With General Data Protection Regulations now in place, there is even more importance placed on the proper management of records that may contain sensitive and personal information. Within the medical and healthcare industry, institutions such as doctor’s surgeries and hospitals can often become overloaded with substantial amounts of data that contain medical records, names and addresses of patients. But with such a high turnover, an ageing population and increased dependence on healthcare services, how do we manage all the data?
Record Management Plans
The first step to proper management of medical records is to develop a management plan that provides a clear understanding on how to manage records throughout their lifecycle. The management plan should outline the way in which medical records are to be used, who has access to them, how they are kept and when and how they are destroyed. In a world where there is a crossover between digital and physical, it is also important to develop a management plan for both paper records and digital records.
Developing a record management plan is a great way to ensure institutions and members of staff are complying with new laws such as the GDPR. Creating your own individual company policy that communicates the key features set out by the law will guarantee that all departments are notified about the appropriate measures to take when collecting, retaining and destroying sensitive data.
The Environment in Which Documents are Stored
Paper records take up physical space and digital records take up storage space, so how do we minimise this whilst ensuring the maximum safety and protection of such records? Whilst most files and records in the medical industry need to be on hand 24/7, there are certain exceptions such as back up versions that end up cluttering the office or reception area. This is why many institutions choose to outsource such records to a document storage company where documents are safely stored in flame retardant boxes that are CCTV monitored.
Your document management plan should clearly explain the details of your medical document storage, including whether they are stored on-site or off-site and who has access to them. An increasing number of healthcare institutions are utilising the services provided by document storage companies – this is because such companies offer a range comprehensive and useful services including the storage, scanning and destruction of documents. Storing data digitally can be risky – memory sticks and discs are prone to loss, theft or damage and authorised personnel should take extra precaution and create duplicate or back up data.
Within the medical and healthcare industries, it is of the upmost importance that information is captured correctly, resulting in consistent classification. The potential loss of records can be detrimental to institutions, especially doctor’s surgeries and hospitals where life and death issues are a part of the normal day. Thankfully most organisations back up important information, however it doesn’t reflective positively on the institution or the service it provides should records continue to go missing. In order to ensure efficient retrieval, consistent classification should be a major feature in any medical record management plan.
Organisation of Departments
All departments within the medical and healthcare sectors should be informed of the importance of the proper retention and destruction of all records. All departments should follow a clear plan which includes: which records should be retained initially, the minimum time of retention, the review process, how and when they should be destroyed and who is responsible for each set of records. Ensuring that every member of staff within the institution is aware of proper document management measures to take will limit the chance of losing any sensitive data whilst increasing the efficiency of the entire process.
Recording Movement and Activity
Hospitals, doctor’s surgeries and other healthcare institutions can acquire a substantial amount of data over the years and it is important that this sensitive data is recorded, tracked and monitored throughout its lifecycle. Systems can be accessed that allow for the management of electronic documents – these systems record information such as who has accessed certain documents along with any changes that may have been made to individual files. If healthcare institutions opt to outsource certain data to document management companies, such companies can use bar-coding systems that report all activity, giving complete peace of mind!
The Destruction and Deletion
When documents, data and files are no longer needed or used, it is important that sensitive information is destroyed properly and effectively without leaving any trace. Your company policy should be in line with General Date Protection Regulations, stating the appropriate measures that should be taken throughout the destruction process and should also state the method of destruction. In order to avoid any legal complications, many institutions choose to outsource the destruction of sensitive data. At RADS, we offer a document shredding service that includes a free collection and the confidential destruction of documents at a secure and CCTV monitored location. Digital records can also be recovered even after they are permanently deleted – instead hard drives should be physically shredded by a professional provider.
By following these steps and rules, you can be sure that you are handling and managing medical documents in the proper and lawful way. Appointing a Data Controller is a great way to make sure that the institution is doing everything in its power to obtain, retain and destroy the sensitive information of both patients and the business itself in an efficient way.