1 / 27

The Protection of Privacy

The Protection of Privacy. Sherri Tiller-Park Manager of Information Policy, Standards, and Planning. Agenda. Definitions CSA Model Code for the Protection of Personal Information Legislative Overview Maintaining Privacy Next Steps Questions / Comments. What is privacy?.

lora
Download Presentation

The Protection of Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Protection of Privacy Sherri Tiller-Park Manager of Information Policy, Standards, and Planning

  2. Agenda • Definitions • CSA Model Code for the Protection of Personal Information • Legislative Overview • Maintaining Privacy • Next Steps • Questions / Comments

  3. What is privacy? • “Protection against inappropriate disclosure of data / information.” (NLCHI, 2004) • “Privacy is the right of individuals to control the collection and use of personal information about themselves.” (Robert Ellis Smith)

  4. Privacy means having control over: • The disclosure of information (or not) • How it is used • The sharing of that information

  5. The Ten Principles • Accountability • Implement the ten principles • Appoint someone to oversee access and privacy issues in your organization • Example: Confidentiality policy

  6. The Ten Principles • Identifying Purposes • Make reasonable efforts to inform patients / clients why information is being collected • Example of a policy: Identifying Purposes

  7. The Ten Principles • Consent • Obtain informed consent for the collection, use, and disclosure of personal information • Individuals have the right to revoke consent • Example of a policy: Consent

  8. The Ten Principles • Limiting Collection • Collect only necessary information – “need to know” • Collect information only for the purposes that we say we are collecting it • Example of a policy: Limiting Collection

  9. The Ten Principles • Limiting Use, Disclosure & Retention • Obtain consent for as many foreseeable purposes as possible in advance • Consider records retention / destruction • Examples of policies: Retention of Records, Release of information from Clinical Records

  10. The Ten Principles • Accuracy • Use current and accurate information in decision – making processes • Develop data accuracy standards • Example of a policy: Acceptable Usage

  11. The Ten Principles • Security of Information • Applies from initial point of collection to destruction / deletion and regardless of medium on which information is collected or stored • Implement security measures (technological / physical) to protect against accidental alteration, disclosure, deletion or loss of information

  12. The Ten Principles • Security of Information - Examples of policies: Workstation Security, Password Policy

  13. The Ten Principles • Openness • Implement policies that are clear about the practices for handling personal information • Be open with patients / clients about policies and procedures • Example: Release of Information policies

  14. The Ten Principles • Individual Access - “Duty to Assist” • Access must be provided within specific time frames • Exceptions to access exist • Documentation considerations: organized, complete, explanations provided • Ownership / custodian issues • Fees may be applied

  15. The Ten Principles • Challenging Compliance • Open and transparent policies / procedures must be in place to receive and respond to questions and complaints • Education, communication, prevention

  16. Privacy Legislation • PIPEDA (Personal Information Protection andElectronic Documents Act)applies to the private sector. PIPEDA came into full effect on January 1, 2004. • ATIPP (Access to Information and Protection ofPrivacy Act) – Access provisions were proclaimed on January 17, 2005. Privacy provisions are expected to be proclaimed within the next year.

  17. Privacy Legislation • Federal “Privacy Act” sets out the personal information handling practices of the federal government. • Health Information legislation – Four provinces in Canada have legislation that applies to the health care sector, including hospitals. These are Alberta, Saskatchewan, Manitoba, and Ontario.

  18. How can privacy be maintained within a rapidly advancing environment? EHR initiatives • Data sharing agreements • Policy • Role-based access • Audit mechanisms

  19. How can privacy be maintained within a rapidly advancing environment? • “The Circle of Care” • Treatment and care of the patient / client and the health services required to meet the need • Based on the notion that information needs to be shared among health care providers • Concept of “implied consent” such that information may flow “freely” within the circle of care, but on a “need to know” basis

  20. How can privacy be maintained within a rapidly advancing environment? • It means that…. • Patients /clients must be informed as to how their information is collected and may be used or disclosed • Patients / clients need to be informed of their rights with respect to access, consent, and privacy

  21. Privacy in the Current Environment • As an organization of health professionals, we have an obligation to: • Inform patients / clients about the personal information we need to collect, use or disclose and be able to answer questions about the:

  22. Privacy in the Current Environment • Purpose • Legal authority - Contact person with whom to discuss questions or concerns • Kinds of information collected • Right of correction of personal information

  23. Privacy in the Current Environment • As an organization of health professionals, we have an obligation to: • Obtain appropriate consent to disclose information • Provide individuals with as much access as possible to their personal information (timely) • Adhere to retention / destruction policies and procedures

  24. Privacy in the Current Environment • As an organization of health professionals, we have an obligation to: • Inform patients / clients about how we handle their information (discussion, signage, pamphlets) • Let patients / clients know about their right to make inquiries about personal information – handling practices of our organization

  25. Codes of Ethics • Health professionals have relied on Codes of Ethics to guide them in maintaining the confidentiality of patient / client information.

More Related