Ethical Question about keeping assessment reports

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.

LucidMind

Full Member
10+ Year Member
Joined
Feb 18, 2013
Messages
119
Reaction score
3
After conducting a clinical assessment (learning disorder, ADHD, emotional, behavioral, etc) and writing up the report, is it ethically appropriate to keep a de-identified version of the report for your own personal records (to use as templates for future reports and to remember your clinical experiences for internship apps?). By de-identified, I mean getting rid of all names (people, places, institutions, etc), dates, and any other form of identifiable information. After this is all removed, do you think it is ethically appropriate to keep the report or not?

Members don't see this ad.
 
After conducting a clinical assessment (learning disorder, ADHD, emotional, behavioral, etc) and writing up the report, is it ethically appropriate to keep a de-identified version of the report for your own personal records (to use as templates for future reports and to remember your clinical experiences for internship apps?). By de-identified, I mean getting rid of all names (people, places, institutions, etc), dates, and any other form of identifiable information. After this is all removed, do you think it is ethically appropriate to keep the report or not?

I assume you know you HAVE to keep assessment reports for a certain number of years, right? Its a violation NOT to.

If you are talking about keeping in your personal files so you can use as a work sample in the future, yes of course that is fine so long as you deidentify it according to HIPPA standards.
 
I assume you know you HAVE to keep assessment reports for a certain number of years, right? Its a violation NOT to.

If you are talking about keeping in your personal files so you can use as a work sample in the future, yes of course that is fine so long as you deidentify it according to HIPPA standards.

Thanks for the reply erg. Yes, our clinic keeps the official reports stored safely away for the required amount of time. I was indeed referring to my personal files. If I do decide to do that i'll definitely make sure to review HIPAA standards. Thanks again!
 
Members don't see this ad :)
I found the answer to my question in another thread! I'll share it with this thread, but the mods should feel free to delete it because the exact question was already answered :) Therapist4chnge wrote this:

Information that is de-identified is generally defined as "information (1) that does not identify the individual and (2) for which there is no reasonable basis to believe the individual can be identified from it." De-identified health information is exempt from the HIPAA Privacy Rule. In order to de-identify data, the 18 identifiers listed below must be removed from the health information.

Names
Social Security numbers
Telephone numbers
All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if, according to the current publicly available data from the Bureau of the Census: (a) the geographic unit formed by combing all zip codes with the same three initial digits contains more than 20,000 people, and (b) the initial three (3) digits of a zip code for all such geographic unites containing 20,000 or fewer people is changed to 000
All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
Fax numbers
Electronic mail addresses
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certificate/license numbers
Vehicle identifiers and serial numbers, including license plate numbers
Device identifiers and serial numbers
Web Universal Resource Locators (URLs)
Internet Protocol (IP) address numbers
Biometric identifiers, including finger and voice prints
Full-face photographic images and any comparable images
Any other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for re-identification.

*I also found the source:

http://www.hhs.gov/ocr/privacy/hipa...ties/De-identification/guidance.html#standard
 
Actually that does bring up an ethical question. Who should keep the data and the report ? I used to think that should be the site when I was in practicums, but as I progressed in my career, I feel that I should keep the information using the appropriate safeguards. That is the only way that I can ensure that my patient's confidentiality as well as the integrity of the test can be protected.
 
Actually that does bring up an ethical question. Who should keep the data and the report ? I used to think that should be the site when I was in practicums, but as I progressed in my career, I feel that I should keep the information using the appropriate safeguards. That is the only way that I can ensure that my patient's confidentiality as well as the integrity of the test can be protected.

I'm not completely sure of all the legal issues, but I believe that if the work was performed for/through the site rather than by you as an individual practitioner, then the site should be the one to hang on to the report. That way, if you leave the site, the patient doesn't have to track you down to find it, as when you leave, your files stay at the site. I'm honestly not sure if it's legal for you to also keep a copy for yourself, but I can say that if you do, it should of course be stored in a HIPAA-compliant manner.

Now, if you're worried that the site isn't appropriately handling/managing those reports, that's another matter entirely.
 
For me it isn't just about being HIPAA compliant, as I think sometimes our ethical standards exceed what is required by law. We have quite the ongoing debate about that going on at the hospital where I work now. At other non-medical places that I have worked such as a school. My records had different levels of protection and when I am there, I can ensure that at least the HIPAA standards apply, but schools don't adhere to HIPAA, I believe it is FERPA so if I left the records, who would ensure that my patients are protected?
 
Good question, and I'm honestly not sure. My gut reaction is that it's the school's responsibilities to maintain the records, and to ensure that they're kept with the appropriate safeguards (e.g., HIPAA vs. FERPA). Unless they contracted the services through you and somehow worked into the contract that part of your services included maintaining the records.
 
At my current hospital, the psych department keeps the assessment reports separate from the electronic medical record in our own locked files. I think we did that at the VA too. Can't remember for sure though.
 
Also, to answer the original poster, some states require that you submit work samples for licensure so you would need to have copies for your own records.

True, although we just need to be sure that we properly de-identify them; added bonus is that you then don't need to worry about HIPAA-compliant storage. But it's definitely not a bad idea to plan ahead for these sorts of things (e.g., for work samples to submit for boarding).
 
Top