Texas Administrative Code
Title 1 - ADMINISTRATION
Part 15 - TEXAS HEALTH AND HUMAN SERVICES COMMISSION
Chapter 353 - MEDICAID MANAGED CARE
Subchapter P - MENTAL HEALTH TARGETED CASE MANAGEMENT AND MENTAL HEALTH REHABILITATION
Section 353.1407 - Information Systems and Medical Records Systems

Universal Citation: 1 TX Admin Code ยง 353.1407

Current through Reg. 49, No. 38; September 20, 2024

(a) Management information system. Managed care organizations (MCOs) and comprehensive provider agencies must ensure their management information systems provide timely, accurate, and accessible information that supports clinical, administrative, and fiscal decision-making.

(b) Maintenance of medical records. MCOs and comprehensive provider agencies must ensure:

(1) protection against unauthorized access, disclosure, modification, or destruction of medical records, whether accidental or deliberate;

(2) the availability, integrity, utility, authenticity, and confidentiality of information within the medical record;

(3) a current, organized, legible, and comprehensive records system that:
(A) conforms to good professional practice;

(B) permits effective clinical review and audit; and

(C) facilitates prompt and systematic retrieval of information;

(4) a medical records system with sufficient redundancy to ensure access to individual records; and

(5) a medical records system that ensures compliance with applicable federal and state laws, rules, and regulations, including the Health Insurance Portability and Accountability Act and 42 CFR Part 2.

(c) Documentation retention. A comprehensive provider agency must maintain all records necessary to fully disclose the services delivered. These records must be retained for a period of ten years from the date of the service, or until all audit questions are resolved, whichever is longer. Records and supporting information regarding any payment of claims, as well as premises access, must be made available to HHSC, HHSC OIG, the federal Health and Human Services, the State Auditor's Office, or any person acting on behalf of such entity, upon request.

(d) Disaster recovery plan. A comprehensive provider agency must maintain a written disaster recovery plan for information resources in order to ensure service continuity, and must implement the plan as necessary.

Disclaimer: These regulations may not be the most recent version. Texas may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.