Computer test 2
.docx
keyboard_arrow_up
School
Centennial College *
*We aren’t endorsed by this school
Course
CVNU322
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
111
Uploaded by MistyRabbit
MODULE 6
Patient privacy
The importance of privacy, confidentiality and security has grown with the implementations of EHRs, health devices and health data transmission across organizations and boundaries. Privacy
Privacy within the context of health care is concerned with the rights of individuals to keep information about themselves from being disclosed to
others; the claim of individuals to be let alone, from surveillance or interference from other individuals, organizations or the government. Information of a patient should be released to others only with the patient's permission or allowed by law. When a patient is unable to do so
because of age, mental incapacity the decisions about information sharing should be made by the legal representative or legal guardian of the patient.
Information shared as a result of clinical interaction is considered confidential and must be protected. As a result, electronic systems and the associated health record need to design systems that ensure health care information privacy, protect the information from misuse. Any health information custodians include the following are required to comply to legislation to maintain patient privacy. the following is a list of potential health care custodian who are bound by legislation and professional accountability.
Health care providers (nurses, doctors etc…) who are employed in any area of health care (hospitals, long term care settings, rehab facilities etc...)
CCAC
Pharmacies, medical laboratories
Local Medical officers of health
Ambulance services
Community mental health programs
Ministry of Health and Long term care employees
The key to preserving confidentiality is to allow only authorized individuals to have access to health care information. This begins with authorizing users. This access is based on preestablished role-based privileges. Access is then controlled through authentication which includes usernames and passwords. Through mandated education and professional accountability, the user is made aware that they will be accountable for the use and misuse of the information they view. In other
words, clinicians should not access information if they are not accountable for the patient (in the circle of care), nor should they allow others to access information under their account. Specific policies and procedures should be implemented to prevent disclosures or breaches that encroach on the privacy of the data’s primary owner – the patient within the organization.
Related terms Confidentiality
: information is kept secret or is accessed by or disclosed to only those with a need to know
Privacy
: restricting access to information in accordance with federal law
and agency policy
Security
: administrative, technical and physical safeguards in an information system to prevent privacy breaches
National Privacy and Security Framework for Health Information
All jurisdictions in Canada (federal, provincial, territorial) have laws in place addressing the protection of personal information, and providing for independent review of individuals' concerns related to the privacy of their information.
Personal Health Information Protection Act
(PHIPA) is the primary piece of legislation that governs privacy. It came into effect in 2004, that sets out the rules for the collection, use and disclosure of personal health information. The act balances individuals’ right to privacy with respect to their own personal health information with the legitimate needs of persons and organizations providing health care services to
access and share this information. With limited exceptions, the legislation requires health information custodians to obtain consent before they collect, use or disclose personal health information. Other components of the legislation include the individuals have the right to access and request correction of their own personal health information. Individuals can expect their health care providers to protect this information and not to use or disclose it, intentionally or inadvertently, for purposes not related to their care and treatment.
PHIPA allows for some exceptions but those are well defined and more about the good of the whole.
It is
understood that some information is needed to manage our publicly funded health care system, for health
research and other purposes that have social value and health care information can be accessed by those who require that information.
In addition, the legislation sets out rules to balance different interests in circumstances where the needs of other parties may affect or conflict with the individual’s right to privacy.
An example of this might be seen in a public health outbreak of communicable disease.
As nurses, we are also governed by our professional organization.
As such , the College of Nurses of Ontario also provides direction on the role of nurse as custodian of health care information under PHIPA.
Nurses are responsible for practices and policies that ensure the confidentiality and security of personal health information. Nurses are also responsible for complying with the Act, and ensuring that everyone is
informed of their duties under PHIPA.
Custodians must implement and follow information practice that comply with the Act and its regulations.
Information practices mean the policy about when, how and the purposes for which the custodian routinely collects, uses, modifies, discloses, retains or disposes of personal health
information and the administrative, technical and physical safeguards and practices that the custodian has in place.
Custodians must take reasonable steps to ensure that personal health information is accurate, complete and up-to-date as necessary for the purposes for which it is used and disclosed.
Custodians must take steps that are reasonable in the circumstances to ensure that personal health information in their custody or control is
protected from theft, loss and unauthorized use and disclosure. personal health information must also be protected againstunauthorized copying, modification or disposal. The custodian must notify individuals if
personal health information is stolen, lost or accessed by an unauthorized person. Additional legislations associated with patient privacy
Quality of Care Information Protection Act (QCIPA) (2016)
This piece of legislation allows health professionals to have open discussions about critical incidents involving patients and their care and quality improvement matters in general. The goal of the legislation is to create a safe environment for clinicians to discuss quality improvement within the unit, organization including critical incidents without fear of the information being used against them in legal proceedings.
QCIPA applies to hospitals, independent health facilities, long-term care homes, licensed medical laboratories and specimen collection centres.
QCIPA, 2016 enables health care providers to have protected quality improvement discussions to help improve patient safety. QCIPA
, 2016 increases transparency and maintains quality in Ontario's health care system by affirming the rights of patients to access information about their health care and facts about critical incidents cannot be withheld from affected patients and their families. In addition, the Minister of Health and Long-Term Care is to review QCIPA every five years and to make changes as required
Health Insurance Portability and Accountability Act (HIPPA) (1996)
HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The primary goal of the
law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs. In addition, HIPPA provides for guidelines in the security of health information in an electronic format, it identifies to control access through tools such as passwords and PIN and to limit access to authorized individuals, encrypting the information, and having an audit trail to determine who accessed the information, what changes were made to the record and when and by whom. Importance of Information Security
Beyond the legislative requirements of keeping health information secure
is the need to maintain public trust. Public trust is earned by ensuring the privacy of health information. Risks to health information security come from both internal and external sources. Internal vulnerabilities may occur when patient records are viewed by those outside the circle of
care, leaving electronic records open or sharing of passwords. These vulnerabilities are often addressed through education of staff and privacy
education is now mandated. External security risk may occur through cyber attacks, hacking into the organization's network, intrusion through the firewall, phising through emails. Organizations are required to provide for strategies to ensure security of health care organizations through firewalls, encryption and other technological strategies.
How to Ensure Security and Privacy
There are six ways identified in the literature by which superior security and privacy solutions are enhanced
1.
Administrative controls through updated policies and procedures with clear outlined expectations of the providers. Education of employees on privacy and security issues and provide that education on a regular basis. Run background checks on all employees.
2.
Monitor physical and system access through identification and verification requirements to all system users and authorized users. Authentication processes through strong passwords and requirements for regular updates to those passwords. Auditing of use of the various systems. 3.
Identify workstation usage through privacy filters when required, clear procedures for the use of wireless devices.
4.
Audit and monitor system users and identify any weakness in the system. Detection of security breach and/or attempts at a breach. Regular audits of users to a system. Take personal and corporate precautions against 'phising'. 5.
Employ device and media controls and construct a security plan for
data disposal. Remove data from reusable hardware, track hardware and back up all data from hardware.
6.
Apply data encryption, in other words disguise all data through cryptography. Protection of Personal Health information in an electronic system
As previously identified, security for any system requires ongoing monitoring and diligence to ensure no security breaches and the same exist for PHI in an EMR. In order to have an effective and secure EMR the following technical security procedures and components are required.
Access management and control in other words user name and password or biometrics (fingerprint, voice or retinal pattern) are used to authenticate the person to their access and only those with authorization
can access the information. Password management through secure password process that requires routine changes. Many organizations now require a two step authentication process.
Encryption of data into a form called ciphertext, that cannot be understood by unauthorized personnel should the information be accessed by unauthorized personnel. Protection against malware.
Security measures related to staff and use of access to personal health information. Critical is the access and equally important is the delisting
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help