Ms. Gail Graham at the Veterans Affairs Committee

On March 23rd, 2009. See this statement in context.

March 23rd, 2009 / 4 p.m.

Deputy Chief Officer, Health Information Management, Veterans Health Administration, United States Department of Veterans Affairs

Gail Graham

I'll answer the second question first.

By law, our retention of records, paper and electronic, of the patients' medical records, is 75 years after the last date of inactivity. When patients expire, we have an obligation to retain their records for a period of 75 years. Much of this has to do with spousal requests for benefits and for research purposes. And much of that came after it was determined that ionizing radiation exposure, for example, had harmed individuals and that many of their records had already been destroyed. So for about the last 20 years, we've had a 75-year retention requirement for our medical records, regardless of the medium they're in, whether paper or electronic.

Our electronic system has a security foundation--we talked a little bit about this earlier--that works with a series of menus relative to the job within the facility. For example, the housekeeper doesn't have the laboratory menu and the nurse doesn't have the physician ordering menu. That's one level of the security that's applied. All the individuals who work for the VA or who have access to computer systems have background checks. They have to take privacy and security training. And then the system itself has security safeguards. The first level of that is the menus, subject to the job.

The second level of that security is known as security keys, specifically keys that have to be granted to you to do certain functions. The example I used was the ability to order medications. That has to match up with what you are authorized to do by your licence within the organization.

To speak to who's accessing, one of the advantages of the electronic health record is that it's not only in one place at a time. If you are an in-patient and your physician wants to review your chart, but you also are in radiology receiving a procedure, both of those providers could be looking at your record at the same time. So this multiple access was intentional.

We do lock the system in certain areas. Two providers cannot be ordering on one patient at the same time, so there cannot be conflicts between the orders.

The ability to access from multiple points is certainly a benefit. Also, the ability to audit who's accessing the record is another benefit of the electronic health record. You know who accessed the record and when it was accessed, along with the components of the record accessed.

See context to find out what was said next.