In Canada everyone that works in the medical record industry should know that the doctor owns the record and the patient owns the information contained therein. This makes the doctor the custodian of the patient medical information (record). Most also know that the doctors are required to keep their medical records for a certain period of time, after the last time they saw the patient (referred to as the retention period). In fact, doctors are required to keep these records even after they are retired – and their estates continue that responsibility after they have died – until the end of the retention period. In British Columbia (which has the longest retention period) – this could amount to almost 35 years for a doctor who sees a new born child. That is a long time to have to keep a record, especially after retirement. There is a great page on the CMPA website (https://oplfrpd5.cmpa-acpm.ca/-/a-matter-of-records-retention-and-transfer-of-clinical-records) that gives a good summary of the retention periods for each province/territory, as well as some good general information.
There are many issues that surround the doctor’s requirement to keep those records. Some of which are:
- They must be kept in a secure location, as to protect the patient’s privacy.
- They must be accessible so that the doctor can provide a copy to the patient (or other legal entity, such as an officer of the court) upon authorized request.
- When they are destroyed, they must be destroyed in such a manner that reconstruction at a later date is not reasonably possible. And when they are destroyed, the physician should record who destroyed them, when they were destroyed, the patient’s name and the method in which they were destroyed.
- The retention period for each patient’s records expires at a different time. So doctors cannot keep all their records until the final one expires and then just destroy them all. They must be destroyed for each patient, as that patient’s particular retention period comes to a close.
- The destruction must also include all other copies of the data, including computer backups, records stored in portals/cloud storage, and even records in an EMR that is being actively used.
Every province has a minimum time that a doctor is required to retain their medical records. But what happens after that retention period is reached? In most provinces the doctors are required to destroy the records. However, a few provinces, such as Ontario and Alberta, do not have any legislation one way or another. This has led some doctors in those provinces to adopt the policy that they never have to destroy their medical records. While this is a gray area, keeping the medical records forever it just not a smart thing to do, for a doctor or clinic. It provides absolutely no benefit to the physician, while increasing their liability. Imagine the case where a physician keeps the medical records after the retention period. Then they are contacted with a legal request for the medical records for a lawsuit regarding the patient. They, at that time, are legally bound to provide the medical records, if they still have them. However, because they should not have kept them and then provided them to the court, is the patient able to then take legal action against the doctor because they should not have retained them after the retention period?
The issues around EMR record retention, destruction and archiving are going to come up more and more often as the number of doctors retiring after years of using EMRs in Canada increase.
Hopefully, the following blog posts will help encourage discussion on the subject.
#1 – EMR Data Archiving – The Problem with Continuing to use Old EMRs
Some doctors/clinics try to continue using their EMR on an older computer as a way of dealing with the issue of archiving their medical records. However, while this solution has the advantage of a familiar look and feel, it has many issues that may not be obvious to a retiring doctor. The strategy, while simple at a surface level comes with significant costs (licensing), data state control (i.e. keeping records read only), selective purging of patient records and data management beyond the practitioner’s death.
The first issue are the costs associated with continuing to use an existing EMR, especially if it is hosted at an ASP. This would include things like EMR software licenses and maintaining hardware/operating systems. There are also add-ons required for many EMRs, such as Microsoft Office, etc. As well, you now have to keep that system running for anywhere from 15 to 32 years… Can you guarantee that your system will be operating after a few years? Keeping in mind that if it fails, your EMR vendor may not be able to get that version up and running again – and then you will have to pay for an upgrade, etc. – assuming that the vendor is even still in business.
The second issue is that of keeping the records in a Read-Only state. This is a way of keeping the records ‘frozen in time’. That way there is no reason to question whether the medical record is in the same state it was when the physician retired. This may be important in any legal issues that arise. The problem here is that most EMRs are not designed to be run in a Read-Only fashion and cannot function with that restriction.
The third issue is that of purging of data. Most EMRs are designed to not ‘lose’ any data. They do not allow a patient to be truly deleted from the system. They are simply flagged so that they do not show in the GUI. This violates the privacy laws that state that a record must be destroyed in such a way as to make later reconstruction not reasonable possible.
The fourth issue is that of ease of use and the continued liability of the doctor’s estate after his/her death. Since a doctor’s spouse and/or children might then be responsible for the medical records, will they know how to navigate the EMR software well enough to print out a patient record if it is requested? Most of these programs are fairly complex and are meant for an experienced user.
The final issue is that very few, if any, EMRs have the ability to select patients based on the criteria of expired retention periods, making selection and purging of patient data difficult, if not impossible.
So, in most cases, continuing to use an older EMR as an archiving solution is not ideal.
Issue with using VMWare and other Virtualization Programs
This is another popular way of providing the Physician with his/her older data – in the familiar setting of his/her existing EMR. Some provincial bodies are even providing funding for this – as part of an archiving solution for Physicians who are converting to new EMRS. The problems here are exactly the same as continuing to use the existing EMR. The doctor still has to deal with licensing issues with the vendor to be able to legally use the EMR, thus possibly incurring ongoing costs. And more important is the lack of a purging ability in the EMR being virtualized – thus exposing the physician to additional liability around retaining patient medical records that are no longer supposed to be in their possession.
However, by far the biggest problem with virtualizing an existing machine is that it may violate your Microsoft Windows license!! In effect it makes doing so illegal. Basically, depending on your existing Windows license for the existing machine cannot be legally virtualized into a Virtual Machine. The only general exception to this is if it was originally purchased under a “Volume License Agreement” – which is usually only done by larger organizations – and almost never by clinics and doctor’s offices. And there is no way to transfer the license, etc. The older the operating system – the more likely it is to NOT allow virtualization. Windows Server 2003 does not allow it – but Windows Server 2008 and later allow virtualization in some circumstances. So, you need to carefully check what your license agreement says! Otherwise, the physician is taking on the risk of having an illegal copy of Microsoft Windows in their possession. Similar issues arise around the virtualization of an Apple machine as well. If you would like to know more about this issue, you can contact us directly.
#2 – EMR Data Archiving – The Problem with Storage Centres – COST$
While used more for paper based records, storage centers offer the doctor a head ache free (almost) way of dealing with the requirements of keeping their records. However, you end up paying for that ease of use. Dr. John O’Brien-Bell wrote an interesting article for Canada Healthcare Network in 2013 about the costs, when BC decided to move from a 7 year retention period to a 16 year retention period. The full article can be found here in this link:
However, to summarize it – he estimates that the cost of maintaining the medical records for 16 years to be somewhere around $25,000 dollars. That is a lot of money for a retired doctor to shell out, especially when there is no revenue coming in to offset it.
#3 – EMR Data Archiving – The Problem with PDFs of Patient Records
Another very popular strategy many physicians use to archive records is to export them to series of PDFs. However, it has many issues of its own.
The first issue is that of whether attachments, or scanned documents, are included in the actual PDF itself. If they are then there are concerns as to whether or not the PDFs actually meet the Colleges/CMPA requirements of ‘Legibility’ for all records in a doctor’s care. The problem here is that most scanned documents are scanned in from pieces of paper in a doctor’s office – which would mean 8.5×11 inch sheets of paper. As most vendors use standard reports to export the patient information out to a PDF file this means that you are then trying to print a 8.5×11 document on a 8.5×11 document – which cannot be done without scaling. It is the scaling that causes the problem. As most export functions use a standard report to do this – and they print typically to a laser printer – the resulting PDF has the same characteristics. These characteristics including having a standard ¼ to ½ inch border around each side of the document – which means that you are no longer able to print an 8.5×11 on an 8.5×11 area – but rather at best an 8×10.5 area. As well – on that page you probably would want some Meta data – such as doctor name, date of the document and possibly some notes. This means your printable area is now more likely at best 8×9 inches. So – you have two choices at this point. You can either print proportionally or stretch to fit the area. Either are compressing the image to fit – and possibly distorting it. Because computers scale down images often during document handling, the worry is information could be lost in that scaling – either through distortion, or strict data loss. Will commas read as periods alter the meaning of the document? Will the height to width ratio of a black spot on a tumor change the diagnosis? We cannot tell with certainty – certainly not to the level required by college retention requirements.
The second issue is that of purging. The doctor needs to purge each medical record as it reaches the end of its retention period. Considering that a typical doctor will have at least 6,000 patients in his/her EMR when they retire (with only about 2,000 being active patients) – the doctor will have to search through each PDF every 3 to 6 months (to show due care) and find that last time they touched that medical record. That would probably have to be the last chart entry – and not appointment – as patients will just not show up at times. How many doctors (especially those who are retired) do you think will take the time, or even remember to do this? This means that they are exposing themselves to added liability by not properly destroying the records when they are required to do so.
The doctor cannot simply delete the file (from Windows, Apple or Linux computers) – but must use a tool like Eraser – which securely deletes a file from disk. Add to that the requirement to delete all external attachments if the PDF was created properly with the scanned documents being stored externally to the PDF. As some patients can have 100+ attachments – this can become a rather long, cumbersome and error prone task.
#4 – EMR Data Archiving – Other Miscellaneous Issues
As well as the issues that need to be considered for doctors archiving their medical records, the following four items should be of concern to the medical community as well.
1. Patient Portals
When a doctor is using a patient portal that allows the patient to book their appointments online, or communicate with the doctor, view their medical records, etc. – there may be issues when it comes to the purging of that data. If the portal has its own storage, then how does the doctor know that when he has deleted a record from his/her EMR that the same purge has occurred in the portal? Is the doctor still liable for the information stored in the portal? The physician should make sure he/she has the agreement/permission from each patient who will have their data sent to the portal in order to protect themselves. What happens to all those records when a doctor retires? Are they purged from the portal?
2. Cloud Storage
As many EMRs are now moving to an ASP type solution – more and more of a doctor’s patient data is being stored in another site that is out of his/her control. While this is not necessarily a bad thing – it does raise some questions for the doctor and his/her liability to those records. Can he/she be assured that when they have requested a purge of a record that is done and complete? See Backups below.
3. Backups (especially in the Cloud)
Where does a doctor’s responsibility end? Backups are a good example of this. Take for example a typical doctor office might use a different backup drive for each day of the week and cycle through them. This allows the doctor to be able to guarantee that the data will be purged from all backups after a 7 day cycle. However, when using an ASP or Cloud based solution – the doctor does not have control over this cycle. Some service providers can keep backups for a year or more. How does this affect the doctor’s liability regarding the purging and proper destruction of the medical records under his/her care?
4. Records in your current EMR – for Non-Retired Doctors
This is an interesting question that needs to be discussed – as most EMRs do not have the ability to truly purge a patient’s medical record. If a doctor last saw a patient 10+ years ago – should he/she not purge that record from the EMR? The doctor no longer has the right to continue to have that patient’s medical information in the EMR. Yet – as TimeAcct converts EMR data every day – we see this more and more as doctors continue to use EMRs over longer periods of time
5. Operating System Functions – journaling and caching.
In theory, data will be recorded in caches, file system journals, etc. All of these must be deleted too.