#BTColumn – Moving Barbados’ Medical Records from Paper to Digital

Disclaimer: The views and opinions expressed by the author(s) do not represent the official position of Barbados TODAY.

By Steven Williams

In July 2023, the Inter-American Development Bank (IDB) and the European Union (EU) jointly provided an $8 million grant to fast-track the digitisation of Barbados’ health information management systems, with a strong focus on enhancing cybersecurity measures. This initiative is crucial as cybersecurity becomes an even greater priority. Nonetheless, it’s essential to also confront ongoing issues that obstruct the healthcare sector’s embrace of digital technology. Not addressing these fundamental challenges could obstruct engaging stakeholders effectively and limit the overall advancement in digitising healthcare systems.

A critical area in need of immediate attention within the digital transformation of the healthcare sector is the heavy reliance on paper-based records, despite the availability of computers and tablets in medical clinics. The common experience of entering a doctor’s office and encountering an abundance of paper documents highlights the difficulty in moving away from traditional record-keeping methods to a fully digital system. This enduring preference for paper underscores the significant challenge to achieving a complete digital transition in healthcare record-keeping, notwithstanding the progress in information technology.

I am acutely aware of one of the major issues surrounding the transition to paperless medical offices: the antiquated interpretation of the professional requirement to maintain medical records for seven years. Recently, I challenged several medical practitioners to pinpoint the exact source of this entrenched belief. Not one could definitively identify its origin; instead, it seemed to be something they accepted as true without concrete reference. Through diligent research, I managed to trace this elusive compliance requirement back to 1980s legislation related to malpractice, which mandated the retention of transaction records in case of criminal proceedings.

Despite the absence of any documented requirement stipulating that medical records must be maintained in paper format, in 2024, local medical practices persist in adhering to outdated protocols rooted in the norms of the 1980s. These practices, however, are no longer relevant or applicable to the current landscape of healthcare.

The transition to electronic medical records (EMR) faces additional hurdles, due to the absence of universally accepted standards. This lack of standardisation hampers the widespread adoption of digital records, essential for modern healthcare practices to achieve resilience and efficiency. Standards are crucial for enabling seamless data exchange between EMR systems, ensuring interoperability that is fundamental for sharing patient information, enhancing healthcare coordination, and improving patient outcomes. Consistent standards also reduce the risk of errors during data transfer, minimising potential misinterpretations or loss of vital patient information.

Moreover, standardised EMR systems are key to integrating various healthcare technologies effectively, including telemedicine platforms, medical devices, and analytics tools. This integration fosters a more interconnected and efficient healthcare delivery system.

Nonetheless, the absence of standardised EMR frameworks complicates compliance with data protection laws like Barbados’ Data Protection Act 2019 and the United States’ Health Insurance Portability and Accountability Act (HIPAA), leading to inconsistent data handling practices among healthcare providers. This inconsistency elevates the risk of data breaches and privacy violations, and hinders the interoperability between different systems, impacting the sector’s ability to deliver coordinated and efficient care.

EMR systems enhance data privacy in healthcare through:

Enhanced Access Controls: Regulating data access to authorised personnel only, thereby protecting patient information.

Audit Trails: Recording all data interactions to ensure transparent and accountable handling processes.

Data Encryption: Securing patient information during storage and transmission.

Secure Data Sharing: Facilitating the safe exchange of patient data, compliant with privacy regulations.

Compliance with Data Protection Act 2019: Incorporating features to meet legal requirements, thus aiding in compliance and protecting patient rights.

The lack of EMR standards not only poses compliance challenges but also risks infringing on patients’ rights, such as data portability as outlined in the Data Protection Act 2019. This legislation allows patients to access their records in a structured, machine-readable format. Without standardised systems, this right becomes difficult to fulfil, potentially limiting patients’ ability to manage and reuse their data across services.

Therefore, the establishment of EMR standards is imperative not only for ensuring regulatory compliance and enhancing patient care but also for safeguarding the fundamental rights of individuals to access and control their health information.

Steven Williams is the executive director of Sunisle Technology Solutions and the principal consultant at Data Privacy and Management Advisory Services. He is a former IT advisor to the Government’s Law Review Commission, focusing on the draft Cybercrime Bill. He holds an MBA from the University of Durham and is certified as a chief information security officer by the EC Council and as a data protection officer by the Professional Evaluation and Certification Board (PECB). Steven can be reached at: Mobile: 246-233-0090 Email: steven@dataprivacy.bb