Download presentation
Presentation is loading. Please wait.
1
This module focuses on Privacy, Confidentiality, and Security of Personal Health Information.
Move this to online module slides 11-56 Privacy, Confidentiality, and Security of Information: Annual Training 2018 – Part 2
2
Implied Consent “Need to Know” Principle & Implied Consent
When a patient seeks health care services at the hospital it is assumed that the patient does not object to their PHI being collected, used and disclosed for the following purposes: Provision of health care and treatment Sharing the information with other health care providers within the patient’s ‘circle of care’ Billing Compiling statistics Ensuring quality of all patient care Read slide
3
Express Consent You need to get explicit (express) consent before you can access or share personal health information with people who are not within the patient’s “Circle of Care”. Consent may be given verbally or in writing. Examples of when express consent is required: Lawyers Insurance companies Employers Express consent can be withdrawn at any time Read slide
4
When Do You Need Express Patient Consent to Release PHI?
Examples of people who are not within the patient’s “Circle of Care” include: Family members who are not the substitute decision maker Police, with the exception of a legal process, including search warrant, court order Lawyers Insurance Companies Read slide
5
How Do You Document Express Consent?
The patient may give verbal or written consent, depending on their situation The written consent form must be attached to the patient’s health record Verbal consent must be documented in the patient’s health record Read slide
6
What is Duty to Report? Legislation requires that healthcare professionals report specific information to the authorities in certain circumstances Examples (click on the pdfs to view policy): Gunshot wounds Suspected child abuse or neglect Suspected elder abuse Communicable diseases These requirements override the privacy legislation Provide only limited information which is necessary to report the concern. Read slide
7
How To Protect Confidentiality of Personal Health Information
Portable Devices: use only hospital approved encryption for all portable devices, as mandated by the Information & Privacy Commissioner of Ontario. Do not save personal health information on portable devices unless approved by the Hospital. Any personal health information that needs to be saved to a portable device will require the device to be encrypted by IT approved encryption technology. Read slide
8
How To Protect Confidentiality of Personal Health Information
Faxing Verify the fax number and recipient before sending Pre-program frequently used numbers into fax machine to avoid misdirected faxes Double-check your entry of the fax number Maintain record of fax Labels Labeling errors are a source of privacy breaches Always double check prescriptions and discharge instructions to ensure accurate patient information is sent home with each patient Read slide
9
How To Protect Confidentiality of Personal Health Information
Practice measures: Avoid speaking about confidential information in a public area. If this cannot be avoided, such as the nursing station, speak in a low voice and seek out a more private area for any private conversation Even when not using names you should never talk about a patient’s care in elevators, the coffee line, or other public places. Consider what it would be like if that was YOUR information being shared. Read slide
10
What Information Can You Share?
Under PHIPA, unless a patient has expressly told us not to release any information we can: Advise that someone is a patient here (for example, provide their room number) Advise as to the patient’s general condition (fair, good, satisfactory) Read slide
11
How to Respond to Inquiries About Patients Via Telephone
You can transfer the call to the patient (if the patient is not VIP/Confidential) You can take the caller’s name and phone number and give it to the patient to call back If the patient has provided the individual with the 4 digit “privacy code” then you can provide personal health information. Read slide
12
Release of Information to Police
Click on the following link to read: SMGH Release of Information Police policy Copies of records/lab samples Direct to Health Records, unless acting on behalf of the Coroner (can immediately release with appropriate documentation) Can acknowledge presence/location in the facility (with full name, and if a patient hasn’t expressly withheld consent to have their presence acknowledged) Other circumstances where there is a threat of bodily harm If in doubt, ask your Manager or the Chief Privacy Officer Read slide
13
The VIP Patient Flag SMGH uses a flagging system with the electronic patient record to protect the PHI of the following patients: Staff and Physicians Political or well known community personalities Those in need of information protection (news media, high profile) Those requesting protection of information Read slide
14
How To Mark a Patient as VIP in the Meditech System
The Registration Clerk or other care givers must notify the IT Help Desk to mark the patient as VIP. Read slide
15
How to Tell if a Patient is Flagged as a VIP in Meditech?
VIP patients will be identified with a * beside their name (these charts are audited weekly) Read slide
16
These systems are monitored to ensure security
Information and communication technologies are provided to staff to conduct Hospital business only. Communications sent and received through these systems are the property of the Hospital. These systems are monitored to ensure security Read slide
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.