As well as the issues that need to be considered for doctors archiving their medical records, the following four items should be of concern to the medical community as well.
1. Patient Portals
When a doctor is using a patient portal that allows the patient to book their appointments online, or communicate with the doctor, view their medical records, etc. – there may be issues when it comes to the purging of that data. If the portal has its own storage, then how does the doctor know that when he has deleted a record from his/her EMR that the same purge has occurred in the portal? Is the doctor still liable for the information stored in the portal? The physician should make sure he/she has the agreement/permission from each patient who will have their data sent to the portal in order to protect themselves. What happens to all those records when a doctor retires? Are they purged from the portal?
2. Cloud Storage
As many EMRs are now moving to an ASP type solution – more and more of a doctor’s patient data is being stored in another site that is out of his/her control. While this is not necessarily a bad thing – it does raise some questions for the doctor and his/her liability to those records. Can he/she be assured that when they have requested a purge of a record that is done and complete? See Backups below.
3. Backups (especially in the Cloud)
Where does a doctor’s responsibility end? Backups are a good example of this. Take for example a typical doctor office might use a different backup drive for each day of the week and cycle through them. This allows the doctor to be able to guarantee that the data will be purged from all backups after a 7 day cycle. However, when using an ASP or Cloud based solution – the doctor does not have control over this cycle. Some service providers can keep backups for a year or more. How does this affect the doctor’s liability regarding the purging and proper destruction of the medical records under his/her care?
4. Records in your current EMR – for Non-Retired Doctors
This is an interesting question that needs to be discussed – as most EMRs do not have the ability to truly purge a patient’s medical record. If a doctor last saw a patient 10+ years ago – should he/she not purge that record from the EMR? The doctor no longer has the right to continue to have that patient’s medical information in the EMR. Yet – as TimeAcct converts EMR data every day – we see this more and more as doctors continue to use EMRs over longer periods of time
5. Operating System Functions – journaling and caching.
In theory, data will be recorded in caches, file system journals, etc. All of these must be deleted too.