Documentation is an essential component of effective healthcare communication. Given the complexity of healthcare and the fluidity of clinical teams, healthcare records are one of the most important information sources available to clinicians. Good documentation contributes to better patient outcomes by enabling information exchange and continuity of care by all members of the healthcare team.
Strong information management systems provide the foundation for continuous improvement and high quality, safe service delivery. (Source: Shutterstock
Records can show compliance with laws and regulations and are one of the main sources of information used by auditors, tribunals and courts to verify that an individual has been cared for appropriately. However, record keeping and information management systems can often be overlooked particularly when a provider’s capacity and resources are stretched. Now more than ever, the risks arising from remote working, dependence on agency staff and increased absenteeism make information management an essential part of planning for business continuity. Strong information management systems also provide the foundation for continuous improvement and high quality, safe service delivery. Information management and the NDIS Practice Standards Under the National Disability Insurance Scheme (NDIS) providers generally need to meet record keeping requirements. Registered NDIS providers that are subject to the Core Module must have an information management system in place that is relevant and proportionate to the size and scale of the organisation. The systems must record all client information in an accurate and timely way. Providers must ensure that documents are stored with appropriate use, access, transfer, storage, retrieval, retention destruction and disposal processes relevant and proportionate to the scope and complexity of supports delivered. Good progress noting supports high quality care Progress notes are fundamental to high quality care and services. These notes capture progress towards a client’s goals, implementation of support plans and provide a record of events during each appointment or shift. This enables staff, carers and others to identify, communicate and coordinate around the needs of the client. Quality care requires quality information. Whether considered from the perspective of care delivery, NDIS quality audits, or legal protection, a well written record is a provider’s best evidence to show that services have been delivered properly and that the client has been cared for appropriately. Ensuring quality information requires providers to establish and adhere to good record keeping practices. For example, does your organisation provide guidance to staff on minimum expectations for records? Are the records consistent across the services you deliver and easy to access and review? Progress noting principles The following principles apply generally to all progress noting, clinical records, reports and planning documents:
Steps for effective information management The best practice standards for information security management systems are set out in the International Organization for Standardization’s ISO 27001. While NDIS providers are not required to obtain ISO 27001 certification, it offers a useful framework of measures and controls that can be tailored to what is relevant and proportionate to an organisation or provider. At a high level, the steps for effective information management in ISO 27001 require that:
Classifying and handling information Procedures for handling information should be developed and implemented in accordance with the organisation’s information classification scheme. What is an appropriate classification depends on your business, but should be relevant to operations and proportionate to the nature of information handled. Generally, information is classified by reference to legal requirements, value (or risk) to the organisation, and consequences (for example, sanctions) for unauthorised disclosure or modification. Shifts in the workplace, such as remote working, transition of staff and/or clients, are a good catalyst to remind staff and stakeholders of organisational requirements and personal responsibility for protecting personal information and privacy. At a minimum, the information management system must set out what and how personal information is collected (with consent), classified and handled, as well as the controls for protecting from loss, destruction, disposal and unauthorised access or disclosure of the records that hold such information, in accordance with the Australian Privacy Principles, Privacy Act 1988 and other legal requirements that may apply. Remember any record containing personal information is subject to high standards of confidentiality and integrity. You should also make sure that each client understands what personal information is collected, gives informed consent to its collection and that your organisation’s confidentiality policies are communicated in a way that the client is most likely to understand. The system should also document ‘access controls’ that clarify who needs to access, know, and use information of different classification types and who is authorised to edit or destroy records. Access control rules should be supported by formal procedures and defined responsibilities and may need to be reviewed (or removed) based on changes in roles (particularly where staff leave the organisation). What is ‘relevant and proportionate’? A number of systems that the NDIS Quality Indicator Guidelines require providers to establish and maintain (including information management) are described as needing to be relevant and proportionate to the scope and complexity of supports delivered and the size and scale of the organisation. Unfortunately, there is no further guidance on what is relevant and proportionate to matters of size, scale, scope and complexity. Generally, a larger organisation with many staff will require more comprehensive and detailed procedures, whereas a small organisation that operates with a few thoroughly experienced staff that cover the breadth of operations may not need the same level of detail. Considerations that are relevant to issues of size, scale, scope and complexity, include but are not limited to:
If you would like to know more about the latest COVID-19 updates and how it is impacting the disability sector visit our dedicated COVID-19 information page. What would you like to know more about? Tell us in the comments below or send an email to [email protected]. Disclaimer This commentary is general in nature and provided for informational purposes only. It is not intended to be comprehensive and does not constitute legal advice. You should seek legal or other professional advice or consult with the appropriate government authority if you are unsure about how the issues raised in this commentary apply to the circumstances of your business.
Kai Sinor is a legal practitioner and former Assistant Director for Compliance at the NDIS Quality and Safeguards Commission. He specialises in regulatory matters and has worked across a variety of social justice and regulatory issues for the past decade. Kai is a Senior Lawyer at MPS Law, where he provides legal services to NDIS providers on compliance, corporate and commercial matters. |