Medical records and documentation standards and reviews

The purpose of complete and accurate patient record documentation is to foster quality and continuity of care. It creates a means of communication between providers and between providers and members about health status, preventive health services, treatment, planning, and delivery of care.

Jump to a specific section:
Medical records standards
Providing documentation of referral encounters
Documentation standards
Authorship and authentication of dictated reports
Protected health information
Information security measures
Password security
Securing confidential information
Faxing medical records
Confidentiality language
Medical records reviews

Medical records standards

Our medical record standards reflect the importance of confidentiality and accessibility by authorized users only.

We require you to:

  • Keep a unique, individual record for each patient
  • Establish an organized record-keeping system to ensure that medical records are easily retrievable for review and available for use when needed, including at each patient visit
  • Store and maintain medical records in a centralized and secured location accessible only to authorized personnel and provide equivalent security for electronic medical records
  • Maintain and organize documents within medical records in a specified order
  • If there is a paper medical record, ensure that documents are fastened securely within a paper medical record
  • Provide periodic training in confidentiality and security for patient information
  • CMS requires Medicare managed program providers to retain medical records for 10 years. Kaiser Permanente follows CMS standards for medical records retention.

Providing documentation of referral encounters

Whenever a Kaiser Permanente or contracted provider (other than a member's personal physician) sees a Kaiser Permanente member, complete documentation of the encounter must be made available to the referring provider and the member's personal physician. If the documentation is not added directly to the Kaiser Permanente electronic medical record, copies of the relevant medical records must be provided within five working days of the visit.

Promptly forwarding the records ensures that the personal physician has a complete medical record on file and that the referring provider has necessary information.

Documentation standards

Our documentation standards reflect the importance of complete, timely, and accurate health information.

Kaiser Permanente expects the following concerning documentation:

  • Member identifiers appear on every piece of documentation
  • Entries are legible to others and are recorded in black or blue ink if on paper
  • Entries are dated and authenticated by the author
  • Documentation is made at the time service is provided
  • Documentation must support all codes submitted
  • Only standard medical abbreviations should be used in documentation
  • All patient encounters, including telephone, fax, and electronic message exchanges are documented
  • Documentation of any advance directives is in a prominent part of a member's medical record and includes whether or not a member has executed an advance directive, as well as documentation of any information about advance directives that was made available to the member

Documentation must include the following content:

  • Problem list, including significant illnesses and medical conditions
  • Medications
  • Adverse drug reactions
  • Allergies
  • Smoking status
  • Any history of alcohol use or substance abuse
  • Biographical or personal data
  • Pertinent history
  • Physical exams
  • Documentation of clinical findings and evaluation for each visit
  • Laboratory and other studies that signify review by the ordering provider
  • Working diagnoses consistent with findings and test results
  • Treatment plans consistent with diagnoses
  • A date for return visits or a follow-up plan for each encounter
  • Previous problems addressed in follow-up visits
  • A current immunization record
  • Preventive services and risk screening

Primary care medical records must document:

  • All services provided by a practitioner who provides primary care services
  • All ancillary services and diagnostic tests ordered by a practitioner
  • All diagnostic and therapeutic services for which a member was referred by a practitioner, such as home health nursing reports, specialty physician reports, hospital discharge reports, or physical therapy reports

Authorship and authentication of dictated reports

We authorize and require providers working within our facilities to document patient health care information in the medical record as specified by medical staff bylaws and Kaiser Permanente policy.

  • All entries are to show authorship and be authenticated
  • Only authorized individuals may enter documentation in the medical record
  • All entries must indicate author and be authenticated
  • An entry may not be made or signed by someone other than the author except according to Kaiser Foundation Health Plan of Washington policy
  • Dictated and transcribed authentication shall be completed no longer than five calendar days post transcription
  • Authors of documentation are required to clearly authenticate entries using signature or electronic identification

Protected health information

Patient privacy is a top priority at Kaiser Permanente. Any information about a patient is confidential regardless of the medium upon which it is stored. Contracted providers must have documented policies and procedures for safeguarding patient privacy.

Policies and procedures should address such aspects as:

  • Disclosure of health information
  • Elements of a valid authorization to release health information
  • Access and correction/amendment to medical records
  • Handling of specially protected information such as drug and alcohol abuse, mental health, sexually transmitted diseases, reproductive care, and HIV/AIDS
  • Proper disposal of confidential waste for all types of media
  • Confidentiality and security training
  • A confidentiality and security attestation signed by all employees

See Member rights for more information about patient access to medical records.

When providing services in Kaiser Permanente facilities, we require that you handle protected health information in a manner consistent with the Kaiser Permanente Notice of Privacy Practices. This notice applies only to services provided at a Kaiser Permanente facility. For services provided at a non-Kaiser Permanente facility, you may not rely upon Kaiser Permanente's notice to satisfy your own privacy notice obligations under the Health Insurance Portability and Accountability (HIPAA) Act.

To protect our patients, we strive to:

  • Limit the use of protected health information to the minimum necessary for the intended purpose
  • Provide our employees with confidentiality and security awareness training
  • Control access to information based on the principle of legitimate business need-to-know

All information identifying our patients is confidential, regardless of the medium upon which it is stored. Only authorized individuals with a legitimate business need-to-know may access health care information that identifies patients. Individuals using health information that identifies patients must observe appropriate confidentiality and security safeguards.

You may not disclose health information to third parties without prior authorization by the patient or the patient's legally recognized representative, except as provided by law.

Information security measures

Authorized individuals who use information that identifies members must observe appropriate safeguards, such as keeping user identification and passwords secret, using only their own passwords for access, signing off applications when appropriate, protecting medical records from unauthorized access, and accessing and disclosing patient information based on legitimate business need to know.

Password security

We encourage you to change your password regularly — the system will require you to change it every 60 days. You can change your password by choosing Change Your Password from the left navigation bar.

If you suspect that someone else is using your user name and password to sign on, change your password immediately and contact your delegated administrator or Provider Services or Health Plan consultant to report the suspected breach.

Securing confidential information

Confidential health information must be stored, transported, transmitted, handled, used, and disposed of in ways that protect the information from unauthorized access, alteration, destruction, disclosure, copying, theft, or physical damage but that assures availability for provision of care.

You must have security measures in place to protect work areas and patient-identifiable information, such as:

  • System access management
  • Secured computer hardware
  • Personnel clearance procedures
  • Password protection of computer applications
  • Secure disposal of confidential waste
  • Sanctions for misuse of systems and data
  • Signed confidentiality agreements
  • Data backup and disaster recovery procedures
  • Assigned responsibility for confidentiality and security of information
  • Confidentiality and security awareness training

Faxing medical records

Faxes must be in accordance with confidentiality guidelines and governed by the same authorization requirements as any other release of health care information. Information disclosed should be limited to the minimum necessary to meet the need.Contact information should be included on the cover sheet. Verify that the information being sent and recipient's fax number is correct.

You may release a member's medical records via fax in the following situations:

  • Between Kaiser Permanente providers, including contracted providers, as necessary to support patient diagnosis, prognosis, and treatment
  • Between Kaiser Permanente and non-contracted community providers as necessary to support patient diagnosis, prognosis, and treatment
  • Between Kaiser Permanente facilities, business or operations units, and business associates to support care, operations, and quality oversight (such as for HEDIS or clinical review)
  • To third-party payers as required for certification of hospitalization

Requests for medical records to entities not described above can be directed to the Kaiser Permanente Release of Information Department.
Western WA - Phone: 866-656-4184 - Fax: 877-848-6896
Eastern WA - Phone: 509-241-7824 - Fax: 855-414-1751

Confidentiality language

When transmitting patient information by fax, the cover sheet should include a confidentiality statement, such as the below:The documents accompanying this facsimile transmission may contain confidential information belonging to the sender that is protected by Washington state and/or federal law. This information is solely for the use of the addressee named above. You may be exposed to legal liability if you disclose this information to another person. You are obligated to maintain this information in a safe and secure manner.

If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or other use of the contents of this faxed information is strictly prohibited. Notify the sender immediately by telephone to arrange for return of the documents to us.

Medical records reviews

Complete and accurate patient record documentation must be created and maintained for any Kaiser Permanente member who has been assessed, treated, or both. The medical record's primary purpose is to foster quality and continuity of care. It creates a means of communication between providers and members about preventative health services, treatment, planning, and delivery of care.

We conduct on-site medical record reviews for selected providers. The review includes but is not limited to:

  • Specific quality initiatives
  • Evidence that preventive screening and services are offered in accordance with our adult and child preventive care guideline schedules
  • Office environment standards
  • General record keeping practices

During documentation reviews, we will measure for attainment of the following performance goals:

  • 80 percent of charts have an updated problem list
  • 80 percent of charts have documentation of allergies
  • 80 percent of charts have documentation of immunizations

During the review, we take advantage of the opportunity to collect meaningful clinical-performance information that otherwise is difficult to obtain. We strive to minimize our impact on you during the reviews, but we also are committed to creating useful measurement and feedback tools for all providers in our network.

Content on this page is from the provider manual | Disclaimer