Medical Records Department – Data Collection and Protection Policy

Type of Patient Data Collected

1. The Medical Records Department (MRD) maintains and manages both administrative and clinical patient information, including:

• Registration details: Patient name, age, sex, address, contact number, father/mother/spouse name
• Clinical data: Case sheets, medical history, diagnosis, treatment records, operative notes, discharge summaries, laboratory and radiological reports.
• Admission and discharge details: Admission date, ward/unit details, treating consultant, discharge status.
• Legal and medico-legal information: Medico-legal case (MLC) registers, police intimation copies, consent forms, and birth and death reports.

Purpose of Data Use and Data Protection Practices

Purpose of Data Use:

1. To ensure continuity of patient care.
2. For hospital administration, quality assurance, and clinical audits.
3. For medical education, training, and approved research (with prior ethical clearance).
4. For statutory and legal reporting as required by authorities.

Data Protection Practices:

1. All records are maintained in secured physical and electronic formats with restricted access, ensuring the highest level of security. This robust system is designed to instil confidence in our staff and patients. Electronic data is stored in encrypted hospital information systems (HIS) with password-protected access for authorised users only.
2. Physical medical records are kept in locked storage areas with access limited to MRD-authorised staff.

Data retention and disposal:

1. OPD/IPD (In-patient) records are typically retained for a minimum of 3 years.
2. Medico-legal records are typically retained for a minimum of 10 years or until the final disposal of the court case.

Consent and Confidentiality Policy

1. Patient consent, is obtained at the time of admission for the collection and use of medical information for treatment and research purposes. Explicit written consent, a legal requirement, is necessary for disclosing medical information to third parties, except when mandated by law (e.g., court orders, public health reporting).
2. All hospital staff are bound by a confidentiality agreement, a key professional obligation, and must not disclose any patient information outside authorised channels.
3. De-identified data may be used for research and audit purposes after ethics committee approval.

Responsible Department Contact Details

Contact person: Officer in charge of MRD & Contact number:0413-2298745 Email : mrd[at]jipmer[dot]ac[dot]in