Selling an Idea or a Product

1
(No Transcript)
2
Overview

• 1. The Personal Health Information Act (PHIA)
• 2. Key Definitions
• 3. CancerCare Manitoba Confidentiality Policy re
  PHIA
• 4. Other PHIA Related Policies
• 5. Breaches of Confidentiality
• 6. Pledge of Confidentiality

3
The Personal Health Information Act (PHIA)

• Is a Manitoba law that protects the privacy of
  all personal health information that can identify
  an individual patient or client

A government Act is a law or rule that must be
obeyed
4
Objectives of Session

• To identify your role and responsibility in
  complying with PHIA
• To give you information to enable you to sign a
  Pledge of Confidentiality re PHI

5
Reasons for Sessions

• CancerCare Manitoba has had policies on
  Confidentiality and the protection of patient
  information in the past
• Now we need to inform you about the changes and
  additions to the policies resulting from PHIA

6
Key Benefits

• This session will support your continued efforts
  to provide care that
• respects patients privacy
• respects your co-workers privacy when they are
  patients
• You will also be aware of what is needed to
• comply with the Act and its related policies
• identify and avoid breaches of confidentiality

7
Definitions

• Personal Health Information includes
• ALL information recorded, spoken or heard that
  can IDENTIFY an individual and that relates to
  that persons
• health or health care history
• behaviour resulting from illness or treatment
• type of care or treatment provided
• payment for health care provided, PHIN or other
  identifying numbers or symbols

8
Definitions

• Personal Health Information also includes
• financial position
• home conditions
• domestic difficulties
• other private matters disclosed to staff such as
• age or birth date
• sexual orientation

9
Definitions

• Personal Health Information DOES NOT include
• Anonymous or statistical information that does
  not, either by itself or when combined with other
  information available to the holder, permit
  individuals to be identified.

10
Definitions

• Record or Recorded Information
• Means a record of information in any form, and
  includes information that is written,
  photographed, recorded or stored in any manner,
  on any storage medium or by any means, including
  by graphic, electronic or mechanical means such
  as X-rays, emails, voicemail messages, computer
  disks and faxes.

11
Definitions

• Trustee
• Means a health professional, health care
  facility, public body, or health services agency
  that collects or maintains personal health
  information (PHI).
• Has a duty to assist individuals in gaining
  access to their own PHI, and to protect the
  privacy of individuals in the collection, use,
  disclosure, security, retention and destruction
  of PHI.

12
Definitions

• Privacy Officer
• Has specific responsibilities including
• dealing with requests from individuals who wish
  to examine, copy /or correct their personal
  health information under PHIA
• facilitating CancerCare Manitobas compliance
  with PHIA
• CCMB Privacy Officer
• Ellen Tower
• Phone 787-1626
• Email ellen.tower_at_cancercare.mb.ca

13
Privacy of PHI

• PHIA
• ensures personal health information is accurate
  and up to date before using or disclosing it
• requires a trustee to comply with policies
  governing the retention and destruction of the
  information
• requires a trustee to adopt reasonable
  administrative, technical and physical safeguards
  to ensure the confidentiality, security, accuracy
  and integrity of the information

14
Duties and Obligations

• PHIA imposes Duties and Obligations on all
  employees of trustees and students working in
  health care facilities.
• One obligation is to implement policies which
  outline staff/students responsibilities under
  PHIA.

15
CancerCare Manitoba is meeting PHIAs
requirements by

• Implementing Policies
• Providing Education
• Keeping Documentation
• Conducting Evaluations
• Adjusting Our Practice
• Appointing a Privacy Officer

16
Confidentiality PHIA-Related Policies

• The PHIA Policies provide guidelines to help us
  implement the Act
• Policies are instructions developed by an
  institution that let us know
• what must be done
• who is responsible to do it

CCMB Policies
17
Joint WRHA/WRHA Facility Policies

• The Winnipeg Regional Hospital Authority and all
  of the WRHA Facilities have enacted JOINT
  policies related to PHIA

18
WRHAs Confidentiality Policies Address

• Personal Health Information for
• Patients
• Employees when they are patients

19
Benefits of Joint Policies

• The same policies will be in effect in all WRHA
  Facilities.
• You only need to attend one orientation session.
• You only need to sign one WRHA Pledge which will
  allow you to work in any of the WRHA Facilities.

20
Cautions for Joint Policies

• The policies are the same, but there may be small
  procedural differences between the WRHA
  Facilities.
• Each facility has its own Privacy Officer.
• When in doubt about the correct procedure, always
  check with a supervisor or manager at the
  facility site where you are located.

21
CCMB Confidentiality Policy

• CCMB Confidentiality Policy for PHI is
• 1. All CCMB employees and Persons Associated with
  CCMB are responsible for protecting the security
  of all personal health information (oral or
  recorded in any form) that is obtained, handled,
  learned, heard or viewed in the course of his/her
  work or association with CCMB.

22
CCMB Confidentiality Policy contd

• 2. Personal health information shall be
  protected during its collection, use, storage
  and destruction within CCMB.

23
CCMB Confidentiality Policy contd

• 3. Use or disclosure of personal health
  information is acceptable only in the discharge
  of ones responsibilities and duties (including
  reporting duties imposed by legislation) and
  based on the NEED TO KNOW.
• Discussions regarding personal health
  information shall not take place in the presence
  of persons not entitled to such information or
  in public places (elevators, lobbies,
  cafeterias, off premises, etc.)

24
CCMB Confidentiality Policy contd

• 4. The execution of a Personal Health
  Information Pledge of Confidentiality
  (Confidentiality Pledge) attached to the
  Policy is required as a condition of
  employment/contract/association/ appointment
  with CCMB . . .

25
CCMB Confidentiality Policy contd

• 5. Unauthorized use or disclosure of
  confidential information shall result in a
  disciplinary response up to and including
  termination of employment/ contract/associatio
  n/appointment.
• A person convicted of an offence under The
  Personal Health Information Act may be required
  to pay a fine up to 50,000. A confirmed breach
  of confidentiality may be reported to the
  individuals professional regulatory body.

26
CCMB Confidentiality Policy contd

• 6. All individuals who become aware of a
  possible breach of the security or
  confidentiality of personal health
  information shall follow the procedures
  outlined in this Policy.

27
Other PHIA Related Policies

• The policies required to deal with other aspects
  about personal health information such as its
• use
• collection
• disclosure
• storage
• destruction

28
Other PHIA Related Policies

• Access to PHI
• Individuals have a right to review their personal
  health information and receive copies.
• Requests should be in writing and sent to the
  Privacy Officer.
• Requests for Access may be refused for reasons
  specified in PHIA (and in this Policy)
• Requests must be responded to within 30 days

29
Other PHIA Related Policies

• Collection of PHI
• PHIA
• restricts the type and amount of information that
  can be collected.
• requires that the information collected directly
  from the individual except under prescribed
  circumstances.
• requires the trustee who collects the information
  to inform the individual of the purpose for
  collecting it.

30
Other PHIA Related Policies

• Collection of PHI
• Individuals are to be NOTIFIED about what PHI is
  being collected and the PURPOSE for which it is
  collected.
• Only collect as much personal health information
  as is reasonably necessary to accomplish the
  purpose for which it is collected.

31
Other PHIA Related Policies

• Use and disclosure of PHI
• PHIA
• limits the amount of information used or
  disclosed by the trustee
• limits the use of the information to the purpose
  for which it was originally collected, for a
  purpose directly related to that purpose or for
  purposes set out in the Act.
• restricts the disclosure of an individuals
  personal health information without consent

32
Other PHIA Related Policies

• Use and Disclosure of PHI
• USE is revealing PHI to someone within the
  trustees organization.
• DISCLOSURE revealing PHI to someone outside the
  trustee.
• Example If you are a CCMB employee, you USE
  information within CCMB but you DISCLOSE
  information to someone employed at SBGH or to
  Home Care as they are separate trustees.

33
You MAY use Personal Health Information ONLY when

• you NEED TO KNOW this information to do your
  job or
• you have permission from
• the individual the PHI is about
• a person permitted to exercise the rights of an
  individual or
• you are entitled by PHIA or other legislation

34
You CANNOT use personal health information when
it is...

• in the presence of persons NOT entitled to such
  information
• in public places such as elevators, lobbies,
  cafeterias, off premises, etc.

35
Other PHIA Related Policies

• Use and Disclosure of PHI
• CONSENT is required in order to disclose
  information except in the circumstances set out
  in PHIA Personal Health Information Act Part 3
  Section 22(2), 22(3).

36
Other PHIA Related Policies

• Use and Disclosure of PHI
• Example Politician receives a complaint from
  a patient waiting for an MRI. He calls and asks
  about the patient. Do you give him the
  information?

37
Other PHIA Related Policies

• Disposal of Confidential Material
• All confidential material must be disposed of by
  an approved method (incineration, shredding or
  other).
• Example You made an extra photocopy of an X-ray
  report. Dont toss it into an open garbage can.
  Put it in a shredder or other container for
  confidential material.

38
Other PHIA Related Policies

• Access to, Disclosure of Corrections to
  Clinical Record under the Mental Health Act
• Audit of Security Safeguards
• Correction of PHI
• Definitions Policy
• Transmission of PHI via Facsimile

• Reporting of Security Breaches Related to PHI
  Corrective Procedures to be Followed
• Retention Destruction of PHI
• Security Storage of PHI
• Security Measures for Electronic Databases
  Transfers of PHI

39
Where to find PHIA Policies

• Novell GroupWise Library - Corporate Policies
• Privacy Officers

40
Breaches

• A Breach of Confidentiality is when you . .
• Access or request personal health information NOT
  NEEDED by you to do your CCMB job
• Provide information NOT NEEDED by the other
  person to do their job
• Provide information to an individual who has no
  right to have the information under PHIA

41
Breaches

• Responsibility for Reporting Breaches of
  Confidentiality
• ALL CCMB employees, volunteers, physicians
  others associated with CCMB are responsible to
  report any breaches of confidentiality by
• another employee, volunteer or person
  associated with CCMB
• themselves

42
Breaches

• If you Know or Suspect a Breach of
  Confidentiality has Occurred
• Immediately notify
• Your Supervisor or Manager or
• CCMB Privacy Officer
• Ellen Tower - 787-1626

43
Breaches

• When a breach has been reported, the Privacy
  Officer, in consultation with others
• Decides whether to investigate or not.
• If the decision is yes,
• The Privacy Officer, will
• investigate the allegation
• consult with appropriate persons
• document findings
• determine if a breach has occurred

44
Breaches

• If a breach of Confidentiality is Confirmed
• Discipline can include
• oral or written warning
• suspension
• termination of employment, contract, association
  or appointment
• a personal fine of up to 50,000 for PHIA
  violations, imposed by the courts

45
Breaches

• What do I do if I am Not Certain?
• If you are not sure what is appropriate or right
  in a specific situation,
• discuss with your Supervisor/Manager or
• call the Privacy Officer
• These individuals will support you in how to
  correctly apply CCMBs Confidentiality Policies

46
Pledges

• Confidentiality Pledges are...
• A condition of employment, contract,
  association or appointment with CCMB.
• Signed ONCE, if you are a CCMB employee, WRHA
  student or WRHA Medical staff member
• unless there is a substantial change in your
  position
• renewal is considered necessary by a department,
  program or division manager

47
Pledges

• Confidentiality Pledges are required from
• Anyone ASSOCIATED WITH CCMB, Including

• Employees
• Physicians
• Researchers

• Board Members
• Volunteers
• Contractors
• Instructors Students

• Agents employees of
• other health organizations

48
Are there any questions?
49
Signing Your Pledge

• When you are ready, please
• SIGN your Pledge
• SEE one of the educators for co-signing
• Students print your name on the Pledge
  Certificate

50
Thank-you

• Thank You
• Thank You