3400, Client Records Management

Revision 23-2; Effective Sept. 15, 2023

HHSC grantees must have an organized and secure client record system. The grantee must ensure that records are organized, readily accessible and available to clients upon request with a signed release of information. Records must be kept confidential and secure, as follows:

  • safeguarded against loss and use by unauthorized persons;
  • secured by lock when not in use or inaccessible to unauthorized persons; and
  • maintained in a secure environment in the facility, as well as during transfer between clinics and in between home and office visits.

Written consent is required for the release of personally identifiable information, except as may be necessary to provide services to the client or as required by law, with appropriate safeguards for confidentiality. If the client is 17 years old or younger, the client’s parent, managing conservator or guardian, as authorized by Chapter 32 of the Texas Family Code or by federal law or regulations, must authorize the release. HIV information should be handled according to law.

When information is requested, grantees should release only the specific information requested. Information collected for reporting purposes may only be disclosed in summary, statistically or in a format that does not identify individuals. Upon request, clients transferring to other providers must be provided with a copy or summary of their record to expedite continuity of care. 

Grantees and subgrantees must maintain for the time specified by HHSC all records pertaining to client services, contracts and payments. Grantees must follow contract provisions, maintain medical records for at least seven years after the close of the contract and follow the retention standards of the appropriate licensing entity. All records relating to services must be accessible for examination at any reasonable time to representatives of HHSC and as required by law.