hin 2016 educational session slides: privacy, the law and best practice - sick kids hospital
Post on 22-Jan-2018
217 Views
Preview:
TRANSCRIPT
Privacy, the Law and Best Practice
Janice Campbell Janet Money Privacy Office Hospital for Sick Children February 2016
Personal Health Information- PHI
PHI comprises some of the most sensitive and
intimate details of one’s life – requires strong
protections to ensure privacy. Must also ensure it
is accurate, complete and accessible to those
providing care.
Often used for secondary purposes that benefits
society as whole – population health monitoring,
quality improvement, health research, and
management of our publically funded system.
P
Privacy Legislation in Ontario
PHI or PI specific?
Ontario : PHIPA, FIPPA and
QCIPA
7 other Provinces have
Health Care Specific
Legislation
PHIPA is unique
Even before Privacy Legislation
Hippocratic oath: “ All that may come to my knowledge in the exercise of my profession or outside of my profession or in daily commerce with men, which ought not to be spread abroad, Will keep secret and will never reveal Medicine Act 1991: …act of professional misconduct: Giving information concerning the condition of a patient or services rendered to a person other that the patient except with consent
Know the Key Principles In general..
May not collect, use or disclose
PHI of an individual without the
individual’s consent
All information about a person is
in a fundamental way his or her
own to communicate or retain as
he/she sees fit
Consent – beyond Yes or No
Consent must be:
Knowledgeable
Relate specifically to the PHI that
is being collected, used or disclosed
Made by a capable individual (no
age may be outlined)
Voluntary
Consent is not:
A piece of paper
The “forgotten” principle
Limiting Collection to the
purpose necessary
Only for as long as
necessary and only enough
for the purpose
De-identification of PHI is
really hard
Phones/Cell phones/Smart phones
DO:
Protect your phone with a strong password (not
“1234” or “password”).
Make calls where you cannot be overheard.
DON’T:
Leave detailed voicemail messages. No need to
mention the orthopedic clinic or the rheumatology
follow-up.
Shred paper as soon as finished
If using a
notebook, rip
out the pages
and put them
in the
shredding
bin.
Online activity/email
DO:
Keep a tidy In Box and Sent Items.
Keep your personal and work emails
separate, and delete your work emails
frequently. Weekly would be good. Why
keep them? DON’T:
use client names in emails unless you
personally have obtained and documented
informed consent from the client.
If you receive email with client
name in it, take it out on replying, and
delete it from your In Box.
What about wi-fi hot spots?
SickKids web-based
email access is
protected in wi-fi hot
spots.
BUT best practices still apply.
AND other sites? No guarantees re
security.
top related