Physicians who collect or store patient information electronically, whether on stand-alone systems in their own practice or through contracts with service providers, must:
- Choose a system that conforms to acceptable industry practices and standards with respect to:
- restriction of data entry and access to authorized personnel;
- capacity to routinely monitor/audit access to records;
- measures to ensure data security and integrity;
- policies and practices to address record retrieval, data sharing, third-party access and release of information, and disposition of records (when outdated or on termination of the service relationship) in keeping with ethics guidance.
- Describe how the confidentiality and integrity of information is protected if the patient requests.
- Release patient information only in keeping with ethics guidance for confidentiality.