1 / 31

Landspitali University Hospital - Iceland Torfi Magnússon MD. landspitali.is

Implication of EU Data protection directive and national legislation on hospital administration and IT at. Landspitali University Hospital - Iceland Torfi Magnússon MD. www.landspitali.is torfimag@landspitali.is. Iceland - Reykjavik. Member of European Economic Area

hazel
Download Presentation

Landspitali University Hospital - Iceland Torfi Magnússon MD. landspitali.is

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Implication of EU Data protection directive and national legislation on hospital administration and ITat Landspitali University Hospital - Iceland Torfi Magnússon MD. www.landspitali.is torfimag@landspitali.is

  2. Iceland - Reykjavik • Member of European Economic Area • 60% of EU legislation applies to Iceland • Data protection rules originate from EU

  3. Landspítali University Hospital • Governmental institution • 80-85% of hospital services in Iceland

  4. Merger 2000 2005 Hospital beds 850 Full time staff 3.850 Admissions 31.100

  5. Milestones in e-Health at Landspítali • 1973: First electronic registration of lab results • 1985: Paper-based record with some computer- generated documents • 1990: Computer-generated documents made electronically available. • 2000: Focus on inter-operability of EPR systems. • 2003: EPR - building a patient-centered record.

  6. Co-operation Agreement 2006 P.Stradiņš University Hospital (Riga, Latvia) and Landspítali University Hospital (Reykjavik, Iceland) Focus on IT support for medical and administrative work

  7. The project e-health support for angio surgery for doctors and nurses • Specialized Electronic Medical Records system • extendable to all surgery • Application to EEA Grants by P. Stradiņš Hospital in partnership with • Landspítali University Hospital and • Association of Vascular Surgeons of Latvia

  8. Integrated modular medical record system Overview of patient history regardless of location Brings all the modules together Electronic Medical Record Integration layer Specializedsystems Laboratory Radiology Surgery Other systems

  9. Goals of project • To improve quality and efficiency of care in surgery and anaesthesia • To provide better, research and training capabilities • To improve statistics and analysis of information • To improve exchange of information within the hospital, as well as with the State • To develop new joint e-Health solutions that can be used in Baltic, Nordic and other countries. • To strengthen Baltic-Nordic co-operation

  10. Microsoft technology software • Ultra mobile PC hardware • Wireless network • Training and support Dr. Edvīns Lietuvietis Head of Angio Surgery Center P.Stradiņš University Hospital angio@stradini.lv

  11. EU vision • The EU “Electronic Health Record” aims at • compiling existing documentation on medical treatment from different sources • information on the past and present state of health of an individual “from the cradle to the grave” • available in electronic form to all authorized health care professionalswherever and whenever this information is needed • Access by unauthorised persons must be virtually impossible

  12. EHR – a promise for a better future • Increased efficiency within the health care sector • Better protection of privacy • Enhanced role of the patient as decision maker in the treatment process

  13. Privacy, confidentiality and securitycornerstones to the EHR. • Privacy • The state of being free from intrusion into one's private life or affairs - the right to be let alone. • Confidentiality • To keep in secret information told in confidence • Security • Human, technical, physical and environmental security EHR need rigorous protection of patient data

  14. EHR - Legal Framework • Directive 95/46/EC of the European Parliament and of the Council • Working Document on the Processing of personal data relating to health in electronic health records(15 February 2007) • Act on the Protection of Privacy as regards the Processing of Personal Data ( 2000 ) • Icelandic rules and regulations • Act on the Rights of Patients • Health Record Regulations (Under revision)

  15. Directive 95/46/EC • Article 8.1 • Member states shall prohibit the processing of […] data concerning health […] • Article 8.3 • Paragraph 3 shall not apply where processing of the data is required for purposes of preventive medicine, medical diagnosis, the provision of care or treatment […] and where those data are processed […] under national law or rules Processing of health data needs sufficient legislative framework in each member country

  16. Categories of data concerning health EU: All data contained in Electronic Health Records are “sensitive personal data” • Administrative data, e.g. • social security number • date of admission to hospital etc. • Personal data on health • Particularly sensitive data • psychiatric treatment • HIV • abortion

  17. Aim of the EHR • All necessary patient data is to be available to • All authorized health care personnel • Wherever and whenever • Needed and • Access by unauthorized persons must be virtually impossible

  18. Unanswered questions • Are all “personal data on health” equally sensitive ? • How much do different caretakers “need to know” ? • What kind of authorization should different groups of health care professionals have?

  19. Who needs access to EHR? • 30 healthcare professions in Iceland • Medical doctors • Nurses • Assistant nurses • Secretaries • Physiotherapists • etc.

  20. Policy on access control • “Treatment relationship” • Data category and • Health care profession

  21. Treatment relationship - basic access • Health care professionals - working within a clinical unit • The patient - treated at the clinical unit Department of Cardiology Health care professional (Password) Patient (Social security number) All authorized health information

  22. LUH policy: Different data category - different access • Administrative data Category I • Enhanced administrative data Category II • Personal data on health - own department Category III • Personal data on health - other departments Category IV • Particularly sensitive data Category V • Strictly protected data (sealed envelope) Category VI

  23. LUH policy: Different health care professions - different access Group I Administrative health care personnele.g. booking, billing Group II Specialized administrative health care personnel e.g. DRG-staff, health economists, analysts Group III Assistant nurses Group IV Registered nurses, Medical secretaries, physiotherapists Group V Medical doctors

  24. Group I Administrative health care personnel - booking, billing Administrative data Category I-social security number, - date of admission to hospital etc

  25. Group II Specialized administrative health care personnel - DRG staff, analysts health economists Administrative data Category I Advanced administrative data Category II - social security status - diagnosis, - procedure (operation), - DRG group

  26. Group III Assistant nurses Administrative data Category I Advanced administrative data Category II Personal data on health - own department Category III

  27. Group IV Registered nurses, Medical secretaries, Physiotherapists Administrative data Category I Advanced administrative data Category II Personal data on health - own dept. Category III Extended access Explanation Personal data on health - another department Category IV

  28. Group V Medical doctors Administrative data Category I Advanced administrative data Category II Personal data on health, own dept. Category III Extended access Explanation Personal data on health - other departments Category IV Extended access Explanation Particularly sensitive data Category V - Psychiatric treatment - HIV - Abortion

  29. Strictly protected data (sealed envelope) Category VI • Information from a third party – relatives • Other highly sensitive information Access on an individual basis

  30. Audit committee • Minimum audit • Every staff’s EPR use for one day audited every year • Additional audit on selected groups • Patient audit • Upon request, a patient are given list of all personnel who have accessed his/her record

  31. Thank you

More Related