Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Nicole Golda PGY 5 Urology

Published byCarli Newton Modified over 9 years ago

Similar presentations

Presentation on theme: "Dr. Nicole Golda PGY 5 Urology"— Presentation transcript:

1 Dr. Nicole Golda PGY 5 Urology
Privacy in Healthcare Dr. Nicole Golda PGY 5 Urology

2 Have you: actually read through the privacy contract before signing it to obtain EPR access? shared your login/password with a resident or medical student? brought patient information home? Or ed patient information? left your ERP logged in at a nursing station or in the OR? misplaced your patient list? discussed patient info in a public place or in front of patient’s family members?

3 Why is privacy important?
Patients entrust us with their care and private health info only for the purpose of treating them Protecting privacy matters because if patients felt their information would not be kept private, they would with-hold information, ultimately affecting their care Canadians appear to be concerned about the privacy of their health information. A recent online survey of 1002 Canadian patients indicated that 43.2% have withheld or would withhold information from their health care provider because of privacy concerns, while 31.3% of Canadian patients have or would postpone care over privacy concerns, and 42.9% would seek care outside their communities for the same reason

4 Privacy Laws Primer: PHIPA: Personal Health Information Privacy Act
Provincial law - took effect Nov 1, 2004 Governs: collection, use and disclosure of personal health information (PHI), for health care and secondary purposes entrenched patients’ privacy rights: access PHI correct PHI restrict use & disclosure of their PHI notified if PHI stolen or lost challenge an organizations’ privacy practices

5 Important that you only access info if required to complete your job
‘Privacy’ is not a new issue in health care… so why do we need privacy laws? Modern healthcare relies on electronic patient-care systems i.e., EPR, PACS EPR increases the scope of info available to health practitioners = better health care Privacy risks are inherent in EPR environment ie. cannot lock down EPR so users can only access info for patients assigned to them Important that you only access info if required to complete your job

6 Key Issues: #1 Access to Information
Access only the information/records needed to take care of your patients Just because you have access to EPR, does not mean you can access any record, even if it is kept confidential This includes your own record and that of your family, colleagues etc. – you cannot even look up your colleagues birthdates/demographic info

7 Audits Privacy Office audits EPR to determine compliance:
on request of a patient/SDM - to investigate complaints on randomly selected patients/staff/affiliates high profile patients; staff deaths If a breach occurs, the hospital is required by law to inform the patient of any unauthorized access

8 Access to your own records
Ex. Your throat is sore and an ER doctor sends a swab. Later that night you call microbiology to ask them if your culture is positive- can they give you the information? Who can access your results? Check yourself ER doctor ER resident Collegue if you give them permission Patients have the right to access their health information (with some exceptions) Residents who are also patients must access information same as other patients e.g. through Health Records

9 Key Issues: #2 Information Security
Do not share your login information  You are responsible for any activity that occurs under your login Log out of your network application when you are finished! Do not ask another resident to access information on patients if they are not providing the patient care Do not access information using someone else’s login

10 Log out of the network application when you are finished– NEVER leave an access open and unattended

11 Keeping patient info secure
Store electronic confidential information on hospital network, not on local/hard drives or portable devices If you are required to store confidential information on a hard drive or portable device it MUST be either de-identified or encrypted Ensure you have proper approval prior to collecting patient information in a database or other application (REB approval) Never leave confidential information unattended- ie. patients lists after rounds Dispose of lists in confidential bins

12

13 Encryption of Files

14 Keeping patient info secure
Ex. Post on Facebook- “on call at St. Mike’s and sick trauma came in last night on call and got to go to OR!” Is this OK since the patient is not identified? Do not post confidential information on personal or public web pages, e.g. blogging, other social networks, Internet messaging Do not take photographs, video record and/or sound record patients unless you have the appropriate consent – even if the photo/video/sound is ‘de-identified’

15 What about teaching rounds?
Case Studies If education is being provided to colleagues who provide the patient care, express consent from the patient is not required If education is being provided to those who do not provide care e.g. Grand Rounds, the information must be “de-identified” OR you must obtain express consent from the patient

16 Key Issues: #3 Communicating confidential information
Select the most secure method of sending hard copy and transmitting electronic confidential information  if you need to send confidential information either de-identify the info, encrypt the file or send in a secure manner– is not a secure manner of sending outside the organization/ outside the secure system designating s sent within the secure system as “confidential” – subject line

17 Incidental Disclosure
Cannot all be avoided, minimize the risk by: Not discussing PHI in public places, e.g., elevators, hallways, cafeteria, etc. Not using your cell to discuss PHI in public places. Speaking softly when another patient is nearby (e.g., double rooms, ICUs, etc). In clinics, speak to your patients in private rooms, not in the waiting room. Keep charts, mail, test results, etc in protected areas. If necessary for patient care and safety, limited disclosure may be made (e.g., identifying a patient as being on precautions).

18 Inappropriate disclosure – watch where you discuss confidential information

19 Privacy Breaches When PHI is collected, used, disclosed or disposed in a was that does not comply with the Act. Most common: Unauthorized collection (patient not looking after, no consent) Unauthorized disclosure: loss (leave pt list in public place), theft (laptop stolen), mistake (fax/letter sent to wrong person) Unsecure disposal (unshredded file left in garbage) Privacy breaches are happening daily: Residents are unaware they are doing anything wrong Residents don’t know what you can and cannot do

20 Consequences of a Privacy Breach
If you violate the law, you may face: Fines for an offence and/or a lawsuit for damages Civil litigation Loss of appointment or affiliation within a hospital Report to CPSO – disciplinary proceedings If prosecuted and convicted of an offense: Hospital or physician could ne fined up to $250K or $50K respectively A breach of privacy may entitle affected individuals to sue you for damages for: Actual harm a breach caused, or Mental anguish (up to $10K)

21 What should I do? Scenario #1:
Q: I am approached in the hallway by someone who asks me if I know what room a patient is in. I saw the patient’s name on the unit I just left. What should I do? A: Refer the person to the nurses’ station, information desk, or hospital operator. You do not know whether the patient has requested any restrictions. This scenario may present a cultural change, as most healthcare providers want to be helpful to visitors, understanding that family members may be worried about their loved one. However, we also need to be mindful of the patient’s right to privacy.

22 Is this okay? Scenario #2:
Q: I hear about a very unusual case in the OR. I am an ortho resident and the patient is being operated on for ambiguous genitalia. I read some of the clinic notes in EPR. Is this okay? A: No. While it might be argued that educational benefit can be gained by reviewing unusual cases, access to patients’ records in this type of situation is not appropriate. Electronic records are monitored for inappropriate access. If this patient is not under your service, you could be flagged for inappropriate access But just because you are able to access the information does not make it okay to do so. Any access to a patient’s electronic medical record leaves an audit trail of who went into the record. These audit trails are monitored by the facility. You would be subject to sanctions should a facility find that you are accessing records of patients where you have no legitimate purpose to access the information.

23 Is it okay? Scenario #3: Q: My friend was admitted yesterday after collapsing during a bike ride. I am very concerned about her progress and would like to visit her but I don’t know which room she is in. Is it okay if I look up the information in the computer system? A: No. Using your access privileges to look up any information for any patient when there is no need to know based on your responsibilities in the hospital is a violation of patient confidentiality. Unless you are directly involved in providing health care for your friend, accessing the records is inappropriate. Your friend has the same privacy rights as anyone else admitted. Please check with the nurses station or information to find out what room she/he is in or their condition.

24 Is it okay? Scenario #4: Q: Giving handover to the staff and next resident on call via: ? Text message? What if do not use patient name but initials? A: No. Unless txts are going through hospital security system (hospital blackberry’s) then its not secure. Cell phone provider has access. 24

25 Who is at fault? Scenario #5:
Q: On morning rounds EPR is logged in under resident A’s login. Resident B places an order for a patient. Orders the wrong medication. A: Resident A is accountable for resident B’s actions 25

26 References CPSO http://www.cpso.on.ca/
Information and Privacy Commissioner of Ontario Ontario Hospital Association (Physician’s Toolkit) Hospital Privacy Office

27 Questions? Comments? Thank you

Download ppt "Dr. Nicole Golda PGY 5 Urology"

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
HIPAA SCENARIOS Unit 7 Seminar ©http://www.slideshare.net/karna.indian/hipaa-basics-presentation.

HIPAA SCENARIOS Unit 7 Seminar ©
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.

HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Health Insurance Portability and Accountability Act 1.

HIPAA Health Insurance Portability and Accountability Act 1.
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.

HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
1 CAN YOU BELIEVE THIS?. 1 In Jacksonville FL A woman brought her teenage daughter to work at the hospital, and left her unattended at a logged in computer.

1 CAN YOU BELIEVE THIS?. 1 In Jacksonville FL A woman brought her teenage daughter to work at the hospital, and left her unattended at a logged in computer.
Living with HIV Know Your Rights Privacy and health records The information contained in this publication is information about the law, but it is not legal.

Living with HIV Know Your Rights Privacy and health records The information contained in this publication is information about the law, but it is not legal.

Similar presentations

Ads by Google