healthcare records management in the hse
DESCRIPTION
TRANSCRIPT
![Page 1: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/1.jpg)
1
Health Service Executive Healthcare Records Management Programme
Wednesday 16th November 2011
Irish Computer Society Data Protection Workshop
![Page 2: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/2.jpg)
2
Introduction
• Name
• Background
• Current role
• Healthcare records
![Page 3: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/3.jpg)
3
Overview
• Context
• Aims of the programme
• What have we done?
• The challenges
• Practical steps to prevent a Data
Protection Breach
![Page 4: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/4.jpg)
4
• Patient Safety
• Litigation
• Legislation
• Electronic Patient Record
Context
![Page 5: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/5.jpg)
5
Eight rules of Data Protection
1. Obtain and process data fairly2. Keep it only for one or more specified, explicit and
lawful purposes3. Use and disclose it only in ways compatible with these
purposes4. Keep it safe and secure5. Keep it accurate, complete and up-to-date6. Ensure that it is adequate, relevant and not excessive7. Retain it for no longer than is necessary for the
purpose or purposes for which it was obtained8. Give a copy of his/her personal data to an individual,
on request
![Page 6: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/6.jpg)
6
Aims of the programme
• To provide a framework for consistent, coherent healthcare records management in the HSE which in turn supports a high quality service
• To develop and implement initiatives to improve healthcare records management and promote patient safety
![Page 7: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/7.jpg)
7
What have we done?
• Developed Standards & Recommended Practices
• Standardised national healthcare record
• Developed in the context of the acute services but currently extending the work of the programme to all Community Services including Mental Health
![Page 8: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/8.jpg)
8
Types of records
• Patient records (electronic or paper based)
• Emergency department, birth, theatre and other related registers
• X-ray images and reports• Photographs and slides• Microfiche/microfilm• Audio and video tapes etc.• Computerised records• Scanned records
![Page 9: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/9.jpg)
9
What are medical records?
Adequate medical records enable you or
somebody else to reconstruct the
essential parts of each patient contact
without reference to memory.
Medical Protection Society, 2010
![Page 10: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/10.jpg)
10
Importance of the healthcare record
• The healthcare record plays a crucial role in the provision of care
• It supports continuity of care and facilitates communication between all members of the multidisciplinary team
• It is a legal document that provides an overview of the service user’s state of health before, during and after a particular therapy/treatment
![Page 11: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/11.jpg)
11
• The HSE is the largest controller of health and personal information in the state and we have a duty to ensure that we’re fully compliant with the Data Protection Acts of 1988 and 2003
• Data Protection is the responsibility of all staff
• However, healthcare records can be complex and the needs within a healthcare setting diverse so there are many challenges
Data Protection
![Page 12: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/12.jpg)
12
Complexity of the service - storage
• Current records stored in the healthcare record library
• Healthcare records no longer in everyday use that still need to be retained. Such records are often stored in secondary storage which may be on or off-site
• Healthcare records that have been transferred to an alternative medium, e.g. microfilm
The challenges
![Page 13: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/13.jpg)
13
The challenges cont’d
Complexity of the service – access
Healthcare records are required in variouslocations throughout the hospital and off-site
• Emergency Department• The wards• Day Care Unit• Outpatient Department• Clinical Nurse Specialists• Health & social care professionals • Outreach Clinics
![Page 14: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/14.jpg)
14
Not only HSE staff we have to consider:
• Students from all healthcare professions
• Work experience
• External contractors
• Volunteers
• Service user representatives
The challenges cont’d
![Page 15: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/15.jpg)
15
Practical steps to prevent a Data Protection Breach
• Care should be taken to ensure that healthcare records are not deliberately or inadvertently viewed by uninvolved parties (e.g. files left on a desk, computer screens on view)
• Healthcare records should be stored in a secure/supervised area with restricted access
![Page 16: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/16.jpg)
16
Practical steps cont’d
• Files not in secure/supervised area with restricted access should be kept locked away when not being used
• A ‘clear desk’ policy should be operated at the end of each working day or when long periods of absence are taken away from the desk/office
• Where healthcare records are kept in offices, whenever the office is left unattended it should be securely locked
![Page 17: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/17.jpg)
17
Practical steps cont’dTransporting Healthcare records (Rec. Practice 30)
• Healthcare records:– should only be transported by authorised staff – should be transported in such a way that patient names
are not visible– should never be left unattended in the course of their
delivery
• Where healthcare records are transferred outside of the organisation they should be carried in a storage case, box file or in a sealed confidential pouch where the name on the record(s) cannot be identified
• If the situation arises that healthcare records must be left in an individual’s car, a taxi or ambulance (even for a very short time) they should be placed out of sight in the boot and the vehicle kept locked at all times
![Page 18: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/18.jpg)
18
Practical steps cont’d
• It is preferable that post rather than fax or e-mail is used for client related correspondence
• When it is necessary to use either fax or e-mail the HSE’s Electronic Communication Policy must be adhered to
• Fax numbers which are used on a regular basis should be pre-programmed to help avoid dialling the incorrect number
![Page 19: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/19.jpg)
19
Practical steps cont’d
• When posting personal information, ensure the correct size envelope is used to prevent the envelope from tearing and ensure the envelope is well sealed
• Ensure you have the correct postal address
• When posting sensitive personal information always use registered post
![Page 20: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/20.jpg)
20
Practical steps cont’d
• When sending e-mail, double check the details to ensure you are sending the information to the correct address. Problems have been encountered by selecting the wrong recipient from an address list or using a similar (but incorrect) address
• When sending an attachment via e-mail, double check to ensure the correct attachment is sent
![Page 21: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/21.jpg)
21
Practical steps cont’d
• When sending attachments that contain sensitive personal data via e-mail outside of ‘@hse.ie’ ensure the attachment is password protected (ICT will provide assistance)
• The HSE’s Encryption Policy must be strictly adhered to regarding desktop computers, mobile computer devices and removable storage devices
• Each staff member is responsible for ensuring that their electronic devices are encrypted
![Page 22: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/22.jpg)
22
Practical steps cont’d
• Passwords:– must not be shared amongst colleagues– must not be written down and left in convenient
places (on or near your desktop/laptop)– should be changed at regular intervals
• Remember your password determines your level of access
• For further information on passwords please check the HSE’s Password Standards Policy
![Page 23: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/23.jpg)
23
Good practice
• PPPG’s in place that encompass all the principles of the Standards & Recommended Practices
• Recommended Practices that are particularly relevant:– 12 Service user information requests (page 106)– 13 Requests for the healthcare record for research purposes
(page 121)– 16 Confidentiality & Security of service user healthcare
information (page 130)– 18 Service user registration (page 138)– 21 Storage of the healthcare record (page 149)– 29 Transfer of healthcare information (page 172)– 30 Transporting the healthcare record (page 174)
• NHO Code of Practice for HCRM (part 5) Retention and Disposal Schedule
![Page 24: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/24.jpg)
24
What to do in the event of a breach
• The HSE’s Data Protection Breach Management Policy must be adhered to
• All information breaches must be reported to the Consumer Affairs or ICT Directorate immediately
• Members of staff and their line manager must complete a Data Breach Incident Report and forward (via fax or e-mail a scanned copy) to their local Consumer Affairs Area Office (manual) or ICT Office (electronic)
• Consumer Affairs will notify the Data Protection Commissioners office, if required
![Page 25: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/25.jpg)
25
Conclusion
• Managing healthcare records is vital whether resources are adequate or scarce
• We face many challenges, but we have a duty of care to our patients and a legal responsibility
• In recent times the medical sector has found itself in the midst of what could be described as a storm of Data Protection breaches
• We cannot ignore things and hope the storm passes
![Page 26: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/26.jpg)
26
Conclusion
• We must raise awareness
• We must do the right thing
• We must make our staff aware of their responsibilities:
– Training– E-mail blitz– Reminder at all staff meetings– Sign a declaration
![Page 27: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/27.jpg)
27
Useful links
• Electronic Communications Policy http://www.hse.ie/eng/services/Publications/pp/ict/Electronic_Communications_Policy.pdf
• Encryption Policy http://www.hse.ie/eng/services/Publications/pp/ict/Encryption_Policy.pdf
• Password Standards Policy http://www.hse.ie/eng/services/Publications/pp/ict/Password_Standards_Policy.pdf
• Data Protection Breach Management Policy http://www.hse.ie/eng/services/Publications/pp/ict/Data_Protection_Breach_Management_Policy.pdf
![Page 28: Healthcare Records Management In The HSE](https://reader033.vdocuments.site/reader033/viewer/2022061211/5492fb5fac7959482e8b4742/html5/thumbnails/28.jpg)
Thank you