1 / 8

Privacy in Healthcare

Privacy in Healthcare. Personal Health Information Task Force June 6, 2007 Eileen MacGibbon, Administrative Director & CPO Derrick Jardine, CIO. AHSC Steps Undertaken in Response to the Protection of Health Information Act (POPIA). Participation in Provincial POPIA working group.

elu
Télécharger la présentation

Privacy in Healthcare

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy in Healthcare Personal Health Information Task Force June 6, 2007 Eileen MacGibbon, Administrative Director & CPO Derrick Jardine, CIO

  2. AHSC Steps Undertaken in Response to the Protection of Health Information Act (POPIA) • Participation in Provincial POPIA working group. • Existing AHSC Administrative Director appointed as Chief Privacy Officer • Review of all AHSC privacy and confidentiality related policies. • Policy development to address all 10 POPIA Principles. • Data inventory and collection of ‘reasons why’ various pieces of data collected. • Comprehensive Privacy Impact Assessment completed. • Augmentation to AHSC data collection process and data integration as needed per the data collection assessment results.

  3. AHSC Steps Undertaken in Response to the Protection of Health Information Act – con’t • Development of new privacy agreements for AHSC employees and external parties. • Revised breach/violation audit procedure and associated documentation. • Review of all AHSC Release of Information policies and procedures. • Review of all AHSC computer user access codes, i.e., scope and breadth of access and need for documented reasons for access • Development of computer user access approval process to ensure on-going POPIA compliance.

  4. AHSC Steps Undertaken in Response to the Protection of Health Information Act – con’t • AHSC Privacy Education: • POPIA workshop provided for all AHSC privacy committee members. • Privacy sessions provided to AHSC Senior Executive and Board of Directors. • Over 300 one hour in person sessions provided to AHSC employees and physicians. • On-line privacy education tutorial developed for staff via AHSC intranet.

  5. Regional Health Authority Impact of POPIA • Significant increase in the number of external requests to access personal health information. • Significant increase in the number of employee and physician requests for guidance regarding; • Collection of health information • Storage of health information • Protection of health information • Health information ownership • Access to personal health information (specifically employee access to their own health information available on AHSC computer systems)

  6. Challenges within the Current Environment • Lack of coordinated approach to the management and protection of personal health information within all sectors of the health system. • Dependence on a system of data collection that relies on implied consent. • Increasing public demands with respect to an electronic health record that enables patient/client participation via on line access, result distribution, journaling ability etc. • Unclear parameters regarding public versus private health and POPIA versus PIPEDA. • Lack of clearly defined health industry standards regarding health information management and protection.

  7. Challenges within the Current Environment – (continued) • Complexity of healthcare information and the balance required between personal access and the risk of clinical data misinterpretation. • Lack of clearly defined roles and responsibilities regarding centrally launched health applications containing personal health information from all NB RHA’s. • Personal health information translation requirements. • Disclosure limitations weighed against (McInerney versus MacDonald case – 1992) • Substitute decision maker (SDM) right to personal health information access.

  8. Thank You for your time! Questions?

More Related