The Patient Record Retention standard of practice includes several clauses outlining expectations for physicians as custodians of their patient records, a role assigned by the Health Information Act (HIA). Physician custodians are responsible for the collection, use and disclosure of their patients’ health information, as well as protecting the confidentiality and security of the information in their custody.
To help you understand what this means, the College has developed a new Advice to the Profession document: Physicians as Custodians. As always, you should be guided by your patients’ interests in how you manage your custodial duties. A few highlights:
All physicians are custodians unless explicitly identified otherwise.
- Unless you are providing services under contract or are employed by a custodian and your practice arrangement identifies you as an affiliate, you have ongoing custodial responsibilities for the patient records to which you contribute.
- While affiliates have no ongoing responsibility for patient records once they leave their employment or contractual arrangement, they are expected to exercise the same level of care in how they access, enter and use health information on behalf of the custodian.
All custodians must name a successor.
- You must have arrangements in place for another eligible custodian to take over your custodial duties in the event you are unable (e.g., you become ill, die, or move away). See the Health Information Regulation for a list of designated custodians.
- Your successor should be near enough to your practice location to ensure your patients will continue to have reasonable access to their records.
A business owner is not a custodian.
- Anyone can own the bricks-and-mortar building where a clinic operates, but only a physician can “own” the practice of medicine and be the custodian of a patient’s medical records.
- When a group practice is owned by a physician, that doesn’t mean the physician owner is the default custodian of all the patient records at the clinic. Unless explicitly stated otherwise, all the physicians who work in the practice are the custodians of their own patient records.
You need an Information Sharing Agreement (ISA) if access to your records is shared with other custodians.
- An ISA should identify how you will decide custody of shared records, roles and responsibilities around access, disclosure, transfer and return of patient information, and what happens if a physician leaves the practice or the partnership dissolves (including who will bear associated costs).
- Any time there is a change in the practice’s membership, you should review and update your ISA.
Questions? Contact CPSA Standards of Practice Coordinator Chantelle Dick at email@example.com.