In this section you will learn to:
- Make required checks of patient records
- Carry out archiving of patient records
- Transfer patient records to another healthcare facility upon appropriate request
- Monitor and review own role and responsibilities in maintaining patient records
- Identify opportunities for improvement and make relevant recommendations for improvements
Supplementary materials relevant to this section:
- Reading D: Improving Practice
Now that you have a better understanding of your roles and responsibilities with regards to patient records, we will go through how to maintain patient records. We will also look at how you could monitor and review your own role to improve your own work practices. We will also briefly look at how you could identify opportunities to enhance your workplace’s established procedures about patient records.
Other than checking a patient’s record during their visit and whether their information is up-to-date, you would also need to check patient records periodically. The frequency would depend on your practice’s policies. One of the most common required checks is about a patient's privacy, specifically whether their records are stored in a safe and secure manner. For instance, if your practice uses physical records, check that the file cabinet is always placed in a room or area that is only accessible to authorised staff. During closing, you would also need to ensure that all patient records are returned to the locked cabinet and not left unsupervised in the practice such as at the reception.
Here’s another example: if your practice uses an electronic patient record management system, you should check periodically whether these records are backed up correctly, and saved in a secured location such as a password-protected drive. You would also need to check that the antivirus software system that your practice uses is running correctly and no virus or malware detected. If you are unsure about any of these procedures, you should clarify with your supervisor, and if available, the IT support person from your workplace.
Depending on your practice’s protocols and your specific role, there may be other required checks that you need to conduct periodically. When you are doing these routine checks, your workplace would most likely have a register to record down who accessed these records and what checks are conducted. Remember to adhere to your workplace’s protocols so that you and your practice are complying to the privacy legislations.
One of the routine checks that you may be tasked with is to archive patient records. This is often carried out when a patient is considered to be inactive, and can be due to multiple reasons such as a patient moving away or death of a patient. Your practice will have a specific set of protocols as to when and how to archive a patient record.
Typically, archiving a patient record is done by moving their file to another storage location that is secured and off-limits to non-authorised staff. When archiving a patient record, make sure you clearly label the archived records with the patient information, archived date, and other relevant information such as reason for archival. Your practice would also have an inventory list that keeps track of the records that have been archived, and you must fill in the relevant fields for accountability purposes. If your practice has a filing system to archive patient records, make sure you follow it, so that other staff who wish to retrieve it can do so efficiently. Further, your practice may be required to undergo compliance or Medicare claims audit. By having an efficient archival filing system, it helps facilitate the process by having quick access to these records.
When a patient record is archived after a period of time, their records are usually disposed of in a safe and secure manner. This retention period differs based on different factors, including the state and territory the practice is located at, the age of the patient, and the practice’s own policies. We will briefly look at the minimum retention period for a patient record.
In New South Wales, Victoria, and the Australian Capital Territory, there is legislation that requires patient records to be retained for at least seven years from the last date of entry in the record. This entry can be any form of interaction the patient has with the practice such as their last appointment visit or when you last entered their test result and updated it accordingly in their record, even if they did not make a visit (Health Practitioner Regulation 2010 (NSW); Health Records Act 1997; Health Records Act 2001; Health Records and Information Privacy Act 2002).
Not only that, if a patient is under 18 years old, you must retain their record until they turn 25 years old before their record can be disposed of. For patients who are 18 years old and above, the seven-year retention period will then be applied. If you are working in states and territories that do not have a legal requirement for minimum retention period, you must then adhere to your practice’s policy and protocols regarding the retention period of patient record.
The reason to retain a patient record for a minimum period of time is mainly to protect the rights of the patient and the healthcare professional. For example, if a patient is unsatisfied with their treatment and care, or experienced an adverse outcome due to their appointment, they may lodge a complaint or take legal action against your practice. In these instances, the patient records will be the basis for both parties to defend their claims (Avant, 2019).
Of course, these are only the minimum retention periods and it is the most ideal practice to keep a patient’s record for as long as possible. However, it may be impractical to retain a large number of records over a long period of time. After the minimum retention period according to your practice’s policies, you will then need to dispose of the records properly and in a secured manner.
Disposing Patient Records
Recall that we emphasised the importance of protecting the privacy and confidentiality of patient information when they visit the practice. The same principle applies to their patient record, even during the process of disposing of patient records. While there are no legislative requirements that patient records need to be destroyed after a specific period of time, there are some requirements about how the record is disposed of. Your practice would have a clear protocol about how patient records should be disposed of and you should adhere to the procedures, so that the patient’s information is not at risk of being compromised, e.g., information being misused by unauthorised persons.
Under the Australian privacy legislation, when disposing patient records, you and your practice are obligated to make sure the information is destroyed or de-identified permanently. This is usually done by employing the services of a third-party commercial service provider who provides services to destruct confidential information. If your practice engages this service, you should make sure you receive a confirmation that the records sent are destructed in a confidential and secured manner, and retain a copy of this confirmation. Your practice may opt to de-identify patient records instead. You would need to make sure you strictly adhere to your practice’s protocol to remove any parts of the record that can be used to identify the patient.
If your practice does not use physical patient records and only uses electronic records, the same obligations also apply - the files must be deleted completely, including the backup site. If you are disposing of a device, e.g., iPad used to fill in new patient forms, you also need to make sure the device is cleared of any confidential patient information before it is disposed of. If you are unsure whether you have done it correctly, always refer to your workplace’s procedures and clarify with your supervisor. You could also consult your IT support service, if available, to make sure the patient records are disposed of appropriately.
Other than your workplace protocols, you need to be aware of the relevant laws in some states and territories about the disposing of records. In NSW, the ACT, and Victoria, you are required to record of (Avant, 2019):
- Name of the individual to whom the health information related to
- Period of time over which the health record extends, i.e., the date of the first entry to the date of the last entry.
- Date on which the record was destroyed or disposed
Below is a template that can be used for this purpose:
| Patient name | Patient D.O.B. | Date of first record entry | Date of last record entry | Date record is destroyed |
|---|---|---|---|---|
Another important role that you may have is to transfer patient records to another practice or health facility. While it is not an uncommon practice and most patients would have expected their records may be shared across different practitioners, it is crucial you verify the patient has provided explicit consent before you make the transfer. This consent is usually obtained through a signed consent form explaining who requested the transfer and what information is to be transferred.
In some circumstances, you may be required to hand over patient records under court order, which you are legally obligated to follow. You may also be required to transfer patient records to insurance companies and government agencies for different purposes. Regardless, it is important that you document any transfer details in your workplace’s register, e.g., name and address of the practitioner or practice that you transferred to, date of transfer, and what information has been transferred.
Another thing you should take note of is to transfer the information in a safe manner that protects the patient’s privacy, and comply with privacy laws. If the transfer is done electronically, make sure the information is encrypted and the transfer process is done in a secured manner. It is also vital to make sure that no information can be stolen during this process. If the transfer is done through physical hardcopies such as through postage, ensure the document is delivered using tracking to prevent theft or loss, and a security seal is used to ensure only the authorised person can access it.
After you transfer the relevant information, you should inform the patient that the request for information has been completed. Depending on the transfer method, you should also verify with the other party that they have received the correct patient record. This way, you can rectify any mistakes as soon as possible.
For example, you work for a psychiatrist and a patient’s psychologist makes a request to access the patient’s record as they want to know the patient’s medication history. After verifying the patient has provided consent and the request is appropriate, you then transfer the records to the patient’s psychologist. Depending on your workplace’s protocols, you may need your supervisor’s approval before making the transfer. After transferring the relevant information, you then document it in your workplace’s register. You then follow up with the psychologist to ensure they have received the correct patient information.
Recall that you learn about clinical coding systems, which can be helpful and useful when patient records are shared among the patient’s healthcare team (with explicit consent). This is because the coding system is universal across all healthcare fields, for example, a neurologist reading a patient’s record that has been transferred to them would understand the general practitioner’s diagnosis with the coding system. This also helps the practitioner who receives the information to understand the patient’s condition easily and efficiently.
Regardless of how long you are in your role, it is always important that you constantly monitor and review your own role when handling patient records. Other than making sure you are complying with legal requirements, you are able to identify opportunities to improve your own work practices as well as to enhance the current patient record management system. This way, there will be continuous improvement for the system and contribute to the improvement of patient care while maintaining compliance with the relevant legislations and practice standards.
Other than performance reviews with your supervisors, you can also take the initiative to review your own work practices. For example, you can do a reflection on how you handle patient records on a weekly basis and identify if there are any room for improvements. You could also seek feedback or advice from your supervisor or colleagues. Remember, if you are unsure about a certain step when handling patient records, you should clarify with your supervisor, especially after reflecting on your own work performance. Some practices also support their staff to attend professional development courses to ensure they stay updated with the practice standards when it comes to handling patient records, e.g., legislation requirements and cybersecurity.
On a broader level, you can also set up staff discussion or meetings within your team to discuss any potential issue you identify that may compromise a patient's privacy, and possible ways to resolve the issue identified. You could also gather feedback from other stakeholders such as feedback from patients, e.g., how confident they feel about their privacy.
For example, during your weekly reflection, you realise you have the tendency to leave your desk unattended, and often leave the computer unlocked. Unauthorised people could access confidential patient information on your computer when you are not around. After identifying this risky behaviour, you then consider how you could improve this practice to better protect patient privacy. After brainstorming for strategies, you decide to place a sticky note on the desktop to constantly remind yourself to lock your computer screen when leaving the desk.
Read
Reading D – Improving Practice
This reading provides a list of methods that you can refer to when identifying opportunities to improve your own work practices when handling patient records.
Protecting patient’s privacy and confidentiality is one of the priorities when handling patient records. Your role does not just stop after you identify opportunities to make any improvements - you should make relevant suggestions to the relevant personnel to improve the system, such that the patients are receiving good quality of care.
Of course, you do not just go to your supervisor or practice manager with the issue identified. It is best that you are able to conduct some research and present them with suggestions to improve based on best practice standards to support your recommendations. Then, you communicate these findings to the relevant personnel to consider addressing the issue identified with strategies you proposed. It is understandable that some established procedures have been put in place for a long time, and making changes is not going to be an easy or quick process, therefore it is always good to follow up with the relevant personnel. Sometimes, additional training may be required for staff to ensure the new procedures can be implemented effectively while not affecting the current workflow.
For instance, your practice requires new patients to fill in a physical new patient form during their first visit, which you then input the information on the electronic record management system. According to your practice’s protocol, you will then need to de-identify the patient record by using black marker to darken the patient information such as their name and date of birth. You identify that this process can be improved as you notice the pen’s outline is still visible under bright light. You then make a recommendation to your practice manager to use a paper shredder or employ the specialised services to dispose of patient forms in a safe and secured manner.
After two weeks, you notice there is no change in this procedure, which puts the privacy and confidentiality of patient information at risk. You then follow up with your practice manager, to which they mention a special disposal bin is ordered and will arrive soon. They further explain that the bin will be collected periodically and then sent to a specialised disposal service to destroy the forms in a safe manner. They also mention they will update the privacy policy accordingly so that patients are aware of this when filling in the new patient form.
Of course, how to improve the established record keeping procedures will depend on different factors. Some areas may not have these specialised services available. Regardless, you should still try your best to identify opportunities for improvement and not be afraid to speak up to make the relevant recommendations. This way, you and your practice are providing good quality of care to the patient by respecting their privacy and also being compliant to legislative requirements.
Read the extract below that provides some practice tips to improve record management system.
Improving or maintaining the quality of health records does take effort, and it requires a continuous, practice-wide approach. Although there are no ‘quick fixes’, focusing on everyday areas of practice such as the following will help improve the quality of health records.
Practice culture
- Educate the practice team about the importance of high-quality health records and how to produce and maintain them.
- Designate a practice champion for high- quality health records who leads by example. Allow them dedicated time to fulfil this role.
- Promote an ‘expect to share’ mindset among staff.
Increasing skills and knowledge
- Educate, train and support all team members responsible for managing patient information.
- Provide access to education and training about how to use the clinical information system and get the most out of it for maintaining health records.
- Make sure everyone in the practice knows where to obtain support for the clinical information system and software.
- Provide tip sheets and trouble-shooting guides for common problems with the practice’s clinical information system.
“It can be hard to maintain high‐quality records, and it requires effort. I think the whole process must be iterative, a continuing cycle of improvement.
– Member, RACGP Expert Committee – eHealth and Practice Systems
Supporting the practice team
- Make the quality of health records a regular focus of practice team meetings. For example:
- acknowledge or reward GPs who keep high-quality health records
- in multidisciplinary practices, organise a meeting to agree on standardised terminology across disciplines
- make the quality of the patient’s health record one of the standard areas to focus on when the practice team conducts case reviews.
- Allow time for the practice team to update their patients’ records. For example,
- if required, provide brief gaps in daily appointment schedules for GPs to complete consultation notes.
- Consider what tools would help staff keep high-quality health records: checklists, standardised forms, proper equipment, software add-ons such as clinical audit tools or data analysis software.
- Conduct regular audits of the quality of health records, measuring them against the attributes described above.
Improving systems
- Implement a feedback process regarding health records to address problems raised by other healthcare professionals, other services or patients.
- Keep track of near misses and mistakes in the incorporation of information from other sources to identify ways to prevent these happening again.
(Royal Australian College of General Practitioners, 2018, p. 17)
In this section, we looked at how you could maintain patient records. Specifically, we looked at the checks that you may be required to conduct as well as how to archive and destroy patient records in a safe and secured manner. You also learned about how to transfer patient records to other healthcare facilities in a way that respects and protects patient privacy and confidentiality. Lastly, you also learned how to monitor and review your role within the context of maintaining patient records and how to make recommendations to relevant personnel to improve patient care.
