Privacy and Confidentiality of Electronic Health Records

Published on May 2016 | Categories: Documents | Downloads: 35 | Comments: 0 | Views: 349
of 43
Download PDF   Embed   Report

Comments

Content

Privacy and Confidentiality of Electronic Health Records: What Do Nurses and Other Health Professionals Need to Know?
Virginia Dallaire Jane Clarke

There is a new transition from paper to electronic health records(EHR) in Canada. Although many stakeholders view EHR as a means to improving the quality of health care for every individual in Canada, the issue of confidentiality and privacy needs to be in the forefront for all decision makers and health care providers( Smit, McAllister, Slonim, 2005)

What is Confidentiality, Privacy and EHR?
Confidentiality addresses the individual’s health information , the management and protection of this information from intentional or accidental disclosure to unauthorized individuals( Weitz, Drummond, Pringle, Ferris, Globerman, Hebert et al. , 2003).

Privacy is “ the right of an individual to determine for himself [ or herself] when, how and to what extent he[or she] will release personal information about himself[ or herself]” ( Morris, Ferguson, Dykeman,1999, p.92)

Electronic Health Records are a client’s entire health and health care history that is electronically accessed, collected and stored ( Weitz, Drummond, Pringle, Ferris, Globerman, Hebert et al. 2003)

“Confidentiality should be protected because it protects patients from harm, supports access to health care and produces better health outcomes”( Mulligan& BraunackMayer, 2004, p.48).

What is Personal and Confidential Electronic Information?
 All personal information such as: name, address, age , individual’s educational, financial, criminal and employment history, race, religion, associations, personal views or opinions, any identifying numbers or symbols assigned to individual

 Health Information: Individual’s health history, disabilities, inheritable characteristics, fingerprints, blood type( VIHA, 2002)

What Provincial, Territorial and Federal Legislation Exists to Protect Personal Information?
 Federal: Personal Information Protection and Electronic Document Act( PIPEDA)  PIPEDA is Federal Legislation that protects all personal information which includes electronic health information

Provincial: Every Registered Nurse in Canada is a member of a College of Registered Nurses that sets out standards and codes which address confidentiality and privacy in practice Alberta: Freedom of Information and Protection of Privacy Act ( FOIPPA) and Health Information Act(HIA) http://foip.alberta.ca

BC. : Freedom of Information and Protection of Privacy Act( FOIPPA) Http://www.mser.gov.bc.ca/FOI_POP/ Manitoba: Freedom of Information and Protection of Privacy Act( FOIPPA) Personal Health Information Act http://www.gov.mb.ca/chc/fippa/index.htm http://www.gov.mb.ca/health/phia/index.ht

Northwest Territories: Access to Information and Protection of Privacy Act http://www.justice.gov.nt.ca/ATIPP/atipp.ht Nova Scotia: Freedom Of Information and Protection of Privacy Act( FOIPPA) http://www.gov.ns.ca/just/foi/foisvcs.htm Nunavut: Access to Information and Protection of Privacy Act

Ontario: Freedom of Information and Protection of Privacy Act Municipal Freedom of Information and Protection of Privacy Act Personal health Information Protection Act,2004 http://www.mgs.gov.on.ca/english/index.ht

Prince Edward Island: Freedom of Information and Protection of Privacy Act http://.gov.pe.ca/foipp/index.php3 Quebec: Act respecting Access to documents held by Public Bodies and the Protection of Personal Information http://www.institutiondemocratiques.gouv a/index_en.htm

Saskatchewan: Freedom of Information and Protection of Privacy Act Local Freedom of Information and Protection of Privacy Act Health Information Protection Act http://www.saskjustice.gov.sk.ca/legismma freedomofinfoact.shtml

Yukon: access to Information and Protection of Privacy Act http://www.atipp.gov.yk.ca/ ( Office of the Privacy Commissioner Of Canada, 2009)

In addition to Federal, Provincial and Territorial Privacy Acts there is the Canadian Standards Association Model Code for the Protection of Personal of ten principles Information  It is comprised
which guide the collection, use and disclosure of personal information

 Public or private facilities can use this model to ensure privacy and confidentially  Chief Privacy Officer oversees the compliance of the principles and responds to concerns and complaints ( Canadian Standards Association, 2009)

 Ten Principles summarized:  Purpose for collection of information needs to be identified  Consent required  Clear guidelines provided for the disclosure of information  Collection of personal information is limited to only pertinent information for client’s care



 Ensures accuracy, completeness and up-to-date  States personal information needs to be protected by security safeguards  Transparency of organization’s policies

 Addresses the clients rights around being informed of all health information and the right to challenge the accuracy and completeness of the information ( Canadian Standards Association,2009)

Key Factors in Managing Privacy and Confidentiality in EHR
Development of policies and procedures that incorporate the following principles:  Transparency: Everyone has the right to know who is accessing their health information

 Collection and Use of Personal Health Information: Policies must follow the federal and provincial privacy acts. All health information should be accurate and relevant to why it is being collected

 Individual control: Individual can access an audit trail to see who access their personal health information; individual can also limit who can access their information  Security: all measures should exist to protect personal health information( access, collection and storage)  Audit: comprehensive audit done frequently to ensure only authorized

 Accountability and Oversight: Policies in place that will address the monitoring of confidentiality, how to disclose a breach and violations will be dealt with  Technology and Privacy: Privacy protection will be have comprehensive standards and policies ( Health Initiative Blueprint, 2009)

What is a Breach of Confidentiality?
 Unauthorized viewing of any client’s health information  Accessing information about yourself, family or friends  Asking co-workers about confidential information that is not pertinent to your care role  Discussion of confidential information in a public area

 Unauthorized sharing and disclosure of confidential health information other than authorized by Federal and Provincial Privacy Act s  Lending your keys to someone else to access filing cabinets, file storage rooms where confidential information is stored  Telling your co-worker your password

 Using a co-workers password to log in to a computer

Failing to log off your computer Failure to report any breach of confidentiality (VIHA, 2002)

Breaches of Confidentiality: Where do the most commonly occur?
 81% occur in the health care setting  Usually occurred during informal conversation among health care employees  While on the telephone

 Between health care providers and a client  Conversations with family friends and people outside the health care agency ( Nursing, 2004)

How Can Nurses Safeguard the Privacy and Confidentiality of their Clients EHR?  Ensure passwords are kept
confidential  Use passwords that can not be deciphered and change regularly  Do not share passwords and sign off immediately before leaving the computer  Never delete information

 Routinely ask “ Do I need to know this information?”  Report any suspicious or actual breaches of confidentiality ( College of Nurses of Ontario, 2006, VIHA, 2002).

What is the role of the Officer of the Privacy Commissioner of Canada? The Commissioner is an advocate for
the privacy rights of Canadians. She[he] works independently from the government and her[his] role includes:  Investigating complaints in regards to the federal public sector and the private sector

 Complaints may come from the public sector if personal information is being held by Government of Canada institutions  Promotes public awareness and understanding of privacy rights  Reports on public and private sector’s handling practices around protection of client’s privacy ( Office of The Privacy Commissioner of

What is your role as a nurse or health care professional in ensuring confidentiality and privacy for every client in the health care system? How are you going to meet the challenges of confidentiality and privacy with EHR?

“All that may come to my knowledge in the exercise of my profession or outside my profession or in daily commerce with men, which ought not be spread abroad, I will keep secret and will never reveal”( Hippocratic Oath, circa 4th century BC. as cited in Weitz, Drummond, Pringle et al. , 2003, p.292).

Canadian Standards Association. ( 2009) About the privacy code. Retrieved February 7, 2009 from http://www.csa.ca/standards/privacy/cod College of Nurses of Ontario(2006). Documentation Practice Standards: Electronic health records. Retrieved February 7, 2009 from http://www.cno.org/prac/learn/modules/d

References

References con’t

Health Initiative Blueprint( 2009). Key elements: Managing privacy, security& confidentiality. Retrieved January 10, 2009 from http://www.ehealthinitiative.org/blueprint/k

References con’t
Mulligan, E. & Braunack- Mayer, A. ( 2004). Why protect confidentiality in heath records? A review of research evidence. Australian Health Review, 28(1), 48-55. Morris, J., Ferguson, M., & Dykeman, M.J. ( 2nd ed.). ( 1999). Canadian nurses and the law. Canada: Butterworths

References con’t
Nursing( 2004). Privacy breaches: All too common . 34(9), 35. Retrieved February 17, 2009 from Proquest Nursing Journals database Office of the Privacy Commissioner of Canada ( 2009). Provincial/Territorial Privacy Laws. Retrieved February 10, 2009 from

References con’t.

Office of Privacy Commissioner of Canada (2009). Mandate and Mission of the OPC. Retrieved February 17, 2009 from http://privcom.gc.ca/aboutUs/index_e.asp Privacy Commissioner Of Canada( 2004) PIPEDA awareness raising tools(PARTs) initiative for health sector retrieved

Smit, M., McAllister, M., & Slonim, J.( 2005) Building public trust for electronic health records. Retrieved January 25 , 2009 from http://www.lib.unb.ca/Texts/PST/2005/pd Vancouver Island health Authority(2002). General Administration: Confidential information- privacy rights of personal information policy. Section number 1.0, subsection number 1.5,

References con’t

References con’t
Weitz, M., Drummond, N., Pringle, D., Ferris, L.E., Globerman, J., Hebert, P., et al. ( 2003). In whose interest? Current issues in communicating personal health information: A Canadian perspective. Journal of Law, Medicine & Ethics, 31, 292-301.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close