1 / 17

Electronic Health Records & Legal Issues of Privacy, Confidentiality and Security

Contemporary Issues in Canadian Health Care. Electronic Health Records & Legal Issues of Privacy, Confidentiality and Security. Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute, University of Alberta. Objectives.

guenevere
Download Presentation

Electronic Health Records & Legal Issues of Privacy, Confidentiality and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Contemporary Issues in Canadian Health Care Electronic Health Records & Legal Issues of Privacy, Confidentiality and Security Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute, University of Alberta

  2. Objectives • identify concerns about privacy, confidentiality and security of EHRs • discuss relevant professional and legal issues • highlight lessons learned from case studies

  3. Incentives to Invest in EHRs • “The value of electronic health records … as tools to improve access, quality and comprehensiveness of care should be reinforced so that the public clearly understands the benefits and demands of their introduction. • We recommend that providers, governments and the public jointly commit to the rapid adoption of these tools.” (Health Council of Canada, Report to Canadians, 2005)

  4. Concerns with EHRs • “issue of privacy, confidentiality and protection of personal health information in the context of an EHR system is perhaps the most sensitive one raised” • “Currently, there is significant variation in privacy laws and data access policies across the country that poses a challenge for EHR systems that are dependent on inter-sectoral and inter-jurisdictional flows of personal health information. …” Senator Kirby, Senate Report on the Health of Canadians (2002)

  5. Privacy, Confidentiality & Security • Privacy: one’s right to control who has access to information about oneself • Confidentiality: a duty owed by one to preserve the secrets of another • Security: mechanisms put in place to safeguard privacy and ensure confidentiality is maintained

  6. Professional Duties • Hippocratic oath • “Whatsoever I shall see or hear concerning the life of men, inmy attendance on the sick, or even apart therefrom, which oughtnot to be noised abroad, I will keep silence thereon, countingsuch things to be as sacred secrets.”

  7. Health Info Privacy Code • right of privacy fundamental in a free and democratic society • includes patient's right to determine with whom he or she will share information and to know of and exercise control over use, disclosure and access concerning any information collected about him or her • right of privacy and consent are essential to trust and integrity of the patient-physician relationship.

  8. Legislative Developments • public sector information and privacy laws • health information laws • Manitoba (1997) • Alberta (2001) • Saskatchewan (2003) • Ontario (2004) • private sector privacy laws

  9. Need for legal framework • EHRs “potentially conflict with privacy principles unless patients control how the record is shared and appropriate security measures are in place.” • “A coherent legal framework to appropriately protect the privacy and confidentiality of personal health records is therefore an essential first step for successful EHRs” Amanda Cornwall, “Connecting Health: A review of electronic health record projects in Australia, Europe and Canada” (2003)

  10. Consent • Should individual consent be required before information is included in EHR or disclosed through EHR? • To be legally valid, consent generally must be informed: • Who will have access to info? • For what purposes? • What security mechanisms are in place? • What are risks of unauthorized access?

  11. Saskatchewan HIPA • comprehensive health records • initially gave individuals right to refuse consent • removed in 2003 • retain right to restrict access to comprehensive health record by giving written instruction

  12. Alberta HIA • Section 59: required individual consent before information could be disclosed electronically • authorization for custodian to disclose • purpose for disclosure • identity of recipient • acknowledgement of reasons, risk, benefits • date effective • statement that consent may be revoked • Removed in 2003

  13. Practical Experience • “in facilitating a province wide electronic health record, practical experience made it apparent that getting consent from Albertans was going to be difficult and costly” • not “possible to inform people in a meaningful way of all the specific disclosures by electronic means, which might ever be made of their health information” Frank Work, QC, Alberta Information & Privacy Commissioner

  14. Australian Example • patient consent required to include information in EHR • pilot project in Tasmania (2004): • many patients were not asked for consent • identified need for simple consent process • discussion about moving to presumed consent / opt-out model

  15. United Kingdom example • National Health Service “care record guarantee” published May 2005 • consent for sharing patient information in EHR is generally presumed • but “You can choose not to have information in your electronic care records shared” • consistent with 2006 BMA statement

  16. Security Obligations • maintain administrative, technical and physical safeguards to protect confidentiality and privacy • measures to guard against risks associated with EHRs • audit logs • privacy impact assessments

  17. Conclusions • benefits and risks of EHRs • professional obligations • ethical and legal • patient rights • consent and control • achieving an appropriate balance

More Related