With the advent of the EMR system, the medical records that are now produced are without any history of revisions made to the record. This information is contained only in the audit trail. Without specifically requesting the audit trail, the medical record's authenticity, reliability, and completeness cannot be guaranteed.
An audit trail is the metadata that captures information on how the users interact with the system. Each time someone accesses the EMR to view, create, modify, copy, or delete data, the audit trail records it. It refers to a particular subset of data that tracks who logs in to the EMR, what tasks or events they perform (typically tied to specific patients and/or encounters), and when (via timestamps). EMR audit logs exist because of the need, under the Personal Health Information Protection Act (PHIPA), to be able to audit inappropriate access to protected health information.
During the pandemic, there were changes to Ontario’s health privacy law, PHIPA, which recommended that health information custodians (HICs) EMRs or other electronic patient/client databases will be required to maintain electronic audit logs of certain kinds of activities by all users. Electronic audit logs must include every instance in which a record or part of a record of personal health information (PHI) that is accessible by electronic means is viewed, handled, modified, or otherwise dealt with. Generally, the system should be able to identify who accessed the patient’s record, when, what information was accessed, and what changes were made to the record.
Read the full article linked below. If you do not have "The Lawyers Daily" subscription, please view the article via the attached pdf.
The medical legal consultants at Cangem Global are experts in EMR audit trail review and analysis. Contact us here.