The College of Physicians and Surgeons of Ontario (CPSO) writes regarding ‘Clarity and Legibility’:

The regulation requires that medical records be legible¹. Furthermore, the College expects that the records can be interpreted by the average health care professional. If there is difficulty with the legibility of the records, an alternate means of note taking should be considered (e.g., voice dictation, electronic medical records, or handwriting recognition software)².

Using conventional medical short forms is permissible. However, the meaning should be readily available to a health care professional reading the record.

There is also the requirement of communicating appropriately with other health care providers.  The CPSO notes:

The need for good communication also applies between health professionals. Multidisciplinary care is a fact of life in our health care system and the medical record serves as the conduit of information shared between health care providers. Continuity of care can only be preserved if the flow of information remains uninterrupted and intact³.

The CPSO provides a tool for the self-evaluation of proper documentation of your medical records, which is part of the protocol of their peer assessment activities.   Complete information regarding this self-evaluation tool Appendix B:  Self-Evaluation:  Assess Your Own Medical Records) for Ontario Physicians may be viewed at http://www.cpso.on.ca/policies/policies/default.aspx?ID=1686⁴.  It’s a way of identifying areas of strengths and weaknesses in a physician’s practice.

If you find discrepancies in the way you are currently documenting your patient records, including their legibility, consider one of the alternative ways of note taking as recommended by the CPSO, including dictating your patient notes and having them transcribed by a medical transcription agency or provider.

One way to ensure that you are keeping adequate medical records is to dictate your reports in a timely fashion (after each patient visit or daily) and have them transcribed, either in-house or by a medical transcription agency.  The medical records will be legible and will help to facilitate good communications with other health care providers.

¹ O. Reg. 114/94 section 18(3): “The records required by regulation shall be, (a) legibly written or typewritten or made and kept in accordance with section 20….” (i.e., electronically).

² Reference:  http://www.cpso.on.ca/policies/policies/default.aspx?ID=1686 Dec 2010

³ Reference:  http://www.cpso.on.ca/policies/policies/default.aspx?ID=1686 Dec 2010

⁴ “Appendix B:  Self-Evaluation:  Assess Your Own Medical Records” for Ontario Physicians may be viewed at http://www.cpso.on.ca/policies/policies/default.aspx?ID=1686

Check our medical transcription dictation tips next month to learn more.

Please note:  Most information is excerpted from the Office of the Privacy Commission of Canada’s web site.  For more information, please go to www.priv.gc.ca.

1. What is PIPEDA?
   PIPEDA stands for “Personal Information Protection and Electronic Documents Act”.  PIPEDA is Canada’s private sector privacy law.
2. When did PIPEDA impact the health care sector?
   PIPEDA came into effect in three stages, beginning in January 2001.  January 1, 2002, the Act extended to personal health information for the organizations and activities covered in the first stage. Personal health information is defined as information about an individual’s mental or physical health, including information concerning health services provided and information about tests and examinations.  PIPEDA entered its third and final stage of full implementation in January 2004, and now covers all personal information of customers that is collected, used, or disclosed in the course of commercial activities by private sector organizations, except in provinces which have enacted legislation deemed to be substantially similar to the federal law.
3. How does PIPEDA impact on how I can send patient identifable information?
   Mail is the most secure way of sending information.  Many physician offices rely on faxing information, especially between family physicians and specialists office. For more information on best practises for sending faxes, go to http://www.priv.gc.ca/fs-fi/02_05_d_04_e.cfm
4. How secure is email?
   Email is not a secure way of sending patient identifiable information.  An excerpt from Fact Sheet:  Protecting Your Privacy on the Internet, reads, ‘Most of us have strong expectations of privacy when sending email, but the reality is that sending an email message is like sending a postcard. It is not technically difficult for a copy to be made in transmission. And once you send an email, you have lost control over it and its contents. In this world of electronic networks and instantaneous communications, your “personal” message can be forwarded to a public forum for the entire world see with the click of a mouse. Whether in the public domain or not, email messages are often permanently archived and subject to indexed search and retrieval. Perhaps one of the most serious privacy violations occurs when someone else obtains your username and password to your email account. With this information, your incoming mail can be downloaded and read by others for years, without you ever knowing.’ (for the complete “Fact Sheet:  Protecting Your Privacy on the Internet”, go to http://www.priv.gc.ca/fs-fi/02_05_d_13_e.cfm#003).  If you choose to use email, at least password protect your documents as attachments. 

   For more information on PIPEDA and the Health Care sector, visit http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/gv00235.html

5. What are PIPEDA’s key principles
   The 10 key principles of PIPEDA are listed below. Organizations are accountable for the protection of personal health information under their control. 
   1. Organizations are accountable for the protection of personal health information under their control.
   2. The purposes for which the personal information is being collected must be identified during or prior to the collection.
   3. Information must be collected with the knowledge and consent of the individual and for a reasonable purpose.
   4. The collection of personal information is to be limited to what is necessary for the identified purposes and will be collected by fair and lawful means.
   5. Information can only be used and disclosed for the purpose for which it was collected and will be retained only as long as it is necessary to fulfil the purpose.
   6. Information must be as accurate, complete and up-to-date as possible.
   7. Information must be protected by adequate safeguards.
   8. Information about an organization’s privacy policies and practices is to be readily available.
   9. Information must be accessible for review and correction by the individual whose personal information it is, and;
   10. Organizations are to provide the means to an individual to challenge an organization’s compliance of the above principles.

   For a more complete discussion on this, go to http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/gv00473.html

   * Organizations include associations, partnerships, trade unions, agencies, and institutions. It also includes health care providers in private practice.

6. What is required to comply with the security standards set out in PIPEDA?
   Organizations should assess their current security practices.  As necessary, security provisions include: 
   • Developing and implementing a security policy to protect personal health information. The effort and resources to accomplish this exercise will vary substantially according the size and type of organization. For a sole practitioner’s office, this could simply be a short documentation of how the information is safeguarded such as:
     • physical measures (locked filing cabinets, restricting access to offices, alarm systems)
     • technological tools (passwords, encryption, firewalls, anonymizing software)
     • organizational controls (security clearances, limiting access on a “need-to-know” basis, staff training, confidentiality agreements)
   • Making employees aware of the importance of maintaining the security and confidentiality of personal information by holding regular staff training on safeguards.
   • Reviewing and updating security measures regularly.

   More information is also available from the Canadian Medical Association on Health Information Privacy Code, at http://www.cma.ca/index.cfm/ci_id/3216/la_id/1.htm#prin8

For information on 2Ascribe Inc.’s medical transcription privacy information please visit our Privacy Policy and our Notice of Privacy Practices documents.

Check our medical transcription dictation tips next month to learn about the benefits of outsourcing your medical transcription.