170 likes | 269 Views
Reflections on Legal Responsibility for Protection of Patient Information in the Health Care Sector Ellen K. Christiansen, legal advisor Ellen.Christiansen@telemed.no. This presentation:. Once upon a time…. The ”new” patient-doctor relationship Legal issues Duty of confidentiality
E N D
Reflections on Legal Responsibility for Protection of Patient Information in the Health Care SectorEllen K. Christiansen, legal advisorEllen.Christiansen@telemed.no
This presentation: • Once upon a time…. • The ”new” patient-doctor relationship • Legal issues • Duty of confidentiality • Data security • Some reflections on responsibility issues, now and in the future
Once upon a time…. …the paternalistic doctor …with his patient records …to which the patient had none or limited access … And that is not very long ago!..
Doctor - patient relationship changes D O C T O R The confident and informative doctor The co-operative doctor, more and more like a consultant/adviser The ”divine” doctor ? P A T I E N T The informed, participating, demanding and skilled patient with legal rights The humble, unquestioning and passive patient The inquiring patient (Leif Erik Nohr 1999)
…the times they are a-changin’… • In Norway: Act of 2 July 1999 no. 63 relating to patients' rights • The right to health care and transport • The right to participation and information • Consent to health care • Right of access to medical records • The special rights of children • Complaints • The Patient Ombudsman
Descriptions of the new patient role • The Norwegian Medical Association • The doctor as the patients’ pilot • Norwegian Federation of Organisations of Disabled People (FFO) • The patient as a decision-maker • J Med Internet Res 2001;3(2) • The patient as “a participating decision-maker” • ”HealthCast 2010 Smaller World, Bigger Expectations” (PwC1999) • Patients as consumers • “HealthCast 2020 Creating a sustainable future” (PwC200?) • Customized health care
Not to forget: Patients are still different…… Hurray! More decisions to make! Somebody has to decide! I am a sick person.
Duty of Confidentiality, Health Personnel Act section 21 ”Health personnel shall prevent others from gaining access to or knowledge of information relating to people’s health or medical condition or other personal information that they get to know in their capacity as health personnel”
Consent to give information, Health Personnel Act section 22 ”The duty of confidentiality pursuant to section 21 is not to prevent information from being made known to the person that the information directly relates to, or to others, to the extent to which the person who is entitled to confidentiality gives his consent thereto.”
Privacy, confidentiality and data security • A great concern and a big issue • Health information is very sensitive information • Processing sensitive data requires the best security systems
Sources of legislation concerning processing of personal data: • Human Rights Act 1998 (Article 8 of the European Convention on Human Rights) • Directive 95/46 EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data …. • Constitution and laws of Norway (and other states)
The patient’s consent does not affect the health personnel’s professional duty of responsible processing of health information
Health personnel and the requirements for responsible conduct Health personnel shall conduct their work in accordance with the requirements to professional responsibility and diligent care… - their qualifications - nature of their work - the situation in general The Norwegian Health Personnel Act, § 4
An illustration: Use of e-mail • A possible communication means of communication between doctor and patient • The use of unsecured e-mail for transferring health information is illegal • The reason for this is that the information could (too) easily go astray, be altered on its way or falsely passed off as sent by a patient But: What if the patient does not care?
Processing of patient information in the future: • The Health Service still responsible for the patient information? • The patient and The Health Service have joint responsibility? • The patient has the responsibility for the processing of his or her health information? • Double-tracked system: One patient record and one professional record?
And how do partners co-operate? They make a deal!
The new patient role: • Should the “new patient” have influence on or decide the processing of their medical information? • Should the participating and decision-making patients share legal responsibility for the chosen treatment? In general: How should the changing of roles in the health care sector affect the legislation? Or: Is it irrelevant?