1 Privacy and Health Information Debra Grant, Ph.D. Senior Health Privacy Specialist Information and Privacy Commissioner/Ontario Annual CAMRT Conference.

Slides:



Advertisements
Similar presentations
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Advertisements

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Kathy O’Brien NEON and NORrad – Current PHI Sharing and How Best to Comply with PHIPA August 26, 2004.
Industrial Relations in Canada Presentation at the Government-to-Government Session and Seminar for an Exchange of Information on Topics of Freedom of.
Building Privacy into Health Information Technology Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Information Technology.
Complying with Privacy to Enable Innovation & Research
Personal Health Information Protection Act: The Role of the IPC Information & Privacy Commissioner/Ontario Toronto, Ontario October 20, 2004.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Living with HIV Know Your Rights Privacy and health records The information contained in this publication is information about the law, but it is not legal.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
The Use of Health Information Technology in Physician Practices
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy by Design: Building Trust into Technology Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario 1 st Annual Privacy & Security Conference.
The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Cambridge.
Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.
Can We Have EHRs and Privacy Too? Dr. Alan F. Westin Professor of Public Law and Government Emeritus, Columbia University; Principal, Privacy Consulting.
Health Insurance Portability and Accountability Act (HIPAA)
Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.
State Alliance for e-Health Conference Meeting January 26, 2007.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.
Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Privacy by Design: Integrating Technology into Global Privacy Practices Harvard.
The Status of Health IT in British Columbia Elaine McKnight.
Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Health Information Protection Act: A Major Step in Healthcare Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario St.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
BC Public Libraries November, 2008 Privacy Principles.
Personal Health Information Protection Act: The Role of the IPC Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario OCA/CMCC.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Privacy Practices.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
©Canada Health Infoway 2016 Health System Use Summit: Health Analytics for Informed Decision Making Technology and Infrastructure Enablers Joan Roch, Chief.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Privacy and Health Information
PRIVACY TRAINING For CAILBA members
Privacy principles Individual written policies
General Data Protection Regulation
Move this to online module slides 11-56
Healthcare Privacy: The Perspective of a Privacy Advocate
Introduction to Health Privacy
Enforcement and Policy Challenges in Health Information Privacy
The Health Insurance Portability and Accountability Act
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG
Ontario’s privacy protective Philadelphia model governance framework
Presentation transcript:

1 Privacy and Health Information Debra Grant, Ph.D. Senior Health Privacy Specialist Information and Privacy Commissioner/Ontario Annual CAMRT Conference PEI Association of Medical Radiation Technologies Charlottetown, P.E.I. June 10, 2005

2 Health Privacy is Critical The need for privacy has never been greater: –Extreme sensitivity of personal health information –Patchwork of rules across the health sector; with some areas in some jurisdictions still unregulated –Increasing electronic exchanges of health information –Multiple providers involved in health care of an individual – need to integrate services –Development of health networks –Growing emphasis on improved use of technology, including computerized patient records

3 Unique Characteristics of Personal Health Information Highly sensitive and personal in nature Must be shared immediately and accurately among a range of health care providers for the benefit of the individual’s treatment and care Widely used and disclosed for secondary purposes that are seen to be in the public interest (e.g., research, planning, fraud investigation, quality assurance)

4 Privacy Risks: Unauthorized Disclosures 3 rd Party Disclosures not authorized by patient may threaten integrity of system  Fear of stigmatization, discrimination, loss of employment opportunities, denial of insurance, denial of housing California HealthCare Foundation survey:  One in six people engage in privacy protective behaviour to shield themselves from misuse of their information

5 Privacy Protective Behaviours  Multiple doctoring  Out of pocket payment  Avoiding testing  Avoiding treatment  Lying or withholding information from providers  Asking providers to misrepresent diagnosis in records  Inaccurate and incomplete information less helpful for primary purposes, such as treatment, and secondary purposes such as research

6 Privacy Defined Information Privacy: Data Protection –Freedom of choice; control –Informational self-determination –Personal control over the collection, use and disclosure of any recorded information about an identifiable individual

7 What Privacy is Not Security  Privacy

8 Authentication Data Integrity Confidentiality Non-repudiation Privacy; Data Protection Fair Information Practices Privacy and Security: The Difference Security

9 Fair Information Practices Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, Retention Accuracy Safeguards Openness Individual Access Challenging Compliance

10 Legislative Context Patchwork of privacy laws Health sector provincially regulated and funded Provincial public sector legislation (applies to ministries, hospitals, in some jurisdictions) Provincial health sector legislation (Alberta, Saskatchewan, Manitoba, Ontario) Federal private sector (commercial health sector) Provincial private sector (Quebec, B.C., Alberta)

11 Canada Privacy Act Canada Personal Information Protection and Electronic Documents Act BC Freedom of Information and Protection of Privacy Act BC Personal Information Protection Act Alberta Personal Information Protection Act Alberta Freedom of Information and Protection of Privacy Act Alberta Health Information Act Sask. Freedom of Information and Protection of Privacy Act Sask. Local Authority Freedom of Information and Protection of Privacy Act Sask. Health Information Protection Act Manitoba Freedom of Information and Protection of Privacy Act Manitoba Personal Health Information Act Ontario Freedom of Information and Protection of Privacy Act Ontario Municipal Freedom of Information and Protection of Privacy Act Ontario Personal Health Information Protection Act Quebec Act Respecting Access to Documents held by Public Bodies and the Protection of Personal Information Quebec Act Respecting the Protection of Personal Information in the Private Sector Nunavut Access to Information and Protection of Privacy Act Northwest Territories Access to Information and Protection of Privacy Act Yukon Access to Information and Protection of Privacy Act New Brunswick Right to Information Act New Brunswick Protection of Personal Information Act Privacy Legislation in Canada Nova Scotia Freedom of Information and Protection of Privacy Act Nova Scotia Part XX of the Municipal Government Act Prince Edward Island Freedom of Information and Protection of Privacy Act Newfoundland & Labrador Access to Information and Protection of Privacy Act This map is based on information taken from the Atlas of Canada Web site C Her Majesty the Queen in Right of Canada with permission of Natural Resources Canada.

12 Impact of Legislation on Practice Most jurisdictions do not have privacy legislation that has been/will be declared substantially similar to the federal legislation – more than one statute may apply All privacy statutes are based on “fair information practices”

13 FIPs Fair Information Practices 1.Accountability for personal information designate an individual(s) accountable for compliance 2.Identifying Purposes purpose of collection must be clear at or before time of collection 3.Consent individual has to give consent to collection, use, disclosure of personal information

14 FIPs (cont’d) 4.Limiting Collection collect only information required for the identified purpose; information shall be collected by fair and lawful means 5.Limiting Use, Disclosure, Retention consent of individual required for all other purposes 6.Accuracy keep information as accurate and up-to-date as necessary for identified purpose 7.Safeguards protection and security required, appropriate to the sensitivity of the information

15 8.Openness policies and other information about the management of personal information should be readily available 9.Individual Access upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and be given access to that information, be able to challenge its accuracy and completeness and have it amended as appropriate 10.Challenging Compliance ability to challenge all practices in accord with the above principles to the accountable body in the organization FIPs (cont’d)

16 Ontario’s PHIPA Personal Health Information Protection Act Came into force November 1, 2004 Applies to organizations and individuals involved in the delivery of health care services (including the Ministry of Health) The only health sector privacy legislation in Canada based on consent Perhaps the only health sector privacy legislation that will be declared substantially similar to the federal legislation

17 Records Management: General Practices Must take reasonable steps to ensure accuracy Must maintain the security of PHI Must have a contact person to ensure compliance with legislation, respond to access/correction requests, inquiries and complaints from public Must have information practices based on fair information practice and transparent to the public Must be responsible for actions of agents – train and educate all staff on privacy and security

18 Issues Raised by Medical Radiation Technologists Individuals right of access to personal health information – who should be fulfilling the request Analogue images – must share original; custodian may not have custody or control of the image

19 Privacy Issues: Emerging Medical Radiation Technology Move from analogue to digital imaging has both benefits and risks Digital images do not deteriorate; easier to store and manipulate Digital images can be shared electronically Digital images are one type of electronic health record – has some of the same advantages and challenges as any other EHR

20 Electronic Health Records (EHR) Advantages  Improve quality and lower cost of health care  Quick access to wide range of data  Better security through more effective access controls and audit trails  Improve privacy protection by limiting access to those with a need-to-know (e.g., role based access)  Better data for health system management, enhancing quality of care, and research

21 More about EHRs… Challenges  Facilitates data linkages and data sharing  Unauthorized access is more catastrophic due to volume of records and quantity and quality of data  Multiple users and multiple access points raises accountability issues and increase vulnerability

22 Key Questions about EHRs  Is participation voluntary or compulsory?  What data should be entered on EHR?  Is data centralized or stored at point of generation?  How do you manage consent, particularly when integrating legacy systems not designed with consent in mind?  What level of security constitutes “reasonable steps”?  Who has access to what information and for what purposes?  If data centralized, who has custody and control of EHR? Who is accountable?

23 Digital Imaging Digital imaging is considered to be a key building block for the EHR by CHI – substantial funding investment Digital imaging systems enable health care providers to view, manage, distribute and electronically store patients’ test images, MRIs, X-rays, CT scans, PET scans, and medical files from any location connected to the system The PACS (picture archiving and communication system) captures, stores and sends images using digital technology

24 Digital Imaging Pilots London, Ontario pilot – goal is to share patient information among care providers across 8 hospitals, through a highly secure information network, to provide a seamless continuum of care Plan to expand pilot to other hospitals in Southwestern Ontario Radiologists and clinicians timely access to virtual imaging across the region will enhance patient care Second pilot implemented by the Fraser Health Authority involving 12 regional hospitals in B.C. CHI plans to fund two more digital imaging pilot projects

25 Privacy Issues Who retains custody and control of the shared archive of images? Who decides who has access to what information in the archive and under what circumstance? Who checks for privacy breaches? Under what legislative authority can a custodian transfer custody and control of the images to a central archive? What is the legal status of a central archive? (e.g., agent, custodian, registry, etc)

26 Attitudes of Canadians Office of Health and the Information Highway, Health Canada reviewed public opinion polls on the use of information and communications technology in the health sector (2002) Review suggests Canadians would welcome expanded role for information and communications technologies in the health sector, provided privacy and autonomy are protected 9 in 10 Canadians from all regions of the country support the development of information systems that would make it easier to access and share information But, Canadians have serious fears about the erosion of personal privacy and doubts about the security of the Internet

27 Initiatives to Address Privacy Issues Harmonization of Privacy Rules Standardization of Privacy and Security Architecture for EHRs

28 Advisory Committee on Information and Emerging Technologies (ACIET) Dec. 2002, Federal/Provincial/Territorial Deputy Ministers of Health created ACIET Mandate to provide policy development and strategic advice on health information issues and emerging health products and technologies

29 ACIET on Privacy Privacy one of five initiatives identified for ACIET Examine how to adequately protect privacy of personal health information that will be collected/used/disclosed in a EHR system Pan-Canadian Personal Health Information Privacy and Confidentiality Framework finalized January 2005 – endorsed by all provinces and territories, except Saskatchewan and Quebec Framework loosely based on Ontario’s new Personal Health Information Protection Act

30 Canada Health Infoway (CHI) CHI was established in 2000 to foster and accelerate the development and adoption of pan-Canadian interoperable electronic health information systems Currently working on an EHR Privacy and Security Conceptual Architecture

31 Ontario’s E-Health Office Consent management framework Technological privacy principles for PHIPA compliance All work is being coordinated with work of CHI

32 Legislation Necessary but Not Sufficient for Privacy Protection “The most effective means to counter technology’s erosion of privacy is technology itself.” Alan Greenspan, Federal Reserve Chairman “A technology should reveal no more information than is necessary…it should be built to be the least revealing system possible.” Dr. Lawrence Lessig, Harvard, September 1999

33 Making Health Privacy Work: What You Can Do Think beyond legislation Use technology to help protect health information: –Build privacy right into design specifications –Minimize collection and routine use of personally identifiable information – use aggregated or coded information if possible –Use encryption where practicable –Think about anonymity and pseudonymity –Conduct privacy impact assessments

34 How to Contact Us Debra Grant Senior Health Privacy Specialist Information & Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 Phone: (416) Web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.