Healthcare Records Management In The HSE


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Gay Murphy I’ve worked with the HSE for over 30 years always in the acute hospital setting HCR Project Manager for the hospital group south east Leading out on the HCRM Programme on behalf of the Quality & Patient Safety Directorate with the support of a National Advisory Group Liam Quirke from HSE West is our advisor when it comes to DP and FOI I want to clarify when I refer to records today it’s healthcare records and not HR or Finance or any other type of records
  • Today I will: define the context and set out the aims of the HCRM Programme tell you what we’ve done look at the challenges set out what you should be doing to ensure that you’re managing your records in accordance with the Data Protections Acts of 1988 and 2003
  • The drivers of the programme are PATIENT SAFETY, litigation, making sure we comply with current legislation and getting our house in order in preparation for electronic patient records but today we’re going to focus on Legislation and in particular the DATA PROTECTION Acts of 1988 and 2003
  • We must obtain and process the data fairly The data must be collected for a specified purpose We must only disclose the data where it is compatible with the purpose When we obtain data we must keep it safe and secure We should have procedures in place to ensure that the data is accurate, complete and up to date The personal data we hold should be relevant and not excessive We should retain the data for only as long as is necessary We must comply with an access request if a person makes an application for their personal data
  • One of the key initiatives of the programme was to set Standards and develop Recommended Practices to support people in achieving the standards As part of that piece of work a national healthcare record was developed and has been implemented across the acute hospitals in the country I’m not sure if some of you here today are HSE staff working out in the community, but just to clarify the work so far has been focused on the acute services, but the programme has been extended to include all Community Services including Mental Health
  • The Standards & Recommended Practices apply to healthcare records of all types which may consist of ( read from slide ) This includes the private healthcare sector where the HSE healthcare record is used
  • Let me explain the importance of healthcare records and why they’re needed for us to conduct our business Healthcare records are crucial in the provision of patient care They support continuity of care and facilitate communication between all members of the multidisciplinary team. On night duty Need to know what’s my patient complaining of Is there a provisional diagnosis What happened today – did the patient have any tests or procedures Is my patient on medication? Have the meds changed or been discontinued – why? Are there alerts/allergies/risk factors that I need to be aware of? What’s the plan – does my patient need to be fasting or prepped for something tomorrow? The HCR is a legal document that provides an overview of the care and advice given to patients. HCR’s are used as evidence in litigation cases so what’s written and how it’s written is really important. No matter how much care or good advice is given, if it’s not documented then it’s assumed that it didn’t happen so records need to be available at the point of care when required Overall you can see the importance of the healthcare record
  • It’s not as simple as keeping everything in a filing cabinet that can be locked at the end of the working day – 24 hour service The range and location of records to be managed varies and includes (read from slide)
  • Within the acute hospital setting healthcare records need to be available for: Emergency admissions to the ED Elective admissions to the wards Day care unit for daycase procedures OPD for appointments Clinical Nurse Specialists for nurse led clinics such as diabetes care Health & Social care professionals, e.g. physiotherapy Outreach clinics, e.g. WGH hold Obstetric Outreach Clinic in Gorey As you can see the task of co-ordinating the retrieval and secure transfer of healthcare records from all areas for all services is mammoth Healthcare records are too vital to go unmanaged so good healthcare records management is crucial
  • Work experience – TY students External contractors – anything from storage vendors to building contractors Volunteers – people who visit, get items from the shop, play with children in our paediatric wards That just gives you an idea of the type of challenges we face everyday in the HSE
  • The ‘clear desk’ policy is very important – staff need to understand the importance of putting letters/reports out of sight and keeping them safe, i.e. not safe if left on a desk, even in a locked environment
  • Your password determines your level of access so it’s crucial not to share. We must only access records on a ‘need to know’ basis
  • Good practice in this area includes ( read from slide ) We must constantly strive to achieve the Standards (cannot afford to dilute)
  • Managing healthcare records is vital not only in terms of patient safety but also Data Protection The Quality & Patient Safety Directorate, for its part, has developed Standards & Recommended Practices for Healthcare Records Management. The Standards were written keeping the legislation in mind and you’ll find that guidance on protecting healthcare records and maintaining confidentiality is peppered throughout.
  • Personally: Laptop encrypted Remote access via secure client HSE USB Provided assurance to the National Director for QPSD by signing a declaration to ensure my personal compliance
  • Healthcare Records Management In The HSE

    1. 1. Health Service Executive Healthcare Records Management Programme Wednesday 16 th November 2011 Irish Computer Society Data Protection Workshop
    2. 2. Introduction <ul><li>Name </li></ul><ul><li>Background </li></ul><ul><li>Current role </li></ul><ul><li>Healthcare records </li></ul>
    3. 3. Overview <ul><li>Context </li></ul><ul><li>Aims of the programme </li></ul><ul><li>What have we done? </li></ul><ul><li>The challenges </li></ul><ul><li>Practical steps to prevent a Data Protection Breach </li></ul>
    4. 4. <ul><li>Patient Safety </li></ul><ul><li>Litigation </li></ul><ul><li>Legislation </li></ul><ul><li>Electronic Patient Record </li></ul>Context
    5. 5. Eight rules of Data Protection <ul><li>Obtain and process data fairly </li></ul><ul><li>Keep it only for one or more specified, explicit and lawful purposes </li></ul><ul><li>Use and disclose it only in ways compatible with these purposes </li></ul><ul><li>Keep it safe and secure </li></ul><ul><li>Keep it accurate, complete and up-to-date </li></ul><ul><li>Ensure that it is adequate, relevant and not excessive </li></ul><ul><li>Retain it for no longer than is necessary for the purpose or purposes for which it was obtained </li></ul><ul><li>Give a copy of his/her personal data to an individual, on request </li></ul>
    6. 6. Aims of the programme <ul><li>To provide a framework for consistent, coherent healthcare records management in the HSE which in turn supports a high quality service </li></ul><ul><li>To develop and implement initiatives to improve healthcare records management and promote patient safety </li></ul>
    7. 7. What have we done? <ul><li>Developed Standards & Recommended Practices </li></ul><ul><li>Standardised national healthcare record </li></ul><ul><li>Developed in the context of the acute services but currently extending the work of the programme to all Community Services including Mental Health </li></ul>
    8. 8. Types of records <ul><li>Patient records (electronic or paper based) </li></ul><ul><li>Emergency department, birth, theatre and other related registers </li></ul><ul><li>X-ray images and reports </li></ul><ul><li>Photographs and slides </li></ul><ul><li>Microfiche/microfilm </li></ul><ul><li>Audio and video tapes etc. </li></ul><ul><li>Computerised records </li></ul><ul><li>Scanned records </li></ul>
    9. 9. What are medical records? <ul><li>Adequate medical records enable you or </li></ul><ul><li>somebody else to reconstruct the </li></ul><ul><li>essential parts of each patient contact </li></ul><ul><li>without reference to memory. </li></ul><ul><li>Medical Protection Society, 2010 </li></ul>
    10. 10. Importance of the healthcare record <ul><li>The healthcare record plays a crucial role in the provision of care </li></ul><ul><li>It supports continuity of care and facilitates communication between all members of the multidisciplinary team </li></ul><ul><li>It is a legal document that provides an overview of the service user’s state of health before, during and after a particular therapy/treatment </li></ul>
    11. 11. <ul><li>The HSE is the largest controller of health and personal information in the state and we have a duty to ensure that we’re fully compliant with the Data Protection Acts of 1988 and 2003 </li></ul><ul><li>Data Protection is the responsibility of all staff </li></ul><ul><li>However, healthcare records can be complex and the needs within a healthcare setting diverse so there are many challenges </li></ul>Data Protection
    12. 12. <ul><li>Complexity of the service - storage </li></ul><ul><li>Current records stored in the healthcare record library </li></ul><ul><li>Healthcare records no longer in everyday use that still need to be retained. Such records are often stored in secondary storage which may be on or off-site </li></ul><ul><li>Healthcare records that have been transferred to an alternative medium, e.g. microfilm </li></ul>The challenges
    13. 13. The challenges cont’d <ul><li>Complexity of the service – access </li></ul><ul><li>Healthcare records are required in various </li></ul><ul><li>locations throughout the hospital and off-site </li></ul><ul><li>Emergency Department </li></ul><ul><li>The wards </li></ul><ul><li>Day Care Unit </li></ul><ul><li>Outpatient Department </li></ul><ul><li>Clinical Nurse Specialists </li></ul><ul><li>Health & social care professionals </li></ul><ul><li>Outreach Clinics </li></ul>
    14. 14. <ul><li>Not only HSE staff we have to consider: </li></ul><ul><li>Students from all healthcare professions </li></ul><ul><li>Work experience </li></ul><ul><li>External contractors </li></ul><ul><li>Volunteers </li></ul><ul><li>Service user representatives </li></ul>The challenges cont’d
    15. 15. Practical steps to prevent a Data Protection Breach <ul><li>Care should be taken to ensure that healthcare records are not deliberately or inadvertently viewed by uninvolved parties (e.g. files left on a desk, computer screens on view) </li></ul><ul><li>Healthcare records should be stored in a secure/supervised area with restricted access </li></ul>
    16. 16. Practical steps cont’d <ul><li>Files not in secure/supervised area with restricted access should be kept locked away when not being used </li></ul><ul><li>A ‘clear desk’ policy should be operated at the end of each working day or when long periods of absence are taken away from the desk/office </li></ul><ul><li>Where healthcare records are kept in offices, whenever the office is left unattended it should be securely locked </li></ul>
    17. 17. Practical steps cont’d <ul><li>Transporting Healthcare records (Rec. Practice 30) </li></ul><ul><li>Healthcare records: </li></ul><ul><ul><li>should only be transported by authorised staff </li></ul></ul><ul><ul><li>should be transported in such a way that patient names are not visible </li></ul></ul><ul><ul><li>should never be left unattended in the course of their delivery </li></ul></ul><ul><li>Where healthcare records are transferred outside of the organisation they should be carried in a storage case, box file or in a sealed confidential pouch where the name on the record(s) cannot be identified </li></ul><ul><li>If the situation arises that healthcare records must be left in an individual’s car, a taxi or ambulance (even for a very short time) they should be placed out of sight in the boot and the vehicle kept locked at all times </li></ul>
    18. 18. Practical steps cont’d <ul><li>It is preferable that post rather than fax or e-mail is used for client related correspondence </li></ul><ul><li>When it is necessary to use either fax or e-mail the HSE’s Electronic Communication Policy must be adhered to </li></ul><ul><li>Fax numbers which are used on a regular basis should be pre-programmed to help avoid dialling the incorrect number </li></ul>
    19. 19. Practical steps cont’d <ul><li>When posting personal information, ensure the correct size envelope is used to prevent the envelope from tearing and ensure the envelope is well sealed </li></ul><ul><li>Ensure you have the correct postal address </li></ul><ul><li>When posting sensitive personal information always use registered post </li></ul>
    20. 20. Practical steps cont’d <ul><li>When sending e-mail, double check the details to ensure you are sending the information to the correct address. Problems have been encountered by selecting the wrong recipient from an address list or using a similar (but incorrect) address </li></ul><ul><li>When sending an attachment via e-mail, double check to ensure the correct attachment is sent </li></ul>
    21. 21. Practical steps cont’d <ul><li>When sending attachments that contain sensitive personal data via e-mail outside of ‘’ ensure the attachment is password protected (ICT will provide assistance) </li></ul><ul><li>The HSE’s Encryption Policy must be strictly adhered to regarding desktop computers, mobile computer devices and removable storage devices </li></ul><ul><li>Each staff member is responsible for ensuring that their electronic devices are encrypted </li></ul>
    22. 22. Practical steps cont’d <ul><li>Passwords: </li></ul><ul><ul><li>must not be shared amongst colleagues </li></ul></ul><ul><ul><li>must not be written down and left in convenient places (on or near your desktop/laptop) </li></ul></ul><ul><ul><li>should be changed at regular intervals </li></ul></ul><ul><li>Remember your password determines your level of access </li></ul><ul><li>For further information on passwords please check the HSE’s Password Standards Policy </li></ul>
    23. 23. Good practice <ul><li>PPPG’s in place that encompass all the principles of the Standards & Recommended Practices </li></ul><ul><li>Recommended Practices that are particularly relevant: </li></ul><ul><ul><li>12 Service user information requests (page 106) </li></ul></ul><ul><ul><li>13 Requests for the healthcare record for research purposes (page 121) </li></ul></ul><ul><ul><li>16 Confidentiality & Security of service user healthcare information (page 130) </li></ul></ul><ul><ul><li>18 Service user registration (page 138) </li></ul></ul><ul><ul><li>21 Storage of the healthcare record (page 149) </li></ul></ul><ul><ul><li>29 Transfer of healthcare information (page 172) </li></ul></ul><ul><ul><li>30 Transporting the healthcare record (page 174) </li></ul></ul><ul><li>NHO Code of Practice for HCRM (part 5) Retention and Disposal Schedule </li></ul>
    24. 24. What to do in the event of a breach <ul><li>The HSE’s Data Protection Breach Management Policy must be adhered to </li></ul><ul><li>All information breaches must be reported to the Consumer Affairs or ICT Directorate immediately </li></ul><ul><li>Members of staff and their line manager must complete a Data Breach Incident Report and forward (via fax or e-mail a scanned copy) to their local Consumer Affairs Area Office (manual) or ICT Office (electronic) </li></ul><ul><li>Consumer Affairs will notify the Data Protection Commissioners office, if required </li></ul>
    25. 25. Conclusion <ul><li>Managing healthcare records is vital whether resources are adequate or scarce </li></ul><ul><li>We face many challenges, but we have a duty of care to our patients and a legal responsibility </li></ul><ul><li>In recent times the medical sector has found itself in the midst of what could be described as a storm of Data Protection breaches </li></ul><ul><li>We cannot ignore things and hope the storm passes </li></ul>
    26. 26. Conclusion <ul><li>We must raise awareness </li></ul><ul><li>We must do the right thing </li></ul><ul><li>We must make our staff aware of their responsibilities: </li></ul><ul><ul><li>Training </li></ul></ul><ul><ul><li>E-mail blitz </li></ul></ul><ul><ul><li>Reminder at all staff meetings </li></ul></ul><ul><ul><li>Sign a declaration </li></ul></ul>
    27. 27. Useful links <ul><li>Electronic Communications Policy </li></ul><ul><li>Encryption Policy </li></ul><ul><li>Password Standards Policy </li></ul><ul><li>Data Protection Breach Management Policy </li></ul>
    28. 28. Thank you