Skip to Main Content

Medical Records

Provider Type

  • Physicians (does not apply to Cal MediConnect)
  • Participating Physician Groups (PPG) 
    (does not apply to HSP)
  • Hospitals
  • Ancillary

Participating providers are required to maintain member medical records in a manner that is current, detailed, complete, and organized. In addition, medical records must reflect all aspects of member care, be readily available to health care providers and provide data for statistical and quality-of-care analysis. Health Net and its participating providers must maintain active books, records, documents, and other evidence of accounting procedures and practices for 10 years. An active book, record or document is one related to current, ongoing or in-process activities and referred to on a regular basis to respond to day-to-day operational requirements.

The following retention events must also be considered in reference to the required timeframes in which medical records must be maintained by providers. These retention requirements are based on Health Net's current Corporate Records Retention Schedule:

  • Pediatric medical records must be maintained for seven years after age 21
  • Hospitals, acute psychiatric hospitals, skilled nursing facilities (SNFs), primary care clinics, and psychology and psychiatric clinics must maintain medical records and exposed X-rays for a minimum of seven years following patient discharge, except for minors
  • Records of minors must be maintained for at least one year after a minor has reached age 18, but in no event for less than seven years

Health Net must ensure maintenance of all records and documentation (including medical records) necessary to verify information and reports required by statute, regulation or contractual obligation for five years from the end of the fiscal year in which Health Net's contract expires or is terminated with a member.

Standards for the administration of medical records by participating providers are established by the Health Net Quality Improvement Committee (HNQIC). The standards form the basis for the evaluation of medical records by Health Net. Medical records for primary care physicians (PCPs) may be selected for evaluation as part of the annual delegation oversight assessment.

Health Net requires participating providers to have a written policy in place that provides for the protection of confidential protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). The policy must be kept in hard copy or electronic format and must include a functioning mechanism designed to safeguard medical records and information against loss, destruction, tampering, unauthorized access or use, and verbal discussions about member information to maintain confidentiality.

Participating physician groups (PPGs), physicians, hospitals and ancillary providers are required to provide Health Net with copies of medical records and accounting and administrative books and records, as they pertain to the Provider Participation Agreement (PPA).

The provider has financial responsibility to provide copies of medical records so that Health Net can make claims and benefit determinations for Health Net utilization management, quality improvement, Healthcare Effectiveness Data and Information Set (HEDISĀ®), and appeals and grievance programs.

Medical records may be required for regulatory reviews by the Centers for Medicare & Medicaid Services (CMS), Department of Health Care Services (DHCS), Department of Managed Health Care (DMHC), National Committee for Quality Assurance (NCQA), Independent Quality Review and Improvement Organization (QIO), and other regulatory bodies.

Right to Audit and Access Records, including Electronic Medical Records (EMR)

Access to Records and Audits by Health Plan

Subject only to applicable state and federal confidentiality or privacy laws, the provider must share records when Health Net or its designated representative requests access to them in order to audit, inspect, review, perform chart reviews, and duplicate such records.

For on-Exchange plans and Medicare line of business, if performed onsite, access to records for the purpose of an audit must be scheduled at mutually agreed upon times, upon at least 30 business days prior written notice by the health plan or its designated representative, but not more than 60 days following such written notice.

For Medi-Cal and Cal MediConnect, if performed onsite, access to records for the purpose of an audit must be scheduled at mutually agreed upon times, upon at least 30 business days prior written notice by Health Net or its designated representative, but not more than 60 days following such written notice. However, access to records and audits that are part of a facility site review audit, grievance visit or potential quality issue (PQI) visit can be unannounced.

EMR Access

When Health Net requests access to electronic medical records (EMR), the provider will grant the health plan access to the provider's EMR in order to effectively case manage members and capture medical record data for risk adjustment and quality reporting. There will be no other fees charged to the health plan for this access.

Participating providers are required to have systems and procedures in place that provide consistent, confidential and comprehensive record-keeping practices. Written procedures must be available upon Health Net's request for:

  • Confidentiality of patient information - Policy and procedure must address the protection of confidential protected health information (PHI) of the patient in accordance with the Health Information Portability and Accountability Act (HIPAA). The policy must include a written or electronic functioning mechanism designed to safeguard records and information against loss, destruction, tampering, unauthorized access or use, and additional safeguards to maintain confidentiality during verbal discussions about patient information. Information about written, electronic and verbal privacy, periodic staff training regarding confidentiality of PHI, and securely stored records that are inaccessible to unauthorized individuals must also be included
  • Release of medical records and information, including faxes
  • Medical record organization standards - Policy and procedure must include information about individual medical records; securely fastened medical records; medical records with member identification on each individual page; and a consistent area in the medical record designated for the member's history, allergies, problem list, medication list, preventive care, immunizations, progress notes, therapeutic, diagnostic operative, and specialty physician reports, discharge summaries, and home health information
  • Filing system for records (electronic or hardcopy)
  • Formal system for the availability and retrieval of medical records - Policy and procedure must allow for the ease of accessibility to medical records for scheduled member encounters within the facility or in an approved health record storage facility off the facility premises
  • Filing of partial medical records - Policy and procedure must outline the process for filing partial medical records offsite, including a process that alerts authorized staff regarding the offsite filing of the partial record
  • Retention of medical records in accordance with state laws and regulations (for providers who see commercial health plan patients)
  • Retention of medical records in accordance with federal laws and regulations (for providers who accept Medicare patients)
  • Preventive care guidelines for pediatric and adult members
  • Referrals to specialists
  • Accessibility of consultations, diagnostic tests, therapeutic service and operative reports, and discharge summaries to health care providers in a timely manner
  • Inactive medical records - Policy and procedure must include guidelines that describe how and when a medical record becomes inactive. Member medical records may be converted to microfilm or computer disks for long-term storage. Every provider of health care services who creates, maintains, preserves, stores, abandons, or destroys medical records shall do so in a manner that preserves the confidentiality of member information
Last Updated: 10/29/2019