Legal compliance of medical records

The NSW veterinary practitioners act was recently updated with the following:

i. If a record of a consultation, procedure or treatment is altered, the alteration must be clearly identified in the record

I know that auditing has been raised a few times but nothing has eventuated. I think this is something that needs to get implemented so what do we needs to be done to implement auditing?

Secondly, would auditing actually satisfy this requirement or would there need to be revisions for medical record entries?

Matt Y

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: Legal compliance of medical records

I suspect that a full solution needs, in addition to the audit trail, a tightening of the password set/change facility so that if the audit trail says 'Fred did it' you can be certain that it really was Fred.

In the current system the administrator knows Fred's password, because only the administrator can change a password. If a) users could change their own passwords; b) the system had a 'must change password on next use' facility, then the administrator does not know Fred's password and cannot fraudulently login as him.

Implicit in the above is my belief that while we are adjusting the audit system to meed legal requirements, we should also make sure that it is capable of assisting with detection of untoward activity by staff.

We also may want to consider recording in the record itself, a date-last-modified, and a modifiedBy. I just looked at the processing of invoice line items, the author and startTime record the person who created the invoice line item, and when. However, if another user modifies the line item, there is no trace. Other systems (eg RxWorks) have both createdBy and modifiedBy user id's and timestamps.  Whilst the modifiedBy information in no way constitutes an audit trail, it does allow a very quick check of whether the item has been modified after it was created.

Regards, Tim G

Re: Legal compliance of medical records

Hi,

I noted that addition to the NSW act and shuddered as I knew OVPMS does not meet that requirement.

We are keen to see auditing happen though I have no actual knowledge of how this might be achieved.

I did like the Cornerstone facility that locks a note after a certain time period, allowing addendums but not deletions.

In addition to tightening the password facitlity I feel an improvement in security probably needs incorperation of an "auto-log-out" feature that I have mentioned previously. All the passwords in the world are not helpful if someone walks away from a terminal and their window stays logged in allowing other people to make edits under their name.

Re: Legal compliance of medical records

Can someone give a link to the relevant section of the Act?

The statement: "i. If a record of a consultation, procedure or treatment is altered, the alteration must be clearly identified in the record"

seems to be very broad. Is a manually entered Note in the record documenting an alteration, sufficient to meet the requirments of the Act?

With regards to passwords and auto-logout, there is a project for this here. It needs more feedback before it can be costed. It can be split up into multiple projects if required.

-Tim A

Re: Legal compliance of medical records

Thanks. Here's the full text:

15   Records

(1)  A veterinary practitioner must ensure that a detailed record of any consultation, procedure or treatment is made as soon as is practicable.

(2)  The record:

(a)  must be legible and in sufficient detail to enable another veterinary practitioner to continue the treatment of the animal, and

(b)  must include the results of any diagnostic tests, analysis and treatments.

(3)  If a record is altered, the alteration must be clearly identified in the record as such.

(4)  A veterinary practitioner must ensure that all records of any consultation, procedure or treatment are retained for at least 3 years after they are made.

A shortcut to the relevant text is: http://www.legislation.nsw.gov.au/fullhtml/inforce/subordleg+490+2013+sc...

My take on the above is that a Note documenting any changes would be sufficient. The main point is that any alteration must be clearly identified. An audit trail would be insufficient unless it was visible in the history.

I think an automated solution would need to:

  • add support to version Notes
  • add support to version Medication
  • indicate in the history if a versioned record (Note, Medication, Investigation etc) has been changed
  • prevent deletion of patient history after a period of time, or on completion of a Visit. An administrator would still be able to delete them however.

-Tim A

Re: Legal compliance of medical records

My concern is point 4. How are we ensuring records are retained, if they can be deleted, modified, etc at any time?

Just generally I see value in having an audit trail that can trace who did what, when. Quite aside from legalities it seems an important part of maintaining the integrity of the medical record and being able to trace problems when they occur.

Legal compliance of medical records also insurance issue

This is also an issue for pet insurers to prevent the possibility of fraudulent rewriting of patient histories (for example, deleting a history of stifle lameness in order for a claim to be made for cruciate surgery). Whilst I do not believe this problem to be weidespread, insurers are very keen for this to be implemented. I would suggest a lock down after 2-3 days, after which records are identified as having been changed after that. I would be happt to contribute financially to a solution.

Re: Legal compliance of medical records also insurance issue

Which records need to be locked down? All of them?

The following strategy could be applied to Notes:

  • notes are versioned i.e. every time a note is saved, the previous version is kept
  • deletion of notes from patient history will be prevented after 24 hours. This could be configurable, but would be open to abuse
  • notes may be modified after 24 hours, but any note that has a version entered 24 hours after the original will be highlighted in the patient history (e.g. with a *).
  • the date of the latest version of the note will always be displayed
  • the author of the note will be visible when viewing the note

Medication entries linked to invoices cannot be edited after the invoice is finalised. They can be edited if created via the Medical Records|Summary, which I suspect is not that common?

-Tim

 

Syndicate content