Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Practices.

Published byEric Campbell Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy Practices."— Presentation transcript:

1 Privacy Practices

2 Privacy Principles PHIPA is based on Canadian Standards Association (CSA)’s 10 Privacy Principles: Accountability Identifying Purpose Consent Limiting Collection Limiting Use, Disclosure and Retention Accuracy Safeguards Openness Individual Access Challenging Compliance All TSH personnel are required to ensure these privacy principles are adhered to.

3 Privacy Principles

4 Consent Implied Consent
HICs may imply an individual’s consent to collect and use PHI for providing healthcare. They may also imply consent to disclose PHI to another HIC for the purpose of providing or assisting in the provision of health care to the individual. Expressed Consent In all other circumstances, HICs may only collect, use or disclose PHI with the expressed consent, (i.e., verbal or written consent) of the individual to whom the PHI relates or his/her substitute decision maker.

5 Capacity to Consent Patients must have the capacity to consent. Consent must be voluntary, knowledgeable, and relate to the information. Substitute decision maker (SDM) may consent on patient’s behalf. As a patient…

6 Circle of Care A HIC may only assume an individual’s implied consent to collect, use or disclose PHI if all of the following six conditions are satisfied. 1- Must be a health information custodian 2- The PHI must have been received from the individual, his or her substitute decision-maker or another HIC 3-The HIC must have received the PHI for the purpose of providing or assisting in the provision of health care to the individual 4- The purpose of the collection, use or disclosure of PHI by the HIC must be for the provision of health care 5-In the context of disclosure, the disclosure of PHI by the HIC must be to another HIC 6-The HIC that receives the PHI must not be aware that the individual has expressly withheld or withdrawn his or her consent to the collection, use or disclosure

7 Permitted Disclosure Without Consent
When a patient is injured or incapacitated and unable to consent, we may disclose information necessary to permit contact with next of kin, friend, or potential substitute decision maker May disclose to reduce or eliminate significant risk of harm to individual(s); disclosure of only necessary information to appropriate individual/body would override patient objection To comply with subpoena or warrant, or where a statute of Ontario or Canada requires it. Mandatory reporting of gunshot wounds Mandatory reporting of communicable diseases

8 Ontario Legislation for Our Patients
The Health Information Protection Act (HIPA) provides hospitals with direction concerning the collection, use and sharing of personal health information.  It also requires that hospitals provide that information to their patients.  TSH is developing updated notices that outline the following for our patients: We may collect, use and give out your personal health information to others, as reasonably necessary to: Provide you with health care and assistance, both within and outside the hospital Communicate or consult about your health care with your doctor(s) and other health care providers Get payment for your health care and hospital services including from OHIP and private insurance Do health system planning and research Report as required or permitted by law

9 Ontario Legislation for Our Patients
Patients have the right to refuse to allow their personal health information to be shared, even within the circle of care. This is called a Consent Directive Having a detrimental effect on the provision of care, a formal request is required Should patients express a desire to withhold their personal health information from a care provider or group of providers, the process at TSH is to direct the patient to the Release of Information Area within Health Records

10 Safeguards You are responsible for the PHI you have access to.
TSH must employ safeguards to help you protect PHI. Types of Safeguards: Administrative Technical Physical

11 Administrative Safeguards
Administrative safeguards are administrative actions, policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect information. Examples of administrative safeguards include: Personal Health Information Protection Policy Freedom of Information and Protection of Privacy Policy Confidentiality and User Access Agreement Access Control Processes Release of Health Records Processes Audits and Incident Management Processes Staff must adhere to the Privacy and Information Security policies, practices and protocols to uphold the administrative safeguards that have been put in place to protect all confidential information including staff and patient PI/PHI.

12 Technical Safeguards Technical safeguards means where the technology protects electronic information and controls access to it. Examples of technical safeguards include: Firewalls Encryption Integrity and Authentication Technical Access Controls All PHI data is password protected. Staff with access to PHI must use their own account to access the information.

13 Physical Safeguards Physical safeguards are physical measures to protect information, buildings, and equipment, from natural and environmental hazards, and unauthorized intrusion. Examples of physical safeguards include: Always wearing your identification badge Be mindful of who is following you into secure areas and if they have permitted access Keeping information in a secure location (e.g. locked cabinet) when unattended Video Surveillance You must ensure that all confidential information, including PI/PHI that you may have access to is safely stored.

14 Storage and Retention Any PI/PHI in paper hard copy should be:
Stored in a secure location (e.g. locked cabinet), and Disposed in confidential waste bin for shredding when no longer required Any PI/PHI stored on a portable media device (e.g. disc, USB key) must be encrypted and then destroyed/sanitized when no longer required All records should be retained in accordance with the Records Retention and Disposal Policy

15 Privacy Incidents and Breaches
A contravention of privacy policies, procedures or practices implemented by TSH, where this contravention does not constitute non-compliance with applicable privacy law Privacy Breach: The collection, use or disclosure of PHI that is not in compliance with Personal Health Information Protection Act (PHIPA) or its regulations The collection, use or disclosure of PI that is not in compliance with the Freedom of Information and Protection of Privacy Act (FIPPA) or its regulations Circumstances where PI/PHI is stolen lost or subject to unauthorized or inappropriate collection, use or disclosure, copying, modification, retention or disposal Privacy incidents/breaches can be intentional or inadvertent. It is everyone’s responsibility to immediately report privacy incidents/breaches to the SAFE electronic indecent reporting system and notify the FOI and Privacy Office. You may be required to assist in containing, investigating and resolving the incident/breach.

16 Social Media and Networking
Social media and networking sites such as Facebook, Twitter, and Linked-In can be beneficial to The Scarborough Hospital in health promotion, community engagement, reputation management and enhanced customer service. However, staff must be cautious of the privacy implications. Staff may not use TSH’s name to open and manage accounts unless authorized to do so. Staff must exercise caution when posting comments relating to work to ensure that the confidentiality of hospital’s information and the privacy of patient and staff information is maintained at all times.

17 Potential Repercussions
Failure to adhere to Privacy legislations, hospital policies, intentional breaches, and failure to report incidents/breaches may result in disciplinary actions including potential job loss. Potential Repercussions for TSH: Fines Loss of trust in the organization by our patients/community Information and Privacy Commissioner of Ontario (IPC) may issue an Order Please review

Download ppt "Privacy Practices."

Similar presentations

PRIVACY: 2014. Looking forward … to point of care access, integrated patient info from multiple providers 10 min. course covers: intro to connecting GTA.

PRIVACY: Looking forward … to point of care access, integrated patient info from multiple providers 10 min. course covers: intro to connecting GTA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Kathy O’Brien NEON and NORrad – Current PHI Sharing and How Best to Comply with PHIPA August 26, 2004.

Kathy O’Brien NEON and NORrad – Current PHI Sharing and How Best to Comply with PHIPA August 26, 2004.
Www.ipc.on.ca Building Privacy into Health Information Technology Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Information Technology.

Building Privacy into Health Information Technology Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Information Technology.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
© Information and Privacy Commissioner of Ontario, 2006 Circle of Care Ontario University & College Health Association - May 24, 2013 - Manuela Di Re Associate.

© Information and Privacy Commissioner of Ontario, 2006 Circle of Care Ontario University & College Health Association - May 24, Manuela Di Re Associate.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google