Embed Size (px)
Citation preview
− Privacy breach management
− Responding to requests for access
− Consent management
− Governance
− Where the breach involves a single health care provider?
− Where the breach involves multiple health care providers
participating in one shared electronic health record system?
− Where the breach involves multiple health care providers
participating in multiple shared electronic health record systems?
− The health care provider who committed the breach?
− The health care provider where the breach was committed?
− The health care provider with the closest relationship to the individual?
− The health care provider who last saw the individual?
− ….?
“An individual may exercise a right of access to a record of personal health information by making a written request for access to the health information custodian that has custody or control of the information”
− Must the individual make a written request to the health care
provider who created each record? – Surely not!
− Can the individual make a written request to one health care
provider who will respond on behalf of other health care providers
participating in the shared electronic health record system?
− Can the individual make a written request to any health care
provider who viewed, handled or dealt with the health information even if that health care provider did not create the record?
− Will a central office be established to receive and respond to
requests on behalf of all participating health care providers?
− Global? − Domain?
− Field?
− Provider?
− Encounter?
- Developing privacy and security policies and procedures?
- Auditing compliance with these policies and procedures?
- Conducting privacy and security audits?
- Auditing the collection, use and disclosure of health information?
- What criteria must be satisfied?
- Who will be responsible for determining the criteria?
- How will satisfaction of the criteria be evidenced?
- Who will be responsible for ensuring the criteria is satisfied?
