Having a clear agreement of how patient records will be maintained to ensure privacy, security, and confidentiality in a paper based patient record or in a shared EMR database is the objective of an Information Manager Agreement. This may also be called a Data Sharing Agreement, Information Sharing Agreement, or Business Associate Agreement.
In a group healthcare practice, have a clear understanding in writing that sets out how patient records will be collected, used, and disclosed during the group practice is critical to the security of the patient information, health service provider information, and good will between members of the group practice. Think of this as the ‘prenuptial' agreement in your business relationship.
Who is an Information Manager?
In Alberta, the Health Information Act (HIA) defines an information manager. Generally, it is a special kind of an affiliate, usually a business or a vendor, who provides a service that does some specific task (authorized by the custodian) with health information. This could be a billing agent, accredited billing submitter, outsourced transcriptionist, EMR vendor or other service provider.
If you are using an EMR vendor, the named individuals on the IMA are the only persons that the software vendor can receive instructions on how to manage the records in the database. Often, this is the physician lead and business owner.
Sometimes, the custodian is also the information manager. For example, a physician (custodian) and business owner may assume the responsibility of ensuring the security of all the patient records authored by other custodians in the group practice. The physician / custodian / business owner / information manager must follow all the rules of the IMA and HIA.
Not every healthcare practice has an information manager. Some group practices have many information mangers providing different services. There are many details and options to consider. The discussion–and then putting it in writing–is the key to positive business relationship and secure records management.
Avoid surprises – and nasty exits
Some tips to prevent surprises:
- Take a pro-active privacy role and inform patients how their information will be protected during the routine practice operations and when healthcare providers are added to – or leave – the practice.
- Decide how you are going to decide about the on-going operational changes to how the software will be used in your practice.
- Identify in the EMR software who is the primary (or default) healthcare provider for each patient. Talk with your software vendor how best to record this.
It’s never too late to start! If you missed creating an Information Management Agreement or Data Sharing Agreement in your group practice, do it now!
See the Digital Resources for samples that you can use.
Download our Infographic, “What is an IMA?”