80 likes | 254 Views
Privacy in Healthcare. Personal Health Information Task Force June 6, 2007 Eileen MacGibbon, Administrative Director & CPO Derrick Jardine, CIO. AHSC Steps Undertaken in Response to the Protection of Health Information Act (POPIA). Participation in Provincial POPIA working group.
E N D
Privacy in Healthcare Personal Health Information Task Force June 6, 2007 Eileen MacGibbon, Administrative Director & CPO Derrick Jardine, CIO
AHSC Steps Undertaken in Response to the Protection of Health Information Act (POPIA) • Participation in Provincial POPIA working group. • Existing AHSC Administrative Director appointed as Chief Privacy Officer • Review of all AHSC privacy and confidentiality related policies. • Policy development to address all 10 POPIA Principles. • Data inventory and collection of ‘reasons why’ various pieces of data collected. • Comprehensive Privacy Impact Assessment completed. • Augmentation to AHSC data collection process and data integration as needed per the data collection assessment results.
AHSC Steps Undertaken in Response to the Protection of Health Information Act – con’t • Development of new privacy agreements for AHSC employees and external parties. • Revised breach/violation audit procedure and associated documentation. • Review of all AHSC Release of Information policies and procedures. • Review of all AHSC computer user access codes, i.e., scope and breadth of access and need for documented reasons for access • Development of computer user access approval process to ensure on-going POPIA compliance.
AHSC Steps Undertaken in Response to the Protection of Health Information Act – con’t • AHSC Privacy Education: • POPIA workshop provided for all AHSC privacy committee members. • Privacy sessions provided to AHSC Senior Executive and Board of Directors. • Over 300 one hour in person sessions provided to AHSC employees and physicians. • On-line privacy education tutorial developed for staff via AHSC intranet.
Regional Health Authority Impact of POPIA • Significant increase in the number of external requests to access personal health information. • Significant increase in the number of employee and physician requests for guidance regarding; • Collection of health information • Storage of health information • Protection of health information • Health information ownership • Access to personal health information (specifically employee access to their own health information available on AHSC computer systems)
Challenges within the Current Environment • Lack of coordinated approach to the management and protection of personal health information within all sectors of the health system. • Dependence on a system of data collection that relies on implied consent. • Increasing public demands with respect to an electronic health record that enables patient/client participation via on line access, result distribution, journaling ability etc. • Unclear parameters regarding public versus private health and POPIA versus PIPEDA. • Lack of clearly defined health industry standards regarding health information management and protection.
Challenges within the Current Environment – (continued) • Complexity of healthcare information and the balance required between personal access and the risk of clinical data misinterpretation. • Lack of clearly defined roles and responsibilities regarding centrally launched health applications containing personal health information from all NB RHA’s. • Personal health information translation requirements. • Disclosure limitations weighed against (McInerney versus MacDonald case – 1992) • Substitute decision maker (SDM) right to personal health information access.
Thank You for your time! Questions?