Privacy & Security Tips

July, 2025

Ctrl+Alt+ Delete It: Why Old Records Still Deserve Your Attention

Most health information custodians and their clinics are now using Electronic Medical Record systems which store patient records.  However, questions continue to arise with respect to how to manage older paper charts, archived files, or outdated data. Recent events have shown how important it is for clinics to have a plan for securely disposing of these documents when they're no longer needed.

While it may seem simple, tossing away or improperly tearing or shredding old records can put patients' privacy at risk and expose you or your clinic to reputational damage. Under the Personal Health Information Protection Act (PHIPA), physicians have a duty to securely dispose of patient records once their retention period ends. It's not enough to keep health records secure only while they're in use. Instead, every practice needs to have in place clear, documented processes, policies, and training for staff on how long records are kept and how they can be securely destroyed. These processes include shredding, secure bins, or full digital deletion. Without these types of policies and procedures in place, deleting records can amount to a privacy breach if done improperly.

If you're reviewing your clinic's recordkeeping practices, it may be useful to  take stock of your records! OntarioMD's Privacy and Security Training also includes practical tips on records retention and disposal, and other ways to keep your clinic's data management and privacy practices up-to-date, informed, and secure.

Supply Ontario's Vendor of Record list includes vendors who have met the requirements set out in the procurement process. This approach was designed to ensure that qualified vendors will deliver exceptional value and service to Ontario clinicians.

Read additional guidance from the College of Physicians and Surgeons of Ontario on the use of AI scribes in clinical practice.