Module 6- Privacy, confidentiality, informed consent Flashcards
Consent
permission for something to happen or
agreement to do something.
Do we have ethical and legal obligations for consent?
YEs
Consent must be (4)
Given voluntarily
Given by an individual who has capacity
Specific to both the intervention and the
person administering the intervention
Given by a patient who is informed
What is the lock box
When a client asks an OT/PT/AUD/SLP not to disclose certain information about the client to others,
they must respect that request. This includes requests not to disclose the information to others in the
client’s circle of care. However, when the HCP believes that a person providing treatment needs to
know the information that has been omitted from the record in order to provide appropriate care, the
HCP can inform that practitioner that relevant information is missing from the file. The
OT/SLP/AUD/PT cannot disclose the content of that missing information. However, the treating
practitioner is then alerted to the concern.
The client can change their mind if they want about opening or closing the lock box
What are the 9 principles of consent
- Autonomous
- voluntary
- Informed
- Capacity
- Treatment Specific
- Provider specific
- Format (can be verbal -> must have evidence (document) or written)
- Documented
- Right to refuse
To provide informed consent the patient must(7)
Be informed of the nature/purpose of the Tx
Be informed of other information which might
impact their decision
Be given reasonable/understandable answers to
any questions asked
Be informed of the benefits
Be informed of the material and special risks
Understand the consequences of the risks
Be given details about alternatives to the
proposed services
You should revisit consent if
- There are any doubts regarding client or substitute decision makers wishes
- When client is moving from one component of service to another
- When there are changes to the nature of the proposed service
What factors should you consider when receiving information (4)
- Culture
- Languages
- Abilities
- Preferences
If a client is unable to provide consent, there is no advance directive, no substitute decision maker or the care of the treatment must be provided with out delay we can make decisions about
the clients health care and what is in the best interests of the client
At what age can you provide your own consent
The age of majority is 18 years. There is no stipulated age of consent for treatment.
The Health Care Consent Act stipulates that all persons (including minors) are presumed to be capable (i.e., able to understand treatment information and reasonably foresee consequences) of making treatment decisions.
The Substitute Decisions Act presumes that persons 16 years of age or more are capable of giving or refusing consent in connection with their own care, unless there are reasonable grounds to believe otherwise. Findings of incapacity may be
appealed to the Consent and Capacity Review Board.
What is capacity and why is it important for consent
Must have capacity to have consent and capacity is a spectrum and needs to be considered case-by-case, BUT YOU ALWAYS WANT TO ASSUME THE CLIENT IS CAPABLE
If you have a concern of someones capacity what should you do
using a variety of communication strategies (e.g.,
using an interpreter or alternative communication systems), collaborating with the
client and those close to the client, using a functional approach, assessing the client
more than once to accommodate fluctuations in cognitive abilities, and consulting
with other health professionals. But you should communicate your finding to the client and make sure when they do have a substitute decision maker you are engaging them as much as possible.
Substitute decision maker
Can make decisions on behalf of client but are assigned there role when the client is capable
Ranking of substitute decision makers
Guardian (for either care or property)
Power of attorney (for either care or property)
Representative appointed by the Consent and
Capacity Board
Spouse or partner
Child or custodial parent
Access parent
Brother or sister
Any other relative
Public Guardian and Trustee
How should you document consent (5)
Date consent was obtained
How consent was obtained (orally, in writing,
through alternative communication systems,
inferred)
Confirmation that the elements of consent
were met (see slides 11 & 12)
Reasons for refusal or withdrawal from some
or all of the services
Any concerns raised during the consent
process and actions taken to address them
What information should be collected and apart of the client record (a billion things to list)
-Contact information for the source of the client’s
referral, including self-referral;
Reason for the referral;
Confirmation that client consent was obtained;
Confirmation of the accuracy of the information
provided about the client on the referral;
Client’s full name, address, date of birth, and
unique identifier (if applicable);
Information about the patient: demographic
information, health, family, and social history, and patient-reported subjective data
Rationale for the care provided;
Objective data, evidence, and outcome measures
whenever possible and appropriate;
Information to help anyone who may be involved
in the care interpret the data or measure;
Relevant information about care provided in
enough detail to allow another health provider to
assume care of the patient or to follow the plan of
care;
Unique identifiers for all providers involved in
that patient’s care;
Discussions with the patient to obtain
ongoing consent to assessment, treatment,
and involvement of other care providers;
Care refusals (with reasons);
The date of every patient encounter,
including missed appointments;
Results of tests, investigations, assessments,
measures, and any reports received
regarding the patient’s care;
Details about analysis, diagnosis, patient
goals, treatment plan, and treatments
performed;
Progress notes, outcomes, reassessments, and
resulting changes to the treatment plan
Details about any care that has been assigned to
another person, or care provided collaboratively
with other health providers, including
consultations and correspondence;
Discussions and communications with the
patient including instructions, recommendations
and advice;
Referrals and transfers of care to another health
provider, and any reports sent regarding the
patient’s care;
Discharge summaries including reassessment
findings, reason for discharge and other
recommendations
Records must be
- Well organized (dated)
- Understandable (eg. in english or french, appropriate terminology)
- Accurate (eg. information must be written in a reasonable time period and permanent)
What are the requirements for fincancial records
The name of the client/patient;
The name of the primary service provider OT,
SLP, AUD, PT, provider assistant, and others
who provided care under the primary care
provider’s supervision;
Date of service;
A description of the care, service, or product
provided;
Amount of the fee for the care, service or
product;
Any payment received
How long should clinical and financial records be retatined
At least 10 years from:
1. the date the patient reached 18 years of age
2. The date of the last patient encounter
t or F: You can only disclose health information of the client with their consent
T
What is the privacy duty
requires OTs/PTs/SLPs/AUDs
to appreciate that client information belongs to
the client, that it may only be collected, used and
disclosed in the client’s best interests and that the
OT/PT/SLP/AUD only holds the information on
behalf of the client
What is personal health information
refers to almost
anything that would be in a HCPs files on a
client related to health care;
Custodian
person or organization
responsible for maintaining all health
records. And must implement privacy policy to protect/safeguard the personal health information of their client.
What is an exception to the custodian rule and if unsure what should you do
An OT/PT/SLP/AUD who works for an
organization that does not provide health
care services (e.g., a school board), will
usually have to assume the role of custodian
with respect to his or her own health care
services.
If unsure, check with your regulatory college
Information officer
There is legislative requirement that there is
a contact person (aka Information Officer or
Privacy Officer) to ensure legislative privacy
requirements are met.
In addition to ensuring policy, training and
monitoring occurs, the Privacy Officer is the
contact person for information from clients
or the public
How are agents/custodian accountable
dy-They are responsible for ensuring that they are
familiar with the custodian’s privacy policies and
to comply with them;
They must be advocates if they know that
appropriate privacy policies are not being
implemented;
They must intervene if a client’s privacy rights
arein jeopar
How should we safeguard information (9)
Physical measures (restricted access areas,
locked cabinets);
Organizational measures (e.g. need-to-know,
staff policies, security clearances);
Technological measures (passwords,
encryption, firewalls, virus protection);
These safeguarding measures should be
reviewed frequently and systematically
Not discussing clients where conversations
might be overheard;
Not travelling or safely travelling with
appropriately secured client information;
Using email following strict guidelines and
protocols as provided by your regulatory
college and health information custodian
Having a client’s personal health information
in paper or electronic format on your person
means that you are accountable for the safety
and security of that information.
As a rule – students should not be removing
patient files from the assigned area and are
expressly prohibited from using personal
computers, cell phones and any other
electronic device to audio and/or video
record appointments
What are some examples ofp privacy breaches
A client at a health facility asked for scrap
paper. On the back of the paper were the
names and diagnoses of multiple clients;
There have been numerous reports of
USB/memory sticks being lost;
Another practitioner left home visit
documents on public transit after searching
through her bag for something else, then
rushing off the transit vehicle;
There have been numerous examples of
lost/stolen laptops with health information
on them
What should be the first priority if there is a privacy breach
To limit the breach
If there is a privacy breach who should be informed of it
- All clients be notified at first resonable opportunity
- Privacy officer
- Health information Custodian
What should you also do if there is a privacy breach
Reflect on why it occurred and review privacy policies and practice’s to make sure a breach never happens again
T or F: Personal health information can be collected by a 3rd party
T, but it should only be directly from the client, it only can under necessary circumstances and with the clients consent and confirmed with the client for accuracy
How should personal health information be used
Only internally within the organizations
What is disclosure
Circumstances which personal health information is shared externally by the organization
The clients personal health information should only be used
for the purposes it was collected (eg. treatment) and for functions deemed reasonably necessary to carry out that purpose (eg. clerk enters clients personal health information into record keeping system)
Do we have an obligation to maintain patient confidentialy?
Yes and a patient must know who and what is being done with their personal health information and services providers must always have consent and that the patient record can be accessed at any time
