Later That Day.

1
Later That Day.
2
And Then.
3
Points To Ponder

• Why is confidentiality important?
• How does confidentiality play a role in any
  health care setting?
• With the new implementation of the EHR, how can
  you suggest that confidentiality be maintained
  and ensured for every person?

4
The Electronic Health Record
By Marie Claire, Katie McILmoyle, Celeste
Gagnon, Angela Brandon and Angie Cimprich

• Patient Confidentiality

5
Objectives of Confidentiality with the EHR
1.
What is the Electronic Health Record?
2. What is Confidentiality?
3. Legislation of the EHR
4. The Future of the EHR.
6
Disciplines of the EHR
Where the EHR can be used!
Hospitals
Doctors Offices
Electronic Health Record
Home Health
Pharmacy
Laboratory
7
What is the EHR?

• An electronic health record provides each
  individual with a secure and private life-time
  computerized record of his or hers health history
  and care received from the health care system.
• What is the Electronic Health Record (EHR) used
  for?
• Documentation of patient care.
• Communicate essential aspects of patient care to
  other members of the health care team and to the
  client.
• It is a legal record.
• Research purposes and quality improvement.

8
The 5 Rights of the EHR

• Right Information
• About the Right Client
• Available to the Right Person
• In the Right Place
• At the Right Time

TEXT
TEXT
TEXT
TEXT
The Five Rights Are a Part of Our Future, So Lets
Use Them Properly!
9
Advantages of the EHR

• Support and improve quality of patient care
• Enhance productivity of health care professionals
  and reduce the costs associated with health care
  delivery
• Support clinical and health service research
• Accommodate future developments in health care
  technology, policy, management and finance
• Saves time for documentation and patients do not
  have to repeat their health history more than
  once
• Allows other hospitals to access files,
  therefore, it is faster for health care
  facilities to pull up files
• Multidisciplinary Connection
• Writing is legible

10
Barriers of the EHR

• Many approaches and many levels of governance
• Debate on who should regulate and manage the EHR
• Lack of standardization
• Architecture (System Interoperability)
• Support from stakeholders
• Leadership and funding
• Policies Privacy and Liability
• Confidentiality

TEXT
TEXT
TEXT
TE
TEXT
TEXT
11
Confidentiality

• Confidentiality A duty that one owes to
  safeguard information that has been entrusted
  them by another.

12
4 rules to safeguard confidentiality

• Rule 1 Log off. If you forget to log off,
  anyone can look up anything, as well as
  manipulate anything that you have access to. The
  computer has no way of knowing that you are not
  the one at the keyboard.
• Rule 2 Remember your password and keep it
  private. Tips to remember your password Stick it
  on a piece of paper on the back of your name tag,
  and some even write it on their hands.
• Come up with a password that is easy to remember,
  or start or end your password with a code-the
  letter H for home and W for work.
• Never borrow someone elses password from another
  nurse or loan one.
• You dont want to be responsible for a mistake
  someone else has done due to them documenting
  with your password.

TEXT
TEXT
13
4 rules to safeguard confidentiality

• Rule 3 Keep outsiders away from the computers.
• Tilt the computer screen away from where it could
  be read by non health care professionals.
• Dont underestimate the potential for serious
  consequences if visitors, family, or friends get
  their hands on the keyboard you were using.
• Be sure to report any unauthorized access to your
  computer.
• Rule 4 Dont go where you should not go.
• Dont access your own lab records. Accessing them
  could violate a confidentiality agreement that
  your facility probably asked you to sign before
  giving you access to the EHR system.
• Such breaches could result in administrative
  penalties, including dismissal.
• Respect your patients privacy!

14
Continued
15
Example of the EHR in Health Care Practice

• EHR systems in physical therapist practices.
• Barriers included Challenges with behaviour
  modification, equipment inadequacy, and training.
• Key success factors included End-user
  participation, adequate training, workflow
  analysis, improved reporting capabilities,
  performance evaluation of rehabilitation services
  (ex. Evaluating the effectiveness of physical
  therapists interventions for improving
  ambulation), customized to meet the needs of
  patients, payers, referral sources, department
  workload, has superior capabilities for storing,
  processing, and retrieving information, implement
  admission orders, improved interdepartmental
  communication and data standardization and data
  accuracy.
• This example provides a foundation to better
  design, implement and evaluate EHRs.

16
Confidentiality and the CNO

• Compendium of Nursing Standards
• Confidentiality and Privacy Personal Health
  Information
• Discusses nurses ethical and legal
  responsibilities to maintain the confidentiality
  and privacy of clients health information
  obtained while providing care

17
The Future of the EHR

• For the EHR to succeed everyone has to work
  together
• To provide confidentiality it is essential that
  privacy and security are an integral part of the
  development of the EHR in our hospitals

18
The Future of the EHR

• The EHR would provide
• More developed multidisciplinary connections
• Easier and faster access to health information
  that is up to date
• Ability to access information at the same time

19
Neat Clip!
20
Canadian EHR Legislation

• PIPEDA Personal Information Protection and
  Electronic Documents Acts
• As of January 1, 2004 the statute applies in the
  health sector within a province to organizations
  that collect, use and disclose personal
  information during the course of commercial
  (public or private) activities, as well as to
  cross-border flow of personal information for
  commercial purposes.

21
Canadian EHR Legislation

• In Provinces that have private sector privacy
  laws and/or health information privacy laws.
• If a province enacts private sector privacy
  legislation that is substantially similar to
  PIPEDA, the provincial legislation will prevail.
• However, PIPEDA will continue to apply in these
  provinces in regard to flows of information
  outside provincial boundaries.
• Ontario has provincial legislation PHIPA.

22
Ontario Legislation

• PHIPA Personal Health Information Protection
  Act,
• November 1, 2004
• The purposes of this Act are
• (a)    to establish rules for the collection, use
  and disclosure of personal health information
  about individuals that protect the
  confidentiality of that information and the
  privacy of individuals with respect to that
  information, while facilitating the effective
  provision of health care
• (b)    to provide individuals with a right of
  access to personal health information about
  themselves, subject to limited and specific
  exceptions set out in this Act
• (c)    to provide individuals with a right to
  require the correction or amendment of personal
  health information about themselves, subject to
  limited and specific exceptions set out in this
  Act
• (d)    to provide for independent review and
  resolution of complaints with respect to personal
  health information and
• (e)    to provide effective remedies for
  contraventions of this Act.  2004, c. 3,
  Sched. A, s. 1.

23
PHIPA Fills in PIPEDA Confidentiality Gaps

• Consent
• informed consent verses implied consent.
• Should provide information regarding who will
  have access to the information and why security
  measures are in place to safeguard the record to
  patient.
• Examples of consent
• Implied consent circle of care consent to
  those directly involved in patient care.
• Informed consent research
• Privacy
• Patients right to determine with whom he or she
  will share information and to know of and
  exercise control over use, disclosure and access
  concerning any information collected about him or
  her.
• Lock Box
• Override custodian may disclose (regardless of
  the individuals wishes) if necessary to
  eliminate or reduce a significant risk of serious
  bodily harm to a person or groups of persons.
• Security
• Measures taken to safeguard personal information
  from unauthorized access, use or disclosure.
• Two types Data and system

24
CTV NEWS

• Canada Lags on Use of Electronic Medical Records
• An international survey of more than 6,000
  doctors is giving Canada poor marks for
  inadequate use of EHRs.
• 23 per cent of Canadian physicians use electronic
  medical records, which is the lowest percentage
  and far behind the 98 per cent level in the
  Netherlands.
• The Commonwealth Fund reported that primary care
  doctors in Australia, the Netherlands, New
  Zealand and the United Kingdom have the most
  widespread and multifunctional systems.
• Fewer than 1/5 Canadian and U.S. primary-care
  doctors have access to "robust information
  systems" that provide a foundation to guarantee
  high-quality care.

25
Controversies of the EHR

• Do physicians and nurses have the right to gain
  access to ALL medical data in a patients
  history?
• Does a patient have the right to withhold
  clinical information from the physician and to
  provide only a selective history, even if the
  lack of history may limit the practitioners
  ability to diagnose and treat the patient most
  effectively.
• Does a physician have the right to access ANY and
  ALL patient information in an emergency even if
  there was no previous affiliation with the
  patient?

26
Continued

• Unprotected electronic records can be hacked and
  stolen by identity thieves.
• In July of 2006 57 000 patient electronic records
  on back-up tapes were stolen from Phoenix-based
  managed care company.
• Third parties can mine electronic records for
  data to market health products or screen out
  people as insurance or employment risks.

27
Workable Solutions to Eliminate Controversies

• Technology-based solutions Focus on the ability
  of specially designed hardware and/or software to
  limit the access of information based on special
  computerized identifiers, such as smart cards.
• Policy-based solutions Develop model legislation
  that would define right of access, data element
  definition, procedures of release and access, and
  monetary fines for abuse of confidentiality, as
  well as suspension or dismissal professional
  licenses.
• Policies must be written to define who has the
  right to access patient data and how the access
  is monitored, so there is not an automatic
  assumption of release to someone just because
  they are employed at the hospital or are a member
  of medical staff.
• For example, there should be a special bypass
  code used by all practitioners who are not listed
  as a current caregiver of a particular patient.

28
References

• http//www.e-laws.gov.on.ca/DBLaws/Statutes/Englis
  h/04p03_e.htm
• http//www.ipc.on.ca/images/Resources/up-2006_05_0
  7_DG_OAMRT.pdf
• College of Nurses of Ontario. http//www.cno.org
• Sharpe, V. (2005). Privacy and security for
  electronic health records. The Hastings Center
  Report. 35(6).
• Roberts, D. Infobytes From the Internet to
  Informatics.
• Rhine, M., Taggard, S., Vreeman, D., Worrell,
  T. (2006). Evidence for
• Electronic Health Record Systems in Physical
  Therapy/Invited Commentary/
• Author Response. Physical Therapy, 86(3),
  434-450. Retrieved November 4,
• from ProQuest.
• Gryzbowski, D. (2005). Patient privacy the right
  to know versus the need to access. Health
• Management Technology, 26, (9), 54-60. Retrieved
  October 28, from ProQuest.
• Sharpe, V. (2005). Privacy and security for
  electronic health records. The Hastings Center
• Report, 25 (6), 1-3.