Professional Documents
Culture Documents
IMS 5 - Maintaining, Confidentiality, Integrity - Security of Recods Policy
IMS 5 - Maintaining, Confidentiality, Integrity - Security of Recods Policy
IMS 5 - Maintaining, Confidentiality, Integrity - Security of Recods Policy
1.0 PURPOSE:
Protected patient information (PPI) is confidential and protected from access, use, or disclosure except to
authorized individuals requiring access to such information. Attempting to obtain or use, actually obtaining
or using, or assisting others to obtain or use PPI, when unauthorized or improper, results in performance
counseling or disciplinary action up to and including termination.
All hospital staff members must access and use protected patient information on a "need to know" basis
as defined by their job role. In addition, when using or disclosing patient information the amount of
information used or disclosed is limited to the minimum amount necessary to accomplish the intended
purpose. When requesting patient information from other health RML providers, staff limits the request to
the minimum amount necessary. This minimum necessary expectation generally does not apply to
situations involving treatment or clinical evaluation.
2.0 SCOPE:
This policy is applicable to following
Patient Information contained in HMIS
Data and information in HMIS regarding various use of hospital management and analysis
Information in Medical records.
Information kept in manual registers, forms and files
Hospital Personnel’s information in their personnel files
POLICY:
To appropriately, confidentially and securely keep all the patient and non-patient related data and
information generated, provided or contained in the hospital.
Ref. Doc./
S. No. Activity/ Description Responsibility
Records
Page 1 of 5
All the medical records of the departments are ensured and within
5.3 Incharge - MRD
the reach of relevant care providers
After the office hours and emergency only the authorized person
5.4 Incharge - MRD
has right to access the medical records
Medical records are kept in a safe manner ensured that there are
adequate pest and rodent control measures periodically.
5.5 Adequate (and appropriate) fire-fighting equipment Fire safety Fire Officer
measures has been taken For fire safety, Fire extinguishers are
also available.
Page 2 of 5
hospital.
Policies and procedures follow applicable laws like Indian Indian
Evidence Act, Indian Penal Code and Code of Medical Ethics. For Evidence
example, privileged communication. Act,
Indian
5.12 Incharge - MRD Penal
Code,
Code of
Medical
Ethics
PROCESS DETAILS:
DESCRIPTION OF THE PROCESS
All patient and non-patient related data and information generated, provided or contained in the hospital
should be kept appropriately confidential, integrated and secured.
All information concerning a user, including information relating to his / her health status, treatment or stay
in the hospital, is confidential, and is to be treated as such
No person may disclose any information contemplated in above mentioned point unless,
The user consents to that disclosure in writing
A court order or any law requires such disclosure
Without prejudice to the generality of this section, special precautions for the maintenance of
confidentiality shall be taken, with respect to
Persons affected with HIV / AIDS and
Persons with mental health problems
Person is danger to the national security or to the society.
This shall be in accordance with Indian Evidence Act, Indian Penal code, Code of Medical ethics.
These records shall be safe guarded against loss, destruction and tampering. Adequate space,
cleanliness and storage furniture shall be maintained in Medical records department
Privileged health information shall be used for the purposes of medico legal cases only.
Patient /physician and other public agency requesting for access to medical records shall be done as per
Document.
PROTOCOLS:
Page 3 of 5
Electronic records:
These records are kept in HMIS and include patient related information, administrative information and
various reports.
Following shall be done to keep the confidentiality, integrity and security of these information.
1. Access shall be restricted and only through User ID and password
2. User ID and Password shall be provided to identify personnel depending on the type of
information required by him for his job.
3. The IT department shall provide the right to access only after clearance from head of the
department
4. Right to access shall be provided only after proper justification
5. Any external person request for specific information from HMIS shall be allowed only after written
permission from either Medical Administrator
6. Back up all information and data shall be taken at the end of every day
7. Any drive for connecting external hard disk shall restrictively provide in CPUs in hospital. Internet
facility shall also be restricted, to prevent data or information stealing.
8. Electronic data shall be protected from virus / Trojans and other computer bugs. Any software, if
required to be used on computers with hospital information shall be validated and authenticated
by IT department.
Medical records:
1. Medical records shall be stored in MRD after patient discharge and shall be kept under security
2. Medical records for admitted patient shall be kept under custody of nursing staff and shall not be
allowed for access to people not involved in direct patient RML.
3. A proper track of medical records shall be kept in case these records are transferred from one
place to another
4. It shall be ensured by staff and medical records department that all pages and contents in the
medical records and appropriately kept and are prevented from loss, tampering or destructions.
No loose paper shall be allowed in medical records
6.0 REFERENCES:
Page 4 of 5
7.0 RECORDS AND FORMATS:
Page 5 of 5