Medical Record Management and Security
Effective Date: January 1, 2026
Governing Law: A.R.S. § 12-2292, A.A.C. R9-10-1312, R9-10-1512, HIPAA Privacy Rules.
1. Purpose
To ensure that all patient medical records are maintained, secured, and released in compliance with Arizona state law and federal regulations to promote continuity of care and confidentiality.
2. Documentation Standards (A.A.C. R9-10-1312)
- Accuracy & Content: Records must contain sufficient information to identify the patient, support the diagnosis, justify treatment, and document the results of care.
- Timeliness: Entries must be made in a timely manner, dated, and signed by the authorized provider.
- Deadlines:
- History & Physicals: 48 hours from admission.
- Operative Reports: 24 hours from procedure.
- Discharge Summaries: 24 hours from discharge.
- Record Completion: The medical record must be completed within 30 days of post operative care completion.
- Method: Records may be in paper or electronic format. If electronic, they must have safeguards against unauthorized access, with dates and times of entries recorded.
3. Confidentiality and Access (A.R.S. § 12-2292)
- All medical and payment records are strictly confidential.
- Records may only be disclosed with written, signed authorization from the patient or their legal representative, or as permitted by law.
- Patient Rights: Patients or their representatives have the right to access records upon request, usually within 30 days of the request.
4. Retention Policy (A.R.S. § 12-2297)
- Adult Records: Retained for at least seven years after the date of the patient's last discharge.
- Practice Closure: Upon retirement or selling a practice, the provider must take reasonable measures to ensure records are retained according to these standards
5. Release of Information (A.R.S. § 12-2294)
- Requests must be in writing via digital format and authorized via electronic format.
- Fees: Reasonable, cost-based fees for copying and postage may be charged.
- Subpoenas: If records are requested via subpoena, they must be delivered to the court by the production date in a sealed inner envelope with an affidavit of the custodian
6. Security and Safeguards
- Records are protected from loss, damage, or unauthorized use.
- Breach Notification: In the event of a breach of unsecured health information, the organization will notify the affected patient and the Arizona Department of Health Services as required.
