Electronic Health Records - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Electronic Health Records

Description:

identify concerns about privacy, confidentiality and security of EHRs ... EHRs 'potentially conflict with privacy principles unless patients control how ... – PowerPoint PPT presentation

Number of Views:654
Avg rating:3.0/5.0
Slides: 18
Provided by: nri4
Category:

less

Transcript and Presenter's Notes

Title: Electronic Health Records


1
Electronic Health Records Legal Issues of
Privacy, Confidentiality and Security
  • Contemporary Issues in Canadian Health Care

Nola M. Ries, MPA, LLM Adjunct Assistant
Professor, University of Victoria Research
Associate, Health Law Institute, University of
Alberta
2
Objectives
  • identify concerns about privacy, confidentiality
    and security of EHRs
  • discuss relevant professional and legal issues
  • highlight lessons learned from case studies

3
Incentives to Invest in EHRs
  • The value of electronic health records as
    tools to improve access, quality and
    comprehensiveness of care should be reinforced so
    that the public clearly understands the benefits
    and demands of their introduction.
  • We recommend that providers, governments and the
    public jointly commit to the rapid adoption of
    these tools.
  • (Health Council of Canada, Report to Canadians,
    2005)

4
Concerns with EHRs
  • issue of privacy, confidentiality and protection
    of personal health information in the context of
    an EHR system is perhaps the most sensitive one
    raised
  • Currently, there is significant variation in
    privacy laws and data access policies across the
    country that poses a challenge for EHR systems
    that are dependent on inter-sectoral and
    inter-jurisdictional flows of personal health
    information.
  • Senator Kirby, Senate Report on the Health of
    Canadians (2002)

5
Privacy, Confidentiality Security
  • Privacy ones right to control who has access to
    information about oneself
  • Confidentiality a duty owed by one to preserve
    the secrets of another
  • Security mechanisms put in place to safeguard
    privacy and ensure confidentiality is maintained

6
Professional Duties
  • Hippocratic oath
  • Whatsoever I shall see or hear concerning the
    life of men, in my attendance on the sick, or
    even apart therefrom, which ought not to be
    noised abroad, I will keep silence thereon,
    counting such things to be as sacred secrets.

7
Health Info Privacy Code
  • right of privacy fundamental in a free and
    democratic society
  • includes patient's right to determine with whom
    he or she will share information and to know of
    and exercise control over use, disclosure and
    access concerning any information collected about
    him or her
  • right of privacy and consent are essential to
    trust and integrity of the patient-physician
    relationship.

8
Legislative Developments
  • public sector information and privacy laws
  • health information laws
  • Manitoba (1997)
  • Alberta (2001)
  • Saskatchewan (2003)
  • Ontario (2004)
  • private sector privacy laws

9
Need for legal framework
  • EHRs potentially conflict with privacy
    principles unless patients control how the record
    is shared and appropriate security measures are
    in place.
  • A coherent legal framework to appropriately
    protect the privacy and confidentiality of
    personal health records is therefore an essential
    first step for successful EHRs
  • Amanda Cornwall, Connecting Health A review of
    electronic health record projects in Australia,
    Europe and Canada (2003)

10
Consent
  • Should individual consent be required before
    information is included in EHR or disclosed
    through EHR?
  • To be legally valid, consent generally must be
    informed
  • Who will have access to info?
  • For what purposes?
  • What security mechanisms are in place?
  • What are risks of unauthorized access?

11
Saskatchewan HIPA
  • comprehensive health records
  • initially gave individuals right to refuse
    consent
  • removed in 2003
  • retain right to restrict access to comprehensive
    health record by giving written instruction

12
Alberta HIA
  • Section 59 required individual consent before
    information could be disclosed electronically
  • authorization for custodian to disclose
  • purpose for disclosure
  • identity of recipient
  • acknowledgement of reasons, risk, benefits
  • date effective
  • statement that consent may be revoked
  • Removed in 2003

13
Practical Experience
  • in facilitating a province wide electronic
    health record, practical experience made it
    apparent that getting consent from Albertans was
    going to be difficult and costly
  • not possible to inform people in a meaningful
    way of all the specific disclosures by electronic
    means, which might ever be made of their health
    information
  • Frank Work, QC, Alberta Information Privacy
    Commissioner

14
Australian Example
  • patient consent required to include information
    in EHR
  • pilot project in Tasmania (2004)
  • many patients were not asked for consent
  • identified need for simple consent process
  • discussion about moving to presumed consent /
    opt-out model

15
United Kingdom example
  • National Health Service care record guarantee
    published May 2005
  • consent for sharing patient information in EHR is
    generally presumed
  • but You can choose not to have information in
    your electronic care records shared
  • consistent with 2006 BMA statement

16
Security Obligations
  • maintain administrative, technical and physical
    safeguards to protect confidentiality and privacy
  • measures to guard against risks associated with
    EHRs
  • audit logs
  • privacy impact assessments

17
Conclusions
  • benefits and risks of EHRs
  • professional obligations
  • ethical and legal
  • patient rights
  • consent and control
  • achieving an appropriate balance
Write a Comment
User Comments (0)
About PowerShow.com