FACULTY OF BUSINESS AND MANAGEMENT

BA235 BACHELOR OF HEALTH ADMINISTRATION (HONS)

HSM571 MANAGEMENT FOR HEALTH RECORDS

“MEDICAL RECORD FILING SYSTEM”

HOSPITAL AL-SULTAN ABDULLAH (HASA)

NO. STUDENT’S NAME STUDENT’S ID

1. FATIMAH SARARILIA BINTI ABDUL RAHIM 2021847702

2. NUR NAYLI NABILAH BINTI ABDUL WAHID 2021889518

3. SARAH FAQIHAH BINTI BAHARUDDIN 2021477762

4. ZAINATUL FARIHIN BINTI HASLAN 2021615202

PREPARED FOR:
DR. SITI NORAINI BINTI MOHD TOBI

DATE OF SUBMISSION:
11 JULY 2023

GROUP:
BA235 4B
 TABLE OF CONTENT

NO. CONTENT PAGE

1. Acknowledgement 3

2. Introduction 4-5
a) Background of the Hospital
b) Vision and Mission
c) Objective
d) Core Value

3. Elaboration on Medical Record Department 5-8

4. Function of the Department 9-17

5. Suggestion for the Department 18-25

6. Conclusion 26

7. References 27

8. Appendices 28

2
 ACKNOWLEDGEMENTS

Assalamualaikum w.b.t. First and foremost, we would like to express our gratitude to our
honourable professor, Dr. Siti Noraini Binti Mohd Tobi, who has been an essential part in
guiding us through the completion of this project successfully. Because of her insight and
expertise, we were able to finish this report quickly and easily while working under her
direction, and the end result was a truly enlightening experience for all of us.

We would also like to extend our gratitude to Mr. Mohd Hafizi Bin Jilani, whose suggestions
made the production process considerably more streamlined and less difficult than we had
anticipated, given that it was such an ambitious endeavour from the very beginning. We would
like to extend our gratitude to the members of our group for their contribution, both in terms of
their cooperation and their level of commitment, to the successful completion of this
assignment.

We would also like to extend our gratitude to all of the parties involved because, without
their assistance along the way, we are not entirely certain that we would have been able to
arrive at this point in time. In addition, our gratitude extends to everyone else who contributed
at some point or another while we were on our way to achieving this remarkable
accomplishment together.

Not to forget, we are extremely grateful to our parents for their love, prayers, caring and
sacrifices for educating and preparing us for our future. Last but not least, we also would like
to express our thanks to our friends who have helped a lot and work hard to deliver a good
assignment with all effort and responsibility.

We would like to express our gratitude to all of our classmates for their assistance in
completing our assignment. They constantly provide us with suggestions on our project, which
can help us in making corrections. Hope that all of our efforts will generate a lot of benefits for
us as well as for our task.

3
1.0 INTRODUCTION
1.1 Background of The Hospital
When the Malaysian Minister of Education suggested in 1995 that the Institut
Teknologi MARA (ITM) needed a Faculty of Medicine to become a university,
construction on Hospital Al-Sultan Abdullah began. The surge in Bumiputera
medical professionals in Malaysia can be attributed in large part to the opening of
this Faculty of Medicine. After Universiti Teknologi MARA (UiTM) received
approval to become a university in 2002 from the Malaysian Ministry of Education,
the Faculty of Medicine was established. UiTM's Jalan Othman Campus in Petaling
Jaya has been home to the Faculty of Medicine since 2003, when its first 20
students enrolled.

UiTM has inked a MoA with the Ministry of Health Malaysia to place medical
students in government hospitals and polyclinics for the purpose of gaining clinical
training. These medical students will be rotating among two proposed training
facilities: Hospital Selayang and Hospital Sungai Buloh. UiTM was ordered by the
Ministry of Higher Education on July 17th, 2006, to keep its medical and dental
schools under construction in Sungai Buloh.

As a result, the Faculty of Medicine and the Faculty of Dentistry development

project at Sungai Buloh Hospital has moved on as planned. UiTM has submitted
plans to the government for a new teaching hospital so that it may stop relying on
Sungai Buloh Hospital and Selayang Hospital to train its medical students. The
Mesyuarat Jemaah Menteri (MJM) gave its approval in principle in 2008 for the
construction of the UiTM Selangor Branch Puncak Alam Campus Teaching
Hospital.

Hospital Al Sultan Abdullah (HASA) inaugurated by our Yang Dipertuan Agong

Sultan Abdullah Sultan Ahmad Shah on 22 July 2022. Medical Specialist Clinic,
Women & Children Specialist Clinic, Surgical & Orthopaedic Specialist Clinic, and
Psychiatry Specialist Clinic are among the available services at the facility, which
opened on April 5, 2021.

1.2 Vision and Mission of Hospital Al-Sultan Abdullah

Their goal is to become an academic healthcare centre that is recognized all
over the world. Whereas the organisation's goal is to improve the quality of life for

4
 people by fostering professional growth, doing transformative research, and
providing cutting-edge medical care.

1.3 Objective
The objective is to be the leading academic healthcare centre; to foster quality,
compassionate healthcare; to advocate cutting-edge, avant-garde research; and
to design effective, financially sustainable healthcare financing.

1.4 Core Value

Excellence, synergy, and integrity are the pillars upon which Hospital Al Sultan
Abdullah is built. They place an emphasis on Excellence first and foremost by
maintaining internal quality standards that meet or exceed the needs and wants of
their stakeholders. This dedication to superiority guarantees that their healthcare
services are always of the highest quality. They also believe in the importance of
Synergy, which they demonstrate by encouraging their employees to work together
in harmony for the greater good of the company, the industry, and society.

They have a larger chance of success and can have a greater impact in the
healthcare system if they operate together efficiently. Integrity, which includes such
qualities as openness, honesty, and respect, is also highly valued in the hospital.
They are committed to the greatest levels of professionalism and ethics, fostering
an atmosphere of trust among their clients, staff, and business associates. Hospital
Al Sultan Abdullah's mission is to provide world-class medical care consistent with
these ideals of superior service, teamwork, and honesty.

2.0 ELABORATION ON THE MEDICAL RECORD DEPARTMENT

2.1 Background of Patient Information Department
Mr. Mohd Hafizi Bin Jilani states that the name "Medical Record Department"
accurately describes this department of the building. However, because it is the
repository of all patient information, it was rebranded as the “Patient Information
Department” a couple of years ago. The patient information department is part of
clinical support services and was established in 2012 at PPUiTM Sungai Buloh and
Selayang.

This department is in charge of the physical and electronic management of

patient medical reports, the issuance of patient medical information, the
management of medical reports, the management of hospital statistics, the

5
 clarification of disease and clinical procedures based on ICD standards, and all
aspects of the patient information department's roles as the hospital's information
manager.

There are four units under this department which is management of patient file
and electronic medical record unit, medical report unit, casemix and health
informatics unit and general administration unit. The name of the department
formerly known as the Medical Record Department has been formally changed to
the Patient Information Department in conjunction with the launch of UiTM Hospital
in Puncak Alam in 2021. This department operates at two locations which are
Hospital Al-Sultan Abdullah UiTM (HASA), Puncak Alam, and Pusat Pakar
Perubatan UiTM (PPUiTM), Sungai Buloh.

2.2 Organizational Chart

Figure 1: The Patient Information Department Organizational Chart

According to the above organisational chart, the Patient Information

Department has 13 employees under the direction of Mr. Anuar Mohammad. Next,
Mr. Mohd Hafizi Bin Jilani, the head of both units, is responsible for the physical
and electronic management of the patient medical reports unit and the issue of
patient medical information unit. Five people work in the unit responsible for the
physical and electronic management of patient medical reports, while three people
work in the unit responsible for the issue of patient medical information. The head

6
 of the casemix and informatics section, Madam Siti Nor Faizah Mohd Yunus,
comes in last. There are two people working in this department.

2.3 Operating Hours

The operating hours of the Patient Information Department are not particularly
different from those of other hospitals in any significant way. This department is
open from 8:00 AM to 5:00 PM (with an hour-long lunch break from 1:00 PM to
2:00 PM) from Monday through Thursday. On Fridays, the department will be open
from 8:00 AM to 5:00 PM, with the exception of a prayer break that will take place
from 12:15 PM until 2:45 PM. This department is closed on public holidays,
Saturdays, and Sundays. On the other hand, there are staff who work shifts
throughout these holidays in order to provide the doctor with the information that is
needed by them.

2.4 Services and Main Tasks of The Patient Information Department

A Patient Information Department’s major responsibility is to monitor and
maintain patients' medical records in a healthcare facility. The department is in
charge of both physical and electronic records, as well as assuring their accuracy,
security, and accessibility. The Patient Information Department aids with four
primary responsibilities for its clients. The first one is the management of patient
medical records, in which the department is accountable for the creation and
organisation of medical records for each individual patient.

This includes collecting information about the patient's demographics, medical

history, examination reports, laboratory results, diagnostic imaging reports,
treatment plans, and any other pertinent papers. They are responsible for ensuring
that all of the records are comprehensive, correct, and up to date. Additionally, the
department is responsible for the orderly storage of medical records as well as the
organisation and storage of such documents. Now they use electronic health
record (EHR) systems which are about 70%, and another 30% for the physical
filing system. In order to facilitate effective record management, appropriate
methods of indexing, categorising, and labelling using colour coded stickers are
utilised.

Following that is the casemix and health informatics unit, which is responsible
for everything pertaining to data entry and coding. In most cases, the data entry
process is handled by the Patient Information Department. This involves the

7
 department's employees entering patient information, diagnoses, procedures, and
any other pertinent details into the EHR system. In addition to this, they assign
appropriate medical codes, such as ICD-10 codes, for the purposes of billing and
statistics.

The protection of patients' privacy and the confidentiality of their medical

records is another essential responsibility of this division. The department
maintains stringent rules and measures to secure the information of patients from
being accessed in an unauthorised manner, lost, or compromised. In order to
protect the privacy of their patients, they strictly adhere to all applicable laws,
regulations, and ethical standards, such as the Health Insurance Portability and
Accountability Act (HIPAA).

The record retrieval and release process come in last. The department is
responsible for retrieving and releasing medical records to patients, healthcare
providers, insurance companies, and any other parties that have been given
permission to do so. Before exposing any information, they take care of requests,
confirm the identity of the person making the request, and make sure that the
appropriate consent or legal authorization is received. The healthcare practitioners
that retrieve documents from this department are required to return such records
within three days at the most. This is done to guarantee that none of the records
have been lost, which would likely be the most significant cause of a breach in
medical data.

3.0 SPECIFIC FUNCTION OF THE DEPARTMENT

There are several functions of the department of medical records. However, one of the
main functions is that it is responsible for the management of patient files and electronic
medical records (EMR), and the purpose of the department is essential for maintaining
organised and accurate patient information, facilitating effective healthcare delivery,
ensuring patient privacy and data security, and meeting regulatory requirements.

8
3.1 Filing System Used

Figure 2: Example of HASA Numerical Filing System

According to Mr Hafizi, the filing system used in the Hospital Al-Sultan Abdullah
(HASA) health record department is by hybrid method, where they are still using
manual processes such as paper-based records but also implementing automated
processes such as the Electronic Medical Records (EMR). However, it is stated
that the Electronic Medical Record (EMR) is not yet entirely utilised by the hospital
due to technical issues, incompatibility, data security and privacy concerns, and
system failures. This holds true for a number of hospitals, including Hospital
Serdang, Hospital Ampang, and Hospital Sungai Buloh.

Currently, Hospital Al-Sultan Abdullah uses the Modified Terminal Digit Filing
System (MDTFS) for its paper-based system in which health records are read in a
reverse manner, which is from the right to the left. It is a numerical filing system
used to organise and retrieve patient records in healthcare organisations such as
Hospital Al-Sultan Abdullah (HASA). Regarding this, the patient health records are
organised according to their respective medical record numbers. The numbers are
then separated into segments or groups, and the records are classified and filed
based on the two final digits which are known as the primary numbers.

3.1.1 Advantages of System

The implementation of the Modified Terminal Digit Filing System
enhances the efficiency of the health records department's file
organisation. The system provides systematic and structural methods
to effectively organise records. In addition, the unique numerical code
is assigned to each record in order to facilitate accurate categorization
and grouping of the records. The implementation of this filing system
enables staff to efficiently and accurately retrieve and search for
patients' health records, resulting in improved timeliness and precision.

9
 Aside from that, it enhanced confidentiality and security. The
numerical code can help in maintaining and protecting patients’
confidentiality and privacy as the number of individuals that can view
the records are restricted to the authorised persons only.

3.1.2 Disadvantages of System

The Modified Terminal Digit Filing System (MTDFS) can cause
disadvantages such as bottlenecks within the filing organisation
system. For instance, the even distribution of the records across the
numeric range may cause congestion or higher concentration of files in
certain areas within the health records department. Moreover, when the
system is not monitored regularly, it will lead to longer retrieval time for
records.

Other than that, the initial phase of implementing the Modified

Terminal Digital Filing System is likely to involve a learning curve for
staff members, particularly those who are new to the system. This will
require training to ensure they become acquainted with the filing
system. It is important to note that mastering this system may be time-
consuming and require additional effort. It is possible for staff members
to make errors during filing tasks or when retrieving records until they
have gained the ability in using the system.

10
3.2 Type of Folder Used to Store Records and Binder Used to Support Records
3.2.1 End Tab Folder

Figure 3: Example of Folder that is used by HASA

Patient Information Department

The medical records department at Hospital Al-Sultan Abdullah

(HASA) currently relies mainly on manual storage methods for health
records. For manuals, they commonly use classic pocket files made of
heavy paper known as end tab folders to effectively store and organise
the records. The folders have been specifically designed to serve the
purpose of securely storing and safeguarding essential documents,
including the patients’ healthcare information. The end tab folder is
made from a single sheet of sturdy paper or cardstock, which is folded
in half to form a central crease.

Moreover, the folded design of the folder creates convenient

pockets on one of the sides, enabling effortless insertion and removal
of documents. The presence of pockets serves the purpose of ensuring
that the records are securely held in position, thereby minimising the
risk of them falling out or sustaining any damage. Other than that, the
end tab folder also provides space at the front for labelling or indexing
information such as patient names, dates, medical record numbers and
other relevant information to make it easier for searching.

11
3.2.2 Fasteners as File Binder

Figure 4: Prong Fastener

The type of binder used is the fasteners known as prong

fasteners which is often used to maintain organisation and provide
support for the records kept within folders. Prong fasteners, commonly
referred to as brads, are adjustable fastening devices made of metal or
plastic. The prongs are usually located on the inner side of the folder,
in a close distance to the central crease. It is manipulated by bending
or spreading them apart in order to securely hold the documents in
place.

Therefore, the prong fasteners are effective in securing the

records, enabling easier page flipping and maintaining the desired
order. It also offers benefits such as durability, user-friendliness, and
the ability to easily add or remove documents as well as help minimise
the risk of losing or misplacing specific documents within the folder and
decreases the likelihood of pages becoming disorganised or detached
from the main file.

12
3.3 Shelves Used for Storing Records

Figure 5: HASA Patient Information Department File Storage Area

Based on the observation made, the shelves used to store the patients’ files
are using the open shelves. It is a sort of storage that does not make use of
cabinets or other types of enclosed storage units. Instead, the health records are
kept on open shelves within the shelving system. It is a popular option for
healthcare organisations that need quick access to the patients’ information while
also keeping a space-efficient and well-organised storage solution.

In Hospital Al-Sultan Abdullah (HASA), the number of shelves existed is less

than 50 shelves. According to Mr Hafizi, the idea was to acquire as much as 99
shelves for the health records department. Each shelf provides 10 levels and nine
partitions within the shelves as the department will only be using two digits only for
filing purposes.

13
 3.3.1 Labelling

Figure 6: Colour Codes

During the observation at Hospital Al-Sultan Abdullah (HASA),

there are methods for identifying a patient's records, such as medical
record numbers and colour codes. The colour codes are shown in the
picture above. Every health record containing the patient's name and
medical record number must be labelled and organised in accordance
with the provided guidelines and each number used for storage has its
own unique colour codes. As mentioned earlier, the filing systems used
are the Modified Terminal Digit Filing System (MTDFS) where the
health records are read in a reverse manner. The purpose of labelling
and using colour codes is to prevent the misplacement of health records
and make them simpler to locate if they are lost.

3.4 Security and Measurement Procedure for The Room

The management of medical information requires not only accurate and precise
recording of data but also the protection of such data against unauthorised access
and incidents. In the world of a globalisation era, information that is stored manually
and digitally can be stolen and copied completely, and health records may be
exposed to a broad variety of threats. In order to protect the records' availability,
integrity, and confidentiality of Hospital Al-Sultan Abdullah (HASA), standard
security and measurement procedures should be implemented for the health
records storage area, as well as the electronic medical records (EMR) system.

14
3.4.1 Limiting Access
Health records, whether electronic or paper-based, may contain
personal and private information about patients. Unauthorised access
to the electronic medical record (EMR) systems or physical storage
area can result in data breaches, which in turn puts the confidentiality
of patient information at risk. At Hospital Al-Sultan Abdullah (HASA), the
health record department has implemented security measures to
protect patient’s health records confidentiality by putting only authorised
individuals, such as healthcare professionals or approved staff, to be
able to gain access to the storage area both physically and digitally.

With this, it is possible to reduce the likelihood of unauthorised

individuals having access to the patient records by limiting who can view
such records to authorised staff only. Because of this, there is less of a
chance that the records will be mishandled, disclosed intentionally or
accidentally, or subjected to any unauthorised changes or manipulation
of patients’ information, thereby protecting patients' privacy, and
maintaining their confidentiality.

3.4.2 Monitoring and Auditing

It is crucial to ensure that healthcare organisations monitor and
audit their management activities within the health records department.
This involves a systematic assessment, review, and analysis of record
management practises, access controls, and general data handling
procedures. Based on the observation, Hospital Al-Sultan Abdullah
(HASA) implemented monitoring as a security precaution inside the
management operations of the health records department in order to
spot changes to the health records. Access restrictions and logging
systems have been put in place at Hospital Al-Sultan Abdullah (HASA)
to keep track of who has accessed the health records, when, and for
what reasons.

For example, Mr Hafizi mentioned that HASA’s health records

department implemented the Intranet system where healthcare
professionals and approved staff members only are able to access
patients’ information on their own devices such as tablets, laptops, PCs
etc but within the hospital area only. An Intranet is an internal network

15
 that is specifically built to fulfil the communication and collaboration
needs of healthcare professionals working within the health records
department (Lutkevich, 2021). It serves as a platform that is both private
and safe, and it makes it possible for healthcare professionals to share
information, resources, and tools with one another.

Moreover, typically, Intranets require user authentication, such

as usernames and passwords, to grant access to authorised users. This
way, they can identify any unauthorised access attempts or suspicious
activities that could indicate security breaches.

3.4.3 Destruction of Medical Records

Although the patient's health records are an asset to the
healthcare organisation, it is necessary to dispose of them after a
certain time period. By destroying the medical records, it is ensured that
the information is no longer accessible to any individuals or parties, and
the risk of unauthorised access, breaches, or misuse of patient data is
decreased. According to Mr. Hafizi, the disposal of medical records can
be accomplished through a number of various methods that are utilised
by healthcare organisations.

First, concealing the records is one of the methods that can be

used. A traditional way of getting rid of medical records is to hire
employees from an organisation known as the Malaysian Public Works
Department to bury unused records. Nevertheless, because of the
extensive time commitment and the substantial cost, it is not an
effective choice. Next, incineration or burning the medical records is an
effective method to dispose of it once it is no longer needed. On the
other hand, due to the technique's potentially harmful effects on the
surrounding environment, such as increased levels of air pollution, the
method is no longer recommended.

Lastly, is by selling it. If health records are sold to a third party,

that third party is responsible for ensuring that the health records are
totally removed from existence after the sale. One of the techniques
used to dispose is by submerging the documents in water until the
writing on the paper can no longer be read. However, these methods

16
 are implemented differently for every healthcare organisation and need
authorization from the hospital director and the National Archive
Malaysia. For Hospital Al-Sultan Abdullah (HASA), since they were
recently established, they have not yet performed the destruction of
health records.

3.5 Filing Control

Regarding how the medical records can be moved or transferred from one
place to another, (HASA) has put in place a method for utilising backpacks or
in some cases, they use document trolleys or also known as luggage to carry
the physical medical record files. The backpacks offer a portable and practical
alternative for moving medical records files as they make it simple for medical
staff to transport important documents across areas of the hospital, ensuring
quick and effective access to patient data. The backpack can fit about 10 of the
patient's medical records. According to Mr Hafizi, the backpacks offer a level of
protection and security for the physical medical records files during
transportation. With compartments and padding, backpacks can safeguard
records from damage caused by accidental bumps or falls. Additionally, the use
of lockable compartments or tamper-evident seals adds an extra layer of
security, ensuring the confidentiality and integrity of patient information.
Furthermore, backpacks containing medical records files should be kept in a
safe place when not in use, like a closed office or designated storage space.
To further ensure the security of patient information, only authorised staff
should be able to access this storage area. HASA must prioritize the
confidentiality and privacy of patient information during transportation.
Backpacks should be securely closed and lockable to prevent unauthorized
access. Aside from that, staff members must be vigilant in ensuring that
medical records files are not exposed or visible to others during transit.

17
4.0 SUGGESTIONS ON THE ISSUES OF THE DEPARTMENT
The medical records system is an essential component of every healthcare facility,
functioning as a repository of patient information that aids in the delivery of efficient and
accurate care. However, HASA, like many other healthcare institutions around the world,
may confront a number of challenges with its medical record system. Addressing these
issues is critical for improving patient care, streamlining workflows, and improving the
entire healthcare experience for patients and providers. We detected a number of issues
with HASA as a consequence of our interview, including the following:

4.1 Limited Storage Space for Medical Record

The number of medical records produced keeps rising as healthcare facilities
work to offer comprehensive care to a constantly expanding patient population.
HASA limited physical storage capacity can easily become overrun with paper-
based records, delaying access to patient information and impeding healthcare
providers' effectiveness. (Uzoka et al., 2017). The reliance on physical copies of
medical records is made even more challenging by HASA’s restricted storage
capacity. Paper-based documentation requirements can result in congested
offices, lost records, and trouble finding specific patient data. Additionally,
environmental conditions like fire, water, or pests can harm paper-based records
(Chen et al., 2020).

Due to a lack of storage space, there is a higher risk of loss and damage when
medical documents are strewn about the floor. Records placed on the ground
without protection are susceptible to physical harm, including being walked on,
damaged, or soiled. Critical patient information may be compromised or lost as a
result of these accidents, rendering the records illegible or useless. We must be
aware that safekeeping and safeguarding of medical records are governed by laws
and norms in many jurisdictions. Hospitals risk breaking these rules if records are
left lying on the floor due to a lack of storage space. Penalties, fines, or other legal
repercussions may be imposed on the institution for failing to adhere to the law.

4.1.1 Misfiled or Lost Records

In the medical records department, human error may be a factor
in patient records that are lost or improperly filed. Records may be
misplaced by staff employees in the wrong physical or electronic
location, making it challenging to locate the required data when needed.
Treatment delays, problems with continuity of care, and difficulties

18
 making appropriate medical decisions can all be brought on by lost or
improperly stored records (Choi et al., 2019). The medical records
department may have to spend more money and allocate more
resources as a result of inaccurate filing or record loss. They may need
to put in more time and effort looking for lost documents, which could
result in overtime or take resources away from other crucial activities.

Additionally, it might be expensive to recreate deleted records

or get data from alternate sources. The department's budget may be
strained by these expenses, making it more difficult for it to distribute
funds to other crucial areas. For healthcare organisations to comply
with laws and regulations, accurate record-keeping is essential. The
medical records department may be in violation of laws and regulations
governing data privacy and security if documents are lost or improperly
filed. Legal repercussions, including breaches of patient confidentiality,
fines, or penalties for the healthcare facility, may occur if correct records
are not kept or cannot be found when needed.

4.1.2 Failure to Follow Standard Protocols and Policies

The inability to follow set norms and standards might also be the
result of human error in the medical records department. Employees
may stray from established protocols, for example, by storing records
incorrectly, gaining unauthorised access to them, or distributing patient
data inappropriately. According to Suresh et al. (2020), these breaches
may result in patient confidentiality violations, compromised data
security, and possible legal and ethical repercussions. Patient
confidentiality is breached as one of the serious effects of staff workers
failing to follow accepted procedures and standards.

To protect patient information and uphold privacy, protocols and

regulations have been put in place. Staff employees who violate these
rules run the danger of giving unauthorised people access to patient
records or sharing private data with them. Such transgressions may
have legal and ethical repercussions, which would erode patient
confidence and harm the hospital's reputation.

19
4.1.3 Data Entry Errors
In healthcare, exact patient identification is essential since it
serves as the basis for delivering safe and effective care. However, staff
members in the medical records division could face serious
repercussions if they misspell patients' names, incorrect social security
number and incorrect dates might cause confusion or errors when
linking patients to their medical data. This can lead to inaccurate
diagnosis, ineffective treatments, prescription errors, or delays in
obtaining vital information. When healthcare providers lack precise and
full information to make educated decisions, patient safety is
jeopardised (Ghosh et al., 2018).

Encik Hafizi stated that when HASA receives a high volume of

hospital admissions, their staff must work quicker during the registration
process to guarantee that all records are retained and documented.
However, staff can accidentally record inaccurate patient admission
records and the date of hospital admission. When a shift change occurs,
there may be information that requires clarification from previous staff,
resulting in the record not being entered as properly as the patient's
disease and treatment. To avoid this type of human error, it is critical
that the following data set is written correctly.

4.1.4 Confidentiality of Patients’ Data

The potential of unauthorised access is one of the most serious
issues about patient data security. Without strong security safeguards
in place, sensitive patient information can be exposed to unauthorised
individuals who obtain access to medical records, resulting in breaches
of confidentiality. Unauthorised access can lead to identity theft,
financial fraud, or even medical identity theft, in which someone
fraudulently exploits the identity of another individual to obtain medical
care (Bates et al., 2020).

The healthcare sector must guarantee data security in order to

safeguard patient privacy and adhere to HIPAA-mandated rules.
However, there is a very significant danger of medical record loss due
to the absence of protection in this area of the hospital's medical
records, which can only be accessed through locked doors. The risk of

20
 medical records being stolen or lost will rise as a result. Additionally, the
storage area doesn't have enough CCTV to watch the entire
department, making it challenging to find proof in the event of a theft.

4.2 Suggestions
4.2.1 Adequate Storage Space
Hospitals must effectively manage medical records in order to
deliver high-quality patient care, guarantee legal compliance, and
safeguard the privacy of sensitive data. In order to support effective
record-keeping and data administration, adequate storage space is
required. To establish the storage needs of the medical records
department, hospitals should first undertake a thorough needs
assessment. The number of documents already kept, projected
expansion, legal requirements, and the intended level of accessibility
should all be considered during this review.

Hence, hospitals can choose the best storage option by first

identifying individual demands. Infrastructure optimisation is essential
for hospitals like HASA that still use thirty percent of physical storage.
To make the most of their available space, HASA can spend money on
off-site storage facilities, transportable storage units, or high-density
shelf systems. Using effective filing and indexing techniques helps
improve record organisation by minimising clutter and unused space.
Storage space can be further optimised by routine audits and the
removal of old documents (Office of the National Coordinator for Health
Information Technology, 2017).

In fact, outsourcing storage solutions may be a good choice in

cases where hospitals like HASA have severe space constraints. The
hospital's physical space can be maximised by working with reputable
record management providers or utilising off-site storage facilities. In
order to ensure quick access to patient records when needed, these
external providers offer secure and compliant storage environments in
addition to record retrieval and delivery services (Mello et al., 2016).

21
4.2.2 Transitioning to Electronic Medical Records (EMR)
By switching to electronic health record (EHR) systems, the risk of
human mistakes in manual record maintenance can be greatly
diminished. EHRs provide built-in error-checking features including
automated alarms and validation rules to find data entry mistakes and
missing information. For instance, the system will issue an alert if a
mandatory field is left empty or if an invalid date is input, allowing the
user to make the necessary corrections before submitting the record.
Data entry errors that could jeopardise patient care or data integrity are
greatly reduced by these error-checking capabilities.

Besides, EHR systems allow for consistency and standardisation in

record administration. It ensures that crucial data is gathered
consistently across all patient records by using established templates
and organised data entry areas. Inconsistent documentation practices
reduce the likelihood of human errors by removing variances in record
organisation and content. Standardisation encourages clarity, improves
the effectiveness of record retrieval, and makes it easier for healthcare
providers to communicate and work together. Plus, EHR systems
improve data integrity by lowering the possibility of transcription
mistakes or data loss. Healthcare professionals can input patient data
directly into the system using electronic records, doing away with the
need for human transcription. This lessens the possibility of errors
brought on by illegible handwriting, inaccurate transcription, or data
duplication.

EHRs also provide audit trails and version control, which make it
possible to track changes to records accurately and guarantee the
accuracy and dependability of patient data. In the case of HASA, they
should spend some money on EHR systems that are simple to use,
allow for accurate data entry, improve data integrity, and permit quick
record retrieval. Here are some of the advantages when using EHR in
any medical records department.

• Delivering thorough, accurate, and up-to-date patient

information at the point of care.

22
 • Enabling quick access to patient records to enhance the
effectiveness and coordination of care.
• Cutting expenses by minimising paperwork, strengthening
safety, eliminating redundant testing, and improving health.
• Improving the security and privacy of patient data.
• Saving room for storage.

4.2.3 Staff Training and Standard Operating Procedure

To preserve accuracy and productivity in the medical records
department, staff employees must get adequate training on record
management procedures and SOPs. The right methods for handling
data should be covered in training sessions, with a focus on maintaining
patient data integrity, accuracy, and attention to detail. Employees
should get training on the proper handling of physical documents,
including how to file, label, and track files. Training for electronic records
should concentrate on best practices for data entry, such as correct
patient data input, adherence to data validation guidelines, and
appropriate use of dropdown menus and established templates.

Since regulations and record-keeping procedures change

throughout time, staff members must ensure that they are up to date
with the most recent protocols and guidelines which hospitals should
offer frequent updates and refresher training sessions. This entails
informing staff members about any adjustments to legal or regulatory
requirements, modifications to the electronic health record system, or
new record-keeping practices. Staff members are guaranteed to keep
up a high level of competency and knowledge in their record
management obligations through ongoing training.

In fact, storage procedure rules and protocols should be

covered in staff training too. In order to do this, staff employees in HASA
must be instructed on the proper ways to store tangible records, such
as by using shelving units, filing cabinets, or off-site storage facilities.
Aspects like file organisation, labelling, and the division of active and
inactive records should all be covered in the guidelines. Staff members
should receive training on the right access control procedures, folder

23
 structures, and file naming guidelines for electronic data. They should
also receive training on how to handle sensitive data appropriately, how
to obtain patient consent, and how to transfer records securely. The
negative effects of non-compliance, such as legal repercussions and
harm to the hospital's reputation, must be emphasised too.

Medical records department employees should undergo in-

depth training on security and privacy best practices. This involves
training on the value of safeguarding patient data, identifying potential
security risks, and following set security policies. Secure data handling,
password hygiene, spotting phishing scams, and reporting security
breaches should all be covered in training. Maintaining a secure
environment for patient records is considerably aided by staff
understanding of and adherence to best practices.

4.2.4 Need for Strong Security Measures

Healthcare organisations must put strong security measures in
place to guarantee patient data security. These include patient
information that is safeguarded against unauthorised access using data
encryption, a fundamental security technique. HASA should use
encryption to protect data while it is in transit over networks as well as
at rest (stored in databases or servers).

Data is encrypted to guarantee that it cannot be read or

understood by unauthorised parties, even if it is intercepted or
unlawfully accessed. To limit access to the storage locations and
department for medical records, access control mechanisms must be
put in place. In order to restrict access to these sensitive areas to
authorised staff, hospitals should set up access control systems like key
cards, biometric scanners, or PIN numbers. Hospitals can lessen the
possibility of unauthorised individuals breaking in and altering patient
records by restricting physical access. The least privilege concept
should be used to give permissions as role-based access controls are
implemented in healthcare organisations. This makes sure that only
individuals with the proper authorization and a valid necessity can
access and edit patient records.

24
 Besides, HASA should think about adding physical security
measures like closed-circuit television (CCTV) monitoring systems in
addition to digital security measures. This is because CCTV can be
used to monitor access to the Department of medical records and
function as a deterrent to unauthorised entry or dubious activity. The
medical records department's activities must be monitored and
recorded in real-time by CCTV surveillance equipment. Hospitals can
keep an eye on entry points, storage spaces, and workstations where
patient records are handled by strategically putting cameras in
important locations. The installation of CCTV discourages unauthorised
access since would-be offenders are aware that their actions are being
captured on camera. Investigations into security incidents or breaches
can benefit greatly from the use of CCTV footage as evidence.

Lastly, physical security for patient records can be further

increased by using locked cabinets or storage units. To store physical
information securely, HASA should make an investment in safe or
locked filing cabinets. These storage systems ought to be built to restrict
access and shield records from loss, theft, or damage. Potential
burglars are discouraged by locking filing cabinets or safes because
they add an additional barrier that must be surmounted in order to
access the documents. Locked storage systems can aid in delaying or
obstructing unauthorised personnel in the case of a security breach or
unauthorised entrance, giving more time for identification and response.
This lessens the chance that records may be stolen and used
improperly.

Furthermore, secure storage systems also provide protection

against physical damage to patient records. Cabinets or safes are
designed to safeguard documents from environmental factors, such as
moisture, dust, or accidental spills. These storage options can be made
of materials that offer durability and protection, ensuring that records
remain intact and legible. By protecting physical records from damage,
hospitals can maintain the integrity and longevity of patient information.

25
5.0 CONCLUSION
The medical record file system is an essential component of healthcare institutions,
allowing for effective patient information administration. An effective filing system
necessitates careful consideration of a number of elements (Bali A, Bali D, Iyer N, Iyer M
2011). A good medical record benefits both the medical practitioner and his patients. It is
critical for the treating physician to accurately document the management of the patient
under his care. Keeping medical records has become a science. The quality of the medical
records is the key to the dismissal of most medical negligence claims.

The only way for the doctor to establish that the treatment was carried out properly is
to keep meticulous records. Medical records are frequently the only source of information.
They are much more likely to be accurate than memory. In HASA, they use an open
shelves system to maintain records. Adequate storage space is essential for proper
medical record organisation and accessibility. Healthcare facilities can utilise their
available space by improving storage infrastructure and investigating off-site storage
options. Transitioning to electronic health records (EHR) provides various advantages,
such as decreased errors, greater data accuracy, consistent record administration, and
improved care coordination. Staff training and standard operating procedures are critical
for maintaining record management accuracy, consistency, and compliance.

Adherence to security and privacy best practices, as well as proper training on handling
physical and electronic data, ensures that staff members are well-equipped to manage
patient information. Patient data is protected from unwanted access and breaches by
strong security measures such as encryption, access limits, and physical security
measures. We discover that HASA must implement stringent security measures in order
to safeguard the medical record. As a result, sensitive data is exposed in the form of data
breaches. Insider attackers can sometimes cause damage to protected health information,
resulting in the loss, theft, or disclosure of sensitive healthcare data.

Finally, implementing a well-designed medical record filing system improves

operational efficiency, provider collaboration, and regulatory compliance, ultimately
leading to improved healthcare delivery and patient satisfaction while protecting the
privacy and security of sensitive patient information.

26
REFERENCES

AHIMA. (2014). Practice Guidelines for LTC Health Information and Record Systems.
Retrieved from AHIMA:
https://bok.ahima.org/Pages/Long%20Term%20Care%20Guidelines%20TOC/Practic
e%20Guidelines/Storage
Bali, A., Bali, D., Iyer, N., & Iyer, M. (2011). Management of Medical Records: Facts and
Figures for Surgeons. Maxillofacial and Oral Surgery, 199-202. Retrieved from
https://link.springer.com/article/10.1007/s12663-011-0219-8
Hospital UiTM. (2021). General Hospital Operational Policy. Retrieved from Hospital UiTM:
https://hospital.uitm.edu.my/images/download/Forms/GHOP-HUITM.pdf
Lutkevich, B. (2021, September). intranet. Retrieved from Tech Target:
https://www.techtarget.com/whatis/definition/intranet#:~:text=An%20intranet%20is%2
0a%20private,encourage%20communication%20within%20an%20organization
Mathioudakis, A., Rousalova, I., Gagnat, A. A., Saad, N., & Hardavella, G. (2016). How to
keep good clinical records. Breathe, 369-373. doi:10.1183/20734735.018016
UnitekCollege. (2022, May 25). Step-by-Step Guide to Medical Record Keeping. Retrieved
from Unitek College: https://www.unitekcollege.edu/blog/a-step-by-step-guide-to-
medical-record-keeping/

27
APPENDICES

28