Confidentiality and privacy Flashcards
How long you need to retain records and what step should you take to safely dipose old records?
Record retention
* Clinical and financial records must be retained for at least 10 years from the later of the following 2 dates:
- Date of the Pt last encounter
- Date that the Pt reached 18 yo
Record disposal
- Ensure that the information is permanently destroyed in a secure manner
Paper
- physical destory the chart records by properly shredding them before their diposal to protect Pt’s privacy. To ensure proper destruction of paper files–>not reasonably possible to reconstruct the shredded records
Electronic
- Erase/purge them in an irrevesible manner–>ensure the information can’t be reconstructed in any way.
What individuals can access to chart without consent?
Pt/Pt authorized representative(SDM)
- other person that the Pt give consent to
HIC/HIC agent who is involved in the Pt’s health care (within circle of care)
- Hospital: doc., allied health memebers (OT, PT, SLP), nurse, clinical clerks
- Private: any healthcare practitioner selected by the Pt
Not HICs: lawyer, insurance company representitive, researchers
Authorized investigator from a College established under the Regulated Health Profession Acts
- Investigation need to be made based on a complaint filed against a PT
Send email
Email policy
* I would review my own written email policy for sending and receiving personal health information by email
Technical protection
* Use password protected computer with anti-virus
* Log out the computer when not in use
Physical protection
* Store the computer in safe lcoation
* When emailing private health information, avoid public place
* Position the screen to prevent unauthorized view
* Limit travel with a protable electronic device with Pt info to essential travel/use only
Adminstrative proteciton
* Notice at bottom of eamil: information received is confidential and include instruction to follow if an email is received in error
* Professional account
* Confirm address and re-confirm when sending
* Update all parties of any email address changes
* Communicate after receiving email
Retention and disposal
- effective manage email–>dun collect in my inbox
- enter email communcation into Pt record, and delete the email from the email server
Someone steal the Pt chart
File a police report
Clinic
- make a reasonalbe attempt to find the chart
Pt
- Situation that led to the breach
- Step that were taken to locate the lost chart
- They have a right to file a privacy compliant to the provincial Information Privacy Commissioner (IPC)
Information Privacy Commissioner (IPC)
- although it was an accident and one-time privacy breach, the Pt chart was stolen
College
- the breach is a result of theft
Review privacy policies to ensure this did not happen again
- Every effort was made to keep files at the clinic and not remove them
- In the event that they needed to leave the clinic, I would drive straight home and not stop anywhere
- After documenation, place in a safe & secure location
Document findings of this review and the breach itself
Both Physician and you in Pt’s healthcare team, need consent to contact the physicain?
- Within circle of care=no need
- Still good to ask Pt to include them in the care plan as much as possible
- Chart the interaction with the physician after contact was made
A friend admitted to hosiptal but not under your care, you look at their chart to ensure good care is provided.
- Not in the Pt’s circle of care and can’t access the Pt health information
- Inappropriately accessign a Pt health information when not involved in their care can result in suspension/termination.
When to contact IPC?
- disciplinary action is taken against a colleague for a privacy breach
- Theft
- Loss
- Unauthorized use/disclosure of personal information
- Pattern of repeated breaches
- Threat against someone’s personal infroamtion
wrong letter: that person threaten to make it public - Significant breach
Highly sensitive information
Consider: amount of info, number of ppl involved
Open computer and see a Pt record accidentally
Accident, not intentional, and happened once
College/Infomration & Privacy Commisioner
- I do not feel it is necessary
Report to Pt
- Can let the Pt know about the breach, it would not be mandatory to report to the Pt
How to ensure Pt PHI privacy
Collection
- only collect those necessary for Pt care
Disclosure
- only disclosure those relavant to Pt care & to appropriate individuals (within circle of care, ppl with Pt consent)
Storage
- ensure secure storage of paper & electronic record with proper safety measures
Disposal
- ensure safe disposal of all records
Pt previous family doctor request a copy of the Pt’s records
- Can give, but only with Pt’s consent
- since the physician is no longer actively seeing the Pt–>no longer involved in their care–>consent would be required before any records could be release
- Pt can give consent/refuse consent
- Consent would not be required to send their records to their current family physician (part of circle of care)
What situation don’t need consent?
- Emergency situation
- Significant risk of servious bodily harm (to the Pt/others)
- In a legal process if the PT is a party or witness
- When records are release to a regulatory College (during an investigation of a complaint)
Pt (normal) spouse want to increase PT sessions due to poor progress
Detail: does not say the Pt is incompetent and the spouse is the SDM
- private health care information cannot be shared and any decisions around the Pt’s care need to involve the Pt
- Inform the spouse: unable to discuss the Pt’s health care unless informed consent is provided from the Pt
Decision around the Pt’s care–>based on their needs & well-beng instead of spouse’s wishes
Arrange a family meeting invovling the Pt and their spouse at the start of next session–>re-evaluate goals and discuss the rehab plan
- address the spouse’s concerns
- Not breach confidentiality
- Allow Pt to involve in the decision-making process
Can include the Ax result of OT?
Yes
- can include findings made by other health professionals/information reported by Pts or SDM
- Info should be recorded accurately and include a reference to the source of the information
Wrongly chart in other Pt’s clinical records
I would add an addendum to both Pt’s clinical record
Add the following to the incorrect Pt’s chart
- Add an addendum that states they made an incorrect chart entry
- Do not delete the previous chart entry
Add the following to the correct Pt’s chart
- Add in the Pt’s chart and note that it is a late entry
- the Pt record was charted in the wrong Pt’s chart
What is the role of a Health Information Custodian? (HIC)
- Collecting, using, & disclosing personal health information on behalf of clients
- Storing and disposing of health information in a secure manner
You can actively liasie with a HIC who is within the Pt’s circle of care without consent if the information is relevant to the Pt’s Rx, and the Pt has not already decline consent for the release of their information to that HIC
HIC can be…
* Institution (e.g. hospital, long-term care home, pharmacy)
* Private healthcare practitioner (e.g. PT, OT)
