What are the medical record keeping responsibilities of an off-site contract physicians who review prescription renew requests for a company, not a medical practice, that provided a prescription refill service? An important Pennsylvania appellate court decision recently affirmed a Pennsylvania Board of Medicine $2500 fine for a doctor who failed to properly retain and maintain his own medical records for patients for whom he renewed prescriptions. The doctor worked for a commercial company known as a clearinghouse, to review online prescription requests.Pursuant to his contract, Dr. Karkalas filled prescription requests based upon the company's customers' online questionnaires which provided information such as the reason for the request, medical history, and other prescribed medications being taken. Although the company maintained a secure computer data base of all related renewal questionnaire information for the drug seeking patients, which the doctor received full electronic data base access during his contract, his access was terminated with the cancellation of his employment/independent services contract.Aware of this possibility, the doctor briefly maintained his own copies of all prescription renewals on the company database. However, he did not print or otherwise personally retain prescription records or patient questionnaires. He did not maintain in his office any records, independent files, or even patient names pertaining to the online prescriptions. At some point in 2011, the doctor’s contract was terminated and he lost password access to retrieve and retain all of the medical records for the prescriptions he did write.Apparently, one of the recipients for whom this doctor wrote prescriptions had difficulty securing a subsequent renewal, complained to the Board, and an investigation commenced, resulting in the $2500 fine and a requirement that the doctor take 10 hours of education class on medical records maintenance. The doctor contested this assessment.The focus of the doctor’s appeal was the changing nature of the medical field and practice as it related to medical contract services for hire, internet communications, and physician employees of large companies providing long distance medical services during contractual time and access to those medical records after contracts are terminated. The case has several simple lessons.The regulations that address physician’s legal obligations to create and maintain medical records are found at Section 16.95 of the Board's Regulations, 49 Pa. Code § 16.95, which states, in relevant part:(a) A physician shall maintain medical records for patients which accurately, legibly and completely reflect the evaluation and treatment of the patient. The components of the records are not required to be maintained at a single location. Entries in the medical record shall be made in a timely manner.(e) A patient's medical record shall be retained by a physician for at least 7 years from the date of the last medical service for which a medical record entry is required. The medical record for a minor patient shall be retained until 1 year after the minor patient reaches majority, even if this means that the physician retains the record for a period of more than 7 years.(f) The components of a patient's medical record, which are prepared by a physician or his agent and which are retained by a health care facility regulated by the Federal government, or by the Department of Health or the Department of Public Welfare are considered to be a part of the patient's medical record which is required to be maintained by a physician, but are otherwise exempt from the requirements in subsections (a) -- (e). .Initially, the doctor did not argue that he was employed by a "health care facility" under section 49 Pa. Code § 16.95(f), for whom the record keeping regulations would not apply. This was a huge error. Under the current practice in the medical field, large medical practices are similar to hospitals in that they contact out the prescription refill process, which prescription are paid for by many different insurance programs. If the medical practice which contracted out Dr. Karkalas’ prescription renewal services accepted federal or state Medicare and Medicaid as payment for the prescriptions the doctor wrote, his company, he should have argued, should have been considered a health care facility regulated by the federal government, or by the Department of Health or the Department of Public Welfare, for which the individual record keeping responsibilities would not have applied. Having failed to raise this argument, such was waived.Next lesson, is how to protect the contracted medical practitioner for being sanctioned for not independently securing and maintaining for 7 years either copies of, or access to, the medical records of any patient for whom any type of medical treatment is provided. Contractually, long-term electronic access to patient database of medical records need be insured. This is regardless of the company or employer for whom the practitioner worked.Any contract termination clauses must include a surviving obligation of the company to allow for secure access to, or a provision for timely copies of, all medical records for 7 years. Current electronic off-site storage of medical records easily allows for structured access to encrypted, password protected records through medical reproduction companies or records custodians. For Karkalas, it was this failure to insure his unfettered long-term access upon which the disciplinary action was based.Unfortunately, even possessing some access to old records was not enough. The Board reviewed the record keeping regulations to send the simple message to all physicians. It is your obligation to obtain, secure, maintain, and protect copies for yourself all of the medical records of the patients for whom you provide a medical service. Failure to do so will constitute engaging in an unprofessional conduct.Obviously, this means in large practices or small ones, for those independently hired contract physicians or those working for private companies, doctors must at a minimum possess contractual access to all electronic data of their patients. Medical records must be readily accessible via the internet, off-site, and in complete form. Individual copies need not be preserved. Simply having immediate “access to” your patients’ medical records through non-cancelling passwords will protect you from at least the Pa Medical Board. This little issue must be addressed in all contract negotiations.