Medical Records - Issues and Guidelines

Transcription

1 Medical Recrds - Issues and Guidelines 1

2 Medical Recrds - Issues and Guidelines The guidelines in this dcument are intended t assist physicians in understanding issues arund wnership and cntrl f medical recrds, and the ways in which these issues affect the administratin f medical recrds within their practice. Each sectin cntains sample cntractual terms that physicians may cnsider when entering int a data-sharing r similar agreement that addresses the issues f wnership, custdy, cnfidentiality, and enduring access f medical recrds. This dcument is nt exhaustive it is fr general infrmatinal and reference purpses nly. The guidelines included d nt cnstitute legal r prfessinal advice, nr are they a substitute fr such advice. Each physician r medical practice will need t assess the risks and benefits f the apprach they chse t apply t their particular situatin. The sample cntractual terms in this dcument shuld nt be cnsidered a replacement fr a legal agreement prperly drafted in cnsultatin with legal cunsel. Readers can refer t Appendix A fr a list f legal definitins fr capitalized terms used in these guidelines, and the Persnal Infrmatin Prtectin Act t review the bligatins physicians must meet when cllecting, using, r disclsing persnal infrmatin. Table f Cntents Page 1: Intrductin Page 2: I. Management f Medical Recrds and Systems Page 3. II. The Physician s Cntrl f the Patient s Medical Recrd Page 4. III. Medical Recrd Issues n Departure r Terminatin Page 5. IV. Other Cnsideratins Appendix A: Sample Cntractual Terms - Definitins Appendix B: Sample Cntractual Terms - Management f Medical Recrds and Systems Appendix C: Sample Plicies - Sample Respnsible Physician Plicy Appendix D: Sample Cntractual Terms - The Physician s Cntrl f the Patient s Medical Recrd Appendix E: Sample Terminatin Plicy - Medical Recrd Issues n Departure r Terminatin Appendix F: Sample Cntractual Terms - Medical Recrd Issues n Departure r Terminatin Appendix G: Additinal Sample Cntractual Terms Intrductin Duties f the Physician Regardless f the business structure thrugh which a physician practices (e.g. as a sle practitiner, in a shared grup practice, r as an emplyee f a clinic), all physicians have legal, ethical, and prfessinal duties relating t medical recrds. While privacy laws impse bligatins with respect t infrmatin cntained in a medical recrd, medical-legal standards are in place t ensure that physicians retain medical recrds fr the perids that are required by law, that regulatrs can access the recrds n request, and that the medical recrds and the systems hlding are reliable. The Cllege f Physicians and Surgens f BC s Prfessinal Standards and Guidelines n Medical Recrds require physicians t ensure that befre they create a medical recrd, they cmprehensively address the issues f wnership, custdy, cnfidentiality, and enduring access fr themselves and their patients. These prfessinal, ethical, and legal duties are fundamental and can t be verridden fr any individual physician by a business arrangement. These duties can als endure lng past the date upn which a 2

3 business arrangement cmes t an end. It is therefre imprtant that all physicians take steps at the utset f any business relatinship t address medical recrds issues and t mitigate risk and ensure legal cmpliance with respect t thse issues. In its Medical Recrds standard, the Cllege prescribes that: [i]n all situatins where a physician is creating medical recrds in a grup r shared medical recrd envirnment, a data-sharing agreement shuld be in place which addresses hw issues f wnership, custdy, and enduring access by individual physicians and patients will be addressed, including fllwing relcatin, retirement, r death f the physicians ; [i]n all situatins where a physician creating a medical recrd is nt the wner f the clinic and/r f the EMR licence issues f custdy, cnfidentiality, and enduring access by individual physicians and patients must be dcumented in a frmal cntract with the wners and/r EMR service prviders ; and [f]ailure t address issues f custdy, cnfidentiality, and enduring access f medical recrds may be cnsidered prfessinal miscnduct. These guidelines are meant t assist with sme f these issues, bth during and at the terminatin f the business relatinship. Hwever, these guidelines are nt exhaustive and d nt cnstitute legal advice. Every physician shuld carefully cnsider his r her wn particular situatin and seek apprpriate legal advice. I. Management f Medical Recrds and Systems Privacy laws and prfessinal standards require physicians t prtect patient persnal infrmatin and t meet the standards fr recrds and systems management prescribed by the Cllege f Physicians and Surgens. Cntracting with a service prvider r acting as an emplyee desn t autmatically relieve a physician f the duty t satisfy him r herself that the standards are met. Guidelines Physicians shuld take steps t infrm themselves f the infrmatin management prcedures f the rganizatin in which they practice, and satisfy themselves that such practices meet the minimum legal and prfessinal standards. It is gd business practice t create and maintain a business cntinuity plan t ensure that medical recrds and ther recrds cntaining Patient Infrmatin are prtected frm lss thrugh (r crruptin by) a range f pssible external threats, acts f Gd, r errr. The Practice shuld have plicies that address cnfidentiality, access, privacy, security, and emplyee and health care prvider rights and respnsibilities. Use and disclsure f Patient Infrmatin fr research shuld als be addressed in a plicy dcument. Legal advice as t the requirement fr ntice t the patient shuld be btained, if medical recrds are used in the curse f research. 3

4 It is imprtant t create a retentin plicy t ensure that medical recrds are nt destryed prematurely. Care shuld be taken t refer t legal limitatin perids. The physician may als wish t cnsult their insurer. The Practice shuld ensure that prir t dispsal f any electrnic device that cntains r may cntain Persnal Health Infrmatin, the device is securely electrnically wiped (cnsider the Gvernment f Canada standards fr Clearing and Declassifying f Electrnic Data Strage Devices) r the memry physically destryed, in rder t eliminate any risk f a Privacy Breach. Finally, it is recmmended that the Practice implement security prtcls t prtect persnal infrmatin held in an electrnic system. Such prtcls culd include: The use f a unique user name and passwrd. Passwrd rules regarding minimum length and cmplexity. Onging authenticatin and mnitring f user names and passwrd use. Rle-based access, and access tracked by credentials. Firewalls, secure back-up and recvery prcesses, and intrusin detectin tls. End-t-end encryptin including encrypting backup data, and electrnic transmissins where remte access t the system is prvided. Maintenance f a secure prcessing envirnment including but nt limited t the timely applicatin f upgrades, patches, fixes, and updates t perating systems and applicatins. Timely audits f physical and netwrk systems lgs, including user credentials. Ensure that n Patient Infrmatin can be dwnladed and/r stred n any mbile cmputing device [unless such device is enabled with sftware that autmatically encrypts the Patient Infrmatin upn being dwnladed]. Reasnable and effective administrative and prcedural security fr any paper-based recrds thrughut their life cycle, including lcked cabinets, secure shredding and secure strage and archiving. A Privacy Breach prtcl that prvides fr a timely respnse t any suspected r actual Privacy Breach, and where required by Applicable Law, fr timely ntificatin t any Patient whse persnal infrmatin is invlved in same. Apprpriate training, user supprt, and discipline fr breach f plicy. Appendix B cntains sample cntractual terms that are based n best practices fr ensuring the privacy and security f persnal infrmatin. They shuld be mdified as necessary t describe the physician s particular cntext. II. The Physician s Cntrl f the Patient s Medical Recrd Traditinally, the patient medical recrd was wned by the physician wh created the recrd. Hwever, electrnic medical recrd systems which might be shared amng many health care prviders in a clinic have made it less clear wh wns and cntrls the medical recrd. Guidelines In a multi-physician practice setting, physicians shuld (and in sme cases, must) dcument their agreement n issues f wnership, custdy f, and access t medical recrds by way f a data sharing agreement. Failure t d s may be cnsidered prfessinal miscnduct by the Cllege. The Cllege s medical recrds standard stipulates that [i]n all situatins where a physician is creating medical recrds in a grup r shared medical recrd envirnment, a data-sharing agreement shuld be in place which addresses hw issues f wnership, custdy and enduring access by individual physicians and patients will be addressed, including fllwing relcatin, retirement r death f the physicians. In 4

5 cases where a physician is nt the wner f the EMR license r the clinic, the Cllege mandates that a frmal cntract be entered int between the physician and the clinic/emr vendr addressing issues f custdy, cnfidentiality, and enduring access. The Practice r clinic shuld cnsider implementing a Respnsible Physician Plicy t assist physicians with clarifying their rights and respnsibilities, bth with respect t medical recrds and patient care. The Walk-In, Urgent Care and Multi-Physician Clinics Standard f the Cllege f Physicians and Surgens f BC establishes requirements fr the medical administratin f a clinic. It makes every physician wrking in the clinic respnsible fr ensuring that systems are in place t prvide apprpriate cntinuity and fllw-up care. In circumstances where a patient may be cared fr by mre than ne physician r allied health care prvider, each prvider is generally respnsible fr the care that they prvide within their scpe f practice. Medic-legal risk can result when the divisin and scpe f respnsibilities are nt clearly established in plicy. Hspitals ften deal with this issue by having plicies that set ut the respnsibilities f the mst respnsible physician. The cncept f mst respnsible physician can be adapted t clinics and grup practices t assist physicians in clarifying their rights and respnsibilities with respect t bth medical recrds and patient care. When a Respnsible Physician Plicy is adpted, the rights and bligatins f the parties can als be mre easily dcumented in the data sharing agreement referred t abve. Appendix C cntains a sample Respnsible Physician Plicy and Appendix D cntains sample cntractual terms relating t the rights and respnsibilities f the mst respnsible physician. III. Medical Recrd Issues n Departure r Terminatin Increasingly, physicians are wrking in arrangements where they share access t a medical recrd that is maintained by a grup practice, a clinic, r an ffice management service prvider. Smetimes the physician wrks under cntract t the grup practice r clinic. Smetimes the clinic is perated by a nnphysician. What happens when the physician decides t leave the practice/clinic r if the physician s relatinship with the practice/clinic is terminated fr ther reasns (e.g., the clinic clses)? Guidelines The departure r terminatin f a physician frm a practice can be a cmplicated prcess if all aspects f severing the prfessinal relatinship are nt understd by the parties invlved. Basic matters including the length f the ntice perid may r may nt be addressed in a cntracting arrangement. Failure t deal with administrative issues such as nging rights t payments, billings, and cllectins; access t s and cntact lists; and the right t staff assistance during the ntice perid may create real challenges t a smth departure. Issues surrunding wnership f patient medical recrds may make matters even mre cmplex specifically, the intersectin f a physician s prfessinal and legal bligatins with the cntractual rights f a nn-physician wner f a clinic. A physician may require a cpy f the patient s medical recrds in rder t prvide cntinuity f care, but there may be technical, staffing, r timing issues fr the clinic. Physicians shuld be mindful f the varius recrd-related issues that culd arise upn terminatin f their relatinship with that practice r clinic, and cnsider these issues at the utset f entering int a wrking agreement. Issues t cnsider include: Can the physician, in the first place, take any patients f the clinic with him r her? Wh wns the patient recrd in that case, the physician r the clinic? Can the clinic charge the physician a fee t prvide the recrds? Can the clinic withhld recrds altgether? 5

6 Is the clinic bligated t prvide the recrds in a particular frmat (e.g., transfer the EMR itself if technically cmpatible r simply prvide a PDF) and at what cst, if any? What if the clinic clses? Hw can the physician ensure that he/she r the patient can get access t the recrds at the clinic? Physicians wh fail t dcument their expectatins in advance may find that terminating an arrangement has unexpected csts and real ptential fr medic-legal risk. Clarifying expectatins in a plicy and dcumenting them in a cntract can reduce risk and assist physicians in cmplying with prfessinal duties (and, as stated abve, failure t d s may be cnsidered prfessinal miscnduct by the Cllege). Appendix E cntains a sample Terminatin Plicy and Appendix F cntains sample cntractual terms relating t the parties rights and bligatins pertaining t medical recrds upn terminatin f the parties relatinship. IV. Other Cnsideratins In additin t the medical recrd-related issues discussed abve, physicians may wish t ensure that any data-sharing r ther agreement they enter int with a grup practice r clinic addresses certain general legal bligatins f the parties, if nt already addressed in anther agreement between them. Sme areas that have emerged as prblematic include hw t deal with the nging requirements f the management f the rganizatin, and hw t manage the ptential cnflict between the ne party s legal bligatins and anther party s legal r ethical bligatins. Physicians may wish t cnsider drafting clauses that address the extent f their duty t cperate with each ther and t refrain frm interfering. If the agreement (r any f its bligatins), was assigned r subcntracted, r if a lien r security interest was placed n the clinic s assets, these factrs may als have an impact n the physician s duties. Additinally, physicians may wish t cnsider the fllwing: Details f the services prvided by the Clinic: Hurs, ffice/administrative supprt, staffing levels. Data lcatin. Dcumentatin prvided. Details f the services t be prvided by the physician. Rles and respnsibilities f the parties t the agreement, including versight and structure f the Practice (i.e., name/title f executives wh are accuntable fr legal cmpliance). Financial terms. Vendr wnership. Perfrmance expectatins f the service prviders. Service levels (uptime/dwntime; attendance etc.), t prvide a minimum uptime f 95% r better, t prvide supprt services during business hurs/24 hurs. Cnsequences f failure t meet service levels. Systems security and supprt and maintenance bligatins. Reprting requirements, frequency, type f reprts. Data back-up frequency, type, and lcatin. Details f cntingency plan/disaster recvery plan. Hardware requirements. Sftware requirements. Prviding secure cmputer hardware and sftware facilities t receive, stre, and transmit Patient Infrmatin. Prviding a virtual private netwrk t enable secure remte access t such medical recrds and secure cmmunicatin between the physicians and staff within the grup/divisin. 6

7 Using reasnable effrts t schedule any planned utages r system dwntime t minimize r eliminate interference with patient care and t prvide at least fur business days ntice f such utages r dwntime. Ensuring sufficient insurance cverage. Appendix G cntains sample cntractual terms addressing sme f these general legal bligatins as well as additinal issues t cnsider when entering int an agreement with a practice r a clinic. 7

8 Appendix A: Sample Cntractual Terms - Definitins These definitins define the capitalized terms used in these guidelines, and are included fr clarity and as guidance nly. These definitins may nt be apprpriate in all circumstances. Legal cunsel shuld be cnsulted t advise as t whether these definitins are apprpriate in each clinic s particular circumstances. "Applicable Laws includes federal, prvincial, r municipal laws, and any bylaws, regulatins, prfessinal standards, guidelines, r regulatry cdes applicable t the Parties r any f them and fr greater clarity includes any standard, guideline, r prfessinal bligatin required by the Cllege f Physicians and Surgens f British Clumbia. Patient means an individual wh receives health care frm the Practice r ne r mre f the Parties and, where apprpriate, includes the Patient s legally authrized substitute decisin maker under Applicable Law. Patient Infrmatin means infrmatin in any frm that can identify a Patient and includes the Patient s Persnal Health Infrmatin. Persnal Health Infrmatin means persnal infrmatin in any frm abut a Patient that relates t the physical r mental health and health histry f the Patient r t the prvisin f health care t the Patient including withut limitatin (i) infrmatin relating t the Patient s eligibility fr health care r health care cverage r payments, r (ii) samples frm the patient s bdy r bdily substances; (iii) infrmatin, reprts, results, r data derived frm such samples r frm the testing f same, r (iv) infrmatin abut the Patient s family, r (v) any prfessinal pinins, cnsultatin reprts, and any ther infrmatin abut the Patient that may be cntained in the Patient s Medical Recrd. Practice means the shared health care practice r clinic thrugh which the Parties prvide health care t Patients. Respnsible Physician means the physician wh is designated as the Patient s mst respnsible physician [see the assciated plicy: the Respnsible Physician Plicy f the Practice]. Privacy Breach means the lss r theft f Patient Infrmatin and the unauthrized access, use, disclsure, mdificatin, r destructin f such infrmatin. Privacy Officer means an individual wh is designated by the Practice t be accuntable fr prtecting the privacy and security f Patient Infrmatin in the custdy f the Practice Medical Recrd means the recrd created and maintained by the Practice that cntains the cmprehensive dcumentatin f clinical care prvided t the Patient. 8

9 Appendix B: Sample Cntractual Terms Management f Medical Recrds and Systems A: Obligatins f a Service Prvider r a Practice/Clinic 1. The Practice will designate a Privacy Officer wh is accuntable fr and has authrity t make decisins in respect f the management f Persnal Infrmatin. Such Privacy Officer will be available t respnd t questins frm the Physician upn request during regular business hurs. 2. The Practice will ensure the security f all infrmatin cntained in Medical Recrds and shall cmply with all applicable privacy laws and recrds management requirements f the Cllege f Physicians and Surgens f BC. 3. The Practice will ensure the integrity and gd wrking rder f its technical infrastructure, hardware and sftware systems s as nt t cmprmise the system functinality r availability fr any ther Party. 4. The Practice will maintain apprpriate physical, technical, and administrative security safeguards that are cnsistent with the sensitivity f the Patient Infrmatin and that are reasnably necessary t prevent unauthrized persns frm accessing, cllecting, using, disclsing, mdifying, dispsing, cpying, stealing, r cmmitting any ther act that culd cmprmise the privacy, security, availability, accessibility, integrity, structure, frmat, r cntent f, Patient Infrmatin. Such systems, prtcls, and practices must meet the requirements f the Cllege f Physicians and Surgens f BC. 5. All electrnic data shall be backed up and the security f such backups shall be maintained. Such data shall be lcated ff site at [insert lcatin]. 6. The Practice will regularly assess system security and undertake any administrative, technical, r physical imprvements as necessary t fulfill its bligatins in this Agreement and under Applicable Laws. 7. The Practice will ensure that all Medical Recrds are capable f being reprduced prmptly, in rderly, legible, written frm. The Practice will make Medical Recrds available t the Physician fr inspectin and cpying upn request, with reasnable ntice, during business hurs. 8. Where there is apprpriate evidence f the cnsent f the Patient, the Practice will cperate with the Respnsible Physician in prmptly respnding t a Patient s request: a. fr access t his r her Medical Recrd; b. fr crrectin r ntatin f his r her Medical Recrd; c. fr prvisin f a cpy f the Medical Recrd r prtin theref t any third party; d. t designate anther physician within the Practice as Respnsible Physician fr that Patient; r e. t transfer his r her Medical Recrd t the Respnsible Physician, r t anther physician r t anther clinic. 9. The Practice will ensure that n emplyee r cntractr is granted access t Patient Recrds unless such emplyee r cntractr has a reasnable business need t access the Patient Infrmatin based n his r her rle, has entered int a cnfidentiality agreement, and has cmpleted training in accrdance with the plicies and prtcls f the Practice. 10. The Practice will ensure that it has plicies and prcedures in place t respnd t cmplaints in respect f the management f Persnal Infrmatin and where such cmplaint invlves a Patient, t ntify such Patient s Respnsible Physician. 9

10 11. The Practice will ensure that all staff emplyed by r under cntract t the Practice maintain the accuracy, cmpleteness, and quality f the Patient Infrmatin cllected, used, r created by them. 12. The Practice will ensure that an audit lg f all accesses t, and changes t, and transfers f, Medical Recrds is maintained, which lg identifies the date and time f such access, change, r transfer, and identifies the User and any recipients, and that it can make such lg available t the ther Parties n request. 13. Where any change is made t a Medical Recrd, the Practice will ensure that all emplyees r cntractrs and any rganizatins t whm the prir Patient Infrmatin was prvided and wh need t knw the updated infrmatin shall be prmptly ntified, in accrdance with Applicable Law. 14. In the event f an actual r suspected Privacy Breach, the Practice agrees t ensure that the Privacy Officer prmptly ntifies the Parties, and implements the Privacy Breach Prtcl in accrdance with its terms and with Applicable Law. 15. The Practice shall maintain a business cntinuity plan t prtect Patient Recrds frm harm due t cyber threats; r t labur actin; r t pwer utage; r t criminal activity including but nt limited t theft, vandalism, r mischief; r due t physical damage t hardware r sftware frm fire, fld, gas, explsin, weather, r acts f Gd. 16. The Practice shall prvide a current cpy f all plans, plicies, and prcedures related t the management f infrmatin, including but nt limited t the business cntinuity plan, privacy plicy, and access prcedures, t the ther Parties at least annually, but als whenever such plicies are updated, and n request by a Party. B. Obligatins f Bth Parties 1. Each Party agrees t: a. keep Patient Infrmatin cnfidential and secure and in any event use n less than a reasnable standard f care; b. cmply with the plicies and prtcls f the Practice and cperate with the Privacy Officer; c. ntify the Privacy Officer as sn as practicable if he r she becmes aware f any Privacy Breach, r ptential lss r threat t the security f Patient Infrmatin and cperate t implement the Privacy Breach Prtcl in accrdance with Applicable Law; and d. use best effrts t ensure the accuracy, cmpleteness, and quality f the Patient Infrmatin cllected r created by them r n their behalf in the curse f and fr the purpses f the prvisin f health care t the Patient. 2. N Party will cllect, use, r disclse Patient Infrmatin if they are aware that the relevant Patient has expressly withheld r withdrawn cnsent t such transfer. 3. N Party will access, use, dwnlad, transfer, r cpy Patient Infrmatin r Medical Recrds fr a purpse ther than the prvisin f health care t the Patient and related billing, quality assurance, regulatry, and medical-legal purpses, except with the ntice and cnsent f the Respnsible Physician and the express infrmed cnsent f the Patient [in accrdance with the plicies f the Practice]. 10

11 4. In the event that a Patient makes a frmal request fr access t his r her Patient Infrmatin, the Party in receipt f the request shall cmply with the plicies f the Practice and prmptly ntify and cperate with the ther Parties as apprpriate in respnding t the request fr access. A Party that becmes aware f an errr r suspected errr in the Patient Infrmatin shall cmply with the plicies f the Practice and prmptly ntify the Practice and the ther Parties as apprpriate, and cperate with them t crrect the errr r suspected errr. 11

12 Appendix C: Sample Plicies Sample Respnsible Physician Plicy The Patient s Respnsible Physician has verall respnsibility fr directing and crdinating the care and management f that Patient within the Practice including: Ensuring they are satisfied that systems are in place t ensure that there is apprpriate cntinuity and fllw-up f medical care and labratry tests rdered, regardless f wh prvided the care r rdered the test; Ensuring that they are satisfied that systems are in place t ensure the creatin, maintenance, and security f Medical Recrds and cmpliance with legal bligatins in respect f Patient Infrmatin; and Ensuring that the Patient is ffered lngitudinal care, apprpriate peridic health examinatins, and any plans f care as apprpriate. The Respnsible Physician has the fllwing administrative respnsibilities: t ensure that he r she has the cnsent f the Patient t be that Patient s Respnsible Physician; t ensure that he r she has sufficient insurance cverage, and is duly licensed by the Cllege f Physicians and Surgens f BC; t ensure that his r her practice is perated in cmpliance with any limits r restrictins n his r her license t practice; t ensure that he r she has a successin plan that ensures that in the event he r she is unable t fulfill the bligatins f the Respnsible Physician due t his r her unexpected disability r death, there is a physician wh is designated t act as his r her successr. The Respnsible Physician has a right t take a cpy f the Patient s Medical Recrd with him r her upn departure frm the Practice. The Respnsible Physician and his r her authrized representatives may, upn at least twenty-fur (24) hurs ntice, during nrmal business hurs, enter upn any premises maintained r cntracted by the Practice, including the premises f any third party cntractr, in rder t inspect and audit the adherence by the Practice t its cntractual duties including in respect f its security standards and prcedures. The Practice has a duty t cperate with any such audit r inspectin and likewise cause any such cntractr t cperate. The Intake Frm f the Practice shall have a space t indicate wh the Patient s Respnsible Physician is. The Patient has the right t chse wh their Respnsible Physician shall be. 12

13 Appendix D: Sample Cntractual Terms The Physician s Cntrl f the Patient s Medical Recrd 1. The Parties acknwledge and agree that in rder t ensure clarity in respect f the rights, respnsibilities, and management f Medical Recrds, it is necessary t designate a Respnsible Physician fr each Patient. The Parties will cperate in determining wh shall be s designated. N Party may be s designated withut their wn prir knwledge and cnsent [and the Patient s prir knwledge and cnsent]. 2. A Party is designated in the Patient s Medical Recrd as the Respnsible Physician fr any Patient wh that Party brings with him r her upn jining the Practice, unless therwise instructed by the Patient. 3. Fr new Patients, a Party shall be designated as a Patient s Respnsible Physician in accrdance with the Patient s cnsent indicated n the [as apprpriate: Intake frm r Patient file Opening frm r in accrdance with the Respnsible Physician Plicy attached as Schedule t the Agreement]. 4. The Respnsible Physician has the right: a. t access t the Medical Recrd at any time; b. t authrize r refuse t authrize wh may access their Patient s Patient Infrmatin; c. t be given ntice f any access, use, r disclsure f any Patient Infrmatin held by the Practice in any frm whether in the Medical Recrd r therwise, upn request; d. t require the Practice t transfer a cmplete cpy f the Medical Recrd int the custdy f the Respnsible Physician, r t the custdy f any third party as directed by the Respnsible Physician; and e. [insert any ther right as agreed ] 5. The Respnsible Physician shall cperate with the Practice in prmptly respnding t a Patient s request: a. fr access t his r her Medical Recrd; b. fr crrectin r ntatin f his r her Medical Recrd; c. fr prvisin f a cpy f the Medical Recrd r prtin theref t any third party; d. t designate anther physician within the Practice as Respnsible Physician fr that Patient; r e. t transfer his r her Medical Recrd t anther physician r clinic. 6. In the event that a Party wishes terminate his r her designatin as the Respnsible Physician in respect f a Patient, he r she shall ntify the Patient and prvide the Practice [# days] written ntice. 7. In the event that a Party is unable t fulfill the bligatins f the Respnsible Physician due t illness, disability, r death, he r she shall, if reasnably pssible, cperate with the Practice and the ther Parties t facilitate transfer f his Patients t his r her designated successr. 13

14 Appendix E: Sample Terminatin Plicy Medical Recrd Issues n Departure r Terminatin [Nte that these deadlines are examples nly and physicians shuld ensure that the deadlines in any Terminatin Plicy adpted by their Practice are practical and prmte effective cmpliance and cperatin between the parties.] Ntice f terminatin shall be given in writing, n less than [insert number] days prir t the intended date f terminatin. By [5pm n the terminatin date], the departing Party will: transfer all Patient-related dcuments, materials and s int the electrnic system f the Practice; ensure all billings fr wrk dne have been cmpleted in accrdance with the billing prcedures f the Practice; remve all persnal belngings frm the ffice; fr Patients being retained by the Practice, send letter t Patients advising f the name and cntact infrmatin f the Physician prpsed as the new Respnsible Physician; prepare [patient transfer mems/frms] fr all Patient Recrds retained by the Practice and ensure that all required cnsents and authrizatins required fr such transfer have been btained; and fr Patients being retained by the departing Party, send letter t such Patients advising f the Party s new practice and cntact infrmatin. By [5pm n the terminatin date], the Practice will: prvide the departing Party with an electrnically readable and practically usable cpy f persnal cntact lists and s (if any); prvide the departing Party with an electrnically readable and practically usable cpy f the electrnic Medical Recrds fr every Patient fr whm the departing Party is the Respnsible Physician and wh is leaving with the departing Party. At 5 pm n the terminatin date, the Practice shall terminate the departing Party s access t the Practice s IT system and the departing party shall return all keys and entry fbs. The Practice will, fr six (6) mnths fllwing terminatin, frward the departing Party s s fr matters unrelated t Patients retained by the Practice. The departing Party will be inviced at the rate f [insert agreed rate] per hur fr supprt staff wrk related t the transitin that is utside the nrmal curse f business. These fees will be payable fr any wrk required t facilitate the transitin, regardless f whether such wrk is during the ntice perid r after terminatin. The fees fr transfer f electrnic Patient Medical Recrds shall be as fllws [insert fee structure]. Other matters that culd be addressed in a plicy include use f staff time, service prvider csts, transferring t ther frmats, bxing paper files, and cpying csts and time. 14

15 Appendix F: Sample Cntractual Terms Medical Recrd Issues n Departure r Terminatin 1. In the event f the terminatin f this Agreement, the Parties agree t fllw the terminatin plicy [cnsider: as set ut in Schedule **f this Agreement]. 2. All Patients fr which a Party is designated as the Respnsible Physician as at the date f the ntice f terminatin, will remain the Patients f such Party after terminatin. 3. Subject t the Patient s instructins and Applicable Law, the Party wishing t transfer the Medical Recrds f thse Patients fr whm the Party is designated the Respnsible Physician int his r her custdy and cntrl, shall send a request in writing t the Practice, identifying each such Patient by name and prviding details as t the persn r place where the Medical Recrds are t be transferred. 4. Within 10 days f receipt f a written request frm a Respnsible Physician, a. a cpy f the electrnic Medical Recrd and f any paper Medical Recrd assciated with the Patients f such Respnsible Physician shall be transferred t him r her, in a readable frmat, [cnsider: in accrdance with the prcedures in Schedule **;] b. in respect f paper Medical Recrds, the receiving Party will, upn receipt, be slely respnsible fr the cnfidentiality, security, access, retentin, and destructin bligatins and fr thse additinal bligatins that arise upn sale, clsure, r ther terminatin f such Party s practice. 5. The Parties will cperate t facilitate the respnse t a written request by a Respnsible Physician. The Parties agree that any fees fr the csts assciated with such transfer shall be [paid by the Practice] r [paid by the departing physician] r [in accrdance with the fee structure attached at Appendix **] 6. During the [XX day ntice perid] r [ntice perid as prvided in the Main Agreement] prir t terminatin, the Parties will cperate n a best effrts basis t facilitate the transitin f Patient Medical Recrds t the persn r place as instructed by the Patients Respnsible Physician, including ensuring that: a. any Patient Medical Recrds transferred in electrnic frm can, after being transferred t the Respnsible Physician, reasnably be accessed, used, stred, and printed in a manner that facilitates the cntinued use in electrnic frm f the Medical Recrds, including cnverting the recrd int a frmat readable by sftware t be used by the departing Physician; and b. ensuring that such transitin can be accmplished prmptly and in a manner that ensures the integrity, accuracy, and cmpleteness f each Patient s Medical Recrd. 7. Until custdy and cntrl f each and every Medical Recrd has been transferred, r until the date that the ultimate retentin perid fr the Medical Recrd has lapsed, whichever is later, the Practice shall ensure that: a. any electrnic system used t access, retrieve, hld, stre, archive, r maintain Medical Recrds shall cntinue t perate after this Agreement terminates (including any renewals r extensins), in a manner that preserves the riginal Medical Recrd, facilitates access t and transfer f Medical Recrds in readable frm, and ensures the creatin and maintenance f an audit trail; b. any necessary reprting t patients r regulatry bdies in relatin t the terminatin f this Agreement and the Main Agreement can be dne in accrdance with Applicable Law; c. in the event f a medical-legal matter, the Medical Recrds can be, and are, made available in readable frm t the Parties r their agents r insurers, and t regulatry bdies, fr inspectin and cpying, upn reasnable ntice; d. the Party wh was designated as the Patient s Respnsible Physician as at the date this Agreement is terminated, is ntified prmptly and in any event within [1 day], f any request by any persn fr access t a Medical Recrd; and e. the quality, integrity, accuracy, security, and privacy f the Medical Recrd is maintained in a manner cnsistent with the terms f this Agreement and Applicable Law. 15

16 8. During the term f this Agreement and after any terminatin r expiry theref, the Practice may retain a cpy f any Medical Recrds as is necessary t satisfy the requirements f this Agreement and [the Main Agreement and] its bligatins under Applicable Law and shall nt destry any Medical Recrd in its custdy except in accrdance with the terms f this Agreement and Applicable Law. 9. The Practice shall ensure that any system used t archive Medical Recrds is cmpliant with Applicable Law. 10. Certain terms survive the terminatin r expiratin f this Agreement and [any ther relevant agreement]. [cnsider: Management f Medical Recrd n Terminatin; N Interference; Indemnities, cperatin terms, strage, retentin, access, transfer.] 16

17 Appendix G: Additinal Sample Cntractual Terms Cperatin and Nn-Interference 1. The Parties shall cperate in develping any business cntinuity, successin, and cntingency plans, r ther plicies, prcedures, r prtcls, as are reasnably necessary. 2. N Party shall d any act r thing, r exercise any right under this Agreement r the Main Agreement, during r after the term r terminatin f this Agreement, if t d s wuld have the effect f limiting, restricting, r interfering with: a. a physician s [r ther health care prvider s] ability t cmply with their wn legal r ethical r cntractual duties r t seek medical/legal advice frm an insurer r legal cunsel; b. a regulatr s ability t exercise any pwer r authrity in respect f any regulated prfessinal; r c. a Patient s rights in respect f his r her Persnal Infrmatin under Applicable Law. N Assignment 1. N Party shall assign, utsurce, r subcntract this Agreement r their bligatins hereunder withut the prir written apprval f the ther Parties. Subject t this, the Agreement is binding upn the Parties, their successrs, and permitted assigns. 2. Each Party shall ensure that any subcntractr shall be bund by cntract t cmply with the restrictins, terms, cnditins, and safeguards applicable t such Party as if such subcntractr were a party heret. 3. N Party shall assign, transfer, cnvey, r therwise encumber any f its rights t, r grant any right, title r interest in r t any f, r allw any liens t be placed n r levied against, the hardware r sftware r systems used t access, use, disclse, hld, manage, stre, transmit, r manipulate Patient Infrmatin r Medical Recrds. [r; shall nt, withut ntice and apprval and in any event shall ensure that n such encumbrance/lien/interest etc., interferes with the rights and bligatins f the Parties and thers, in accrdance with paragraph 27 abve.] Representatins and Warranties 1. Where Patient Infrmatin is t be transferred int the Practice, the Party transferring such Patient Infrmatin represents and warrants that it has btained the Patient s prir express written cnsent fr such transfer, and fr the cllectin, access, use, and disclsure f such Patient s Patient Infrmatin as necessary fr the purpses f prviding health care t such Patient. 2. The Practice represents and warrants that it has develped and implemented plicies and prcedures necessary t ensure the cnfidentiality, security, and privacy f the Patient Infrmatin in its custdy, in cmpliance with Applicable Law; and that n system r tl used in the peratin f the Practice vilates any intellectual prperty r ther prperty right. Acknwledgements and Agreements 1. Each Party acknwledges and agrees that: a. it is subject t and will cmply with all Applicable Laws. b. the Patients f the Practice reasnably expect that their Persnal Infrmatin is cllected, used, and disclsed fr the purpses f prviding them with health care services, which includes billing and quality imprvement, and accrdingly all Parties will cllect, access, use, and disclse Patient Infrmatin slely fr such purpses except where the Patient has prvided express written cnsent fr anther purpse; and c. regardless f wh is designated the Respnsible Physician, each Party wes independent legal, ethical, prfessinal, and fiduciary duties and duties f care t each Patient, and nthing in this Agreement is intended t prevent r interfere with a Party s ability t cmply with any such duties. 17