Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information security & record keeeping (OA Webinar - Clinical record…
Information security & record keeeping
OA Webinar "How to keep your patient info secure", by Joel Friedlaender (cliniko CEO)
Passwords
Choose ones that people wont guess
Don't write down your password
Good passwords are small phrases that are long
Have a different password for each service
Consider a password manager
2 factor authentication
Encryption - bitlocker
Enable HTTPS if it's an option - never enter personal info onto a website that is NOT HTTPS
Storage of files
#
Paper
Risk of theft & damage
Digital
ensure physical security, e.g. from people stealing computer
Do comp security updates regularly
Have good anti-virus software & firewall enabled
Secure external access, e.g. VPN (network)
Hosted practice management software
Good passwords
Control access - don't allow everyone full access
Avoid shared accounts
Be able to export pt info
Backing up data
Do backups regularly - once per week an external backup
Check that the backups work
Make sure the backup is encrypted
Make sure it's physically safe from theft (inside a safe) & one offsite
Hosted practice management software doesn't need backing up
OA Webinar - Clinical record keeping, by Brian Nicholls
Audit trends
They're increasing
Generally due to errors in billing which leads to an audit for billing and clinical records
Other issues:
Injuries from ttt
Sexual miisconduct
Incorrect billing
There is a direct correlation with consult times and record keeping quality - shorter consults = poorer record keeping
Increased issues with newer practitioners - they learn bad habits from other more experienced practitioners
Storage, maintenance and transmission of pt info
Every page must be named and preferably numbered
Legally, records must be completed on the day of the treatment. Records completed at a later date are "alterations"
Don't use cloud storage
Records need to be kept for 7 years after the last consult. Records of minors need to be kept until they're 25 YO
Consent issues
Legally, consent is only achieved after examination, dx & ttt plan discussion are done with patient in person
Pre-consent forms aren't valid
Need to document in some form that patients have consented
When consent is needed
After initial ttt
Change in ttt plan, e.g. ttt with higher risk - DN, cx HVLA
ttt of sensitive areas, e.g. buttocks, groin, chest
Adjunctive therapies, e.g. DN or exercise prescription
New complaint - only relevant if deemed that there's new risks, e.g. a more complicated complaint that might need further studies
5 step process for obtaining consent
inform pt of dx, examination and ttt plan
inform pt of risks - as far as they're known
give the pt an opportunity to have their questions answered
obtain explicity/specific consent
document consent
Record keeping
What's a standard to be legally defendable?
Need to run through a proper medical hx for your diagnosis to have legal value
Dx needs associated ssx's
Onset & progression, SQIRTN, thorough past med hx
Inadequate PMH is found in most audits & legal proceedings