LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 300.06 Non-Open Protected Health Information File
 
  PROCEDURES
  1.  Storage
    1. All paper non-open Protected Health Information (PHI) records shall be filed alphabetically in a secure, locked area of the record room or location designated for non-opened cases.
    2. Documentation and correspondence shall not be kept or stored (paper or any electronic media other than an Electronic Health Record (EHR) outside of the record storage secure site.
    3. Off-site storage of non-open PHI records must be arranged through the Custodian of Records or their designee.
  2. Release
    1. If an individual has not been officially established as a client of DMH, as indicated by the LE0019 episode, the PHI in the non-open record is not considered part of the designated record set and should not be released (Policy 501.02).
    2. Directly Operated staff must comply with the provisions of all DMH Health Insurance Portability and Accountability Act (HIPAA) related policies which establishes specific procedures for the proper organization and maintenance of client records and the disclosure of PHI based on federal, state, and local laws and regulations including HIPAA, WIC § 5328, and accepted standards of professional practice.
    3. Contracted providers are subject to their own relevant policies and all applicable provisions of federal, State, and local laws and regulations including HIPAA, WIC § 5328, and accepted standards of professional practice.
      1. All documents created and scanned into the EHR after the implementation of the EHR shall be destroyed upon confirming the document(s) were successfully scanned into the EHR.
      2. All PHI pertaining to an individual prior to an episode being opened and a clinical record being created must be retained and retrievable in a non-open PHI file for a period that is at least equivalent to the later of any of the following in Section C.
  3. Retention
    1. All PHI pertaining to an individual prior to an episode being opened and a clinical record being created must be retained and retrievable in a non-open PHI record for a period that is at least equivalent to the later of any of the following:
      1. 10 years following the conclusion of services;
      2. For minors, until such time as the minor reaches 25years of age;
      3. 10 years after completion of all county, state, and/or federal audits; or,
      4. 10 years after the conclusion of any audit appeal and/or when audit findings are fully resolved.
    2. All documents created and scanned into the EHR after the implementation of the EHR shall be destroyed upon confirming the document(s) were successfully scanned into the EHR.