250 likes | 408 Views
Privacy: 2014. to point of care access, integrated patient info from multiple providers 10 min. course covers : intro to connecting GTA (cGTA) privacy protection questions/help: Chief Privacy Officer (416-756-6448) or privacy@nygh.on.ca. Looking forward …. Coming in 2014.
E N D
to point of care access, integrated patient info from multiple providers • 10 min. course covers: • intro to connecting • GTA (cGTA) • privacy protection • questions/help: Chief Privacy Officer • (416-756-6448) or privacy@nygh.on.ca Looking forward …
Coming in 2014 connectingGTA (cGTA) - initiative of eHealth, LHINs, Canada Infoway integrates electronic clinical data from participating organizations, point of care access early adopter hospitals: NYGH, UHN, TEG, SM, SBHSC, MS, WOH, THP NYGH plans direct link: patient’s chart in Cerner e.g. John Smith (Cerner) to John Smith (cGTA)
Data integration: privacy risks magnified Paper charts limited access, disclosure potential Electronic (Cerner) all NYGH patient data accessible upon login Health information networks, clinical data repositories; vast amounts of patient data accessible upon login
Road to stronger point-of-care access • participation requirement: compliance with cGTA privacy & security policies incl. • training, end user agreements • strong passwords • privacy notice at login • For more information: • https://www.ehealthontario.ca/portal/server.pt/community/frequently_asked_questions/2496
The challenge of boredom Personal Health Information Protection Act: 8+ yrs familiarity can bring complacency privacy breaches rising: North America & beyond litigation, class actions a growing factor Canadian settlements low, cost of defending high refresher training helps avoid risk
Personal Health Information Protection Act (PHIPA) establishes rules governing collection, use, disclosure of personal health info (PHI) provides individuals rights of access, rights to control their own PHI patientsincreasingly exercising those rights
Personal health information means … • identifying information in oral/recorded form • physical/mental health, family health history • provision of health care, identity of individual’s health care provider or substitute decision maker • payments, eligibility for health care; donation of body part/substance; result: test/exam of body part/substance • health card number; plan of service/Long-Term Care Act
Accountability for privacy we are all accountable credentialed staff, employees – contract & permanent, volunteers, students Vice Presidents: responsible for compliance within respective portfolios Chief Privacy Officer: facilitates compliance, official point of contact for all inquiries, complaints
Sharing with health care team • only those who "need to know” have authority to access personal health information (PHI) • i.e. primary care, attending & consulting physicians, residents, nurses, technicians, spiritual care & support staff directly involved in patient care • patient and family centred, privacy protective care
Personal health information accuracy • take all reasonable steps to ensure accurate, complete, up-to-date • inform recipients of accuracy limitations • patients have right to request correction, to attach a statement of disagreement to chart if requested change not made • Note: correction requests re medical info are referred to physician/record creator
Consent to collect, use, disclose • obtain consent first unless a law permits/requires activity without consent • e.g. law requires we report communicable diseases, gunshot wounds • law overrides any patient objection to disclosure
Must have capacity to consent • must be voluntary, knowledgeable & relate to the information • substitute decision maker (SDM) may consent on patient's behalf • patient/SDM must understand they may withhold consent to collections, uses, disclosures • 16 year-olds may consent or refuse on own behalf
where elements of consent are established in the circumstancesi.e. • it is obvious that the patient knows the purpose for & consents to collection, use, disclosure; that they may give/ withhold consent • request for treatment implies consent to necessary collection, use, disclosure Implied consent
Express consent • explicit agreement or permission to collect, use and disclose PHI • can be given in person, by telephone or in writing • document oral consent/refusal on patient chart
Limiting collection • collection limited to that necessary to provide care, to carry out essential administration & reporting • fair and lawful means to collect, no deception, coercion
Limiting use, disclosure • PHI is used, disclosed to provide health care, as permitted/required by law • permitted uses include: • - service evaluation • - educating students • - quality improvement • name & address used for fundraising60 days after admission • disclosure permitted for research approved by NYGH’s Research Ethics Board
Relying on implied consent implied consent permits sharing with health care team for care purposes unless patient/substitute decision maker objects permits disclosure to another health care provider for care unless consent expressly withdrawn/withheld
Express consent required before … • disclosing to person who is not a health info custodian e.g. to insurer, lawyer, teacher, employer- referto Release of Information Dept: 416-756-6209 • media: no disclosure, refer to Corporate Communications 416-756-6127; locating: 6002 • consent required before disclosure to health info custodian when purpose is not health care
Photos/Audio/Video: express consent required • no person mayphotograph or audio/videotape patients, staff physicians or volunteers without their express consent • anyone who doesshouldbe asked to stop and delete the info; call Security if they refuse • Security will request deletion & if refused, person may be escorted from hospital Google glass: photo, audio, video …
Permitted disclosure without consent patient is injured or incapacitated, unable to consent; disclose info necessary to permit contacting next of kin, friend, substitute decision maker may disclose to reduce, eliminate significant risk of harm to person or persons; disclose only necessary info to appropriate person or body –overrides patient objection to comply with subpoena/warrant or statute e.g. mandatory reporting of gunshot wounds, communicable diseases
Disclosure of admission, location, condition • ask permission at first reasonable opportunity; record consent/objection on PowerChart • no disclosure if patient or SDM objects or if VIP flag on chart • describe condition in general terms: stable, fair, satisfactory, poor or critical unless patient expressly consents/requests greater disclosure • ideally it is the patient who discloses as much/little as they want others to know
Patients’ right of access in-patient may view chart when it won't cause care disruption; ensure record security consult attending physician before giving patient access to mental health records to avoid causing harm (inpatient & after discharge) after discharge, patients complete release of information form, pay fee for copies for personal use please avoid creating expectation Health Records will immediately provide copies for personal use at no charge release of information request form, fee schedule on NYGH website at Your Health Information
Information and Privacy Commissioner/Ontario (IPC) provides oversight of compliance with the Personal Health Information Protection Act. The Commissioner: adjudicates access appeals, investigates privacy complaints and may issue public reports may enter and inspect premises, records, information management practices and require evidence under oath, affirmation has Order making power; may levy fines of up to $250,000.00 IPC Contact: 416-326-3333, www.ipc.on.ca
Thank-you For more information please contact Rita Reynolds Chief Privacy Officer at ext. 6448