Policy & Peer Permission (PPP) System Project: Development of User-Friendly Access Control Policy Statements For Use with Electronic Health Records Maryann.

Slides:



Advertisements
Similar presentations
Patient unique identifier /Universal health identifier Dr Kibet Sergon Head, Health Information System (HIS) MINISTRY OF MEDICAL SERVICES MINISTRY OF PUBLIC.
Advertisements

5-1 Chapter 5 Fundamental Documentation © 2012 The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill.
12-1 Chapter 12 Advanced EHR Functionality © 2012 The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill.
| Implications for Health Information Exchange – MetroChicago January 2011.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Health Telematics Unit Global e-Health Research and Training Program The Alberta SuperNet – Impact on Health Services Delivery Dr. Penny Jennett – Principle.
JOURNAL REPORT Hernandez Jay, Hernandez L, Ishimura M, Pascua R.
Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Presents: Weekly HIPAA Teleconference Revised
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
EFFECTIVE DELEGATION AND SUPERVISION
Making the Difference in Referral & Communication Systems September 2012 Emerald Health Exchange.
Access and Authorisation in a Glocal e-Health Policy Context Session II - Access Control to Information and Authorisation Management Richard E Scott, Penny.
Clinical Information System Implementation Project Prepared for Clinical Affairs Committee December 4, 2002.
Informed Consent and HIPAA Tim Noe Coordinating Center.
Module BASICS OF THE QUALITY SYSTEM CONCEPT
Laboratory Management - 1
Disability Management Definition: “…the process of preventing and managing absence from work. Operationally, it is an active process directed towards promoting.
Created May 2, Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality
Using a Patient Portal for Electronic Communication With Patients With Cancer: Implications for Nurses Oncology Nursing Forum Elizabeth S. Rodriguez, DNP,
Image from and-station JennaLedger.
ACGME OUTCOME PROJECT : THE PROGRAM COORDINATOR’S ROLE Jim Kerwin, MD University of Arizona.
© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.
Delmar Learning Copyright © 2003 Delmar Learning, a Thomson Learning company Nursing Leadership & Management Patricia Kelly-Heidenthal
ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF.
NHIN Direct Project Communications Work Group Messages for Physicians August 24, 2010.
Topic 4 How organisations promote quality care Codes of Practice
OntarioMD’s EMR Maturity Model Advancing Optimization and Use Ontario College of Family Practice Annual Scientific Assembly Presented By: Darren Larsen,
Confidential: Quality Improvement Material Case Management In a Primary Care Setting.
OntarioMD’s EMR Maturity Model & Reporting Advancing Optimization and Use e-Health 2013 Accelerating Change Conference Presented By: Darren Larsen, MD,
Medical Law and Ethics Lesson 4: Medical Ethics
The Key to Writing Policies and Procedures Updated: February 2012 Public Health Nursing & Professional Development Unit Eunice Inman, RN Gay Welsh, RN.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Meaningful Use Presentation for Fall Faculty Meeting October 24, 2014.
Standard Operating Procedures Joe Wherton Queen Mary University of London
 Being the new reimbursement manager, I hope to work with you all for the benefit of this entity.  I manage reimbursement transactions, as well as facilitating.
State Alliance for e-Health Conference Meeting January 26, 2007.
 Dr. Syed Noman Hasany.  Review of known methodologies  Analysis of software requirements  Real-time software  Software cost, quality, testing and.
Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
Copyright © 2008 Delmar Learning. All rights reserved. Unit 8 Observation, Reporting, and Documentation.
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 1 The Finnish National Electronic Patient Record Archive
Patient’s Bill of Rights. The pt. has the right to considerate and respectful care. The pt. has the right to considerate and respectful care. The pt.
Patient Rights, Medical Information & Records: a JCI Perspective October 10, 2007 Makati Medical Center ATTY. RODEL V. CAPULE MD FPCEMAC FPCP Professor.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
HIPAA LAWS.  Under the privacy rule, the patient must give consent to use his or her Protected Health Information.  Examples in which consent must be.
What will this presentation do? Explain what Single Assessment Process is and where it comes from Explain how Single Assessment will improve older peoples.
Chapter 18 by Sheldon Prial and Schuyler F. Hoss Overview of Home Telehealth.
Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.
Telemedicine, Regulatory bodies, and the Practitioner Erinma Abara, BA(Hons), JD, Emmanuel Abara, MB, FRCS(C), FACS, FICS 1. Abara Law Professional Corporation.
HIPAA Security Final Rule Overview
Hospital Records.
1 Copyright © 2009, 2006, 2003, 2000, 1997, 1994 by Saunders, an imprint of Elsevier Inc. Chapter 23 Nursing Informatics.
 Pharmaceutical Care is a patient-centered, outcomes oriented pharmacy practice that requires the pharmacist to work in concert with the patient and.
Chapter 1 Introduction to Electronic Health Records Copyright © 2011 by Saunders, an imprint of Elsevier Inc.
EFFECTIVE DELEGATION AND SUPERVISION
Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.
Responsibility for Policies and Procedures DR. Mohamed Seyam PhD. PT. Assistant Professor Of Physical Therapy.
Designing Effective Accommodation Plans in Clinical Placement & Internship Settings
Electronic Health Records (EHR)
Lesson 1- Introduction to Electronic Health Records
HTHS240-Final Exam Zenobia Ursery.
Introduction to Electronic Health Records
Lesson 1- Introduction to Electronic Health Records
The Key to Writing Policies and Procedures Updated: February 2012
Presentation transcript:

Policy & Peer Permission (PPP) System Project: Development of User-Friendly Access Control Policy Statements For Use with Electronic Health Records Maryann Yeo, RN, Ph.D. Health Telematics Unit University of Calgary

Presentation Outline: PPP System Development Project Concept of access control. Policy Development: Purpose Methods Findings Implications Example of PPP site-specific policy. Questions & Comments

PPP System Development Project:  PPP system automates the authoring and interpretation of policy for granting access to EHRs.  2 components: Policy software development Policy development PPP Project Team: Merv Matson, RightsMarket Inc.; Dr. Penny Jennett, Health Telematics Unit, Faculty of Medicine, University of Calgary; Dr. Tim Cheung, University of Ottawa Heart Institute

Concept of Access Control:  Access control is an information security method.  2 key objectives: Allow providers to access information about individuals, where consented, in a timely and efficient manner. Prevent providers accessing information when they do not have authority or reason.

PPP Policy Development: Purpose & Methods Purpose: To Develop a “starter set” of workable policy statements for use with EHR systems in clinical practice with the RightsEnforcer software. Methods:  Literature Review  Review of Current Legislation  Review of Pilot Site: protocols, policies & operating procedures documents  Interviews with pilot test site.

Findings: Access Control Issues  Broad access: Allow every authorized person access to all the patient records? Vs.  Controlled access: –Who is authorized to access the system? –Which patient records can be looked at? –Which patient records can be changed?  How tightly should access be controlled?

Findings: Impact of Implementing Access Control Policies Implementing changes, such as access control policies involves changes in:  The way things are done;  Processes;  Behaviour of people & teams of people;  Changes can be disruptive & intrusive;  Integration of into the front-lines may be a longer process than first thought.

Findings: Human Behaviour as a Security Threat  Key component of information security.  Internal security threats are threats to the privacy, confidentiality, and security of personal health information caused by workers’ behaviours.  May be intentional, accidental or inadvertent.  Majority of security threats are internal (over 85%) and inadvertent. COACH. (2001). Guidelines for the protection of health information. p.19.

Findings: User Acceptance of Technology User acceptance includes social & practical acceptability. People will use a new system: If it benefits them to do so. If it is easy to learn. If it is easy to see. If it is easy to hear. If it does what they expect it to do. Nieslon, J, (1993). Usability Engineering. Boston: AP Publishing

Findings: Translating policies  Defined organizational access control policies & procedures need to be established.  Procedures need to translate their intent and goals into everyday practices.  Policy details & procedures tend to vary from location to location.  Tailoring of access control policies to the work setting.

Implications: Tailoring of Policy Statements PPP policy statements are being developed as series of Scenarios which are tailored around:  Specific health care sites involved.  Physician referral, consulting & communication patterns.  Staff information sharing patterns in everyday clinical practice.  Organizational readiness & change management.

Policy Statement Example: 1. Jane Smith is the triage nurse coordinator. 2. The triage nurse coordinator may access, read & print all of my personal health information related to my referral 3. The triage nurse coordinator may transfer this information access right to any clinical colleague who in his/her judgment has a need to access the information to effect or advance my care. 1 Access Policy: The triage nurse coordinator, assigned to me may access, read and print any of my medical records needed for my consultation, diagnostic tests &/or surgery.

Questions ? Comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.