1 / 6

Privacy Frameworks for Health Care

Privacy Frameworks for Health Care. Nigel Brown Senior Privacy Consultant IBM Global Services nigel@ca.ibm.com. Privacy – an inhibitor to IT adoption in Health Care?. “Health care is down there with mining as the most techno-phobic industry ”

kana
Download Presentation

Privacy Frameworks for Health Care

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Frameworksfor Health Care Nigel Brown Senior Privacy Consultant IBM Global Services nigel@ca.ibm.com

  2. Privacy – an inhibitor to IT adoption in Health Care? “Health care is down there with mining as the most techno-phobic industry ” • (John Chambers, Cisco,The Economist – April 20, 2005) • Complexity of Players: • Provincial Health Ministries • Regional Health Authorities • Acute Care / Hospitals • Community Care Clinics • Physician Offices • Professional Colleges and Medical Associations • Testing Labs • Pharmacies • Complexity of Legislation • Players cross public and private sectors • Provincial “FOIP” legislation for public sector • Provincial “PIPA” legislation • Provincial Health legislation • PIPEDA, HIPAA etc. for cross boarder flows

  3. Privacy – an inhibitor to IT adoption in Health Care? • Whose legislation applies and who interprets it? • Substance often not that different but can be a source of endless debate • Different bodies have different interpretations or practices • Electronic Health Records • Many input information, many use it – who manages it? • Controller-Controller vs. Controller-Processor relationships • First Mover Dilemma • The health system needs to be integrated - straw models not hard to build but what if other players don’t follow?

  4. Privacy – an inhibitor to IT adoption in Health Care? • Scalability • Technical/security resources of a Hospital vastly different from a single physician practice • But we need to connect them all together to share information • Context Sensitivity • Not just roles but roles in context of current patient care • Many potential “patient privacy options” – no standards • Health Trumps Privacy • Need overrides for emergencies etc. • Hard to list all access rules deterministically

  5. VCH Primary Care IT Strategy – Privacy Framework How do we optimize PC IT initiatives for Privacy? Privacy Checklist – identify potential issues at the concept stage Privacy Primer – Privacy 101 – the basics Privacy Design Guidance – tips and rules for IT Developers CMA Privacy Wizard – aself assessment and policy building kit Privacy Impact Assessment – review and approval process BCMA 10 Steps – a framework for closing the gaps How do we get users ready to meet Privacy and Security requirements? How do we design Privacy in from the start? Privacy Framework ISO 17799 Security Framework Privacy Toolkit Solution Provider View Solution User View Privacy Standards for Vendor Software and Services – future Privacy Issue List How do we keep the Framework in synch and current? Practical Security – getting ready for the technology assisted practice Ongoing monitoring, feedback, Stakeholder Consultation and Communication Program - future Situation Based Guidance Program Management View

  6. Simple approaches to real problems… Professional Ethics as an Assurance Factor for Health Care Privacy • High degree of professional ethics and accountability can be leveraged as a privacy control • To control need-to-know access across a range of records: • Challenge with a question the first time access is requested for a particular patient, ex: “Please confirm you are requesting access to assist in providing care to this patient” • To control export of data from a system • Printouts of medical information would include name, user id, time and date as part of the printed record

More Related