Скачать презентацию Privacy in Healthcare Challenges Associated with Implementing Privacy Скачать презентацию Privacy in Healthcare Challenges Associated with Implementing Privacy

0fc711934cc686cb3c9bce60988cc012.ppt

  • Количество слайдов: 31

Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J. D. Vice President, Privacy & Information Security, Assistant Counsel University of Pittsburgh Medical Center Adjunct Assistant Professor of Biomedical Informatics University of Pittsburgh School of Medicine

Questions What is Privacy? What is Confidentiality? What is (Information) Security? 2 Questions What is Privacy? What is Confidentiality? What is (Information) Security? 2

Security, Privacy & Confidentiality • Privacy - the state of being free from intrusion Security, Privacy & Confidentiality • Privacy - the state of being free from intrusion or disturbance in one's private life or affairs. (Random House Dictionary) • Confidentiality - The ethical principle or legal right that a physician or other health professional will hold secret all information relating to a patient, unless the patient gives consent permitting disclosure. (The American Heritage® Stedman's Medical Dictionary) • Security - Protection against unauthorized access to, or alteration of, information and system resources including CPUs, storage devices and programs. (Free On-line Dictionary of Computing) 3

Security, Privacy & Confidentiality (Information) Security Keeping the bad guys out. Privacy Confidentiality Making Security, Privacy & Confidentiality (Information) Security Keeping the bad guys out. Privacy Confidentiality Making sure that those people who have access to information, only access the information for appropriate purposes. 4

Health Privacy Laws in Pennsylvania • • PA Medical Records Laws HIPAA Privacy Rule Health Privacy Laws in Pennsylvania • • PA Medical Records Laws HIPAA Privacy Rule ARRA Privacy Rule Federal & State “Sensitive Information laws 5

Observation We have reached a tipping point where the volume and complexity of privacy Observation We have reached a tipping point where the volume and complexity of privacy regulations have made compliance extremely difficult 6

Observation Even intelligent, well educated and informed individuals do not fully or accurately understand Observation Even intelligent, well educated and informed individuals do not fully or accurately understand the privacy regulations 7

Result Many institutions inappropriately implement privacy regulations 8 Result Many institutions inappropriately implement privacy regulations 8

Reality Timely, accurate and complete information is necessary to provide effective and efficient health Reality Timely, accurate and complete information is necessary to provide effective and efficient health care 9

Challenge To provide the right information to the right individual at the right time Challenge To provide the right information to the right individual at the right time 10

Failure must be defined in terms of impacting patient care • • Patients often Failure must be defined in terms of impacting patient care • • Patients often do not know what they really want Arbitrary or overly restrictive barriers HIPAA contemplates taking reasonable steps If we must error, error to the benefit of ensuring that good quality patient care is delivered 11

Privacy Is a Balance Privacy is a balance between: • • • An individual’s Privacy Is a Balance Privacy is a balance between: • • • An individual’s right to have his / her information kept confidential A provider’s need for information to support the delivery of effective and efficient healthcare Public / societal interests Practically speaking privacy is not an absolute 12

Privacy Is a Societal Value In good faith people have substantial differences of opinion Privacy Is a Societal Value In good faith people have substantial differences of opinion regarding the value and importance of privacy 13

Reality The Healthcare industry is quickly moving towards a highly integrated and highly distributable Reality The Healthcare industry is quickly moving towards a highly integrated and highly distributable electronic health records environment 14

Global Access to Information Health Information Exchanges Nationwide Health Information Network 15 Global Access to Information Health Information Exchanges Nationwide Health Information Network 15

The Move to Electronic Health Records The implementation of an electronic health records environment The Move to Electronic Health Records The implementation of an electronic health records environment fundamentally changes the manner in which privacy must be viewed and addressed 16

How is Privacy Different? Local Availability vs. Global Availability 17 How is Privacy Different? Local Availability vs. Global Availability 17

Paper Records - Local Availability Information is locked up in a file cabinet or Paper Records - Local Availability Information is locked up in a file cabinet or the Medical Records Department 18

Electronic Records - Global Availability Information is: • Accessible through an institution’s electronic health Electronic Records - Global Availability Information is: • Accessible through an institution’s electronic health records system(s) • Accessible via an HIE • Accessible via the Internet on the NHIN(future) 19

Myth Institutions all operate a single monolithic health information system 20 Myth Institutions all operate a single monolithic health information system 20

Examples of Issues • Impractical to honor patient request for additional privacy protections / Examples of Issues • Impractical to honor patient request for additional privacy protections / consents • Difficult to perform new accounting of disclosure requirements • Difficult to comply with new “Pay for out of pocket in full” restrictions. 21

WARNING! Computers are STUPID! 22 WARNING! Computers are STUPID! 22

The Evolution of Privacy in EHRs 23 The Evolution of Privacy in EHRs 23

System Flexibility It is difficult to develop / implement information system controls that support System Flexibility It is difficult to develop / implement information system controls that support privacy while providing the flexibility necessary to ensure the efficient and effective delivery of health care 24

System Flexibility Due to the difficult in developing / implement information system controls that System Flexibility Due to the difficult in developing / implement information system controls that support privacy, institutions often establish structural barriers (separate systems, shadow records, paper records, etc). 25

Immediacy Prospective controls and structural barriers often impede access to information in emergent situations Immediacy Prospective controls and structural barriers often impede access to information in emergent situations and significantly reduce efficiency 26

Example – Psychiatric Information Should psychiatric information be segregated? 27 Example – Psychiatric Information Should psychiatric information be segregated? 27

Example – Psychiatric Information Should psychiatric Information be segregated? • Information results from services Example – Psychiatric Information Should psychiatric Information be segregated? • Information results from services provided by a PCP or in an acute care setting • Access is often important in emergent situations • Drug – to – drug interactions • Alternative diagnosis? • Drug diversion? 28

Question Where do you draw the line? 29 Question Where do you draw the line? 29

In The End • Institutions must be diligent in training their work force • In The End • Institutions must be diligent in training their work force • Enforcement is vital 30

Commercial http: //www. ge. com/company/advertising/index. html 31 Commercial http: //www. ge. com/company/advertising/index. html 31