Safeguarding patient data and enhancing healthcare efficiency with effective records management solutions.

(20 Jun 2014)

By: Declan Brady, Managing Director, Glenbeigh Records Management (GRM), Dubai, UAE

Doctors, clinicians and carers can change and a patient may attend different hospitals, but a medical record is the one constant of a patient’s medical history. The medical record is a critical element of patient care and should contain a full history of treatments, diagnoses and medicines prescribed from birth to death. The medical record is probably the most important collation of data in any centre where patients are treated. It can also be used to calculate treatment charges, which in turn helps secure the viability of the hospital, clinic or practice. This puts an obligation on the medical organisation to implement good records management practices and procedures across all areas. Records management involves the governance of organisations’ critical records during their life cycle.

A medical record can contain information relating to emergency departments, births, theatre, minor operations and other related registers, x-ray and imaging reports, output and images, photographs, slides, microfiche/microfilm, audio and video tapes, cassettes, CD-ROM etc., as well as computerised records and scanned records. All of these formats require different types of handling and make the proper management of the medical record a complex process.

Consider the amount of data from medical records across multiple hospitals, in multiple regions around the world and the power of the information that is contained within it. By analysing symptoms, diagnoses, treatments and results from this data, it should be possible to build an in-depth understanding of common illnesses and the most efficient and successful treatment methods.

The analysis of such a large volume of these records can only be done through the power of Big Data. Big Data requires massive computing power and different computational techniques to analyse petabytes (1 petabyte = 1,000 terabytes) of information. To indicate the amount of data this entails, one petabyte is enough to store the DNA of the entire population of the USA, as well as cloning it twice.

Whilst there is an increasing push on the creation and storage of the electronic medical records, there is still a vast resource of hardcopy data that has been amassed by hospitals and patient centres worldwide.  It is in this traditional physical format that the vast majority of data is held. In the UAE, laws relating to patient medical records and privacy are set by individual emirates, but the premise is constant as described in the Health Authority of Abu Dhabi policy documents: “the patient has the right to have all clinical and pharmaceutical records kept fully updated and relevant, information fully documented and personal details and records are kept fully confidential and protected from loss and misuse.”

Many people can have input into a medical record, therefore it is important to build good records management practices around the handling of medical records to ensure all regulatory requirements are met. Proper records management policies and procedures should be drawn up with input from all stakeholders including consultants, nurses, managers, patient groups etc. and not just the medical records department.

Policies should cover a systematic and consistent approach of dealing with the same types of records in the same way. Adequate resources need to be in place to manage the records. A good destruction policy ensures that you only keep the records that are needed and storage requirements are kept to the minimum requirement. When developing a destruction policy it is essential that it complies with all existing legislation for retention of data, with clear rules around actual destruction.

Considering the importance of the record and the regulatory requirements, the safeguarding of the record should be paramount. Storage should be structured in such a way to ensure that there is easy access to it when and where it is required. It is also vital to restrict access to the record to only those authorised to view it when there a reason for them to do so.

The requirement for safekeeping is not limited to hospitals but covers all organisations that deal with patient medical records. For instance, regulation 3.2.4 of the Dubai Health Authority Home Healthcare states the need to provide “….secure and limited access area for storage of patient’s health records”.

The medical record has a number of different statuses including, ‘live’, when a patient is receiving treatment, ‘dormant’ when a patient is not attending, and ‘closed’ when a patient is deceased. Each of these stages in the life of a medical record must have the requisite controls to ensure continued security and access to the file. Even after the death of a patient, there may be a requirement for medical or legal reasons to access an individual’s file. It is essential to have clear policies on access and on the organisation (i.e. identification, content, location) of the record through its life cycle.

For many hospitals the volume of records needed to be retained can often result in unsuitable storage locations being used for older, closed records or those that require low to no access. Areas such as basements, corridors, attics and any other non-human usable space should not be used for storage. Use of areas not specifically built for record storage open up risks to unauthorised access, information leakage and potential loss and damage of the records.

Good records management policies require that the same standard is maintained for a record through its life cycle. The best way to achieve these standards is either the organisation can establish their own storage repository or outsource to a specialist records management provider.

If the organisation chooses to develop its own facilities it should refer to the standards that exist for the storage, management and confidentiality of records. Amongst the foremost standards are the BS5454:2012 that refers to the storage of documents, ISO 27001:2013 that refers to information security requirements and ISO15489 that is the international standard for records management. Adapting these standards will ensure a repository and systems of the highest quality.

Should an organisation choose an external outsourced service provider they must ensure and verify that the company has a long established history in the care of medical records. Storage facilities should be visited to ensure that they are clean, have the requisite security and accurate controls in place to protect against fire, theft and water damage. There should also be a barcoded, computerised warehouse management system to ensure rapid access and traceability. This should also facilitate online access to provide visibility to the records. Service Level Agreements should be signed to ensure that your information can be delivered back when and where you need it with many offsite records management specialists offering a 24/7 service with physical delivery within 2-3 hours or electronic delivery within an hour of the request being received.

Before any records are moved to an alternative location, best practice dictates that each one should be indexed with the relevant patient details such as name, date of birth, address, hospital identification number etc. It is these multiple index fields that will allow the retrieval of this file in a future case when details such as hospital number and addresses are forgotten.

The record should be barcoded with a machine readable unique barcode reference. In ideal cases this would be allocated at the creation of the chart on the patient admission. This offers the further benefit of being able to locate the chart when it is in use within the hospital and presuming the barcode is linked to the admissions system, archive the record when it is closed in a very efficient manner.

Increasingly, older records are now being digitised in large scale scanning projects in order to capture the information digitally. This method offers faster access to records and could possibly reduce the storage requirement on a long term basis. In 2008 the Dubai Supreme Court recognised the admissibility of an electronic record for the first time offering further benefits.

Large scale digitisation projects by their nature are complex and require a lot of pre-planning and testing. Before embarking on such a project, consideration should be given to the number of users and access rights, retrieval method and the document management system to be used, volumes to be added going forward, legacy files to be back scanned, hosting and storage of the images, indexing and the use of optical character recognition software are necessary. When these questions amongst others are decided it is only then that the project should start. A project plan with key milestones and deliverables would need to be devised to monitor the process and ensure successful completion.

Such a project is currently proposed by the Dubai Health Government under the Smart Government initiative as part of a AED250 million project using touch screen technology to enhance the patient experience. At its launch, Ahmed Al Omari, Acting Head of IT at the Dubai Health Authority said, “doctors will also be provided with smart desks so that doctors can view complete patient profiles and history, and patients will be able to copy certain information and images onto their smartphone.” This will be a very positive advancement for patients in the hospitals and healthcare centres it is implemented in.

In all healthcare events the most important individual is the patient. As treatments and technologies generate further success in patient care it is important that recognition is given to good records management practices. Big Data technology offers us the opportunity to increase understanding at a pace that once would never have been thought possible but without this data we have very little.

This article was printed in Arab Health Magazine. A copy of the publication can be found below:

Safeguarding patient data and enhancing healthcare efficiency with effective records management solutions.

© 2017 Glenbeigh Records Management,, Disclaimer, Sitemap

Web design from Webtrade.