Privacy of patient data versus patient safety. HIMSS Europe, Nov 6, 2014

PRIVACY & PATIENT SAFETY

Disclosure slide

• Nothing to disclose

https://www.linkedin.com/pub/dr-arjen-noordzij/17/486/791

dokter_no

https://www.linkedin.com/pub/dr-arjen-noordzij/17/486/791

Spaarne Hospital

11/6/2014 © 2012–2014 Healthcare Information and Management Systems Society (HIMSS) 3

EMR in Spaarne Hospital

• Since 2008: Epic

– Introduction in 2 phases

– Enterprise

– Integration: 1 patient, 1 record• Medical

• Financial

– Complete order management

– Closed medication loop

Dutch data protection act

• Access to (electronic) patientdatais strictly restricted to the employees directly involved in the execution of the treatmentcontract of a patient.

• Influence on patient safety?

Dutch data protection act

• Risks

– Type of data

– Processing

• Appropriate security level

• Technical & organizational

– Technical possibilities

– Costs

• Prevention

Organizational measures

• Information

– Code of conduct

– 10 golden rules

– Cases on intranet

– Broad privacy meetings

• Privacy functionary

• Privacy as distinct category in secure reporting of incidents registry

• Immediate dismissal of 2 nurses

Technical measures

• Password policy

• Single sign-on

• Epic

– Audit trail

– (smart logging)

– Breaking-the-glass

Privacy Protection Commission

According to those signals access to electronicpatientdata is not strictly restricted to the employees directly involved in the execution of the treatment contract of a patient.

Balance between behavioural and technical measures

Process

• outpatient & inpatient

• Scoring system

– Satifies PPC requirements

– Impairs patient safety

– Impairs daily practice (efficiency)

– Additional personnel necessary

– Technically feasible

Proposal (1)

• Access defined on speciality level

• Outpatient personnel: access to known patients

• Inpatient personnel

– Access around admission

– Patients admitted for own speciality (or consultation)

– ICU personnel: access to all clinical patients

• ‘unlimited’ access: ICU, OR & ED patients

Proposal (2)

• Breaking-the-glass

– Very effective

– Fear to ‘break the glass’

• Smart queries on breaking-the-glass files

• Manual check

Does privacy impair safety?

• Potentially: yes

• With proposed measures: most probably not

• It does impair efficiency (breaking-the-glass)

• Balance between desirability and feasibility

• Opinion PPC versus legislation