Regardless of the type of storage system (electronic or paper-based), it is important to observe best practices regarding the safety and security of client (and related) records.
Members are expected to make all reasonable efforts to ensure that the privacy of the client record is protected during the transmission or disclosure of information.
Whether recording or maintaining client information electronically or on paper, the record-keeping system should provide the ability to view or print client data in a manner that supports chronology. Similarly, to enable the reader to see when a modification was made, and by whom, modifications to the record are to be dated and signed/initialled (whether by hand or electronically). The original entry must not be overridden or erased.
When placing information in a central filing or record system, members must take steps to ensure the information is not misused by those authorized to access the system, and must take reasonable measures to ensure that unauthorized persons do not gain access to the files.
Electronic record-keeping systems
Electronic record-keeping systems must provide protection against unauthorized access. The system must have user ID and password protection with mechanisms to prevent unauthorized alterations to documents (e.g. locking of documents, read-only access, firewalls, encryption). The system must also automatically back up files at reasonable intervals and must allow for recovery of backed-up files. The system must be reliable and provide reasonable protection against information loss, damage to information and inaccessibility. As well, an alternate process for record-keeping must be ready in case the electronic system is unavailable.
Electronic systems should enable the member to:
- record date and time of entries for each client;
- show the identity of the author of each entry;
- capture changes to the record, including who made the change and the reason the change was made;
- preserve the original information in the record when the record is changed or updated; and
- record when data is exchanged with other systems.
Members make all reasonable efforts to ensure that client records are securely stored and protected from loss, tampering or unauthorized use or access. Similarly, they make reasonable efforts to ensure that the privacy of the client record is protected during any authorized transmission or disclosure of information.
The Standard: Record-keeping – Storage, Security and Retrieval
Demonstrating the Standard
A member demonstrates compliance with the standard by, for example:
- ensuring the original record is retained by the member or the organization where the member works;
- providing only copies to others unless legally compelled to provide the original record. If the transfer of the original record is required, the member shall make all reasonable efforts to retain a legible copy;
- organizing records in a logical and systematic fashion to facilitate retrieval and use of the information;
- completing documentation in a timely manner appropriate to the setting;
- ensuring that every page of the record has a reference identifying the client (e.g. full name and date of birth, or unique identifier), as required; and ensuring that every entry in the record is dated and attested to, and the identity of the person who made the entry is recorded;
- maintaining records in such a way as to support an audit trail;
- where client information is held separately from the client’s main clinical record, placing a notation in the record indicating the nature and location of the separate information;
- ensuring that modifications in the completed record are dated and signed/initialled by the member who originally entered them without obscuring the original entry; using addenda to modify or correct the clinical record, as necessary, without removing or obscuring the original information, and sending copies of any addendum to recipients of the original document.
Professional Misconduct Regulation, provision 25
Note: College publications containing practice standards, guidelines or directives should be considered by all members
in the care of their clients and in the practice of the profession. College publications are developed in consultation with
the profession and describe current professional expectations. It is important to note that these College publications
may be used by the College or other bodies in determining whether appropriate standards of practice and professional
responsibilities have been maintained.