Presentation on theme: "Integrated Assessment Record (IAR) Privacy and Security for IAR Viewers "— Presentation transcript:
1 Integrated Assessment Record (IAR) Privacy and Security for IAR Viewers <Name of HSP><Date><Location>
2 There are 2 ways to manage consent in IAR: IAR Consent ModelThere are 2 ways to manage consent in IAR:HSP-level consent directivesConsent directives that are applied to the assessments collected by your organizationIAR-level consent directivesIAR-level consent applies to ALL assessments stored in IARClients can withdraw their consent for sharing ANY assessments through the IAR, regardless of which HSP conducted the assessmentThe health service provider level consent directive is applied to the assessment collected by your health service provider, and does not apply to the consent directives that a client may give to other health service providers. (A3) The IAR level consent directive is applied to all assessments in the IAR related to a client, meaning that all the assessments stored in the IAR by all the health service providers can have a consent directive applied to them at once. Let’s start by exploring the health service provider level consent directive.
3 How Consent Works in IAR HSP-AHSP-BHSP-Level Consent DirectiveAssessment A1Assessment A2Assessment B1Assessment B2YesYesNoNoIARAssessment A1Assessment A2Assessment B1Assessment B2ClientNoNoYesYesIAR-Level Consent DirectiveIAR Level Consent Directive - YESClinician
4 How Consent Works in IAR (Cont’d) HSP-AHSP-BAssessment A1Assessment A2Assessment B1Assessment B2HSP-Level Consent DirectiveYesYesNoNoIARAssessment A1Assessment A2Assessment B1Assessment B2ClientYesYesNoNoIAR-Level Consent DirectiveIAR Level Consent Directive - NoClinician
5 IAR Privacy and Security User Requirements Sign and understand the user agreementIAR only needs to be accessed when you are providing services to a clientAll actions in IAR are loggedChoose a strong password and keep it safeInform clients and manage consentSupport client privacy rightsReport incidentsYou should know that:All user activities in IAR are recordedAudit logs are reviewed by your Privacy Officer frequently as well as other Privacy Officers from other health services providers like the HINP Privacy OfficerYour user agreement defines acceptable user activitiesThe audit logs will be used to investigate any incidents and/or privacy breaches
6 Staff Responsibilities for Managing Consent Inform the client so that they understand what they are consenting toObtain the consentRegister and record the consentIntent: The intent of this slide is to describe what responsibilities the staff have for managing consent.Notes:There are three steps that staff must take to manage consent properly for OCANThese are:Informing the client so they understand what they are consenting toWhen talking about informing the client, talk about the way that YOUR HSP has decided to inform the client. Ie: will you have a scripted conversation with them, will you provide them with printed materials, you will use another method of informing them to make sure that the client has understood.Obtaining consent from the clientTell your staff about how YOUR HSP will obtain the consent. Do you use implied consent and therefore ASSUME that the client has consent after you have informed them, or do you use express consent and ask the question. If you use express consent do you use a form…Documenting that the consent was obtainedtell your staff where they will record that they have obtained consent – will there be a form, or should they check it off on their chart…The process for carrying out your responsibilities will be communicated to you later in this presentation.
7 <<Insert informing method A>> How to Inform ClientsIn order for the client to understand what they are consenting to, they must be properly informed.We inform clients by:<<Insert informing method A>><<Insert informing method B>><<Insert informing method C>>Intent: This slide is intended to be customized by each HSP to describe the DETAILED ways that each person preparing to complete an OCAN should inform the client.Notes:Replace the <<blue text>> with the specific methods that your HSP will use to inform clients, then teach your staff how to use those methods.Eg:Using a poster and pointing it out,giving clients a brochure and talking to itDiscussing privacy with clients using a scriptMaking sure to answer questions
8 What to Include When Informing Clients <<Insert information about WHY you are collecting, using and disclosing their information><<Insert information about WHAT types of information you are collecting (e.g., psychiatric history, legal status, etc.)>><<Insert information about the types of HSPs you disclose to and how you disclose assessment data in general>><<Insert information about what it may mean to the client to have this information collected and used and shared, including positive or negative consequences>><<Insert how your staff should tell the client that it is their choice to give or withhold consent>>Intent: This slide is intended to be customized by each HSP to describe the DETAILED types of information that staff should provide to the client.Notes:Replace the <<blue text>> with the specific information that your HSP will inform clients.
9 How to Obtain Consent<<Insert the steps that your HSP takes to obtain consent as you decided in the Consent Management workshop>><<If your HSP uses implied consent, insert where and how staff should note that they informed the client and hearing no objections, assumed consent>><<If your HSP uses express consent, insert where and how staff should specifically ask for consent>>Intent: This slide is intended to be customized by each HSP to describe the DETAILED ways that each person conducting the OCAN should obtain consent from the clientNotes:Replace the <<blue text>> with the specific methods that your HSP will use to obtain consent, then teach your staff how to use those methods.For example:If you use implied consent and ASSUME consent after the client has been informed, tell your staff to assume consent unless the client specifically asks not to share their OCAN.If you use express consent for sharing by just asking clients if they consent to sharing, then tell your staff when to ask the question. If you use a form to ask clients to sign that they have consented, then tell your staff when to provide the form and have it signed.
10 Recording and Registering Consent <<Insert the steps that your HSP takes to record consent in a central location.>><<Insert the steps that your HSP takes to register consent along with the assessment.>>Verify how your software presents the ability to record and register consent. If your software has a consent “checkbox”, when staff check the box, does it mean that consent has been provided to share, or that consent has been withdrawn…
11 Assisting the Client with IAR-Level Consent If the client requests your assistance in withdrawing consent for sharing all assessments through the IAR, you should:Provide the client with the toll-free number for the IAR Consent Management Call CentreExplain to the client the implication of a consent directive in the IAR (willing to share or not willing to share their assessments)Remind the client that he/she can always change his/her mind, about his/her consent directives by calling the toll-free number
12 Client’s Right to Access The client can:Make a request to you or your organization to obtain a copy of their assessment recordMake a request to you or your organization to change their assessment recordFile a complaint about the privacy practice of your organizationAlert your Privacy Officer if you receive these requestsThis is not new practice, some your audience may well have encountered these requests from the clients before, but the point is to ensure the clinicians and/or case managers know to contact the Privacy Officer when they receive such requests regarding IAR.12
13 Your Responsibilities in Managing Client Privacy Rights <<Insert steps that staff should take if client asks to see assessment>><<Insert steps that staff should take if client asks for a correction>><<Insert steps that staff should take if client wishes to make a complaint>>
14 Incident Management Examples of Incidents HINP Privacy & Security Processes11/04/2017Incident Management Examples of IncidentsPrinted patient/client assessment information is left in a public area (e.g., coffee shop)A client’s assessment is faxed to the wrong numberTheft, loss, damage, unauthorized destruction or modification of patient recordsInappropriate access to patient information by unauthorized usersLarge amount of IAR records accessed by a single individual in a short period of time (out of the ordinary)User account and password was compromisedNetwork infrastructure affected by malicious usersViolation of joint security and privacy policies or procedures1414Sudbury Regional Hospital14
15 If you see or recognize an incident… Reporting IncidentsIf you see or recognize an incident…Example: You found printed assessment records left on a table at the Tim Hortons downstairs…Report it to your Privacy Officer immediately!<Name:><Phone:>< >Privacy Officer contact information will be displayed in the last slide.15
16 Contact InformationIssuesContactPhoneRequest or update an IAR user account<<insert user coordinator name>>Privacy issues with client/patientPrivacy Officer <<insert privacy officer name or their delegate>>Login account or general IAR issuesIAR Support Centre
17 Next Steps Recorded WebEx Sessions: e-learning: 4 modules IAR Privacy and Security for Clinicians and Case Workers:https://lthcap.webex.com/lthcap/lsr.php?AT=pb&SP=TC&rID= &act=pb&rKey=5480f24eb5a4c080Consent Management for Clinicians and Case Workers:https://lthcap.webex.com/lthcap/lsr.php?AT=pb&SP=TC&rID= &act=pb&rKey=055548d52c45cd15e-learning: 4 modulesModule 11: Basic Privacy and Client Privacy RightsModule 12: Informed ConsentModule 13: IAR Privacy and SecurityModule 14: IAR ConsentThe recorded webexes and e-learning modules are intended to be used as a refresher to the specific training that you will provide in these slides.Decide when and how staff should review these 4 elearning modules to supplement the training that you provided to them.Add details to this slide as to where to download the elearning modules – from the CCIM website, or will you host them on your own?Decide how you will follow up with staff to find out if they have reviewed the webexes or e-learning modules and ask them if they have any questions.