Electronic Hospital and Medical Records

Personal medical records and records of hospital treatment are increasingly—if not uniformly—born digital. By implication, those records should be retained through the lifetime of the patient, or in some instances longer as required for intergenerational study; and yet there is little evidence of the medical profession participating in the digital preservation community.

Digital Species: Sensitive Data

Consensus Decision

Added to List: 2017

Previously: Endangered

Imminence of Action

Immediate action necessary. Where detected should be stabilized and reported as a matter of urgency.

Significance of Loss

The loss of tools, data or services within this group would impact on many people and sectors.

Effort to Preserve | Inevitability

Loss seems inevitable: loss has already occurred or is expected to occur before tools or techniques develop.

Examples

Medical scans; records of treatment and care plans; health advice and notifications.

‘Critically Endangered’ in the Presence of Aggravating Conditions

Loss of context; loss of authenticity or integrity; poor storage; lack of understanding; churn of staff; significant volumes of data; significant diversity of data; ill-informed records management; poorly developed transfer and integrity checking; poorly developed migration or normalizations specifications; long standing protocols or procedures that apply unsuitable paper processes to digital materials; encryption; Uncertainty over IPR or the presence of orphaned works owners.

‘Vulnerable’ in the Presence of Good Practice

Well-managed data infrastructure; preservation enabled at the point of creation; carefully managed authenticity; use of persistent identifiers; well-managed records management processes; application of records management standards; recognition of preservation requirements at highest levels; strategic investment in digital preservation; preservation roadmap; participation in the digital preservation community

2023 Review

This entry was first submitted in 2017 under ‘Medical and hospital records.’ At that time, there was limited capacity to address the topic. It was published as ‘of concern’ to revisit and review by the 2019 Jury and also independently received as a submission to the open nomination process under ‘Electronic hospital and medical records.’ The entry covers a broad range of material, and it may be useful in future years to split the entry into more discrete entries. Still, the 2021 Jury agreed to keep the current description and classification to draw attention to the scale of the digital preservation challenges which arise in hospitals and the medical profession. The same reasoning for greater risk in 2020 was used for 2021; there has been significant strain through the Covid pandemic, with resources stretched to meet an overwhelming demand and rigid, exacting protocols. In this environment, it is hard to avoid the sense that records are also now at greater risk. The Jury further commented that hospital records may be at greater risk than we think, where there may already be poor maintenance of records during their lifecycle, poor migration planning, etc. The 2022 Taskforce recommended that the 2023 Council bring in additional subject matter expertise for feedback and comment on any changes in risks relating to growth and volume of born-digital records, increasing or peculiar budget strain conditions, changes pertaining to sensitivity and potential destruction linked to ransomware or conflicts.

The 2023 Council agreed with the previous Endangered classification with the overall risks remaining on the same basis as before (‘No change’ to trend) though also suggesting an increased timeline for imminence of action and greater inevitability of loss.

2024 Interim Review

The 2024 Council recommends that a major rescoping of the Sensitive Data species is necessary, with plans to remove it as a species and incorporate key elements and examples to relevant entries for the next 2025 Bit List. This is because it is not clear how sensitive data works as a species, when many of the other species mentioned could have sensitive data concerns, and the sensitivity of the data is more like an extra category of risk that potentially applies across any species.

Additional Comments

Increasing sensitivity and awareness of data protection requirements could act inadvertently as a barrier to lifecycle data management. It is striking how little evidence is of the health technology companies participating in the global digital preservation community.

The processes implemented by Sao Joao hospital (see below) are encouraging, but too many medical establishments are operating in an excessively ad-hoc way when it comes to records management. As well as preservation, issues of data protection and ethical obligations are to the forefront when working with this kind of material.

Case Studies or Examples:

• The São João University Hospital Center (SJUHC) Health Records Repository project offers an example of changing practices relating to the project’s implementation of a long-term digital preservation repository capable of ingesting, preserving and providing access to digital clinical information. As part of the Hospital’s digital transformation strategy, the Health Records Repository promotes change in the management of daily medical records through the implementation of procedures for preparation, digitization and preservation of health records. The results of the last two years of activity of the Health Records Digital Repository reveal a higher efficiency in the access and reuse of clinical information in the context of healthcare. This initiative was nominated for a 2022 Digital Preservation Award. See SJUHC and the Portuguese National Archives (2022), ‘Long-term preservation of Digital Health Records’, Digital Preservation Awards 2022. Available at: https://www.dpconline.org/events/digital-preservation-awards/dpa2022-digital-health-records [accessed 24 October 2023].

• The National Library of Scotland ‘The Archive of Tomorrow: Health Information and Misinformation in the UK Web Archive’ project as it relates to capture of health advice published on the web. See Archive of Tomorrow (2022-2023), National Library of Scotland. Available at: https://www.nls.uk/about-us/working-with-others/archive-of-tomorrow/ [accessed 24 October 2023].

• The Conti cyber-attack on Health Service Executive Ireland. See Health Service Executive Ireland (2021) ‘Conti cyber attack on the HSE: Independent Post Incident Review’. Available at: https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf [accessed 24 October 2023].