©2022 by the American Board for Certification in Orthotics, Prosthetics & Pedorthics, Inc. All rights reserved.
No part of this document may be produced in any form without written permission of the American Board for Certification in Orthotics, Prosthetics & Pedorthics, Inc.
The Patient Records Standards contain specific requirements on the centralization, accessibility and protection of patient records, as well as keeping Protected Health Information (PHI) secure and confidential. Federal HIPAA regulations apply to all facilities providing DMEPOS services. Your business should establish documented policies and procedures that address the creation and maintenance of patient records. An effective patient record program must adhere to three principles:
1. Secure and Confidential Patient Records -- Your business must maintain a secure patient record system that allows prompt retrieval. Except as required by law, patient records must be treated in a strictly confidential manner.
2. Back-up Patient Records -- Your business is required to take appropriate measures to backup electronic patient data.
3. Uniform Documentation -- Each patient record should consistently include a patient evaluation/assessment, the diagnosis being treated and appropriate comorbidities, pretreatment photographic documentation (if applicable), patient education, the referring physician or appropriately licensed healthcare prescriber’s order and the treatment plan.
You must have written policies and
procedures that address the creation,
confidentiality, security and maintenance of
You must have a secure patient record system that allows prompt retrieval of information.
You must have a system in place that allows you quick access to patient information. This system may be paper or electronic and it must be secure.
Your patient records must include federal, state, local and applicable third party payer required documentation.
Patient records should include, but are not limited to, certificates of medical necessity (CMNs), prescriptions, written orders, delivery receipts, payment authorizations, physician communications, progress notes and any other required documentation.
Your patient records must be protected from risks. You must take appropriate measures to maintain backups of patient data.
You must have policies protecting your patient records from all risks such as theft, fire and/or natural disasters. Your procedures must include how you successfully and efficiently back up your patient records and how you would recover those records in the event of a disaster or theft.
Except as required by law, any records that contain a patient’s clinical, technical, personal and/or financial information must be treated in a confidential manner.
You must implement procedures to ensure that all patient information is protected.
Non-clinical patient information, such as third party payer and financial information, must be maintained according to generally accepted business and accounting principles.
You must follow generally accepted business practices and accounting principles in regard to maintaining patient financial information; this includes patient records, accounts receivable (EOB, statements, cash postings, adjustments, billing records), accounts payable and other financial records. You must be knowledgeable of the generally accepted business practices and accounting principles that apply to your business.
You must have a written policy that your patient records include the following:
1. Written, pictorial or documented oral instructions related to the use, maintenance, cleaning, infection control practices for and potential hazards of equipment and/or items
2. Verification that the equipment, items and services were received
3. The make and model number of any non-custom equipment and/or items provided
At a minimum, patient records must include documentation that the patient received:
You must also document the make and model number of any non-custom items and equipment provided to the patient in your equipment log or similar tracking system.
Your patient records must include:
1. Patient evaluation/assessment that contains diagnosis, prescription or valid order, relevant patient history and medical necessity
2. Pre-treatment photographic documentation as appropriate for the item
3. Patient education
4. The name and title of the patient care provider, their findings, recommendations, treatment plan and follow-up schedule
All patient records must be consistent. If you use photographic documentation, you will have a policy that describes how, when and under what circumstances photographic documentation is used.
Your patient records must document the patient’s need for and use of the orthosis, prosthesis and/or pedorthic device, including, but not limited to:
1. Pertinent medical history
2. Allergies to materials
3. Skin condition
5. Previous use of orthoses, prostheses and/or pedorthic devices
6. Results of diagnostic evaluations
7. Patient goals and expectations
All patient records must be consistent. As applicable, each patient record must include the reason the patient needs an orthosis, prosthesis or pedorthic device and how it will be used. The records should include:
If you are providing complex rehabilitative and assistive technology, all of the information obtained during the assessment must be maintained in the patient’s record.
You must have technical records that include a detailed description relevant to any orthosis, prosthesis and/or pedorthic device provided.
Documentation of this standard may include a detailed description of the device, materials, components, measurement forms, order forms, packing slips and delivery receipts.
You must verify that seating, positioning and specialty assistive technology have been evaluated and documented in the patient’s record.