Client and staff record retention/disposal

 

 Relevant Legislation

Revised January 2018

Privacy Information Protection and Electronic Documents Act, 2011.

Intent

The Policy outlines the guidelines about record retention and disposal.

 Definitions

 

Not Applicable

Policy

Employee Information

The Human Resource Department ensures that employee files are maintained in accordance with PIPEDA Legislation.

Client Information

All computerized health information will be secured using passwords and access codes. Activities of visitors to LOFT offices will be supervised in order to protect the confidentiality of personal health information.

During active use, records and other personal health information must be kept locked in private offices. Care will be taken to ensure that identifiable information is protected from the observation and the hearing of other individuals at all times. Records are to be returned to secured cabinets at the end of the day.

Employees must take reasonable steps to keep personal health information securely stored. What is reasonable varies depending on the sensitivity of the information is protected from the observation and the hearing of other individuals at all times. Records are to be returned to secured cabinets at the end of the day.

Staff must take reasonable steps to keep personal health information securely stored. What is reasonable varies depending on the sensitivity of the information and the risks to which it is exposed.

Steps to ensure safe storage of personal health information should address physical security, technological security and administrative controls.

Physical security includes:

  • Locked filing cabinets; and
  • Restricted office access and alarm systems.

Technological security includes:

  • Passwords, user IDs;
  • Encryption, and
  • Firewalls and virus scanners

 

Administrative controls include:

  • A concise written set of security rules;
  • Appointment of a staff member with overall responsibility for security;
  • Staff training
  • Security clearances
  • Access restrictions
  • Regular audits or actual practices for compliance with security policies; and
  • Confidentiality Agreements

Electronic Health Record Controls

                It will be ensured that they

  • Use features such as secure passwords to prevent unauthorized access;
  • Install automatic back-up for file recovery to protect records from loss or damage; and
  • Keep an audit trail that, at a minimum:
  • Records the date and time of each entry for each client
  • Shows any changes in the record; and
  • Preserves the original content when a record is changed, updated or corrected.

 

Disposal of Personal Health Information

For the secure disposal of hard copy records, secure disposal may mean shredding or burning. Secure disposal of electronic records may include either physically destroying the media they are stored on (such as a CD) or magnetically erasing or overwriting the information in such a way that the information cannot be recovered.

Care will be taken to secure personal health information when moving offices. Files will not be left behind or tossed in the garbage without first being securely destroyed. If computers are to be sold, all personal health information must first be erased in such a way that it cannot be recovered.

Client Records

Paper

  • Retention Period: ten (10) years after last contact;
  • Storage: Hardcopy on or off site;
  • Disposition: Destroy/Shred-Recycle hardcopy.

 

Electronic

  • Retention Period: ten (10) years after last contact;
  • Storage : on Common Client Record (CCR) database;
  • Disposition: magnetic erasing or other form of destruction.
  • Electronic files are archived electronically and kept indeterminately
  • If clinical information is stored elsewhere (electronically) it is to be moved to the CCR database and then deleted from original location. (i.e notes created in MS Word)

Destruction of Records

Should a legal investigation take place, the destruction of all records will cease until the investigation is completed.

 

Procedures

 

 

 

 

Please see program manual