PRESCRIBED REGULATORY EDUCATION PROGRAM: RECORD KEEPING

PRESCRIBED REGULATORY EDUCATION PROGRAM: RECORD KEEPING

SECTION 1: INTRODUCTION 1 Learning objectives 2 An overview of this module 2 SECTION 2: THE RESPONSIBILITIES OF RECORD KEEPING 2 Understanding your role 2 Maintaining single comprehensive record 3 Client access to records 4 Denying client access to records 4 Releasing records without client consent 4 Accountability 5 Attestation: What s in a name? 5 Modifying and correcting records 6 Charting by exception 6 Obligations for maintaining client records when in a non-clinical role 6 Applying the Standards for Record Keeping in research 7 SECTION 3: THE CONTENT OF A RECORD 7 Recording professional encounters 8 The referral 8 Consent 9 Assessment 10 Raw data 10 Subjective and objective data 10 Goals and recommendations 11 Controlled acts 11 Progress notes 11 The discharge note 12 Administrative issues 12 SECTION 4: THE CONFIDENTIALITY AND SECURITY OF RECORDS 12 Electronic records 13 Passwords 13 Email communication 14 Facsimile transmissions 14 SECTION 5: THE RETENTION OF RECORDS 14 Registrant resignation 15 SECTION 6: SCENARIOS 16 Appendices A: References 21 B: Defining a Health Information Custodian 22 C: Disclosing Personal Health Information 23 D: Defining Email Encryption 24 E: Record Keeping Practice Scenario Answers 24 F: Record Keeping Checklist 30 G: Reflection Page 35

JANUARY 2011 PREP MODULE: RECORD KEEPING Store your PREP Module and one copy of the Practice Scenarios in section 3B of your Professional Portfolio SECTION 1: INTRODUCTION Record keeping is an integral and mandatory part of an occupational therapist s (OTs) practice. It demonstrates professional accountability, is a medical and legal requirement, and serves as a communication tool. As an official record of events, decisions, assessments, interventions and plans, the client record is a legal document and source of evidence. It encompasses the continuum of care from receipt of the referral, through the discussion on consent for assessment, to recommendations and treatment decisions, anticipated outcomes and termination of care. The record reflects the OTs professional analysis and/or opinion(s), interventions and recommendations. It demonstrates compliance with the standards of the profession, as well as other standards, laws and ethical considerations. Maintaining accurate records serves several purposes; clear and concise documentation demonstrates who did what, why and when. While legal accountability is an important reason to ensure comprehensive records, communication is even more important. A record communicates aspects of the client s perspective on his or her health, the process of care, as well as details the client s response to occupational therapy services. Communication through record keeping supports safe and ethical practice across the continuum of care. Many Registrants have asked the College of Occupational Therapists of Ontario (the College) about record keeping and documentation. Registrants consulted on inter-professional documentation and team notes, what must be in a client record, and the College s perspective on storing client information on electronic devices. Registrants have also asked whether OTs can communicate with their clients via email. To answer these questions and define the minimum expectations of the profession, the College published the Standards for Recording Keeping (COTO, 2008). This PREP module does not replace the need to read the standards; rather, it helps the OT interpret the standards, answers everyday practice questions and offers best practice suggestions. It also clarifies the minimum expectations and provides examples of how the standards can be applied. When completing this module, consider that the OT must determine best practices in the context of his or her situation. To meet the needs of clients and the practice setting, the OT may need to exceed the minimum expectations outlined in the College s Standards for Record Keeping (COTO, 2008). 1

RECORD KEEPING An OT practising in a predominantly non-clinical role, such as a research role or as a manager needs to consider how applicable legislation, regulations and practice setting policies apply to his or her role. It is the responsibility of the OT to consider College expectations and comply with the record keeping standards. This PREP module provides information on record keeping for OTs practising in various roles. Learning objectives By completing this module, you will be able to demonstrate an understanding of: 1. the purpose of record keeping and documentation; 2. how to manage client records in accordance with all applicable regulations and the standards of practice for occupational therapy; 3. the essential content to be documented and the supplementary information that may also comprise the client record; and 4. the professional responsibilities associated with using electronic devices to store and transmit personal health information. An overview of this module This section outlines the purpose and importance of accurate record keeping. Section 2 emphasizes the client record as one entity. It focuses on professional accountability and includes a discussion of the record keeping obligations of OTs practising in a non-clinical role. Section 3 highlights the requirement to document the components of occupational therapy service, from referral to discharge. Section 4 focuses on the proper use and security of electronic devices, including laptop computers, memory devices and smartphones. It specifies what measures need to be taken to ensure that clients personal health information is secure from unauthorized access, loss or theft. It outlines the minimum expectations and provides case examples from the Information and Privacy Commissioner of Ontario. Section 5 outlines the OT s legal requirement to retain client records. Section 6 provides scenarios that promote self-reflection and conscious decision-making. Completing the scenarios will further your understanding of self-regulation and the Standards For Record Keeping (COTO, 2008). This is also a Quality Assurance (QA) College requirement. SECTION 2: THE RESPONSIBILTIES OF RECORD KEEPING The information in the record provides a comprehensive picture of all occupational therapy services that the client has received. The record retrospectively captures the assessment, goals, professional analyses and opinions, interventions and recommendations to the point of discharge. The OT is responsible for the content of the occupational therapy service components in the clinical record. Understanding your role It is an expectation that the OT clearly understands his or her professional role and responsibilities to retain and provide access to client records within the context of his or her practice and in compliance with the Personal Health Information Protection Act (2004) S.O. 2004, c. 3, Sched A (PHIPA). 2

To fulfill this expectation, the OT must be able to determine if he or she is acting as a Health Information Custodian (HIC) or as an Agent. An HIC is an individual or organization listed in PHIPA that, as a result of his, her or its power or duties, has custody or control of personal health information. Examples of HICs include hospitals, community care access centres, rehabilitation centres or sole practitioners. For more information, refer to Appendix B: Defining a Health Information Custodian on page 22. An Agent is an individual authorized to act on behalf of an HIC. An OT who is employed by or volunteers with an HIC and consequently has access to personal health information is an Agent. Scenario An OT subcontracting to a private company, ABC Rehab (the HIC), completes an in-home assessment as requested by the insurance company (the third-party payer). She completes the report on her home computer. The OT then sends the final attested report to ABC Rehab, which distributes it to the appropriate parties. The OT maintains a copy of the report on her computer. She files the rough notes that she made during the assessment in a cabinet by her computer. It is essential that the OT determine if she is the HIC or the Agent in this situation, and accordingly considers the necessity of retaining the report. ABC Rehab is usually considered the HIC, and therefore is responsible for retaining and maintaining the record. By keeping a copy of the report on her computer, the OT puts the client s personal health information at risk for a breach in confidentiality. If it has been determined that the OT will not be the HIC, and if the OT feels that the rough notes provide additional relevant information that is not captured in the report, she should forward the notes to the HIC to be kept as part of the record. If she feels that all of the information is captured in the report, she needs to shred the hard copies and securely destroy the computer file. Should the OT receive a request for the release of the clinical record, she can forward it to the HIC. The HIC, after obtaining client consent, would administer the release of the record. Maintaining one comprehensive record The College encourages HICs to maintain a single client record. However, there are situations in which one record is impractical. For example, in the community it may be necessary for an OT to maintain a working file that is separate from the main record. It is important that the OT limits the amount of personal health information in the working file, follows all of the standards in the file, and merges the file with the main record as frequently as possible and on client discharge. The OT is responsible for ensuring that the HIC is aware of the working file. Scenario Several months following the death of a client, the hospital s risk management team requests the client s clinical record from the health records department. It is in question whether the client s death was related to the non-use of a chest strap applied to the wheelchair. The team finds that the documentation related to occupational therapy services is limited. The OT, when asked about the record, explains that she had maintained a parallel chart that documented all occupational therapy services. The parallel chart included recommendations to wear the chest strap at all times. On discharge of the client, the OT failed to forward her documentation to the health records department and there was no documentation in the main chart to indicate the existence of the parallel documentation. 3

RECORD KEEPING What risks are associated with maintaining a parallel chart? In the situation described, it was in question what role the OT played with respect to recommending the chest strap. The documentation in the main chart regarding the OT s involvement was unclear and accountability was lacking. If a parallel chart is necessary for operational purposes, what are the implications for the health records department? The health records department manages all of the hospital s requests for access to client records. In this situation, the department was unaware of the OT s parallel chart. This information could support the OT s involvement as it relates to the use of the chest strap. If a parallel chart is maintained, it is important to have a clear policy on when and how to merge the documentation. Client access to records While the HIC maintains the records, the client has the right to access his or her record or request a copy. Under PHIPA, the information contained in the record belongs to the client, and HICs are responsible for keeping the record secure. Section 13.1 in the Act states that, the HIC shall ensure that records of personal health information that it has in its custody or under its control are retained, transferred and disposed of in a secure manner and in accordance with the prescribed requirement. The precedent-setting case for access to a personal health record provides the foundation for this premise. The Supreme Court of Canada considered whether a client s medical record prepared by a physician was the property of the physician or the client. The court ruled that, In the absence of regulatory legislation, the patient is entitled, upon request, to inspect and copy all information in the patient s medical file which the physician considers in administering advice or treatment, including records prepared by other doctors that the physician may have received, McInerney v MacDonald, [1992] 2 S.C.R. 138, 1992 CanLII 57 (S.C.C.) at http://www.canlii.org. The HIC may ask that a request for a record be made in writing, take up to 30 days to respond to a request and charge a reasonable fee. For additional information on the disclosure of client information, refer to Appendix C: Disclosing Personal Health Information on page 23. Denying client access to records In some situations, the client may be denied access to the record. For example, access may be denied if it could result in serious harm to the client or to the client s recovery, or could result in serious harm to the OT or another person. Releasing records without client consent The HIC may release a client record without consent if directed by the court. It is important to realize though, that the receipt of a court summons does not fulfill this condition. A court summons directs the OT to appear in court with the record, but does not instruct the OT to release it. There are other special circumstances in which personal health information can be released without client consent. For example, to the College, where there could be a significant risk of serious bodily harm. Refer to the Information and Privacy Commissioner of Ontario s fact sheet Disclosure of Information Permitted in Emergency or Other Urgent Circumstances online: Office of the Information and Privacy Commissioner/Ontario http://www.ipc.on.ca/images/resources/fact-07-e.pdf. 4

Accountability Record keeping demonstrates individual accountability. The OT is responsible for the completeness and accuracy of the portion of the client record that reflects the occupational therapy services. If well managed, an integrated delivery of health care service offers the client many benefits. When providing service as an integrated team, it is important that the client understands who is responsible for what. It is also important that the OT remains accountable for the OT services provided. When working as part of an inter-professional team, other practitioners may contribute to a client report. When documenting in this manner, it is important to be clear about to which clinical content the OT has contributed. The OT is responsible for clearly delineating the parts of the record for which he or she is responsible. When two OTs contribute to the same record, both OTs must sign it. The record should clearly indicate the author of each entry and who rendered the services. Scenario A recorder writes an inter-professional team note following a meeting. He indicates the assessment data and recommendations for each discipline, as discussed during the meeting. The recorder then circulates the note to the team members and asks them to review and sign it at the bottom. If every discipline signed the bottom of the report, how would individual accountability be identified? Does the OT s signature indicate that he or she agrees with all of the recommendations or only the notation related to occupational therapy? Signing the report without identifying the portion that applies to your notation suggests responsibility for the entire report. When a combined multi-disciplinary note or report is created, the OT should identify the portion of the document for which he or she is responsible and accountable. Attestation: What s in a name? As articulated in the Standards for Record Keeping (COTO, 2008), the purpose of signing or attestation in both the electronic and/or paper record is to assign responsibility and authorship for an activity. OTs are required to attest all clinical record entries with both their signature and their designation, OT Reg. (Ont.). OTs should apply their own signature or ensure they authorize its use. If a master signature list is used, the OT may use his or her initials. A variety of signing practices have been developed so reports can be distributed in a timely manner when an OT has a remote office. One practice is to affix an electronic signature on behalf of the OT. The OT would only permit the use of his or her electronic signature on a report or other documentation after ascertaining or taking reasonable measures to determine the accuracy of the content. Developing and strictly implementing organizational policies and procedures for the use of electronic signatures is one way an OT can ensure that documentation bearing his or her name contains information that the OT authored or approved. If an electronic signature is used, it should be password protected and linked to a user ID. The OT designation should be present on each electronic entry. It is the responsibility of the OT to consider and implement reasonable safeguards to ensure that the report is not altered after it has been attested. 5

RECORD KEEPING Modifying and correcting records If an error is discovered in a clinical record, follow an appropriate process to record the correct information. The original entry must remain legible to achieve transparency. If the report has been sent to other parties, the corrections must be sent via an addendum report. Here are two ways to make a change in a client record: Strike through a spelling, grammar or word choice error with a single line. Make the correction adjacent to the line, date and initial it. The original entry must remain legible. Make a new entry that refers to the incorrect entry and corrects the error. Sign and date the new entry. Scenario An OT mistakenly documents progress notes in the wrong client record. To correct the error, the OT crosses out the notation, ensuring that the notes remain legible. He then dates and signs or initials the notation indicating the error. Scenario An OT gives a written report on a child to the child s parent and teacher. The next day, the OT notices that she forgot to include information pertaining to the child s last assessment. To ensure that all of the information is accurate and current in the report, the OT writes an addendum that indicates the date and reason for the updated report. She then gives the addendum to the parent and teacher. In situations in which the OT completes a note for a client intervention that occurred on a date other than the current day, the OT applies the current date to the note and clearly states the date that the intervention occurred. Charting by exception This charting method challenges the long-held legal belief if it wasn t charted it wasn t done. Charting by exception replaces this thinking with if it is a normal or expected response, there is no need to document. It is acceptable to chart by exception when an established care plan, intervention or service outcome is progressing as expected (generally according to a written protocol). However, when there is a deviation from the norm, OTs are expected to document the change. There should be a clear understanding by everyone when the charting by exception method is being used. Obligations for maintaining a client record when in a non-clinical role OTs practising in a non-clinical role should consider relevant legislation, regulations, practice setting policies and administrative records, including personnel files, business plans, teaching plans and research proposals. While the College s standards do not specifically address these records, the College expects OTs to maintain records according to applicable laws and policies. An OT who manages staff, for example, needs to be aware of human resource legislation and union agreements to ensure that he or she maintains accurate records that reflect the professional responsibilities of a manager. As an OT, he or she is also expected to maintain confidentiality and adhere to applicable College standards and regulations. 6

Applying the Standards for Record Keeping (COTO, 2008) in research The College clearly defines a client as the individual, group of individuals or client s authorized representative whose occupational performance is the focus of care. Currently, the College has not clearly defined in a standard its record keeping expectations for OTs with a non-clinical practice. However, the RHPA provides direction in determining whether to keep a record. It advises considering whether your role involves client care. If it does, the College expects the OT to maintain appropriate records, as outlined in the Standards for Record Keeping (COTO, 2008). In determining whether a research role involves client care, the College considers whether the OT is measuring data solely for research purposes or is, at least in part, conducting an assessment or providing treatment or interventions. If an assessment of an individual is being conducted, it involves client care if it includes one or more of the following components: 1. communicating the results of the assessment to the individual, or his or her substitute decision-maker, so a decision can be made about a treatment choice, or about choosing not to have treatment; 2. expressing an opinion about the individual s condition that will assist him or her in determining eligibility for benefits or treatment funding; and/or 3. gathering information that will be used in the treatment of the individual. When practising as an OT researcher, it is also important to consider whether the research involves treatment, including an experimental treatment, as it can be regarded as client care. All client care records are subject to College review. If research involves client care, the College s Quality Assurance Program is entitled to access the records as part of the OT s Competency Review and Evaluation process. Also, if the College is investigating an allegation of professional misconduct, it has the right to access the records under Section 76 of the Health Professions Procedural Code (which is Schedule 2 of the RHPA). During the consent process, it may be prudent to inform research participants of the College s access to records. SECTION 3: THE CONTENT OF A RECORD Regardless of the charting method used, documentation should be relevant, comprehensive, accurate and timely. It must also be permanent, retrievable, secure and confidential. In addition, it should include clinical reasoning and demonstrate client collaboration. The client record is one comprehensive record and can include many types of materials. Any of the following components may formulate a record: progress note(s), indicating the outcome of an intervention, each change in a client s condition, problem formulation and/or intervention plans and goals; a working file, including all materials within it, such as reports collected from other professionals; every report sent or received regarding the client; 7

RECORD KEEPING rough and/or draft notes, if maintained. When all of the information in the notes is captured in a formal form (for example, in progress notes or a report), the rough notes can be destroyed. If retained, the notes remain part of the record; raw data (for example, standardized assessments, test booklets and completed checklists); care protocols, maps, and similar assessment and intervention plans (or a clear reference to the plan and the date that the plan was developed and/or revised); charts, notes, forms (for example, accessible parking permits, Assistive Devices Program (ADP) funding forms and standardized assessment forms) and other materials, regardless of the medium or format (for example, email, fax, telephone message) in which relevant information was received from or provided to the client or other health care professionals involved in the client s care; a master signature sheet if initials are used in the record; records of service (for example, appointment dates, appointment duration, etc.); lists of abbreviations, acronyms and diagrams used in the client record to ensure consistency of interpretation; information that is considered to have been put into a lock-box as described in PHIPA; and billing records, if applicable. Recording professional encounters It is an expectation that the clinical record reflects all professional encounters with the client. The date, time, if applicable, and duration of each professional encounter with the client should be recorded and retrievable. The duration of the encounter can be recorded in the progress notes, a workload measurement system, an appointment calendar or through the billing system. When feasible, it is an expectation to record missed or cancelled appointments. The College acknowledges that documenting this may not be practical in all practice settings. In some settings, for example, if a client does not attend the first appointment the client is not registered, so a record is not initiated or maintained. Consequently, there is no place in which to record the missed appointment. Some situations warrant recording the time when the intervention took place. For example, the treatment plan for the care of an acute wound may be to provide service within a specific time frame each day. Including the time in the record verifies that the intervention occurred as planned, or was changed. High risk situations (for example, when there is a rapidly changing medical, mental or psychological status) may also require recording the time of the intervention. Similarly, when noting a client s activity tolerance, indicating the time of day is significant as the client s ability may vary throughout the day. For example, an OT who assesses the client in the morning may find a different tolerance for activity than an OT visiting in the late afternoon. Similarly, an OT working with a client who exhibits aggressive behaviour should chart the time to help identify the incident that triggered the behaviour. Appointment books, workload measurements tools and statistics are considered part of the clinical record or health information. Therefore, OTs need to safeguard the confidentiality and privacy of these materials. The referral It is an expectation that the clinical record includes: 8

the full name, contact information and designation/relationship of the referral source; the reason for the referral; and confirmation that the OT has confirmed the accuracy/currency of the information on the referral with the client. If the OT relies on reports and/or information provided by other health care providers or institutions (for example, school records) for the assessment or intervention, reference these reports and/or information in the report. For example, an OT documents that on assessment the client presents with right-sided hemiparesis. The OT confirms that this is also documented by the physician who notes a right-sided weakness and left-sided brain injury. Scenario An OT receives an optometry report indicating that the child must wear corrective lenses for optimal vision. The OT verifies the information with the parent and ensures that the eyewear is in place during the assessment. Consent The Health Care Consent Act (1996) articulates the information that must be shared with the client during the informed consent process. Document the process of obtaining consent. For example, the OT documented that he or she engaged the client in an informed consent process and that the client understood the proposed assessment. If a consent form is used, the information pertaining to the informed consent process can be included on the form. Document any special considerations excluded from the consent form in the client record, for example, aspects of the service and/or assessment that the client disagrees with and is not willing to take part in. It is acceptable to reference a consent policy or practice setting guideline in the client s record. If these two methods are not used to document the consent process, include a notation in the client record. When written consent is obtained, maintain a copy in the record. Refer to standard 8 in the Standards for Consent (COTO, 2008) for more information on documenting consent. The OT needs to be meticulous about documenting consent in high-risk situations. In low-risk situations, less detailed documentation might suffice. The OT should use his or her clinical judgment to determine the level of vigilance. For example, an OT is conducting a cognitive assessment, the results of which will influence the client s ability to renew his driver s licence. In this case, a vigilant approach to obtaining and documenting informed consent is prudent because the implications of the OT service are significant as they influence the client s right to drive. Compare this situation to when an OT asks a client to try a sock aid during a session that demonstrates an array of dressing aids. Clearly, the risks and implications are comparatively low. While consent is still required, a less detailed approach to documentation may suffice. The OT will apply his or her professional judgment to determine the amount of documentation recorded by considering the situation and the client factors. However, it is an expectation to ensure that the record indicates that an informed consent process has been followed. 9

RECORD KEEPING Assessment A clinical record of any occupational therapy assessment must detail the assessment methods used, the results obtained, the conclusions drawn, and the problem formation or other professional opinions or recommendations. The recording of the assessment information demonstrates the reasoning behind the OT s actions, recommendations and/or goals. It also provides a baseline to measure and track the progress of the client and his or her treatment. An OT s documentation should reflect client-centred practice and clinical reasoning. It is an expectation that the OT documents the client s collaboration in the assessment process and any limitations of the process. Document discussions with the client and any advice given to the client during the assessment process. Raw data Raw data, standardized assessment forms, score sheets and remediation exercises that support assessment findings and recommendations are considered part of the client record. They can be kept either with the main file or separately. If retained separately, indicate the existence of the raw data and its location by making a notation in the record. Retaining this data helps to justify an OT s interpretations, analyses, findings and recommendations should questions arise in the future. Subjective and objective data Comprehensive documentation should include both subjective and objective information. Subjective statements, while valid, can be open to misinterpretation. Consequently, it is important to consider that clinical findings and recommendations drawn solely from subjective information may be challenged. Objective information and measures (for example, standardized tests, performance-based measures or observable behaviours) support the OT s analysis and provide balance and neutrality. The documentation should clearly indicate whether the assessment data is subjective or objective. For example, to note, the client reported he felt very tired after he walked up the stairs is subjective. To note, the OT noted that the client was breathing heavily and was lethargic after walking up the stairs is objective. Goals and recommendations To facilitate communication between health care professionals and to demonstrate accountability, the OT documents goals and recommendations. The OT should also document the collaboration with the client, and the approach used to establish the goals, plan and recommendations. Develop and then document goals that are functional and/or measurable. Best practice dictates that goals are Specific, Measureable, Attainable, Realistic and specify a Time frame (SMART). Documenting concise goals clearly communicates the expectations to all parties and may signal an end to the services once the goals are obtained. SMART goals also allow the OT to easily measure and document the client s progress. Review these goals. 1. The client will be able to transfer with supervision from his bed to the bedside commode in two weeks. 10

2. The client will demonstrate banking skills by: a. independently depositing his disability cheque using the automatic teller machine by the end of June 2011; and b. paying his cell phone and cable bill, with support, using Internet banking by the beginning of March 2011. 3. The client will walk to school with her friends at least three out of five days a week by February 1, 2011. Identify the components of the goals: What is to be accomplished? What is the time frame? How would you know that the goal is accomplished? Controlled acts The RHPA outlines certain acts that are controlled and authorized to designated health care professionals. Currently, acupuncture and psychotherapy are not considered to be controlled acts. However, if the pending legislation is enacted, they will be deemed to be controlled acts and OTs will also be authorized to perform them. If the OT has the knowledge, skills and competence, he or she is permitted to receive a delegation for a controlled act from a health care professional authorized to perform that act. The OT documents when he or she receives or performs a controlled act through delegation. When receiving a delegation for a controlled act, the OT documents which act has been delegated, any specific instructions related to the delegation, acceptance of the delegation, the date of the delegation, as well as the name and designation of the person who delegated the act. The OT also documents information on all controlled acts that he or she performs for a client. Progress notes Progress notes detail the outcome of the intervention and changes in client status. Changes to expected outcomes or interventions should also be noted to ensure an up-to-date picture of the client s status at all points during service delivery. OTs need to use their judgment to determine the frequency of these entries, however, all formal contact should be documented. The status of the client, the nature of the intervention, the risk factors, the frequency of visits, as well as employer policies and expectations will determine the timing of progress notes. The discharge note Many interactions with clients follow a process that concludes with discharging the client from occupational therapy services. This stage of the therapeutic relationship should always be made clear. The discharge note indicates the termination or conclusion of the professional relationship. It should detail: client status at discharge; the reason for discharge; explanatory notes when an intervention was initiated but not completed; a summary of the outcomes that were attained; recommendations for a post-discharge program; and a record of referral(s). 11

RECORD KEEPING Administrative issues Some simple but important aspects of record keeping help ensure accurate, organized records and facilitate clear communication. The College notes that OTs frequently overlook the administrative aspects of record keeping. It is an expectation that the client record includes: a reference identifying the client (for example, full name) and the client s unique identifier (for example, date of birth, record number, claim number) on each document in the record; the date, attestation and name of the person who makes an entry in the record; supporting references when abbreviations, acronyms and diagrams are used (consider keeping these to a minimum to facilitate communication with the inter-professional team); a clear indication of where the original attested record is when the OT distributes copies of the record without the OT s original signature; and a notation in the record indicating the existence of raw data and its location, if it is kept separate from the main chart. A Record Keeping Checklist, to assist you in determining if you are meeting the record keeping standards has been provided in Appendix F on page 30. Using this tool, reflect on how to ensure that your records are complete, concise, accurate and promote effective communication. This checklist highlights the critical components of record keeping and provides an opportunity to reflect on your current process. Determine if you follow each performance indicator in your client records. You may want to devise your own record keeping review by following the checklist. SECTION 4: THE CONFIDENTIALITY AND SECURITY OF RECORDS Confidentiality is the obligation of a person and/or organization to keep health information private. Security refers to the mechanisms engaged to restrict access and preserve the integrity of the information. Preserving confidentiality and security has become more difficult with the advent of the Internet and portable devices. Technology is always evolving and it is the responsibility of the OT to keep abreast of technological advances as they relate to ensuring the security and confidentiality of personal health information. The public has become informed about their right to confidential, secure personal health information. The College has received client complaints regarding the use of email as a method for sharing and disclosing personal health information. OTs are legally required to take reasonable measures to ensure that their clients personal health information is secure from unauthorized access, loss or theft. The Office of the Information and Privacy Commissioner of Ontario upheld this legal requirement in a case involving a physician whose laptop computer containing the personal health information of about 2,900 clients was stolen from the physician s minivan. In the Health Order dated March 7, 2007, the Commissioner ordered the hospital to, develop an encryption policy for mobile computer devices; a policy relating to the use of virtual private networks; and to educate staff regarding the policies on how to secure the information contained on mobile computing devices. In addition, the hospital was ordered to develop, a policy prohibiting the 12

removal of identifiable personal health information from the premises on laptops and other portable devices, unless the information was encrypted. Health Order HO-004 online: Office of the Information and Privacy Commissioner/Ontario < http://www.ipc.on.ca/images/findings/up-3ho_004.pdf>. If client information is stored and accessed in the community or at a home office, there may be a higher risk for a breach of confidentiality as compared to in an institution, which typically has an alarm system, locked rooms and locked filing cabinets. An OT is responsible for identifying, evaluating and managing the risks associated with ensuring the security and confidentiality of client information in his or her practice setting. Electronic records The College s record keeping standards are the same whether the OT uses paper records or electronic records, such as computer files, videos and voice recordings. As with paper systems, electronic documentation must be comprehensive, accurate and timely. It must clearly identify who provided what care and who documented. The system needs to allow for clearly identifiable changes and corrections without deleting the original entry. To support legal accountability and effective communication, the computer system will: provide print access to information individually and chronologically for each client; accurately track service records, including the names of service providers, dates of service, as well as the date and time when information was entered and the identity of the individual creating the record; provide an audit trail; preserve the original record and track any updates and changes; and safeguard against unauthorized access and ensure client confidentiality. As with paper files, computer files must remain confidential, and the OT must ensure there is no unauthorized access to client information. It is expected that, at a minimum, all computers have user ID and are password protected with a mechanism that prevents unauthorized alterations to documents. (Such a mechanism could, for example, lock documents, provide read-only access and/or encrypt.) For example, not leaving your files open when you leave the room and having a timed password prompt also supports record security. Scenario On occasion, an OT updates her client files from her home computer through a remote access system. The OT shares her home computer with her husband and son. How can the OT ensure the confidentiality of her client records? The OT should not leave her computer files accessible and/or open when she leaves the computer. She should avoid saving work-related files on her home computer unless the files are password protected and encrypted. A personal password login to access specific user files would further decrease the potential for unauthorized access. Passwords All electronic devices including laptop computers, desktop computers, cell phones, PDAs and memory devices should be protected by a password. OTs should also limit travelling with client information. 13

RECORD KEEPING When travelling with client information on a portable electronic device, the information should be encrypted and password protected. When using portable devices for record keeping, ensure the secure storage of information. In two Orders, namely Order HO-004 described above and Order HO-007, the Office of the Information and Privacy Commissioner of Ontario ordered that, health information be safeguarded at all times, specifically by ensuring that any personal health information stored on any mobile devices (for example, laptops, memory sticks and portable electronic devices) be strongly encrypted. Ann Cavoukian & Ross Fraser, Fact Sheet #16 Health Care Requirements for Strong Encryption, online: Office of the Information and Privacy Commissioner/Ontario<http://www.ipc.on.ca/english/Resources/Educational-Material/Educational-Material Summary/?id=969>. Order HO-007 pertained to a case involving a memory stick containing personal health information which was lost by a public health nurse on her way to an influenza immunization clinic. As mentioned, Order HO-004 pertained to a case which involved the theft of a physician s laptop. These cases demonstrate that all devices that contain personal health information may be at risk of unauthorized disclosure of information if proper security measures are not in place. To learn more about ensuring security on mobile devices, refer to the Information and Privacy Commissioner s brochure Safeguarding Privacy in a Mobile Workplace at www.ipc.on.ca. Email communication Email messages can be misdirected or intercepted by unintended recipients. An email message sent using an unsecure network is similar to sending information into the public domain. Think of it as sending the information on a postcard. A variety of software programs can greatly enhance email confidentiality through encryption. Refer to Appendix D: Defining Email Encryption on page 23. Also available is user verification and secure pointto-point connections. When sending an email that contains personal health information, encrypt and password protect the message and use a secure network. Facsimile transmissions Facsimiles are a convenient, efficient way for health care providers to communicate information. However, confidential information can be sent to the wrong person by misdialing and, once sent, the message is irretrievable. It is important to ensure that the appropriate administrative processes, such as technical and physical safeguards, are in place. For example, the OT should affix a confidentiality statement to the fax cover sheet, confirm the fax transmission and make an effort to ensure that the intended recipient immediately retrieves the fax. SECTION 5: THE RETENTION OF RECORDS An adult record must be retained for at least 10 years from the last entry in the record. If the client is a child, the record must be retained for 10 years after the day on which the client turned or would have turned 18. This retention period also applies to raw data whether it s maintained in the record or separately. 14

When a record is destroyed, the OT is required to prevent anyone from accessing or obtaining the information. The OT may consider cross-shredding or incinerating paper records. For electronic and wireless media, such as CDs, memory sticks and PDAs, the Office of the Information and Privacy Commissioner of Ontario defines destruction as either physically damaging the item (rendering it unusable) and discarding it, or if re-used, it means employing wiping utilities provided by various software companies. Wiping may not, however, irreversibly erase every bit of data on a drive. Ann Cavoukian, Fact Sheet #10 Secure Destruction of Personal Information, online: Office of the Information and Privacy Commissioner/Ontario <http://www.ipc.on.ca/english/resources/educational-material/educational-material Summary/?id=451>. Scenario Papers containing personal health information are found scattered on a Toronto street. A clinic (the HIC), had hired a paper disposal company to shred the health records. The company forwarded the records to a recycling facility instead of shredding them. The Information and Privacy Commissioner of Ontario found that the Toronto clinic failed to take steps to ensure that personal health information in its custody or control was protected against theft, loss and unauthorized use or disclosure. The Toronto clinic also failed to ensure that the records were disposed of in a secure manner. Health Order HO-001 online: Office of the Information and Privacy Commissioner/Ontario < http://www.ipc.on.ca/images/findings/up-3ho_001pdf>. The Commissioner ordered the clinic to review its practices to ensure compliance with PHIPA and enter into a signed contract with all agents/third parties that handle personal health information to ensure its secure destruction, including keeping records designated for shredding separate from recycling. The Commissioner also found the disposal company in breach of legislation. Registrant resignation When an OT is an HIC, the OT will take reasonable steps to ensure that his or her clients retain right of access to their records prior to resigning as a Registrant of the College or before undergoing suspension or revocation of his or her certificate or registration. When leaving practice, the Registrant has two options to ensure that records are maintained and accessible to his or her clients. It is expected that the OT will either: 1) maintain the client records for, at a minimum, the retention period defined in the Standards and outlined above; or 2) transfer the records to another person legally authorized to hold the records, or to a successor HIC. With either option, the OT will make reasonable efforts to notify the clients and provide them with information on how they can obtain a copy of their records. OTs who are the HIC have an ongoing responsibility to their clients even when they are no longer practising. It would be prudent for these OTs to plan for the management of these records in the event of an unplanned absence (for example, a severe disability or death). 15

RECORD KEEPING SECTION 6: PRACTICE SCENARIOS The Prescribed Regulatory Education Program (PREP) is designed to help Registrants stay current in their professional practice. The College developed this PREP module to help Registrants understand and comply with their legal and professional obligations for documentation and maintaining records. This module encourages OTs to consider and evaluate their practice processes in relation to the College s Standards for Record Keeping (COTO, 2008). PREP modules are designed as self-directed learning tools for adult learners. Registrants report that they learn the most from engaging in the process of completing a module. Reflecting on the answers and rationale reinforces learning and may help you to identify learning needs. Reviewing the scenarios with other OTs can enhance the learning experience. It is a professional responsibility to take follow-up action if you identify a learning need. You are encouraged to incorporate your learning needs in your Professional Development Plan. The following scenarios offer an opportunity to apply the concepts in this module to situations that simulate real life. They are not intended to test your knowledge; they allow you to evaluate whether you understand the relevant principles. Only basic information is provided in the scenarios. Consequently, you may need to make certain assumptions. You may also need to consider more than one principle to resolve a single scenario. While this exercise may be completed independently, you are encouraged to work with colleagues. Get together a networking group, or meet with a few OT friends. Experience has shown that discussing the scenarios with others reinforces learning and improves the ability to correctly answer the questions. Upon completion of this PREP module, there are 2 items that you must complete: 1. The Response Sheet 2. The Reflection Page When working through the scenarios and/or questions, it is recommended that you follow these steps: 1. Read the complete scenario and/or question; 2. Review any relevant references, focusing on the identified issues; 3. After considering each option, select the one you believe is most correct; 4. Note the reasons for your selection in the margins of the booklet; 5. Discuss your analysis with your study group. Focus on the underlying principles; 6. Record your answer on the Response Sheet; 7. Submit your Response Sheet by April 4, 2011 (Note: Even if you complete the exercise with others, each Registrant is required to submit his or her Response Sheet individually.) You may submit your Response Sheet through one of the following methods: Online: Visit www.coto.org for a link to this survey on the What s New (home page) section. Fax to Matrix Research Limited at 416-208-0448 (please do not include a cover sheet). Mail: Please send your completed form to Matrix Research Limited at: 55 Doncaster Ave., Suite 280, Thornhill, ON, L3T 1L7 16