Embed Size (px)
Citation preview
Privacy and Confidentiality of Electronic Health Records: What Do
Nurses and Other Health Professionals Need to Know?
Virginia Dallaire Jane Clarke
There is a new transition from paper to electronic health records(EHR) in Canada. Although many stakeholders view EHR as a means to improving the quality of health care for every individual in Canada, the issue of confidentiality and privacy needs to be in the forefront for all decision makers and health care providers( Smit, McAllister, Slonim, 2005)
What is Confidentiality, Privacy and EHR?
Confidentiality addresses the individual’s health information , the management and protection of this information from intentional or accidental disclosure to unauthorized individuals( Weitz, Drummond, Pringle, Ferris, Globerman, Hebert et al. , 2003).
Privacy is “ the right of an individual to determine for himself [ or herself] when, how and to what extent he[or she] will release personal information about himself[ or herself]” ( Morris, Ferguson, Dykeman,1999, p.92)
Electronic Health Records are a client’s entire health and health care history that is electronically accessed, collected and stored ( Weitz, Drummond, Pringle, Ferris, Globerman, Hebert et al. 2003)
“Confidentiality should be protected because it protects patients from harm, supports access to health care and produces better health outcomes”( Mulligan& Braunack-Mayer, 2004, p.48).
What is Personal and Confidential Electronic Information?
All personal information such as: name, address, age , individual’s educational, financial, criminal and employment history, race, religion, associations, personal views or opinions, any identifying numbers or symbols assigned to individual
Health Information: Individual’s health history, disabilities, inheritable characteristics, fingerprints, blood type( VIHA, 2002)
What Provincial, Territorial and Federal Legislation Exists to Protect
Personal Information?
Federal: Personal Information Protection and Electronic Document Act( PIPEDA)
PIPEDA is Federal Legislation that protects all personal information which includes electronic health information
Provincial: Every Registered Nurse in Canada is a member of a College of Registered Nurses that sets out standards and codes which address confidentiality and privacy in practice
Alberta: Freedom of Information and Protection of Privacy Act ( FOIPPA) and Health Information Act(HIA)
http://foip.alberta.ca
BC. : Freedom of Information and Protection of Privacy Act( FOIPPA)
Http://www.mser.gov.bc.ca/FOI_POP/Manitoba: Freedom of Information and
Protection of Privacy Act( FOIPPA)Personal Health Information Act
http://www.gov.mb.ca/chc/fippa/index.htmlhttp://www.gov.mb.ca/health/phia/index.html
Northwest Territories: Access to Information and Protection of Privacy Act
http://www.justice.gov.nt.ca/ATIPP/atipp.htmNova Scotia: Freedom Of Information and
Protection of Privacy Act( FOIPPA)http://www.gov.ns.ca/just/foi/foisvcs.htmNunavut: Access to Information and Protection
of Privacy Acthttp://www.info-privacy.nu.ca/en/home
Ontario: Freedom of Information and Protection of Privacy ActMunicipal Freedom of Information and Protection of Privacy ActPersonal health Information Protection Act,2004
http://www.mgs.gov.on.ca/english/index.html
Prince Edward Island: Freedom of Information and Protection of Privacy Act
http://.gov.pe.ca/foipp/index.php3Quebec: Act respecting Access to documents
held by Public Bodies and the Protection of Personal Information
http://www.institutiondemocratiques.gouv.qc.a/index_en.htm
Saskatchewan: Freedom of Information and Protection of Privacy ActLocal Freedom of Information and Protection of Privacy ActHealth Information Protection Act
http://www.saskjustice.gov.sk.ca/legismmaries/freedomofinfoact.shtml
Yukon: access to Information and Protection of Privacy Act
http://www.atipp.gov.yk.ca/
( Office of the Privacy Commissioner Of Canada, 2009)
In addition to Federal, Provincial and Territorial Privacy Acts there
is the Canadian Standards Association Model Code for the
Protection of Personal Information
It is comprised of ten principles which guide the collection, use and disclosure of personal information
Public or private facilities can use this model to ensure privacy and confidentially
Chief Privacy Officer oversees the compliance of the principles and responds to concerns and complaints ( Canadian Standards Association, 2009)
Ten Principles summarized: Purpose for collection of information needs to be
identified Consent required Clear guidelines provided for the disclosure of
information Collection of personal information is limited to
only pertinent information for client’s care
Ensures accuracy, completeness and up-to-date
States personal information needs to be protected by security safeguards
Transparency of organization’s policies
Addresses the clients rights around being informed of all health information and the right to challenge the accuracy and completeness of the information
( Canadian Standards Association,2009)
Key Factors in Managing Privacy and Confidentiality in EHR
Development of policies and procedures that incorporate the following principles:
Transparency: Everyone has the right to know who is accessing their health information
Collection and Use of Personal Health Information: Policies must follow the federal and provincial privacy acts. All health information should be accurate and relevant to why it is being collected
Individual control: Individual can access an audit trail to see who access their personal health information; individual can also limit who can access their information
Security: all measures should exist to protect personal health information( access, collection and storage)
Audit: comprehensive audit done frequently to ensure only authorized access
Accountability and Oversight: Policies in place that will address the monitoring of confidentiality, how to disclose a breach and violations will be dealt with
Technology and Privacy: Privacy protection will be have comprehensive standards and policies
( Health Initiative Blueprint, 2009)
What is a Breach of Confidentiality?
Unauthorized viewing of any client’s health information
Accessing information about yourself, family or friends
Asking co-workers about confidential information that is not pertinent to your care role
Discussion of confidential information in a public area
Unauthorized sharing and disclosure of confidential health information other than authorized by Federal and Provincial Privacy Act s
Lending your keys to someone else to access filing cabinets, file storage rooms where confidential information is stored
Telling your co-worker your password
Using a co-workers password to log in to a computer
Failing to log off your computerFailure to report any breach of
confidentiality(VIHA, 2002)
Breaches of Confidentiality: Where do the most commonly occur?
81% occur in the health care settingUsually occurred during informal conversation
among health care employeesWhile on the telephone
Between health care providers and a clientConversations with family friends and people
outside the health care agency( Nursing, 2004)
How Can Nurses Safeguard the Privacy and Confidentiality of
their Clients EHR?Ensure passwords are kept confidentialUse passwords that can not be deciphered and
change regularlyDo not share passwords and sign off
immediately before leaving the computerNever delete information
Routinely ask “ Do I need to know this information?”
Report any suspicious or actual breaches of confidentiality
( College of Nurses of Ontario, 2006, VIHA, 2002).
What is the role of the Officer of the Privacy Commissioner of
Canada?The Commissioner is an advocate for the privacy
rights of Canadians. She[he] works independently from the government and her[his] role includes:
Investigating complaints in regards to the federal public sector and the private sector
Complaints may come from the public sector if personal information is being held by Government of Canada institutions
Promotes public awareness and understanding of privacy rights
Reports on public and private sector’s handling practices around protection of client’s privacy ( Office of The Privacy Commissioner of Canada, 2009)
What is your role as a nurse or health care professional in ensuring confidentiality and privacy for every client in the health care system?How are you going to meet the challenges of confidentiality and privacy with EHR?
“All that may come to my knowledge in the exercise of my profession or outside my profession or in daily commerce with men, which ought not be spread abroad, I will keep secret and will never reveal”( Hippocratic Oath, circa 4th century BC. as cited in Weitz, Drummond, Pringle et al. , 2003, p.292).
ReferencesCanadian Standards Association. ( 2009) About
the privacy code. Retrieved February 7, 2009 from http://www.csa.ca/standards/privacy/code/Default.asp?articleID=5286&language=english
College of Nurses of Ontario(2006). Documentation Practice Standards: Electronic health records. Retrieved February 7, 2009 from http://www.cno.org/prac/learn/modules/documentation/index.htm
References con’t
Health Initiative Blueprint( 2009). Key elements: Managing privacy, security& confidentiality.Retrieved January 10, 2009 fromhttp://www.ehealthinitiative.org/blueprint/keyPrivacy.mspx
References con’t
Mulligan, E. & Braunack- Mayer, A. ( 2004). Why protect confidentiality in heath records? A review of research evidence. Australian Health Review, 28(1), 48-55.
Morris, J., Ferguson, M., & Dykeman, M.J. ( 2nd ed.). ( 1999). Canadian nurses and the law. Canada: Butterworths
References con’t
Nursing( 2004). Privacy breaches: All too common . 34(9), 35. Retrieved February 17, 2009 from Proquest Nursing Journals database
Office of the Privacy Commissioner of Canada( 2009). Provincial/Territorial Privacy Laws.Retrieved February 10, 2009 fromhttp://www.privcom.gc.ca/prov/index_e.asp
References con’t.Office of Privacy Commissioner of Canada
(2009). Mandate and Mission of the OPC. Retrieved February 17, 2009 from http://privcom.gc.ca/aboutUs/index_e.asp
Privacy Commissioner Of Canada( 2004) PIPEDAawareness raising tools(PARTs) initiative for health sector retrieved February 5, 2009 fromhttp://e-com.ic,gc.ca/epic/internet/inecic-ceac.nsf.en/gv00235e.html
References con’tSmit, M., McAllister, M., & Slonim, J.( 2005)
Building public trust for electronic health records. Retrieved January 25 , 2009 from http://www.lib.unb.ca/Texts/PST/2005/pdf/smit.pdf
Vancouver Island health Authority(2002). General Administration: Confidential information- privacy rights of personal information policy. Section number 1.0, subsection number 1.5, policy number 1.5.1.
References con’t
Weitz, M., Drummond, N., Pringle, D., Ferris, L.E., Globerman, J., Hebert, P., et al. ( 2003). In whose interest? Current issues in communicating personal health information: A Canadian perspective. Journal of Law, Medicine & Ethics, 31, 292-301.
