Privacy, Quality and Electronic Health Information Royal New Zealand College of GPs Quality Forum 14 February 2009 Sebastian Morgan-Lynch

Slides:

Advertisements

Similar presentations

Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,

Advertisements

Agenda Problem Existing Approaches The e-Lab Is DRM the solution?

Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.

EHealth Privacy & Security Closing Remarks Brenda Kelley AARP CT 4/20/2009.

Confidentiality new guidance from the GMC. Statutory power to advise The Medical Act 1983 gives the GMC power to provide, in such manner as the Council.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Confidentiality and HIPAA

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

NAU HIPAA Awareness Training

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Mr. Caputo Unit #1 Lesson #7

Recovery Support Systems The Role of Electronic Records (ERs) in the Recovery Support Model. (Why not paper charts?)

Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.

MY SMART PHONE DOES WHAT WITH MY BLOOD PRESSURE DATA ??? Anita Fineberg, LL.B. CIPP/C Barrister & Solicitor President, Anita Fineberg & Associates Inc.

This teaching material has been made freely available by the KEMRI-Wellcome Trust (Kilifi, Kenya). You can freely download, adapt, and distribute this.

The situation The requirements The benefits What’s needed to make it work How to move forward.

Living with HIV Know Your Rights Privacy and health records The information contained in this publication is information about the law, but it is not legal.

1 Information and Data Privacy: An Indian Perspective  Why is this important? Public concern about privacy.  Considerable concern in developed countries.

1.  Incident reports should be written only when you are sure that a persons rights have been violated. True False  Full names of consumers should never.

Informed Consent and HIPAA Tim Noe Coordinating Center.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

 A device that has the ability to read or identify a product or an object  Mainly tracks and identifies objects  Used for security and identification,

The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.

First steps for a data protection commissioner: Some suggestions from New Zealand Katrine Evans Assistant Commissioner (Legal and Policy) Kuala Lumpur,

Practical Information Management

2 Partnerships with professionals. Partnerships and Collaboration Partnerships with other professionals are ongoing long- term relationships based on.

GENETIC TESTING: Issues of Policy & Regulation Jennifer Molina Supervised by: Rosemary Du Plessis SSRC Summer Studentship 2004/5.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Topic 6 Understanding and managing clinical risk.

Privacy and Information Management ICT Guidelines.

State Alliance for e-Health Conference Meeting January 26, 2007.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

IFHRO/AHIMA CONGRESS Washington DC 13 October 2004 Health information privacy A New Zealand Perspective Blair Stewart Assistant Privacy Commissioner New.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

1 Data use, data sharing and information governance Geraint Lewis Chief Data Officer, NHS England Mark Golledge Programme Manager in.

Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:

The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.

Significant Events. Significant Event Analysis (SEA) An SEA is concerned with investigating any occurrence which are identified by any practice members.

HIPAA Health Insurance Portability and Accountability Act of 1996.

Your health record How the local NHS uses and protects the information held about you Other ways that your records may be used Your local NHS services.

Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.

Insurance Medicine and the Medical Profession A discussion of competing factors and opportunities Dr Antony Vriens Chief Medical Director Manulife Financial.

This leaflet explains the purpose of Berkshire West Connected Care and how it works. It also gives information to help you decide whether you want to opt.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Progress reviews and setting targets during learning.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Aged and Disabled Waiver (ADW) Health Insurance Portability and Accountability Act (HIPAA) Training 2015 October 2015.

School of Health Sciences Unit 3 Legal Aspects of Health Information and Health Care Statistics HI 135 Instructor: Alisa Hayes, MSA, RHIA, CCRC.

HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept.

Nick Nurden Business Partner – The Ridge Medical Practice.

Key Knowledge Confidentiality Year 4 Medical Ethics and Law Thread Course The Ethox Centre, University of Oxford.

Multi-agency data sharing initiatives to support social policy interventions.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

The National Data Guardian’s Review of Data Security, Consent and Opt-Outs IGA Conference 2016 Dame Fiona Caldicott 16 March 2016 N ational D ata G uardian.

Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.

Director, Regulation and Strategy

D3 Confidentiality.

Health and Safety! By jack Hughes.

Healthcare Privacy: The Perspective of a Privacy Advocate

Move this to online module slides 11-56

Handling information 14 Standard.

The Health Insurance Portability and Accountability Act

Presentation transcript:

Privacy, Quality and Electronic Health Information Royal New Zealand College of GPs Quality Forum 14 February 2009 Sebastian Morgan-Lynch Policy Adviser (Health) Office of the Privacy Commissioner

Health Information Privacy Code 1994: Summary 1)Only collect the information you need 2)Get it from the person concerned 3)Tell them what you're doing 4)Be nice when you're doing it 5)Take care of the information once you've got it 6)They can see it if they want to 7)They can correct it if it's wrong 8)Make sure it's accurate before you use it 9)Get rid of it when you're done with it 10)Only use it for the purpose you got it for 11)Only disclose it if that's why you got it 12)Be careful with unique identifiers

Health Information Privacy Code 1994: Summary of the Summary 1)Purpose 2)Openness

Paper Records  Traditional, convenient and familiar  Vulnerable to fire, water, theft  Likely to be limited number of copies  No way to tell if someone has looked at (or copied) a record  Physically bulky

Electronic Records  A lot of information can be stored in a small (=>tiny=>miniscule) unit  A lot of information can be lost very quickly  Complex range of potential access – anonymised, pseudonymised etc  Much easier to collate and analyse data, once collected  Much, much more accessible over distance  People don't necessarily understand them  Easy to track access, if system set up with appropriate safeguards

The Situation  Most GPs with computerised practices  Public awareness of electronic health information low  Increasing awareness of deaths due to medical error - DHB serious and sentinel events reports, ~100,000 per year in US  Multiple regional and national projects to develop EHRs or electronic health systems  Growing concern in sector over risks arising from expansion of electronic health records  No compulsory data breach disclosure  Potential for huge data breach – sweeping change in public perception – baby/bathwater

Privacy Protections for Electronic Health Records  No legal distinction between privacy of health information stored on paper and electronically  Practical issues around purpose and openness with electronic information – “gatekeepers”  How many people know how their information is actually going to be used?  Whose job is it to tell them?

Rule 3 Paraphrase  As the ‘front line’, GPs need to make sure their patients know why their information is being collected and who is going to see it  Therefore, GPs need to know where the information they collect is going to go, and why  Currently this is not always the case

Testsafe  Testsafe created as regional results repository in Auckland region (CMDHB, WDHB, ADHB)  Privacy framework, opt off, ability for patients to ‘blank’ date ranges  Harbour Health unhappy with various aspects of programme, particularly privacy, recommended its GPs not participate  Meeting end 2008, agreed that Testsafe needed to help ensure patients and GPs knew how, where and why the results were being stored

Benefits, Risks, Opportunities  Benefits –National access to health information – servicing increasingly transient population –Potentially more efficient use of resources –Lessen medical errors from transmission, transcription, lost referrals, incorrect medication etc  Risks –More potential for large scale data breaches –Loss of consumer trust if improperly managed –Large collections of identified clinical data very tempting for secondary uses – commercial, clinical, employment  Opportunities –Ensuring good information management practices generally good clinical sense –GPs in position to play key role as advocates for their patients’ interests

Contact Telephone:Wellington (04) Auckland (09) Enquiries hotline: Internet address: