About Us
General Practitioners Committee
Excerpted from "Good practice guidelines for general practice electronic patient records
(version 3)"
|
|
|
2.4.3 Legal characteristics
For the most part the principles of behaviour that underpin legal and professional aspects of medical record keeping are similar for paper records and EPRs, there are significant differences in the effects of the law on principles of good practice for computerised records compared to paper records; • Medical confidentiality There is no English statute law that expressly asserts the obligations, commonly referred to as medical confidentiality. Information held in confidence is protected legally by the Data Protection Act (DPA) 1998 and professionally by the GMC3. • Access to records Access to electronic and paper records are covered by the Data Protection Act 1998 (see chapter 3 of these guidelines). GMC Confidentiality: protecting and providing information • Medico-legal There are two aspects of the law as it affects medico-legal characteristics of records that provide for significant differences between paper and computerised records. The first of these relates to the ease with which medical records can be altered without that being obvious. The Civil Evidence Acts contain a provision to prevent any such alteration of a record from tainting the evidence that might be presented to a court. The second issue relates to the question of the whereabouts of the true account of events for any case at issue. For a paper record this is usually obvious, however it is much less clear for electronic records and current law does not help in this regard. These issues will be considered further and developed in the information governance chapter below. 2.4.4 Security characteristics There are several aspects of security that particularly relate to electronic records. Within this document, we use the elements of computer security as defined in the Open Systems Interconnection Model (of the International Standards Organisation). The baseline security standard for the NHS is BS7799. Aspects of security that need particular consideration in relation to electronic records are: • Availability The property of being accessible and useable upon demand by an authorised entity. Paper records are available if they are physically present. The availability of EPRs is more complex and does not depend upon their physical location, and they are more difficult to lose, destroy or alter. • Integrity The property that data has not been altered or destroyed in an unauthorised manner. There are specific requirements for EPRs to ensure their integrity, including an audit trail of data entry and modification as well is the physical security of the record • Accountability The property that ensures that the actions of an entity can be traced. For a paper record this amounts to a signature. In EPRs, this includes access logs, authentication and audit trails. • Confidentiality The property that information is not made available or disclosed to unauthorised individuals, entities or processes. Medical confidentiality should not be compromised by the type of record system used. This means that EPR systems should include access control measures, physical security and privacy of systems, and secure communication between systems. The legal and security characteristics of EPRs are considered in greater depth in Chapter 3 of these guidelines. |
|