Action 1.16

The governing body and managers should ensure that an effective system is in place for recording, communicating, using and securely storing patient clinical information. This is to provide safe, high-quality care to individual patients, and to enable relevant information to be extracted for quality assurance, teaching and research purposes.

Access to the healthcare record at the point of care facilitates recording of the patient’s status and changes to treatment.

Review the healthcare records system

A number of standards, guidelines and policies apply to healthcare record documentation – for example, medical record–keeping requirements for good medical practice¹ of the Medical Board of Australia, and state or territory health department standards for healthcare record documentation and data capture.^{2, 3}

An effective healthcare records system should incorporate:

• A workforce that is appropriately qualified and experienced in the management of healthcare records systems, with appropriate leadership skills and authority
• Orientation and training of the clinical workforce in the organisation’s requirements for healthcare record documentation, including the safety and quality rationale for those requirements
• Clearly documented accountabilities and terms of reference for the individual or committee responsible for governance of the healthcare records system
• Accountability for healthcare record documentation in performance development processes for the clinical workforce
• Position descriptions and statements of responsibility for all members of the workforce (clinical and non-clinical), which may explicitly define
  • the obligation of all members of the workforce to protect patient privacy and confidentiality
  • the link to the organisation’s performance management system
  • the consequences of intentional breach of the obligation
• Policies, procedures and protocols addressing
  • standards and processes for managing healthcare records (including retention, digital and manual storage and transport systems, access at the point of care, emergency access to records when a patient is unable to consent, and record disposal requirements)
  • standards for documentation, with a focus on the information that should be recorded to enable monitoring of quality of care, contemporaneous recording of clinical information, and the availability of formal reports on investigations, including imaging and pathology tests
  • how changes to the healthcare record are authorised
  • standards and processes for establishing standalone clinical registries for quality or research purposes
  • the conduct of compliance audits
  • compliance with the relevant standards, and professional and legislative requirements in the relevant state or territory
• Structures (for example, healthcare record committees) and processes to enable healthcare record risks and opportunities to be evaluated, and changes made to improve the standard of documentation
• Physical or digital facilities for the reliable and secure management of patient healthcare records
• Periodic audit and continuous improvement of the healthcare records system.

Review privacy and confidentiality

Information about an individual’s physical or mental health and wellbeing is both personal and sensitive, and there are many ethical, professional and legal restrictions on the way this information can be used.

People assume all communications with their clinicians are private, and the law reflects this expectation. The confidentiality or privacy of most health information is protected by statutory or common law requirements of confidentiality and privacy. However, the precise legislative requirements vary between states and territories.

Providing the appropriate physical infrastructure (for example, private interview rooms, patient status boards that are screened from public view) is not enough to ensure privacy and confidentiality. The culture and practices of the workforce are key to the appropriate protection of patient clinical information.

Consider the need to:

• Explicitly recognise the sensitivity of patient clinical information, and the need to protect confidentiality and privacy
• Recognise the role of patient consent in the use or disclosure of information for purposes other than direct provision of care
• Explain to patients and carers how patient information is collected, used and disclosed, and the safeguards that apply
• Develop and implement specific policies and procedures addressing the use of clinical information for clinical, educational, quality assurance and research purposes, including robust authorising procedures for any uses or disclosures outside the usual provision of care (including the development of clinical registries).

Audit the system

Periodically audit the design and performance of the healthcare records system to ensure system effectiveness. Structure the healthcare record to guide the clinical workforce to record important information relevant to the safety and quality of care. This will also assist organisations to audit compliance with relevant standards.

If more than one information system is used to capture patient clinical information, periodically review these systems to ensure that the processes for information capture are well designed, well resourced and working effectively (that is, the transfer of information is accurate, prompt, compatible and secure).

Examples of evidence

Select only examples currently in use:

• Policy documents about healthcare record management, including access, storage, security, consent and sharing of patient information
• Audit results of healthcare records for compliance with policies, procedures or protocols on healthcare records management, including access to healthcare records and sharing of information
• Audit results of the accuracy, integration and currency of healthcare records
• Observation that healthcare records are accessible at the point of patient care
• Observation that computer access to electronic records is available to the clinical workforce in clinical areas
• Committee and meeting records in which the governance of the health service organisation’s data and information technology (IT) systems is monitored or discussed
• Code of conduct that includes privacy and confidentiality of consumer information
• Signed workforce confidentiality agreements
• Secure archival storage and disposal systems
• Observation of secure storage systems in clinical areas
• Observation that computers are password protected
• Records of ethics approval for research activities that involve sharing patient information
• Templates for issuing login and password details for electronic healthcare records systems
• Audit results of the use of a unique identifier in the healthcare records management system
• Training documents about the healthcare records management system
• Systems in place that enable combining of multiple information systems.

The governing body and managers should ensure that an effective system is in place for recording, communicating, using and securely storing patient clinical information. This is to provide safe, high-quality care to individual patients, and to enable relevant information to be extracted for quality assurance purposes.

Access to the healthcare record at the point of care facilitates recording of the patient’s status and changes to treatment. There may be two sets of records for patients receiving care in a day procedure service – one held by the clinician in their consulting rooms and one that is held by the day procedure service.

Review the healthcare records system

A number of standards, guidelines and policies apply to healthcare record documentation – for example, medical record–keeping requirements for good medical practice¹ of the Medical Board of Australia, and state or territory health department standards for healthcare record documentation and data capture.^{4, 5}

An effective healthcare records system should incorporate:

• A workforce that is appropriately qualified and experienced in the management of healthcare records systems, with appropriate leadership skills and authority
• Orientation and training of the clinical workforce in the organisation’s requirements for healthcare record documentation, including the safety and quality rationale for those requirements
• Clearly documented accountabilities and terms of reference for the individual or committee responsible for governance of the healthcare records system
• Accountability for healthcare records documentation in performance development processes for the clinical workforce
• Policies, procedures and protocols addressing
  • standards and processes for managing healthcare records (including retention, digital healthcare and manual storage and transport systems, access at the point of care, emergency access to electronic records when a patient is unable to consent, and record disposal requirements)
  • standards for documentation, with a focus on the information that should be recorded to enable monitoring of quality of care, contemporaneous recording of clinical information, and the availability of formal reports on investigations, including imaging and pathology tests
  • how changes to the healthcare record are authorised
  • standards and processes for establishing standalone clinical registries for quality or research purposes
  • the conduct of compliance audits
  • compliance with the relevant standards, and professional and legislative requirements in the relevant state or territory
• Structures (for example, healthcare record committees) and processes to enable healthcare record risks and opportunities to be evaluated, and changes made to improve the standard of documentation
• Physical or digital facilities for the reliable and secure management of patient healthcare records
• Periodic audit and continuous improvement of the healthcare records system.

Review privacy and confidentiality

Information about an individual’s physical or mental health and wellbeing is both personal and sensitive, and there are many ethical, professional and legal restrictions on the way this information can be used.

People assume that all communications with their clinicians are private, and the law reflects this expectation. The confidentiality or privacy of most health information is protected by statutory or common law requirements of confidentiality and privacy. However, the precise legislative requirements vary between states and territories.

Providing the appropriate physical infrastructure (for example, private interview rooms, patient status boards that are screened from public view) is not enough to ensure privacy and confidentiality. The culture and practices of the workforce are key to the appropriate protection of patient clinical information.

Consider the need to:

• Explicitly recognise the sensitivity of patient clinical information, and the need to protect confidentiality and privacy
• Recognise the role of patient consent in the use or disclosure of information for purposes other than direct provision of care
• Explain to patients and carers how patient information is collected, used and disclosed, and the safeguards that apply
• Develop and implement specific policies and procedures addressing the use of clinical information for clinical, educational, quality assurance and research purposes, including robust authorisation procedures for any uses or disclosures outside the usual provision of care (including the development of clinical registries).

Audit the system

Periodically audit the design and performance of the healthcare records system to ensure system effectiveness. Structure the healthcare record to guide the clinical workforce to record important information relevant to the safety and quality of care. This will also assist organisations to audit compliance with relevant standards.

If more than one information system is used to capture patient clinical information, periodically review these systems to ensure that the processes for information capture are well designed, well resourced and working effectively (that is, the transfer of information is accurate, prompt, compatible and secure).

Examples of evidence

Select only examples currently in use:

• Policy documents about healthcare record management, including access, storage, security, consent and sharing of patient information
• Audit results of healthcare records for compliance with policies, procedures or protocols on healthcare records management, including access to healthcare records and sharing of information
• Audit results of the accuracy, integration and currency of healthcare records
• Observation that healthcare records are accessible at the point of patient care
• Observation that computer access to electronic records is available to the clinical workforce in clinical areas
• Committee and meeting records in which the governance of the health service organisation’s data and information technology (IT) systems is monitored or discussed
• Code of conduct that includes privacy and confidentiality of consumer information
• Signed workforce confidentiality agreements
• Secure archival storage and disposal systems
• Observation of secure storage systems in clinical areas
• Observation that computers are password protected
• Records of ethics approval for research activities that involve sharing patient information
• Templates for issuing login and password details for electronic healthcare records systems
• Audit results of the use of a unique identifier in the healthcare records management system
• Training documents about the healthcare records management system
• Systems in place that enable combining of multiple information systems.

MPSs or small hospitals that are part of a local health network or private hospital group should adopt or adapt and use the established healthcare records management system.

Small hospitals that are not part of a local health network or private hospital group should develop or adapt an organisation-wide records management system that:

• Ensures that healthcare records are available at the point of care
• Has processes to maintain the confidentiality and privacy of patient information, including infrastructure, policies and workforce training for paper-based and digital healthcare records, and ensures they are consistent with the law and good practice
• Ensures that the workforce is trained in the use and maintenance of healthcare records
• Documents accountabilities and terms of reference for the individuals or groups responsible for governance of the healthcare records system
• Periodically reviews the design of the healthcare record to ensure that it enables documentation of the relevant clinical elements and clinical audit
• Ensures that systems are in place for data entry to clinical registries, when required
• Periodically audits the performance of the healthcare records systems, and improves them as necessary
• When multiple information systems are used to capture patient clinical information, periodically reviews the data systems to ensure that the processes for information capture are well designed, well resourced and working effectively.

Examples of evidence

Select only examples currently in use:

• Policy documents about healthcare record management, including access, storage, security, consent and sharing of patient information
• Audit results of healthcare records for compliance with policies, procedures or protocols on healthcare records management, including access to healthcare records and sharing of information
• Audit results of the accuracy, integration and currency of healthcare records
• Observation that healthcare records are accessible at the point of patient care
• Observation that computer access to electronic records is available to the clinical workforce in clinical areas
• Committee and meeting records in which the governance of the health service organisation’s data and information technology (IT) systems is monitored or discussed
• Code of conduct that includes privacy and confidentiality of consumer information
• Signed workforce confidentiality agreements
• Secure archival storage and disposal systems
• Observation of secure storage systems in clinical areas
• Observation that computers are password protected
• Records of ethics approval for research activities that involve sharing patient information
• Templates for issuing login and password details for electronic healthcare records systems
• Audit results of the use of a unique identifier in the healthcare records management system
• Training documents about the healthcare records management system
• Systems in place that enable combining of multiple information systems.