Klara Katrín Friðriksdóttir¹

Jóhanna Gunnlaugsdóttir²

Ragna Kemp Haraldsdóttir²

 

¹Department of medical records and archives, The National Hospital of Iceland, ²School of Social Sciences, University of Iceland

Correspondence: Klara Katrín Friðriksdóttir, klarakf@landspitali.is

Key words: Medical Records, Information Security, Personal Data Protection, The National Hospital of Iceland.

 

INTRODUCTION: The aim of the research was to examine the status of medical records at the National Hospital in Iceland. The aim was, furthermore, to examine the policy making regarding records among managers and other employees. A research such as this has not been undertaken previously. It provides new knowledge regarding the systematic management of medical records. The academic value of the research is the discovery of how sensitive records are being managed from a legal standpoint as well as information security. The practical value of the research is that its findings can be used as a status evaluation of ongoing assignments and plans within the National Hospital.

SUBSTANCE: Qualitative research methods were used for the collection and analysis of the data supported by triangulation and grounded theory. Available written material was examined, interviews were conducted, and participant observations took place. Finally, a focus group was formed. Although the conclusions cannot be generalized, they do provide important indications regarding the state of records management, as a level of saturation was reached in the data collection, and it was deemed unlikely that additional data would have added information of significant value.

RESULTS: The findings of the research show that important work has been undertaken to form and implement a policy regarding information and access to records in accordance with law, regulations and international standards. It is obvious that the managers have set themselves ambitious goals in this respect. Moreover, an international certification has been obtained within the health and information technology department regarding information security.

CONCLUSIONS: The main problem seems to be twofold: First, a clarification of the administration and responsibility of health records is needed, and second that the hospital has not succeeded in securing enough funds in order to pursue established policies in an effective manner. It was revealed that top management support needs to be strengthened; training and education need improvement and the awareness of hospital staff of their responsibility regarding the security of medical records must be emphasized.