Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:

Slides:

Advertisements

Similar presentations

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Advertisements

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Policy & Peer Permission (PPP) System Project: Development of User-Friendly Access Control Policy Statements For Use with Electronic Health Records Maryann.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

PRIVACY IN HEALTH CARE SYSTEM: PROBLEMS AND POSSIBLE SOLUTIONS Tautvydas Jankauskas M.D. Rita Baneviciene M.D. Darius Petraitis Egle Kalinauskiene M.D.

March 29, 2012 Improving Health Outcomes for Children in Foster Care: the Role of Electronic Information Exchange.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Complying with Privacy to Enable Innovation & Research

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

Chapter 2 Electronic Health Records

HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Internal Auditing and Outsourcing

A Project of Consumer Action | Funding provided by the Rose Foundation © 2013 Health Records Privacy in California: Protecting.

Susan Adamchak, Heidi Reynolds, Barbara Janowitz, Thomas Grey, Emily Keyes October 21, 2008 FP and HIV/AIDS Integration: Findings from 5 Countries.

Essentia EMR Jenifer Brilla CRNP Wilkes University.

E-Referral enabled collaborative health care Opportunities and considerations Presented by: Sasha Bojicic Emerging Technology Group Canada Health Infoway.

ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF.

Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.

Results from eHI & CHIME Survey Use of Data and Analytics by Providers Jennifer Covich Chief Executive Officer August 30, 2012.

Health Insurance Portability and Accountability Act (HIPAA)

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.

The Tension Between Confidentiality and Accessibility Edward B. Goldman, J.D. Deputy General Counsel University of Michigan October 10, 2007.

State Alliance for e-Health Conference Meeting January 26, 2007.

Privacy, Quality and Electronic Health Information Royal New Zealand College of GPs Quality Forum 14 February 2009 Sebastian Morgan-Lynch

PHCL 498 Spring 2015 Health Informatics. Amar Hijazi, Majed Alameel, Mona AlMehaid Lecture #1 Introduction to the course.

Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.

Copyright © 2008 Delmar Learning. All rights reserved. Unit 8 Observation, Reporting, and Documentation.

10 Important Criteria for Change Management Success Karen Korb TELUS Health Solutions November 23, 2009.

H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…

DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

 The use of telecommunications technology to provide, enhance, or expedite health care services.  Accessing off-site databases, linking clinics or physicians'

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Consent Directive Management Adding patient privacy support to OpenHIE Derek Ritz, P.Eng., CPHIMS-CA Architecture Virtual Meeting, August 2015.

Missing Data in NSQIP Albumin Peter Doris SQAN. Clarification Albumen –Egg white Albumin –A water soluble protein.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

AN INTRODUCTION Managing Change in Healthcare IT Implementations Sherrilynne Fuller, Center for Public Health Informatics School of Public Health, University.

Kevin W. Ryan JD, MA Associate Director – ACHI Assistant Professor – UAMS COPH Rural TeleCon ’06 10th Annual Conference of the Rural Telecommunications.

PO :Physical Therapy Administration. Learning Objectives The physical therapy technician will participate as a member of the physical therapy administration.

Health Management Information Systems Unit 8 Consumer Health Informatics.

HIPAA A Sea of Confusion, A Wave of the future and A High Tide of Confidentiality.

TRAINING COURSE. Course Objectives 1.Know how to handle a suspected case 2.Know how to care for a recognized trafficked person referred to you Session.

PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.

By MUREREREHE Julienne BDT(Hons) KHI..  Informed consent is a legal document, prepared as an agreement for treatment, non-treatment, or for an invasive.

INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.

The Medical Record, Documentation, and Filing

The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

©Canada Health Infoway 2016 Health System Use Summit: Health Analytics for Informed Decision Making Technology and Infrastructure Enablers Joan Roch, Chief.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

Wilmington Medical Associates Patient’s Rights & Responsibilities You Have the Right to: Considerate and Respectful Care We respect your right to: expect.

© 2016 Cengage Learning ®. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Chapter 1 Introduction to Electronic Health Records Copyright © 2011 by Saunders, an imprint of Elsevier Inc.

Health Informatics Awareness Planned DayTopicPlanned Time Day 1 22/7/ Course introduction & pre course survey 2.Pre evaluation test 3.Introduction.

Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.

Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.

Confidential Records and Protected Disclosures

Data Access and Stewardship

D3 Confidentiality.

Move this to online module slides 11-56

HLN Consulting, LLC® November 8, 2006

Presentation transcript:

Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:

Objectives Appreciate some of the privacy challenges healthcare technology projects are facing today Recognize the potential impacts electronic information may pose to privacy Stimulate thought regarding the balance between the provision of quality care and the access to complete and accurate information

Electronic Health Record

Terminology Clinical Information System (CIS) Hospital Information System (HIS) Electronic Medical Record (EMR) Electronic Patient Record (EPR) Computerised Patient Record (CPR) Electronic Health Record (EHR)

Electronic Health Record “An EHR is an aggregation of patient-centric health data that originates in the patient record systems of multiple independent healthcare organizations for the purpose of facilitating care across multiple organizations.” Gartner October 2005

Providers

Support Services

Others

Information Exchange

Current Health Information Sharing

Electronic Health Record

Technology Benefits

Potential Benefits of Electronic Health Record Timely access to information More complete information (broader picture of patient health) More accurate information (current cross provider communication is often transmitted by the patient) Reduced health care costs (eliminate duplication, reduce paper and distribution costs etc…) Decreased work effort in communication (preparing referral/consult details versus accessing information as needed)

Privacy in the Paper World

Key Components to Privacy in the Paper World Physical Security o Record locations o Limited access o Personnel monitoring o Locked cabinets Consent o Signed form o Implied o General wording about sharing information as necessary for the provision of care o Ultimate responsibility for keeping information secure is custodian

Key Components to Privacy in the Paper World Trust o Provider authority to make a judgement call on sharing of information o Minimal (if any) patient involvement regarding data details o Confidence that provider does what is necessary to complete care requirements Disclosure o Sharing custodian filters data o “Need to know” concept in practice

Privacy – Who’s Responsible?

Drivers of Security in Electronic World Legislation Technology Standards (ex: CHI EHRS Blueprint, HL7 etc…) Standards of Practice

Technology Considerations Consent Options o To collect o To access o To use for research Consent Status o Neutral o Granted o Revoked Data Masking o Filter access at various levels

Patient Management Scenario – patient indicates request to “mask” HIV status Challenges o Who determines how this is done? o Who “informs” the patient of the implications? o Who is liable if information is released? o Who is liable if care is compromised? o Will providers comply?

Provider Management Deciding to participate in EHR contribution Challenges o Once disclosed patient advocacy role is comp o How confident are you that information is only accessed for care? o Who has custodial responsibility for the bucket?

Information Manager Responsible for storing, securing and managing data access Respond to information requests Challenges o Who owns the data? (patient/provider?) What does ownership mean? o Can the IM evaluate the risk of responding to a patient request? o Does communication with a patient regarding their health information require provider knowledge? o Will providers need to share information from other providers’ records?

Who’s Responsible? Answer…..

I DON’T KNOW…. Recommendations o Know your legislative requirements/options o Know the technology standards and how they may or may not work for you or the patient o Identify the gaps and challenges and above all…. Be prepared to establish clear and manageable policies and processes that define responsibility before you complete your solution design