Office ManagementCPO Exam

Medical Records in Optometry

Medical records are the legal and clinical documentation of patient care. Paraoptometric professionals handle medical records daily—filing, retrieving, releasing, correcting, and ensuring HIPAA-compliant management. Proper records management protects patients, supports clinical continuity, enables accurate billing, and protects the practice from legal and regulatory risk. The CPO exam tests your knowledge of documentation standards, retention requirements, patient rights, and EHR best practices.

Documentation Standards

Good medical records are accurate, complete, timely, and retrievable. Key documentation principles:

Accuracy

Record only what was actually observed or done. Do not document findings you did not perform or tests you did not review.

Completeness

All components of the examination should be documented. A finding not documented is a finding not done—legally and for billing purposes.

Timeliness

Document as close to the encounter as possible. Late entries must be clearly labeled as late entries (with the date written and the original service date).

Legibility

Electronic records are generally legible; handwritten records must be readable by another clinician. Illegible records have no legal value.

Authorship

Every entry must identify who created it (provider name, credential, NPI) and must be authenticated (signed or electronically authorized).

Objectivity

Clinical findings are objective (e.g., "VA: 20/40") not interpretive (e.g., "patient sees poorly"). Leave clinical interpretation to the provider's assessment section.

Record Retention Requirements

Category	Typical Requirement	Notes
Adult patient records	7–10 years from last service	Follow the longer of state vs. federal requirement
Minor patient records	Age of majority + state retention period	Often until age 25–28; varies by state
Medicare/Medicaid records	7 years from date of service	Federal requirement; applies to any record tied to a federal claim
Prescriptions issued	Typically 7+ years	Eyeglass and contact lens prescriptions are part of the medical record
Billing and financial records	7 years	May be required for audit purposes
Informed consent documents	Duration of record retention	Should be retained with the medical record

Releasing Medical Records

Records may only be released in accordance with HIPAA and applicable state law. The general process:

Receive the request

Patient submits a signed, dated release of information form specifying: which records, to whom, for what purpose, and the expiration date of the authorization.

Verify identity

Confirm the requesting party is the patient or their authorized representative (parent for minor, legal guardian, power of attorney).

Process within 30 days

HIPAA requires records be provided within 30 days (extendable once to 60 days with written notice).

Document the release

Record what was released, to whom, when, and who authorized it. This is part of the required accounting of disclosures.

Never withhold for unpaid balances

Withholding medical records for non-payment is a HIPAA violation and may violate state law. Collect balances separately.

Correcting Documentation Errors

Correct Method

Draw single line through the error (paper)
Write "ERROR" next to the line
Write the correction with date and initials
Electronic: use addendum/correction function
Preserve audit trail in EHR

Never Do These

Use white-out on paper records
Erase or scribble over errors
Delete or overwrite EHR entries
Backdate or alter dates
Sign another provider's name

Practice CPO Office Management Questions

Free CPO exam prep on Opterio—including medical records, HIPAA, and documentation.

Start CPO Practice Questions

Related Resources

HIPAA in Optometry

Patient privacy, PHI, and HIPAA compliance—critical context for records management.

Coding Basics

CPT and ICD-10 coding fundamentals that connect to documentation requirements.

Billing & Coding

Billing workflows and how documentation supports accurate claim submission.

CPO Exam Content Outline

Complete breakdown of CPO certification exam topics.

Frequently Asked Questions

What information must be included in an optometric medical record?

A complete optometric medical record should contain: patient identification information (name, DOB, address, contact information), referring provider information if applicable, reason for visit (chief complaint), comprehensive health and ocular history, current medications and allergies, examination findings for each visit (visual acuity, refraction, IOP, anterior and posterior segment findings), clinical assessment and diagnosis (ICD-10 coded), plan of care, prescriptions issued, patient education provided, and informed consent documentation for any procedures. Diagnostic test results (visual fields, OCT, fundus photos) should be attached to the relevant visit. Each entry should be dated and identified with the provider's name and signature or electronic authorization.

How long must optometric medical records be retained?

Medical record retention requirements vary by state, but general guidance: for adults, records should be retained a minimum of 7–10 years after the last patient encounter. For minors, records must be retained until the patient reaches the age of majority (typically 18) plus the state's adult record retention period—often until the patient turns 25–28. Federal law (Medicare/Medicaid) requires records related to services billed to federal programs to be retained for 7 years from the date of service. Practices should follow whichever retention requirement is longest (state vs. federal vs. professional standard). When records are disposed of, they must be destroyed in a HIPAA-compliant manner (shredding for paper, certified destruction for electronic).

What are a patient's rights regarding accessing their medical records?

Under HIPAA, patients have the right to: (1) Request access to their records and receive a copy within 30 days of the request (extendable to 60 days with written notice). (2) Request their records in a specific format (paper or electronic) if the practice has that capability. (3) Receive a copy at no charge when the records are transmitted electronically, though practices may charge a reasonable fee for paper copies or extensive records. (4) Designate an authorized representative to receive records on their behalf. Practices may not withhold records due to unpaid balances—this is a common and serious compliance error. The only grounds for denying access are narrow (e.g., psychotherapy notes, information that would endanger the patient or another person).

What is the difference between EHR and EMR, and what does this mean for paraoptometrics?

EHR (Electronic Health Record) and EMR (Electronic Medical Record) are often used interchangeably, but technically: EMR refers to a digital version of the paper chart within a single practice—it does not travel with the patient. EHR is a more comprehensive system that can share information across multiple providers and settings (interoperability). Most modern optometry systems are technically EMRs, though the term "EHR" is commonly used. For paraoptometrics, these systems affect: how patient data is entered and retrieved, how visit notes and test results are filed, how prescriptions and orders are managed, how billing codes are attached to encounters, and how records are released (via secure electronic transmission or printed PDF).

What should a paraoptometric do if they discover a documentation error in a patient's medical record?

Never delete or white-out an error in a medical record—this can be considered fraud or falsification. The correct process: (1) Draw a single line through the error (if paper); the original entry must remain legible. (2) Write "ERROR" next to the line. (3) Make the correction adjacent to or below the error. (4) Date and initial the correction. (5) For electronic records: use the correction or addendum function in the EHR—most systems create an audit trail showing the original entry and correction, who made it, and when. Do NOT edit the original note to remove incorrect information. Legal and billing documents require an accurate audit trail. Any systematic errors (e.g., a billing code incorrectly applied across many patients) should be reported to the supervisor and potentially to the payer as an overpayment.

Ready to Pass Your CPO Exam?

Practice with free weekly questions tailored for CPO certification candidates.