Information security, confidentiality
As with paper records, physicians have an ethical and legal obligation to keep all patient information confidential. However, when patient information is stored in a shared eRecord, it is likely accessible to a greater number of people than a traditional paper record and as a result protection is more complex.
Robust security features and policies must ensure information in an eRecord is only accessible within the circle of care to provide patient care, or for other purposes that are authorized by law or with the express consent of the patient. This can be achieved through the use of secure login protocols. In addition to having security mechanisms that limit access to authorized persons only, where possible it is prudent to consider equipping the eRecord system with controls that restrict access based on the user’s role and responsibilities. Having an automatic feature that logs the user out after a period of inactivity, and installing anti-virus, malware, and spyware software are other ways to protect patient information. Consult with the system vendor or provincial, territorial, or national medical associations and federations for assistance in choosing appropriate security features.
When using a wireless network to access and send patient information contained in an eRecord, physicians should consider how to ensure that the network is secure. Particular caution should be paid to remotely accessing eRecords using a wireless device, including smartphones and tablets. Appropriate security controls should be installed on mobile devices and wireless networks to prevent unauthorized access to eRecords.
In addition to addressing security issues when an eRecord system is implemented, it is equally important to ensure that these same issues are periodically assessed and revised, as necessary. The physical security, secure backup of records, and the periodic review and updating of policies and training remain important even after an eRecord system is implemented.
Physicians should employ encryption protection on all computer systems containing personal health information. Those who store patient information on portable data storage devices such as tablets, smartphones, USB flash drives, and portable hard drives should also consider installing encryption software on these devices.
Some privacy commissioners and Colleges have stated that physicians and other custodians must encrypt patient information stored on mobile devices. As new technologies evolve, physicians should continue to consult vendors and privacy commissioners, among others, about the appropriate degree of security.
An eRecord should have an audit trail detailing who accessed the record, their activities, and any alterations. The audit helps demonstrate that the information is authentic and reliable by providing a log of the activity in the record through the creation of “metadata.”
Physicians should comply with all applicable policies, by-laws, or regulations that stipulate the audit trail functionality. Generally, the system should enable the physician to:
- identify who has accessed the record
- identify what, if any, alterations have been made
- identify who made a specific alteration and when
- print and view a copy of the unedited, original version of the record (any amendments should be separately visible without permanently deleting the original entry)
- demonstrate that the chain of custody of the record or entry is sound
Backup and recovery
Computer systems can become compromised by ransomware and other types of malware, which can lead to the loss of patient information. In some jurisdictions, legislation and regulatory authority policies require that electronic files are routinely backed-up and that the system allows files to be recovered.
It is a good practice to back up patient information daily or weekly and to ensure the backup files are encrypted. Physicians may also want to regularly test the restore process for these backed up files. Furthermore, they may wish to use an off-site backup system to protect patient records, in case an office computer is stolen, lost, or destroyed. An example of such an off-site system is the use of cloud computing technology to deliver backup services over the Internet. Physicians should consult with their vendor or service provider for more information about the backup and recovery capabilities of their system and the options available for off-site backup.
Physicians who are already using an EMR and wish to switch to a new EMR software or vendor will need to consider how to maintain the integrity of the patient data as entered in the old EMR system. Options may include migrating the data from the old system into the new system or archiving the data in the old system.
Regardless of the process, physicians will want to ensure they have continued access to their patients’ data for the applicable retention period and that the information, including the metadata and audit trail, is not compromised or otherwise changed in the process. This can be a challenging and labour intensive process, so physicians may wish to consult with IT professionals and their system vendor.
Privacy impact assessments
Some jurisdictions require a privacy impact assessment before an EMR system is implemented or changes are made to an existing system. While the assessment may not be a legal requirement in every province or territory, it is a prudent and valuable procedure.
These assessments identify and minimize the privacy risks associated with the implementation of the EMR system. Physicians are encouraged to consult with their privacy commissioner or ombudsman on how to conduct a privacy impact assessment. Some privacy commissioners have published guidelines. In some provinces and territories, it may be necessary to submit the completed privacy impact assessment to the privacy commissioner for review and comment.