1 / 23

Protecting the Privacy of Health Information in NSW

Protecting the Privacy of Health Information in NSW. Legal Challenges in Cybermedicine and e-Health 31 July 2003. 4 issues to be addressed:. 1. Why protect the privacy of health information? 2. What increased threats to privacy, if any,does the emerging ‘electronic health record’ pose?

prue
Download Presentation

Protecting the Privacy of Health Information in NSW

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Protecting the Privacy of Health Information in NSW Legal Challenges in Cybermedicine and e-Health 31 July 2003

  2. 4 issues to be addressed: 1. Why protect the privacy of health information? 2. What increased threats to privacy, if any,does the emerging ‘electronic health record’ pose? 3. The statutory response: new health specific privacy legislation – the Health Records and Information Privacy Act 2002 (NSW). 4. Guidelines issued by Privacy NSW.

  3. 1. Why protect the privacy of health information? • Do you know who accessed your health information this week? • Do you know what they did with your health information? • Does this concern you?

  4. 1. Why protect the privacy of health information? (cont.) • Health records: • Often contain more intimate, private and comprehensive details about an individual than can be found in any other record. • Inappropriate use or disclosure could result in: • Employment being terminated, insurance being refused, genetic relationships being called into question. • People not seeking the health care they need, or providing inaccurate or incomplete information.

  5. 2. Privacy risks posed by the emerging EHR • Electronic health record systems : • Ease with which information can be passed on and retained. • Increased capabilities for health information to be combined with information from other sources, and to be used and disclosed – all potentially without the knowledge of the individual, for purposes which they may or may not consider in their interests.

  6. 2. Privacy risks posed by the emerging EHR (cont.) • Privacy in the context of EHR: • Privacy incorporates much more than “confidentiality” and “security”. • Privacy is about protecting an individual’s right to have a choice about how their health information is handled. • Third party demands for access

  7. 2. Privacy risks posed by the emerging EHR (cont.) • The challenge: • To maximise both the protection of individual privacy AND positive health outcomes.

  8. 3. Health Records and Information Privacy Act 2002 (NSW) • Purpose: • Protecting the privacy of an individual’s health information that is held in the public and private sectors. • Enabling individuals to gain access to their health information. • Providing an accessible framework for the resolution of complaints.

  9. 3. Health Records and Information Privacy Act 2002 (NSW) (cont.) • Objects: • Balance the public interest in protecting the privacy of health information with the public interest in the legitimate use of that information. • Enhance the ability of individuals to be informed about their health care. • Promote the provision of quality health services.

  10. 3. Health Records and Information Privacy Act 2002 (NSW) (cont.) • Health information, s6 • Applies to every organisation (public sector agency or private sector person)that is a health service provider or that collects, holds or uses health information

  11. 15 Health Privacy Principles • HPP 1 - requires that an organisation must not collect information unless it is for a lawful purpose, directly related to a function or activity of the organisation, and the collection is reasonably necessary • HPP 2 - information collected should be relevant to the purpose of collection, not excessive, accurate, up to date and complete; and, the collection should not intrude unnecessarily on the personal affairs of an individual

  12. Health Privacy Principles (con’t) • HPP 3 - an organisation must collect health information about an individual only from that individual, unless it is unreasonable or impracticable to do so • HPP 4 - outlines the information that an organisation must give to an individual (including a third party) when it collects their information

  13. Health Privacy Principles (con’t) • HPP 5 - relates to the time period for holding of information and requirements for secure storage • HPP 6 - an organisation must take steps to enable an individual to ascertain whether it holds health information relating to the individual and details about the nature of the information, purpose for which the information will be used and entitlement to access

  14. Health Privacy Principles (con’t) • HPP 7 - an organisation must (on request) provide an individual access to their health information • HPP 8 - organisation must make amendments (on request) to ensure information is relevant (to the purpose of collection) up to date, complete and not misleading

  15. Health Privacy Principles (con’t) • HPP 9 - the holder of health information must not use health information without taking reasonable steps to ensure the information is relevant to the purpose of use, accurate, up to date, complete and not misleading • HPP 10 - sets out the requirements for organisations relating to the use of health information

  16. Health Privacy Principles (con’t) • HPP 11 - sets out the requirements for organisations relating to the disclosure of health information • HPP 12 - sets limits on the use of identifiers • HPP 13 - relates to anonymous access to health services

  17. Health Privacy Principles (con’t) • HPP 14 - relates to trans-border cross- flow of data and data flow to Commonwealth agencies • HPP15 - establishes specific obligations in relation to the linkage of medical records via an Electronic Health Records System

  18. Privacy NSW Guidelines • 4 Statutory Guidelines are currently being developed • They relate to: • Training • Management of health services • Research • Collection of third party information

  19. Training • HPP 10(1)(e) and 11(1)(e) • Use/disclosure of health information for secondary purpose of training • Use/disclosure of identifying informationwithout consent • Reasonably necessary to train employees or people working with the organisation • No publication and in accordance with the Guidelines

  20. Management of health services • HPP 10(1)(d) and 11(1)(d) • Use/disclosure of health information for secondary purpose of management, planning or evaluation of health services • Use/disclosure of identifying informationwithout consent • Reasonably necessary for the funding, management, planning or evaluation • No publication and in accordance with the Guidelines

  21. Research • HPP 10(1)(f) and 11(1)(f) • Use/disclosure of health information for secondary purpose of research or the compilation or analysis of statistics • Use/disclosure of identifying informationwithout consent • Reasonably necessary for research or the compilation or analysis of statistics • No publication and in accordance with the Guidelines

  22. Collection of third party information • HPP 4 – Individual to be made aware of certain matters • Collection of information from an individual from someone else (ie. third party) • Requirement that the individual is made aware of certain matters • Except where would pose a serious threat to life or health of any individual • Guidelines detail when organisation does not need to make the person aware (eg. collection of family medical history)

  23. Future Developments • Consultation on the draft Guidelines – comments and feedback • Contact us at privacy_nsw@agd.nsw.gov.au or telephone (02) 9268 5588

More Related