Record Storage, Security, & Retrieval

Standard 5.6: Record Storage, Security, & Retrieval

The Professional Practice Standards regarding record storage, security, and retrieval. This includes the standard, examples in demonstrating the standard, and related resources.

Record Storage, Security, & Retrieval

Standard 5.6: Record Storage, Security, & Retrieval

The Professional Practice Standards regarding record storage, security, and retrieval. This includes the standard, examples in demonstrating the standard, and related resources.

Aller au sujet :

The Standard

 

5.6.1 Registrants take steps that are reasonable in the circumstances to ensure that personal health information is protected against theft, loss and unauthorized use, disclosure, modification, or disposal.

Standard 5.6

Demonstrating the Standard

  • Standard 5.6

    • Developing record-keeping policies when the registrant is a health information custodian or following the policies of the registrant’s group practice or employer when they work for a health information custodian.
    • Organizing records in a logical and systematic fashion to facilitate retrieval and use of the information.
    • Maintaining records in such a way as to support an audit trail.
Standard 5.6

Commentary

Background

Whether records are on paper or electronic, there are various safeguards and measures to maintain the security and integrity of personal health information, including:

 

Physical safeguards

 

  • Securing paper records and electronic devices in locked spaces
  • Ensuring screens displaying personal health information are not viewable by individuals without authorization
  • Securely disposing paper files, e.g., micro-cut shredding

 

Electronic safeguards

 

  • Firewalls, encryption, virus protection, system security updates
  • User ID and password protection
  • Automated backups at reasonable intervals, recovery tests
  • Record integrity and audit capability to capture:
    • Date, time, and author of each entry, including changes that preserve the original entry
    • Who has viewed the record, and when
    • Log of data exports and exchanges with other systems
  • Alternate record-keeping method in case of system failure
  • Secure deletion of client records once retention period has ended

 

Administrative safeguards

 

  • Need-to-know access
  • Confidentiality agreements with anyone who can view personal health information
  • Privacy training
  • Log to track when files are to be disposed

 

Registrants also make reasonable efforts to maintain the security of client records during transmission or disclosure (for example, by using mail or courier with tracking or encrypted electronic transmission).

 

Registrants need to ensure that any electronic record-keeping system they use allows them to meet their record-keeping obligations. These obligations include, but are not limited to, the ability to retrieve, transfer, amend,[1] and securely destroy records.

 

[1] The system must also maintain the original entry.

Rejoignez notre liste de diffusion et restez informé rendez-vous avec les dernières nouvelles

Inscrivez-vous pour recevoir des nouvelles et des informations de notre part.

Inscrivez-vous aujourd'hui
Cette page est actuellement en cours de traduction et sera bientôt complétée.