign off computer files. (NOTE: A good system requires frequent changes in personal passwords to prevent unauthorized people from accessing and tampering with records. Some facilities use fingerprint scanners instead of passwords.)
•After logging on, never leave the computer terminal unattended without first logging off.
•Follow the correct protocol for correcting errors. To correct an error after storage, follow the facility policy for identifying documentation errors, then add the correct information and date and initial the entry. If you record information in the wrong chart, follow facility policy for identifying this error.
•Make sure that stored records have backup files, an important safety check. If you inadvertently delete part of the permanent records, type an explanation into the computer file with the date, the time, and your initials and submit an explanation in writing to your manager.
•Do not leave information about a patient displayed on a monitor where others have the opportunity to see it.
•Follow the agency’s confidentiality procedures for documentation.
•Printouts of computerized records also have to be protected. Shredding of printouts and keeping a log that accounts for every copy (whether electronic or printed) of a computerized file that you have generated from the system are ways to keep waste and creation of duplicate records to a minimum and protect the confidentiality of patients.

Similarly, a facility may preprogram frequently faxed numbers into the system to prevent incorrect dialing of the intended number. Although fax machines are still used, they are being used less by facilities that have an EHR system in place.