Oklahoma Administrative Code
Title 340 - Department of Human Services
Chapter 100 - Developmental Disabilities Services
Subchapter 3 - Administration
Part 3 - ADMINISTRATION
Section 340:100-3-40 - Community records
Universal Citation: OK Admin Code 340:100-3-40
Current through Vol. 42, No. 1, September 16, 2024
(a) Purpose. Oklahoma Administrative Code (OAC) 340:100-3-40 sets forth requirements for:
(1) contract provider
records maintenance;
(2) document
transfer to a history file for service recipient records the contract provider
maintains;
(3) information transfer
when a service recipient changes contract providers;
(4) maintenance of an official electronic
record for each service recipient receiving services through a Home and
Community Based Services waiver.
(A) All
service recipient information and records are confidential and released only to
individuals or provider agencies who have proper authorization from the service
recipient or his or her legal representative.
(B) It is the legal responsibility of
Oklahoma Human Services (OKDHS) employees and contract providers to protect
clients' privacy and to ensure the protection of confidential
information.
(C) Developmental
Disabilities Services (DDS) ensures service-recipient records are protected
from loss, defacement, tampering, destruction, and violation of
confidentiality.
(D) DDS personnel
obtain individualized, time-limited, informed consent, prior to securing
service recipient information or records from provider agencies who do not have
a current OKDHS contract; and
(5) formatting, use, and retention of
electronic records and signatures generated, sent, communicated, received, or
stored by DDS, in conformity with the Uniform Electronic Transaction Act, found
at Section
15-101 et seq. of Title 12A of the
Oklahoma Statutes (12A O.S. §§ 15-101 et seq.).
(A) Only individual providers or employees
designated by the provider's agency may make entries in the member's record.
All entries in the member's record must be dated and authenticated with a
method established to identify the author. The identification method may
include computer keys, Private/Public Key Infrastructure (PKIs), voice
authentication systems that use a personal identification number (PIN) and
voice authentication, or other codes. Providers must have a process in place to
deactivate within one working day an employee's access to records upon
termination of employment of the designated employee.
(B) When PKIs, computer key codes, voice
authentication systems, or other codes are used, the provider agency's employee
completes a signed statement documenting that the chosen method is under the
sole control of the person using it and further demonstrate that:
(i) a list of PKIs, computer key codes, voice
authentication systems or other codes can be verified;
(ii) all adequate safeguards are maintained
to protect against improper or unauthorized use of PKIs, computer keys, or
other codes for electronic signatures; and
(iii) sanctions are in place for improper or
unauthorized use of computer key codes, PKIs, voice authentication systems or
other code types of electronic signatures.
(C) There must be a specific action by the
author to indicate that the entry is verified and accurate. Systems requiring
an authentication process include, but are not limited to:
(i) computerized systems that require the
provider's employee to review the document online and indicate that it has been
approved by entering a unique computer key code capable of
verification;
(ii) a system in
which the provider's employee signs off against a list of entries that must be
verified in the member's records;
(iii) a mail system that sends transcripts to
the provider's employee for review;
(iv) a postcard identifying and verifying the
accuracy of the record(s) signed and returned by the provider's employee;
or
(v) a voice authentication
system that clearly identifies the author by a designated PIN or security
code.
(D)
Auto-authentication systems that authenticate a report prior to the
transcription process do not meet the stated requirements and are not an
acceptable method for the authentication process.
(E) The signature and date entry are the
authentication of an electronic record and are expected on the day the record
is completed.
(F) The individual
provider or designated administrators within the provider agency may edit
records. Edits must be in the form of a correcting entry which preserves
entries from the original record. Edits must be completed prior to claims
submission or no later than 45-calendar days after the date of service,
whichever occurs first.
(G) Use of
the electronic signature for documentation constitutes a signature and has the
same effect as a written signature on the documentation. The section of the
electronic record documenting the service provided must be authenticated by the
employee or individual who provided the described service
(H) Any authentication method for electronic
signatures must:
(i) be unique to the person
using it;
(ii) identify the
individual signing the document by name and title;
(iii) be capable of verification, assuring
that the documentation cannot be altered after the signature has been
affixed;
(iv) be under the sole
control of the person using it;
(v)
be linked to the data in such a manner that if the data is changed, the
signature is invalidated; and
(vi)
provide strong and substantial evidence that make it difficult for the signer
to claim that the electronic representation is not valid.
(I) Failure to properly maintain or
authenticate records with the signature and date entry may result in the denial
or recoupment of payments.
(J)
Providers must retain electronic records and have access to the records per
guidelines found at OAC
317:30-3-15.
(K) The provisions of the Electronic
Transaction Act apply to the time and place of sending and receipt. When a
power failure, internet interruption, or internet virus occur, confirmation by
the receiving party is required to establish receipt.
(L) Any person who fraudulently represents
facts in an electronic transaction, acts without authority, or exceeds his or
her authority to perform an electronic transaction may be prosecuted under all
applicable criminal and civil laws.
(b) General requirements. Records, electronic or paper, the contract provider maintains are indexed, orderly, well-maintained, readily accessible, and current. Records contain adequate documentation of services rendered.
(1) All service recipient records are
available for the service recipient, his or her legal guardian, contract
provider staff, and OKDHS authorized agents to review upon request.
(2) The service recipient record is
maintained with:
(A) an index;
(B) the service recipient's name on the
record and on each page;
(C)
discernable section tabs; and
(D)
documents secured in the record.
(3) All entries in the record:
(A) are made per OAC
317:30-3-15
(B) are in chronological order;
(C) are legible;
(D) include the date and time of each entry,
with legible identification of the person making the entry; and
(E) include, when the entry is
health-related:
(i) a description of the
concern; and
(ii) action
taken.
(4) The
provider ensures compliance, per OAC
340:2-8-1 through OAC
340:2-8-13 and OAC
340:100-3-2, pertaining to
personal information protection, use, and release. The provider holds personal
information regarding service recipients, including names, addresses,
photographs, evaluation records, and all other records confidential.
Information is not disclosed, directly or indirectly, unless the adult service
recipient or legal guardian consent in writing.
(c) Home record for service recipients receiving community residential supports, group home services, or non-residential habilitation training specialist (HTS) services. The in-home contract provider maintains a current service record for each service recipient receiving community residential supports, per OAC 340:100-5-22.1; group home service, per OAC 340:100-6; or non-residential HTS services, per OAC 340:100-5-35.
(1) Documents contained in each home record
are not removed and include:
(A) guardianship
documents and other legal documents;
(B) current Individual Plan packet and
addendum copies;
(C) applicable
health-related documents including, but not limited to:
(i) Form 06HM005E, Referral Form for
Examination or Treatment, physician orders, discharge summaries, and emergency
room reports;
(ii) special
instructions or the Health Care Plan;
(iii) individually-identified data forms
relevant to the service recipient's current health status;
(iv) a Dyskinesia Identification System:
Condensed User Scale or Abnormal Involuntary Movement Scale, when required, per
OAC 340:100-5-29;
(v) current immunization record;
(vi) current medication administration
records;
(vii) the most recent lab,
x-ray, and consultation reports, and pharmacological evaluation, when
applicable;
(viii) miscellaneous
health-related consultations and correspondence; and
(ix) Form 06HM073E, Referral Form for
Psychiatric Treatment or Examination;
(D) miscellaneous documents relating to the
service recipient including, but not limited to:
(i) observation notes;
(ii) Form 06CB035E, Site Visit Report,
completed by all professional contract providers;
(iii) standing medical orders and
protocols;
(iv) applicable data
collection sheets; and
(v)
documentation of program coordination staff home visits;
(E) quarterly residential progress reports;
and
(F) Form 06MP070E, Access to
Home Record and Verification of Monitoring Requirement, certifying that all
authorized persons accessing the service recipient information contained within
the home record were informed and understand the penalties for misuse of
confidential and protected information, per 21 O.S. §
1533.1.
(2) In unusual
circumstances, at the Personal Support Team's (Team) request, and with DDS
field administrator's written approval, a service recipient's home record or
specified document types from the record may be maintained at a location other
than the service recipient's home.
(d) Retention. Each contract provider retains a record for each service recipient receiving services from the provider.
(1) There is a yearly transfer
of all documents more than three months old from the provider agency's records
to a history file, unless otherwise specified, per OAC
340:10-3-40.
(2) The provider agency retains original
records for a six-year period or until any pending litigation involving the
service recipient is completed, whichever occurs last.
(e) Transfers between agencies. When a service recipient changes provider agencies, within seven-calendar days of the transfer, the agency provides the new agency with a paper or electronic copy of the current home record and any health documents the Team requests.
(f) Other provider records. The provider maintains service records that substantiate service provision, service recipient eligibility, and outcome of services.
(1) Records are maintained for a six-year
period after OKDHS makes the final payment and all pending matters are
closed.
(2) The provider maintains
copies of all claims, substantiating documents, and records regarding agency
fiscal status within corporate offices in Oklahoma.
Added at 17 Ok Reg 3102, eff 6-7-00 (emergency); Added at 18 Ok Reg 1254, eff 5-11-01; Amended at 25 Ok Reg 986, eff 5-15-08; Amended at 28 Ok Reg 897, eff 6-1-11; Amended at 29 Ok Reg 822, eff 7-1-12
Disclaimer: These regulations may not be the most recent version. Oklahoma may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
