Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrated Assessment Record (IAR) Privacy and Security for IAR Viewers

Similar presentations


Presentation on theme: "Integrated Assessment Record (IAR) Privacy and Security for IAR Viewers "— Presentation transcript:

1 Integrated Assessment Record (IAR) Privacy and Security for IAR Viewers
<Name of HSP> <Date> <Location>

2 There are 2 ways to manage consent in IAR:
IAR Consent Model There are 2 ways to manage consent in IAR: HSP-level consent directives Consent directives that are applied to the assessments collected by your organization IAR-level consent directives IAR-level consent applies to ALL assessments stored in IAR Clients can withdraw their consent for sharing ANY assessments through the IAR, regardless of which HSP conducted the assessment The health service provider level consent directive is applied to the assessment collected by your health service provider, and does not apply to the consent directives that a client may give to other health service providers. (A3) The IAR level consent directive is applied to all assessments in the IAR related to a client, meaning that all the assessments stored in the IAR by all the health service providers can have a consent directive applied to them at once. Let’s start by exploring the health service provider level consent directive.

3 How Consent Works in IAR
HSP-A HSP-B HSP-Level Consent Directive Assessment A1 Assessment A2 Assessment B1 Assessment B2 Yes Yes No No IAR Assessment A1 Assessment A2 Assessment B1 Assessment B2 Client No No Yes Yes IAR-Level Consent Directive IAR Level Consent Directive - YES Clinician

4 How Consent Works in IAR (Cont’d)
HSP-A HSP-B Assessment A1 Assessment A2 Assessment B1 Assessment B2 HSP-Level Consent Directive Yes Yes No No IAR Assessment A1 Assessment A2 Assessment B1 Assessment B2 Client Yes Yes No No IAR-Level Consent Directive IAR Level Consent Directive - No Clinician

5 IAR Privacy and Security User Requirements
Sign and understand the user agreement IAR only needs to be accessed when you are providing services to a client All actions in IAR are logged Choose a strong password and keep it safe Inform clients and manage consent Support client privacy rights Report incidents You should know that: All user activities in IAR are recorded Audit logs are reviewed by your Privacy Officer frequently as well as other Privacy Officers from other health services providers like the HINP Privacy Officer Your user agreement defines acceptable user activities The audit logs will be used to investigate any incidents and/or privacy breaches

6 Staff Responsibilities for Managing Consent
Inform the client so that they understand what they are consenting to Obtain the consent Register and record the consent Intent: The intent of this slide is to describe what responsibilities the staff have for managing consent. Notes: There are three steps that staff must take to manage consent properly for OCAN These are: Informing the client so they understand what they are consenting to When talking about informing the client, talk about the way that YOUR HSP has decided to inform the client. Ie: will you have a scripted conversation with them, will you provide them with printed materials, you will use another method of informing them to make sure that the client has understood. Obtaining consent from the client Tell your staff about how YOUR HSP will obtain the consent. Do you use implied consent and therefore ASSUME that the client has consent after you have informed them, or do you use express consent and ask the question. If you use express consent do you use a form… Documenting that the consent was obtained tell your staff where they will record that they have obtained consent – will there be a form, or should they check it off on their chart… The process for carrying out your responsibilities will be communicated to you later in this presentation.

7 <<Insert informing method A>>
How to Inform Clients In order for the client to understand what they are consenting to, they must be properly informed. We inform clients by: <<Insert informing method A>> <<Insert informing method B>> <<Insert informing method C>> Intent: This slide is intended to be customized by each HSP to describe the DETAILED ways that each person preparing to complete an OCAN should inform the client. Notes: Replace the <<blue text>> with the specific methods that your HSP will use to inform clients, then teach your staff how to use those methods. Eg: Using a poster and pointing it out, giving clients a brochure and talking to it Discussing privacy with clients using a script Making sure to answer questions

8 What to Include When Informing Clients
<<Insert information about WHY you are collecting, using and disclosing their information> <<Insert information about WHAT types of information you are collecting (e.g., psychiatric history, legal status, etc.)>> <<Insert information about the types of HSPs you disclose to and how you disclose assessment data in general>> <<Insert information about what it may mean to the client to have this information collected and used and shared, including positive or negative consequences>> <<Insert how your staff should tell the client that it is their choice to give or withhold consent>> Intent: This slide is intended to be customized by each HSP to describe the DETAILED types of information that staff should provide to the client. Notes: Replace the <<blue text>> with the specific information that your HSP will inform clients.

9 How to Obtain Consent <<Insert the steps that your HSP takes to obtain consent as you decided in the Consent Management workshop>> <<If your HSP uses implied consent, insert where and how staff should note that they informed the client and hearing no objections, assumed consent>> <<If your HSP uses express consent, insert where and how staff should specifically ask for consent>> Intent: This slide is intended to be customized by each HSP to describe the DETAILED ways that each person conducting the OCAN should obtain consent from the client Notes: Replace the <<blue text>> with the specific methods that your HSP will use to obtain consent, then teach your staff how to use those methods. For example: If you use implied consent and ASSUME consent after the client has been informed, tell your staff to assume consent unless the client specifically asks not to share their OCAN. If you use express consent for sharing by just asking clients if they consent to sharing, then tell your staff when to ask the question. If you use a form to ask clients to sign that they have consented, then tell your staff when to provide the form and have it signed.

10 Recording and Registering Consent
<<Insert the steps that your HSP takes to record consent in a central location.>> <<Insert the steps that your HSP takes to register consent along with the assessment.>> Verify how your software presents the ability to record and register consent. If your software has a consent “checkbox”, when staff check the box, does it mean that consent has been provided to share, or that consent has been withdrawn…

11 Assisting the Client with IAR-Level Consent
If the client requests your assistance in withdrawing consent for sharing all assessments through the IAR, you should: Provide the client with the toll-free number for the IAR Consent Management Call Centre Explain to the client the implication of a consent directive in the IAR (willing to share or not willing to share their assessments) Remind the client that he/she can always change his/her mind, about his/her consent directives by calling the toll-free number

12 Client’s Right to Access
The client can: Make a request to you or your organization to obtain a copy of their assessment record Make a request to you or your organization to change their assessment record File a complaint about the privacy practice of your organization Alert your Privacy Officer if you receive these requests This is not new practice, some your audience may well have encountered these requests from the clients before, but the point is to ensure the clinicians and/or case managers know to contact the Privacy Officer when they receive such requests regarding IAR. 12

13 Your Responsibilities in Managing Client Privacy Rights
<<Insert steps that staff should take if client asks to see assessment>> <<Insert steps that staff should take if client asks for a correction>> <<Insert steps that staff should take if client wishes to make a complaint>>

14 Incident Management Examples of Incidents
HINP Privacy & Security Processes 11/04/2017 Incident Management Examples of Incidents Printed patient/client assessment information is left in a public area (e.g., coffee shop) A client’s assessment is faxed to the wrong number Theft, loss, damage, unauthorized destruction or modification of patient records Inappropriate access to patient information by unauthorized users Large amount of IAR records accessed by a single individual in a short period of time (out of the ordinary) User account and password was compromised Network infrastructure affected by malicious users Violation of joint security and privacy policies or procedures 14 14 Sudbury Regional Hospital 14

15 If you see or recognize an incident…
Reporting Incidents If you see or recognize an incident… Example: You found printed assessment records left on a table at the Tim Hortons downstairs …Report it to your Privacy Officer immediately! <Name:> <Phone:> < > Privacy Officer contact information will be displayed in the last slide. 15

16 Contact Information Issues Contact Phone Request or update an IAR user account <<insert user coordinator name>> Privacy issues with client/patient Privacy Officer <<insert privacy officer name or their delegate>> Login account or general IAR issues IAR Support Centre

17 Next Steps Recorded WebEx Sessions: e-learning: 4 modules
IAR Privacy and Security for Clinicians and Case Workers: https://lthcap.webex.com/lthcap/lsr.php?AT=pb&SP=TC&rID= &act=pb&rKey=5480f24eb5a4c080 Consent Management for Clinicians and Case Workers: https://lthcap.webex.com/lthcap/lsr.php?AT=pb&SP=TC&rID= &act=pb&rKey=055548d52c45cd15 e-learning: 4 modules Module 11: Basic Privacy and Client Privacy Rights Module 12: Informed Consent Module 13: IAR Privacy and Security Module 14: IAR Consent The recorded webexes and e-learning modules are intended to be used as a refresher to the specific training that you will provide in these slides. Decide when and how staff should review these 4 elearning modules to supplement the training that you provided to them. Add details to this slide as to where to download the elearning modules – from the CCIM website, or will you host them on your own? Decide how you will follow up with staff to find out if they have reviewed the webexes or e-learning modules and ask them if they have any questions.


Download ppt "Integrated Assessment Record (IAR) Privacy and Security for IAR Viewers "

Similar presentations


Ads by Google