Data sharing
Inter-physician agreements
When a doctor practises within a group of physicians or a physician organization, it may make practical and financial sense to have a shared EMR system for all the practitioners. This system may or may not be integrated with a hospital, regional, or provincial EHR system.
An agreement among a group of physicians or a physician organization with an information technology consultant should include the same considerations as when a third-party vendor is being chosen. In addition, there should be an agreement on the shared EMR system among the individual physicians and healthcare professionals who make up the group or organization. An agreement on a shared EMR may be stand-alone or may be included in a larger agreement between the physicians that governs the management of the group, practice, clinic, etc. (e.g. partnership agreement or shareholder agreement).
Once a patient’s medical record contains contributions from various individuals and is being accessed by a number of healthcare providers, questions of ownership and security become significantly more complex. The inter-physician agreement should pay particular attention to ensuring a patient’s record is accessible only by authorized users for authorized purposes. It may be necessary to have mechanisms that restrict access to only those physicians and staff who need access to a particular patient’s record to provide medical care or for other authorized purposes.
For more information see the CMPA’s Data Sharing Principles and the template Contractual Provisions for Data Sharing.
Data sharing agreements with health authorities
In some jurisdictions, the medical association or federation has negotiated some form of data sharing or information management agreement to govern physicians’ use of an EHR managed by the health authority. Where no information management agreement exists, physicians who are seeking to be a user of an EHR system established by a health authority or to link an EMR to the EHR should consider entering into a data sharing agreement. The principles of this agreement are the same as for inter-physician agreements, and the Data Sharing Principles.
Data sharing agreements between physicians and health authorities may face the unique issue of protection for quality assurance and quality improvement records. Where a hospital quality improvement committee has prepared records for the purpose of reviewing adverse events and evaluating the effectiveness of a hospital’s practices and procedures, these records should be segregated from other records to ensure that any legislative protection from disclosure is maintained. The data sharing agreement should stipulate how records will be segregated and how access to records will be limited. For example, the data sharing agreement should stipulate that this information (i.e. personal and quality assurance or quality improvement information) will not be disclosed unless required by law.
Termination of agreement and enduring access
There may come a time when parties mutually agree to terminate a data sharing or inter-physician agreement, for example when a group of physicians disbands or dissolves. The agreement might also be terminated due to a breach of the agreement or the insolvency of other parties.
A physician’s participation in the eRecord system may come to an end for many reasons, such as leaving the jurisdiction or ceasing to practise medicine. Physicians need to ensure they have continued access to the information in the eRecord so they can meet their record retention obligations. Even physicians who are no longer practising medicine may receive requests from patients to access their medical records. Physicians may also require the records in the event of a medico-legal issue. The agreement should require that the custodians of the records maintain them in their original form, make them available to the physician, and take reasonable steps to prevent the information from being lost, stolen, or inappropriately accessed. Provisions should be included to ensure the original records are appropriately destroyed when the applicable
retention period has expired.