of 17

Technology, policy, privacy and freedom

1. Technology, Policy, Privacy and Freedom (Unit-6) 2. Contents ã Medical Privacy Legislation, Policies and Best Practices ã Examination of Privacy matters specific…
13 views17 pages
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
  • 1. Technology, Policy, Privacy and Freedom (Unit-6)
  • 2. Contents • Medical Privacy Legislation, Policies and Best Practices • Examination of Privacy matters specific to World Wide Web • Protection provided by the freedom of Information Act or the requirement for search warrants
  • 3. Medical Privacy Legislation, Policies and Best Practices
  • 4. Legislation 1. State Laws • Different states separately regulate the privacy of healthcare information. • “Covered entity” more broadly includes virtually anyone or any entity coming into contact with PHI. • This definition comes into play particularly with marketing and re- identification, both of which require individual consent under the law.
  • 5. Legislation 2. Sanctions and Penalties • Potential sanctions, in order of ascending severity: verbal/written warnings, probation, suspension, transfer, or termination of employment. • Penalties: Monetary penalty amounts. • Individuals, including employees of covered entities or business associates, may be criminally liable or subject to imprisonment.
  • 6. Policies 1. Protecting Privacy of Patient Information: • Only share patient information with other faculty and staff who need the information to do their job. • Avoid accessing a patient’s record unless you need to do so for your job or you have written permission from the patient. • Do not access the record of your co-worker, spouse, or family member unless there is written authorization in the patient’s record.
  • 7. Policies 2. E-MAIL: • Never send unencrypted information over the Internet that you would not place on a billboard. • You cannot control how a message you generate is forwarded or shared after you hit the “Send” button! • Never use the full nine-digit social security number in an electronic message unless the message has been encrypted or otherwise secured! • Do not use a patient’s full name associated with specific health information (e.g. reason for visit, diagnosis, procedures, or test results).
  • 8. Policies 3. Telephone and Fax Precautions: • Only speak to the patient (or parent); • Do not leave message with identifying information; • Do not give your personal phone number; • Check fax number (more than once); • Fax with a permission form; • Use a cover sheet; • Check to see if the fax was received; • Do not fax plans, logs, reports to supervisors unless absolutely necessary and only if information is de-identified.
  • 9. Policies 4. Files: • Store patient files, CDs/USB drives containing PHI and video/audiotapes in a locked file cabinet. • Never store PHI on personal hard drives. • Never take from clinic unless to off-site assessment and then you must immediately return the files.
  • 10. Best Practices • Do not use patient’s whole name in earshot of others; • Cover charts so patient name is not visible; • Do not leave records & other PHI unattended; • Screen computers or locate so others cannot read the screen; • Keep secure patient reports and appointment schedules; • Back up disks; • Reports prepared on home computers must be prepared in de-identified format; • All reports sent as email attachments must be de-identified; • Video/audio tapes must be erased or destroyed before clinician graduates, unless being preserved in master patient file at the clinic for archival purposes.
  • 11. Examination of Privacy matters specific to the World Wide Web
  • 12. Points to ponder • Collection Limitation -There should be limits to the collection of personal data, and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. • Data Quality - Personal data should be relevant to the purposes for which they are to be used, and to the extent necessary for those purposes, should be accurate, complete, and kept updated. • Purpose Specification - The purposes for which personal data are collected should be specified not later than at the time of data collection, and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes, and as are specified on each occasion of change of purpose. • Use Limitation - Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified in accordance with [the Purpose Specification] except: • with the consent of the data subject; or • by the authority of law.
  • 13. Points to ponder • Security Safeguards - Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data. • Openness - There should be a general policy of openness about developments, practices, and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. • Individual Participation - An individual should have the right to know whether a data controller has data relating to him/her, to obtain a copy of the data within a reasonable time in a form that is intelligible to him/her, to obtain a reason if the request for access is denied, to challenge such a denial, to challenge data relating to him/her, and, if the challenge is successful, to have the data erased, rectified, completed, or amended. • Accountability - A data controller should be accountable for complying with measures, which give effect to the principles stated above.
  • 14. Protections provided by the Freedom of Information Act or the requirement for search warrants
  • 15. Points to ponder • Right to access Health records, subject to specific and limited exemptions. • Personal privacy is protected as the FOIP Act regulates the way an organization collects, uses, and discloses personal information. • Right to access information that an organization has about the patient. • Right to request a correction of information that an organization has about the patient. • Right to request an independent review of decisions made by the organization.
  • 16. Points to ponder • The practice is often asked for information about patients from insurance companies or solicitors. On no account will any information be given without the patient's written consent. • Information about a patient's medical condition will only be passed to other health professionals to help with treatment. • Staff at the surgery have access to personal information on a need-to-know basis only and are bound by rules relating to patient confidentiality.
  • 17. References 1. www.uh.edu/legalaffairs/contract.../pdf.../HIPAA%20Guidelines%20% 207.14.11.pdf 2. https://www.ncbi.nlm.nih.gov/books/NBK9579/
  • Advertisement
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!