Security

Security

Physicians need to be aware that e-mails and web servers
are not secure. Physicians should not send personal
health information by e-mail without express consent to
do so from the patient. Service providers such as Rogers
or Sympatico do not provide secure e-mail systems.
Web-enabled e-mail, such as Hotmail, is completely
unsecured. There are systems that provide an acceptable
level of security; those physicians who wish to send personal
health information by e-mail should use an
encrypted or otherwise secure system.
Wireless Internet access causes other security concerns.
If physicians are using such a system, it is highly possible
that others in the vicinity can “eavesdrop” on the
information being accessed. Document and system
password protection can delay or prevent unauthorized
access but physicians using wireless Internet must be
sensitive to the security issues.
All hard drives fail eventually. It is mandatory for
physicians using electronic records to ensure that they
are using an effective back-up system that is updated
frequently. Furthermore, an off-site back-up system is
highly recommended (for example, a CD or other
mass storage device). This will protect patient records
in the event that the physician’s computer or office has
been destroyed.
While electronic records offer opportunities to
enhance patient privacy (by restricting office staff
access in a way that is impossible in an office using
paper records, for example), they may also be vulnerable
to intrusion. Physicians should document protocols
about who in their office has access to which
records and should ensure that the system being used
restricts access to those entitled to access. This would
apply even more acutely to physicians using systems
that allow them to share records with hospitals and
other care facilities. In such circumstances, it is essential
that physicians ensure that adequate security
measures are in place.
A physician is more likely to take his or her laptop out
of the office than all of his or her paper records. For
physicians who take records out of the office or access
their electronic records from a location other than
their own office, it is imperative that they take the
appropriate measures to restrict access and maintain
the privacy of patients’ personal health information.

[ ... ]

Networking

Networking

One advantage electronic records have to offer is simple
and fast electronic transmission of test results and
other documents between health care providers or
facilities. At the time of writing, electronic systems are
not sufficiently sophisticated to manage such transactions.
This development is anticipated. In the interim,
a physician may not rely on electronic communications
of this type unless he or she has taken reasonable
steps to ensure that documents sent are received.
Transfer from Paper to Electronic Records
When a physician scans his or her paper records to
convert them to electronic form, the original paper
records may be destroyed in accordance with the principles
set out in this policy.

[ ... ]

Record Storage

Record Storage

Copying patient records is easy and inexpensive in
electronic form. It is essential that a physician be aware
of the number of copies of his or her records that are
created and ensure that only as many copies are maintained
as are required for system security. For example,
many physicians will rely on systems in which a central
server is used for storage. The physician must ensure
that the privacy of patient records will be adequately
protected whether the information is stored in premises
within the physician’s control or otherwise. Physicians
must discuss how records can be expunged or protected
by the service provider before entering into a contract
for the provision of the service. In order to protect
patient privacy, when the physician ceases to use that
storage system, he or she should ensure that no copy is
left with the server. If the information is stored on the
computer’s hard drive, the hard drive itself should
either be crushed or wiped clean with a commercial
disk wiping utility. Similarly, any back-up copies of
medical records should be destroyed when the original
records are destroyed.

[ ... ]

Electronic Records

Electronic Records

All of the principles discussed in this policy apply
equally to electronic records. The records must contain
the story of the patient. While there is some
debate about the preferred format of electronic
records (e.g., template-based records vs. voice dictation-
based records), an electronic format will be adequate
if it can capture all the pertinent personal health
information and allows the user to centralize the
essentials of the patient’s story on several screens. If
the format cannot do this, it is probably not satisfactory
and the physician should consider using an alternative
system.
The College recognizes some limitations of electronic
records at the time of writing this policy. In many
cases, the printable version of the electronic record
does not readily enable a reviewer to understand the
whole patient record and is, therefore, of limited use.
Furthermore, some of the systems do not readily allow
the physician to capture nuances of the patient
encounter. Physicians using such systems must ensure
that each record entry captures the unique aspects of
that particular patient encounter. The College is aware
that this is a developing area and that there is great
potential for electronic record keeping to enhance the
practice of medicine.
Physicians have an obligation to provide printed
copies of electronic records when asked to do so. In
order to ensure they can be understood, some physicians
provide the print-out from the electronic record
together with a dictated summary to provide an
overview of the patient’s story.
Specific requirements for physicians who maintain
electronic patient records are set out in sections 18-21
of Ontario Regulation 114/94, listed in Appendix A.
The College notes that residents frequently retain
patient information on PDAs and laptops in order to
track workload and for educational purposes. Issues
about storage, deletion of records and privacy of
health information can pose the same problems in this
context as discussed elsewhere in this policy, and those
who are using records in this fashion are cautioned to
ensure that they are doing so in adherence to the policy.

[ ... ]

Storage and Security

Storage and Security

Medical records must be stored in a safe and secure
environment to safeguard their physical integrity and
confidentiality. Physicians must take reasonable steps
to ensure that records are protected from theft, loss
and unauthorized use or disclosure, including photocopying,
modification or disposal.
What is reasonable depends on the threats, risks and
vulnerabilities to which the information is exposed,
the sensitivity of the information, and the extent to
which it can be linked to an identifiable individual.
Consideration must be given to each of the following
aspects of record protection:
• Physical security (for example, locked file cabinets,
restricted office access, alarm systems).
• Technological security (for example, passwords,
encryption and firewalls).
• Administrative controls (for example, security clearances,
access restrictions, staff training and confidentiality
agreements).8
Patient records should be kept in restricted access
areas or locked filing cabinets, and measures should be
in place to ensure that only those who need access to
the records for a legitimate purpose are able to see
them. Physicians need to consider that non-medical staff,
such as maintenance staff, may have access to
records, and must ensure that steps are taken to
ensure that access to the records is limited or that
those who have access to the records are bound by an
appropriate confidentiality agreement.

[ ... ]

Removing Portions of the Record

Removing Portions of the Record

Sometimes storage requirements may necessitate the
removal of some materials from a patient’s active
chart. If investigation results and consultation reports
are no longer relevant to the patient’s current care, it is
permissible to store them elsewhere (in accordance
with the retention requirements set out in the regulation,
see below for further detail). In such instances,
the physician should make a notation indicating that
documents have been removed from the chart and the
location where they have been stored.

Clarity and Legibility
The regulation requires that medical records be legible.
5 Furthermore, the College expects that the records
can be interpreted by the average health care professional.
If there is difficulty with the legibility of the
records, an alternate means of note taking should be
considered (e.g., voice dictation, electronic medical
records, or handwriting recognition software).
Using conventional medical short forms is permissible.
However, the meaning should be readily available to
a health care professional reading the record.

[ ... ]