Action 1.16

The health service organisation has healthcare records systems that:

a. Make the healthcare record available to clinicians at the point of care

b. Support the workforce to maintain accurate and complete healthcare records

c. Comply with security and privacy regulations

d. Support systematic audit of clinical information e. Integrate multiple information systems, where they are used

Intent

Comprehensive, accurate, integrated and accessible healthcare records are available to clinicians at the point of care.

Reflective questions

How does the health service organisation ensure that clinicians have access to accurate and integrated healthcare records?

How does the health service organisation ensure the privacy and security of healthcare records?

Key tasks

  • Review the availability of healthcare records at the point of care
  • Review the processes for maintaining confidentiality and privacy of patient information, including infrastructure, policies and workforce training for paper-based and digital healthcare records, and ensure that they are consistent with the law and good practice
  • Review the design of the healthcare record to ensure that it facilitates documentation of the relevant clinical elements and clinical audit
  • Ensure that systems are in place for data entry to clinical registries, if required
  • Periodically audit the performance of the healthcare records systems, and improve them as necessary
  • If multiple information systems are used to capture patient clinical information, periodically review the data systems to ensure that the processes for information capture are well designed, well resourced and working effectively
  • Identify the individuals or committees responsible for the development, review and document control of forms, documents and files that make up the paper or digital healthcare record.

Strategies for improvement

Hospitals

The governing body and managers should ensure that an effective system is in place for recording, communicating, using and securely storing patient clinical information. This is to provide safe, high-quality care to individual patients, and to enable relevant information to be extracted for quality assurance, teaching and research purposes.

Access to the healthcare record at the point of care facilitates recording of the patient’s status and changes to treatment.

Review the healthcare records system

A number of standards, guidelines and policies apply to healthcare record documentation – for example, medical record–keeping requirements for good medical practice1 of the Medical Board of Australia, and state or territory health department standards for healthcare record documentation and data capture.2, 3

An effective healthcare records system should incorporate:

  • A workforce that is appropriately qualified and experienced in the management of healthcare records systems, with appropriate leadership skills and authority
  • Orientation and training of the clinical workforce in the organisation’s requirements for healthcare record documentation, including the safety and quality rationale for those requirements
  • Clearly documented accountabilities and terms of reference for the individual or committee responsible for governance of the healthcare records system
  • Accountability for healthcare record documentation in performance development processes for the clinical workforce
  • Position descriptions and statements of responsibility for all members of the workforce (clinical and non-clinical), which may explicitly define
    • the obligation of all members of the workforce to protect patient privacy and confidentiality
    • the link to the organisation’s performance management system
    • the consequences of intentional breach of the obligation
  • Policies, procedures and protocols addressing
    • standards and processes for managing healthcare records (including retention, digital and manual storage and transport systems, access at the point of care, emergency access to records when a patient is unable to consent, and record disposal requirements)
    • standards for documentation, with a focus on the information that should be recorded to enable monitoring of quality of care, contemporaneous recording of clinical information, and the availability of formal reports on investigations, including imaging and pathology tests
    • how changes to the healthcare record are authorised
    • standards and processes for establishing standalone clinical registries for quality or research purposes
    • the conduct of compliance audits
    • compliance with the relevant standards, and professional and legislative requirements in the relevant state or territory
  • Structures (for example, healthcare record committees) and processes to enable healthcare record risks and opportunities to be evaluated, and changes made to improve the standard of documentation
  • Physical or digital facilities for the reliable and secure management of patient healthcare records
  • Periodic audit and continuous improvement of the healthcare records system.

Review privacy and confidentiality

Information about an individual’s physical or mental health and wellbeing is both personal and sensitive, and there are many ethical, professional and legal restrictions on the way this information can be used.

People assume all communications with their clinicians are private, and the law reflects this expectation. The confidentiality or privacy of most health information is protected by statutory or common law requirements of confidentiality and privacy. However, the precise legislative requirements vary between states and territories.

Providing the appropriate physical infrastructure (for example, private interview rooms, patient status boards that are screened from public view) is not enough to ensure privacy and confidentiality. The culture and practices of the workforce are key to the appropriate protection of patient clinical information.

Consider the need to:

  • Explicitly recognise the sensitivity of patient clinical information, and the need to protect confidentiality and privacy
  • Recognise the role of patient consent in the use or disclosure of information for purposes other than direct provision of care
  • Explain to patients and carers how patient information is collected, used and disclosed, and the safeguards that apply
  • Develop and implement specific policies and procedures addressing the use of clinical information for clinical, educational, quality assurance and research purposes, including robust authorising procedures for any uses or disclosures outside the usual provision of care (including the development of clinical registries).

Audit the system

Periodically audit the design and performance of the healthcare records system to ensure system effectiveness. Structure the healthcare record to guide the clinical workforce to record important information relevant to the safety and quality of care. This will also assist organisations to audit compliance with relevant standards.

If more than one information system is used to capture patient clinical information, periodically review these systems to ensure that the processes for information capture are well designed, well resourced and working effectively (that is, the transfer of information is accurate, prompt, compatible and secure).

Examples of evidence

Select only examples currently in use:

  • Policy documents about healthcare record management, including access, storage, security, consent and sharing of patient information
  • Audit results of healthcare records for compliance with policies, procedures or protocols on healthcare records management, including access to healthcare records and sharing of information
  • Audit results of the accuracy, integration and currency of healthcare records
  • Observation that healthcare records are accessible at the point of patient care
  • Observation that computer access to electronic records is available to the clinical workforce in clinical areas
  • Committee and meeting records in which the governance of the health service organisation’s data and information technology (IT) systems is monitored or discussed
  • Code of conduct that includes privacy and confidentiality of consumer information
  • Signed workforce confidentiality agreements
  • Secure archival storage and disposal systems
  • Observation of secure storage systems in clinical areas
  • Observation that computers are password protected
  • Records of ethics approval for research activities that involve sharing patient information
  • Templates for issuing login and password details for electronic healthcare records systems
  • Audit results of the use of a unique identifier in the healthcare records management system
  • Training documents about the healthcare records management system
  • Systems in place that enable combining of multiple information systems.
Day Procedure Services

The governing body and managers should ensure that an effective system is in place for recording, communicating, using and securely storing patient clinical information. This is to provide safe, high-quality care to individual patients, and to enable relevant information to be extracted for quality assurance purposes.

Access to the healthcare record at the point of care facilitates recording of the patient’s status and changes to treatment. There may be two sets of records for patients receiving care in a day procedure service – one held by the clinician in their consulting rooms and one that is held by the day procedure service.

Review the healthcare records system

A number of standards, guidelines and policies apply to healthcare record documentation – for example, medical record–keeping requirements for good medical practice1 of the Medical Board of Australia, and state or territory health department standards for healthcare record documentation and data capture.4, 5

An effective healthcare records system should incorporate:

  • A workforce that is appropriately qualified and experienced in the management of healthcare records systems, with appropriate leadership skills and authority
  • Orientation and training of the clinical workforce in the organisation’s requirements for healthcare record documentation, including the safety and quality rationale for those requirements
  • Clearly documented accountabilities and terms of reference for the individual or committee responsible for governance of the healthcare records system
  • Accountability for healthcare records documentation in performance development processes for the clinical workforce
  • Policies, procedures and protocols addressing
    • standards and processes for managing healthcare records (including retention, digital healthcare and manual storage and transport systems, access at the point of care, emergency access to electronic records when a patient is unable to consent, and record disposal requirements)
    • standards for documentation, with a focus on the information that should be recorded to enable monitoring of quality of care, contemporaneous recording of clinical information, and the availability of formal reports on investigations, including imaging and pathology tests
    • how changes to the healthcare record are authorised
    • standards and processes for establishing standalone clinical registries for quality or research purposes
    • the conduct of compliance audits
    • compliance with the relevant standards, and professional and legislative requirements in the relevant state or territory
  • Structures (for example, healthcare record committees) and processes to enable healthcare record risks and opportunities to be evaluated, and changes made to improve the standard of documentation
  • Physical or digital facilities for the reliable and secure management of patient healthcare records
  • Periodic audit and continuous improvement of the healthcare records system.

Review privacy and confidentiality

Information about an individual’s physical or mental health and wellbeing is both personal and sensitive, and there are many ethical, professional and legal restrictions on the way this information can be used.

People assume that all communications with their clinicians are private, and the law reflects this expectation. The confidentiality or privacy of most health information is protected by statutory or common law requirements of confidentiality and privacy. However, the precise legislative requirements vary between states and territories.

Providing the appropriate physical infrastructure (for example, private interview rooms, patient status boards that are screened from public view) is not enough to ensure privacy and confidentiality. The culture and practices of the workforce are key to the appropriate protection of patient clinical information.

Consider the need to:

  • Explicitly recognise the sensitivity of patient clinical information, and the need to protect confidentiality and privacy
  • Recognise the role of patient consent in the use or disclosure of information for purposes other than direct provision of care
  • Explain to patients and carers how patient information is collected, used and disclosed, and the safeguards that apply
  • Develop and implement specific policies and procedures addressing the use of clinical information for clinical, educational, quality assurance and research purposes, including robust authorisation procedures for any uses or disclosures outside the usual provision of care (including the development of clinical registries).

Audit the system

Periodically audit the design and performance of the healthcare records system to ensure system effectiveness. Structure the healthcare record to guide the clinical workforce to record important information relevant to the safety and quality of care. This will also assist organisations to audit compliance with relevant standards.

If more than one information system is used to capture patient clinical information, periodically review these systems to ensure that the processes for information capture are well designed, well resourced and working effectively (that is, the transfer of information is accurate, prompt, compatible and secure).

Examples of evidence

Select only examples currently in use:

  • Policy documents about healthcare record management, including access, storage, security, consent and sharing of patient information
  • Audit results of healthcare records for compliance with policies, procedures or protocols on healthcare records management, including access to healthcare records and sharing of information
  • Audit results of the accuracy, integration and currency of healthcare records
  • Observation that healthcare records are accessible at the point of patient care
  • Observation that computer access to electronic records is available to the clinical workforce in clinical areas
  • Committee and meeting records in which the governance of the health service organisation’s data and information technology (IT) systems is monitored or discussed
  • Code of conduct that includes privacy and confidentiality of consumer information
  • Signed workforce confidentiality agreements
  • Secure archival storage and disposal systems
  • Observation of secure storage systems in clinical areas
  • Observation that computers are password protected
  • Records of ethics approval for research activities that involve sharing patient information
  • Templates for issuing login and password details for electronic healthcare records systems
  • Audit results of the use of a unique identifier in the healthcare records management system
  • Training documents about the healthcare records management system
  • Systems in place that enable combining of multiple information systems.
MPS & Small Hospitals

MPSs or small hospitals that are part of a local health network or private hospital group should adopt or adapt and use the established healthcare records management system.

Small hospitals that are not part of a local health network or private hospital group should develop or adapt an organisation-wide records management system that:

  • Ensures that healthcare records are available at the point of care
  • Has processes to maintain the confidentiality and privacy of patient information, including infrastructure, policies and workforce training for paper-based and digital healthcare records, and ensures they are consistent with the law and good practice
  • Ensures that the workforce is trained in the use and maintenance of healthcare records
  • Documents accountabilities and terms of reference for the individuals or groups responsible for governance of the healthcare records system
  • Periodically reviews the design of the healthcare record to ensure that it enables documentation of the relevant clinical elements and clinical audit
  • Ensures that systems are in place for data entry to clinical registries, when required
  • Periodically audits the performance of the healthcare records systems, and improves them as necessary
  • When multiple information systems are used to capture patient clinical information, periodically reviews the data systems to ensure that the processes for information capture are well designed, well resourced and working effectively.

Examples of evidence

Select only examples currently in use:

  • Policy documents about healthcare record management, including access, storage, security, consent and sharing of patient information
  • Audit results of healthcare records for compliance with policies, procedures or protocols on healthcare records management, including access to healthcare records and sharing of information
  • Audit results of the accuracy, integration and currency of healthcare records
  • Observation that healthcare records are accessible at the point of patient care
  • Observation that computer access to electronic records is available to the clinical workforce in clinical areas
  • Committee and meeting records in which the governance of the health service organisation’s data and information technology (IT) systems is monitored or discussed
  • Code of conduct that includes privacy and confidentiality of consumer information
  • Signed workforce confidentiality agreements
  • Secure archival storage and disposal systems
  • Observation of secure storage systems in clinical areas
  • Observation that computers are password protected
  • Records of ethics approval for research activities that involve sharing patient information
  • Templates for issuing login and password details for electronic healthcare records systems
  • Audit results of the use of a unique identifier in the healthcare records management system
  • Training documents about the healthcare records management system
  • Systems in place that enable combining of multiple information systems.

Action 1.17

The health service organisation works towards implementing systems that can provide clinical information into the My Health Record system that:

a. Are designed to optimise the safety and quality of health care for patients

b. Use national patient and provider identifiers

c. Use standard national terminologies

Intent

Health service organisations securely share a patient’s clinical information with authorised clinicians in other settings, including the My Health Record system.

Reflective questions

What processes are used to ensure that the health service organisation’s IT systems comply with the requirements of the My Health Record system?

How does the health service organisation ensure that the workforce is appropriately trained in the use of the My Health Record system, including the use of identifiers and terminology?

Key tasks

  • Use unique national identifiers for patients, clinicians and health service organisations in local information systems and in clinical documents loaded into the My Health Record system
  • Implement standard national terms such as the Australian Medicines Terminology (AMT) in healthcare records and clinical documents loaded into the My Health Record system.

Strategies for improvement

Hospitals

The My Health Record system allows secure collection, storage and exchange of health information between consumers and providers. It uses information from general practitioners, pharmacies, pathology laboratories, imaging services and hospitals to improve the safety and quality of care by supporting clinical handover and making clinical information accessible in different settings.

Health service organisations will have different levels of preparedness to provide clinical information to the My Health Record system. Implementation of this action may depend on the resources available and the organisation’s current healthcare records system.

For more information on My Health Record visit the Commission’s Safety in e-health web page.

Use unique national healthcare identifiers

Unique healthcare identifiers help ensure that individuals and clinicians are confident that the correct information is associated with the correct individual at the point of care.

The My Health Record system uses unique national identifiers for patients, clinicians and health service organisations to ensure secure access to healthcare records. Using national patient identifiers in local information systems can prevent duplication of records and minimise the chance of information being assigned to the wrong patient. It also allows correct identification of treating clinicians and health service organisations, enabling follow-up by other clinicians involved in the patient’s care.

Every Australian resident is allocated a unique 16-digit identifier called the Individual Healthcare Identifier (IHI).

The Australian Health Practitioner Regulation Agency issues unique national identifiers to the clinicians it registers.

Health service organisations that employ one or more clinicians can apply for an organisational identifier from the Healthcare Identifiers Service.

For more information, see Healthcare Identifiers Service – frequently asked questions.

Use standard national terminologies

Adopting standard terms such as AMT and SNOMED CT-AU ensures that clinical information captured in local information systems can be readily understood and used by other clinicians accessing this information. See the Australian Digital Health Agency website for more details.

Examples of evidence

Select only examples currently in use:

  • Healthcare records management system that uses Individual Healthcare Identifiers and standard national terminologies
  • Policy documents about the healthcare records management system
  • Audit results of compliance with policies, protocols or procedures for accessing healthcare records and sharing information
  • Audit results of the use of unique identifiers to link the paper healthcare record to the electronic healthcare record
  • Committee and meeting records in which the governance of the health service organisation’s data and IT systems is monitored or discussed, including validation and protection of data
  • Training documents on the use of the My Health Record system
  • Observation that data and records are kept secure and safe in both soft and hard copies
  • Observation that systems are in place to provide IT infrastructure and support to the workforce using national standard secure messaging to generate national standard e-referral discharge summaries or event summaries
  • Examples of electronic correspondence or referrals that use secure messaging.
Day Procedure Services

The My Health Record system allows secure collection, storage and exchange of health information between consumers and providers. It uses information from general practitioners, pharmacies, pathology laboratories, imaging services and hospitals to improve the safety and quality of care by supporting clinical handover and making clinical information accessible in different settings.

Health service organisations will have different levels of preparedness to provide clinical information to the My Health Record system. Implementation of this action may depend on the resources available and the organisation’s current healthcare records system.

For more information on My Health Record visit the Commission’s Safety in e-health web page.

Use unique national healthcare identifiers

Unique healthcare identifiers help ensure that individuals and providers are confident that the correct information is associated with the correct individual at the point of care.

The My Health Record system uses unique national identifiers for patients, clinicians and health service organisations to ensure secure access to healthcare records. Use of national patient identifiers in local systems can prevent duplication of records and minimise the chance of information being assigned to the wrong patient. It also allows correct identification of treating clinicians and health service organisations, enabling follow-up by other healthcare providers involved in the patient’s care.

Every Australian resident is allocated a unique 16-digit identifier called the Individual Healthcare Identifier (IHI).

The Australian Health Practitioner Regulation Agency issues unique national identifiers to the clinicians it registers.

Health service organisations that employ one or more clinicians can apply for an organisational identifier from the Healthcare Identifiers Service.

For more information, see Healthcare Identifiers Service – frequently asked questions.

Use standard national terminologies

Adopting standard terms such as AMT and SNOMED CT-AU ensures that clinical information captured in local systems can be readily understood and used by other clinicians accessing this information. See the Australian Digital Health Agency website for more details.

Examples of evidence

Select only examples currently in use:

  • Healthcare records management system that uses IHIs and standard national terminologies
  • Policy documents about the healthcare records management system
  • Audit results of compliance with policies, protocols or procedures for accessing healthcare records and sharing information
  • Audit results of the use of unique identifiers to link the paper healthcare record to the electronic healthcare record
  • Committee and meeting records in which the governance of the health service organisation’s data and IT systems is monitored or discussed, including validation and protection of data
  • Training documents on the use of the My Health Record system
  • Observation that data and records are kept secure and safe in both soft and hard copies
  • Observation that systems are in place to provide IT infrastructure and support to the workforce using national standard secure messaging to generate national standard e-referral discharge summaries or event summaries
  • Examples of electronic correspondence or referrals that use secure messaging.
MPS & Small Hospitals

The My Health Record system allows the secure collection, storage and exchange of health information between consumers and providers. It uses information from general practitioners, pharmacies, pathology laboratories, imaging services and hospitals to improve the safety and quality of care by supporting clinical handover and making clinical information accessible in different settings.

The My Health Record system uses unique national identifiers for patients, clinicians and health service organisations to ensure secure access to healthcare records. Use of national patient identifiers in local systems can prevent duplication of records and minimise the chance of information being assigned to the wrong patient. It also allows correct identification of treating clinicians and health service organisations, enabling follow-up by other clinicians involved in the patient’s care. For more information, see Healthcare Identifiers Service – frequently asked questions.

Adopting standard terms such as Australian Medicines Terminology (AMT) and SNOMED CT-AU ensures that clinical information captured in local systems can be readily understood and used by other clinicians accessing this information. See the Australian Digital Health Agency website for more details.

MPSs or small hospitals that are part of a local health network or private hospital group should implement and use the established processes for My Health Record locally.

Small hospitals that are not part of a local health network or private hospital group, and that are implementing the My Health Record system, should ensure that policies and processes:

  • Use unique national identifiers for patients, clinicians and health service organisations in local systems, and in clinical documents loaded into the My Health Record system
  • Use standard national terms such as the AMT in healthcare records and clinical documents loaded into the My Health Record system.

Health service organisations will have different levels of preparedness to provide clinical information into the My Health Record system. Implementation of this action may depend on the resources available and the organisation’s current healthcare records system.

For more information on My Health Record visit the Commission’s Safety in e-health web page.

Examples of evidence

Select only examples currently in use:

  • Healthcare records management system that uses Individual Healthcare Identifiers and standard national terminologies
  • Policy documents about the healthcare records management system
  • Audit results of compliance with policies, protocols or procedures for accessing healthcare records and sharing information
  • Audit results of the use of unique identifiers to link the paper healthcare record to the electronic healthcare record
  • Committee and meeting records in which the governance of the health service organisation’s data and IT systems is monitored or discussed, including validation and protection of data
  • Training documents on the use of the My Health Record system
  • Observation that data and records are kept secure and safe in both soft and hard copies
  • Observation that systems are in place to provide IT infrastructure and support to the workforce using national standard secure messaging to generate national standard e-referral discharge summaries or event summaries
  • Examples of electronic correspondence or referrals that use secure messaging.

Action 1.18

The health service organisation providing clinical information into the My Health Record system has processes that:

a. Describe access to the system by the workforce, to comply with legislative requirements

b. Maintain the accuracy and completeness of the clinical information the organisation uploads into the system

Intent

Clinical information held in the My Health Record system is accurate, complete and accessible by authorised clinicians.

Reflective questions

How does the health service organisation manage the policy implications and risks associated with introducing the My Health Record system?

How does the health service organisation check the accuracy and completeness of clinical information in the My Health Record system?

Key tasks

  • Develop, maintain and regularly review organisational policies for using the My Health Record system, to ensure that access follows the requirements of the My Health Records Act 2012
  • Take reasonable steps to ensure that clinical documents provided to the My Health Record system are accurate at the time of loading, and that any amendments made to these clinical documents are also loaded into the system.

Strategies for improvement

Hospitals

Health service organisations that use, or load documents into, the My Health Record system are required to develop and maintain a My Health Record system policy that outlines the:

  • Process for authorising clinicians to use the system, and for deactivating accounts of those who no longer need access
  • Training to be provided to the workforce on the professional and legal obligations in using the system
  • Physical and technical security measures to control access to the system
  • Identification and management of system-related security risks to be escalated to the executive.

Implementing these strategies would be considered reasonable steps to ensure the accuracy of the records uploaded. Regularly review this policy to ensure that it is up to date and in line with any changes to the My Health Records Act.

The Act also requires that health service organisations take reasonable steps to ensure that clinical documents provided to the My Health Record system are accurate at the time of loading. If a clinical document on the My Health Record system contains incorrect information, the organisation should remove the incorrect version as soon as practically possible.

A clinical document may be subsequently amended or updated. This can occur, for example, when diagnostic test results are provided and the discharge summary is reissued with these results added. In such cases, the corrected version should be loaded into the My Health Record system.

Conduct periodic audits to ensure that:

  • Clinicians loading information into, or amending information in, the My Health Record system do so following the organisation’s policies, procedures and protocols
  • Access to data and records complies with legislative requirements.

Examples of evidence

Select only examples currently in use:

  • Audit results of compliance with policies, procedures or protocols about healthcare records management
  • Audit results of completeness and integration of healthcare records systems.

See the Australian Digital Health Agency website for information on how to register with the My Health Record system.

Day Procedure Services

Health service organisations that use, or load documents into, the My Health Record system are required to develop and maintain a My Health Record system policy that outlines the:

  • Process for authorising clinicians to use the system, and for deactivating accounts of those who no longer require access
  • Training to be provided to the workforce on their professional and legal obligations in using the system
  • Physical and technical security measures to control access to the system
  • Identification and management of system-related security risks to be escalated to the executive.

Regularly review this policy to ensure that it is up to date and in line with any changes to the My Health Records Act.

The My Health Records Act requires that health service organisations take reasonable steps to ensure that clinical documents provided to the My Health Record system are accurate at the time of loading. If a clinical document on the My Health Record system contains incorrect information, the organisation should remove the incorrect version as soon as practically possible.

A clinical document may be subsequently amended or updated. This can occur, for example, when diagnostic test results are provided and the discharge summary is reissued with these results added. In such cases, the corrected version should be loaded into the My Health Record system.

Conduct periodic audits to ensure that:

  • Clinicians loading documents into, or amending information in, the My Health Record system do so following the organisation’s policies, procedures and protocols
  • Access to data and records complies with legislative requirements.

Implementing the strategies above would be considered a reasonable step towards ensuring the accuracy of the records uploaded.

See the Australian Digital Health Agency website for information on how to register with the My Health Record system.

Examples of evidence

Select only examples currently in use:

  • Audit results of compliance with policies, procedures or protocols about healthcare records management
  • Audit results of completeness and integration of healthcare records systems.
MPS & Small Hospitals

MPSs or small hospitals that are part of a local health network or private hospital group and use My Health Record should use the established system for entering clinical information locally.

Small hospitals that are not part of a local health network or private hospital group and use My Health Record should ensure that:

  • Policies and processes for accessing the My Health Record system are developed, maintained and regularly reviewed to ensure that access is in accordance with requirements under the My Health Records Act 2012
  • Steps are taken to ensure that clinical documents provided to the My Health Record system are accurate at the time of loading, and that any amendments made to these clinical documents are also loaded into the system.

Health service organisations that have access to, or load documents into, the My Health Record system are required to develop and maintain a My Health Record system policy that outlines the:

  • Process for authorising clinicians to use the system, and for deactivating accounts of those who no longer need access
  • Training to be provided to the workforce on their professional and legal obligations in using the system
  • Physical and technical security measures to control access to the system
  • Identification and management of system-related security risks to be escalated to the executive.

Examples of evidence

Select only examples currently in use:

  • Audit results of compliance with policies, procedures or protocols about healthcare records management
  • Audit results of completeness and integration of healthcare records systems.

See the Australian Digital Health Agency website for information on how to register with the My Health Record system.

Last updated 21st June, 2018 at 10:35pm
BACK TO TOP
References

Medical Board of Australia. Good medical practice: a code of conduct for doctors in Australia. Melbourne: Medical Board of Australia; 2014.

NSW Ministry of Health. Policy directive [PD2012_069]. Health care records – documentation and management. Sydney: NSW Ministry of Health; 2012.

South Australia Department of Human Services. South Australian medical record documentation and data standards. South Australia Department of Human Services; 2000.

NSW Ministry of Health. Records – principles for creation, management, storage and disposal of health care records. Sydney: NSW Ministry of Health; 2005.

SA Health. Medical record documentation and data standards. Adelaide: SA Health; 2000.