Week 2 - privacy and security Flashcards
ON RPh Code of ethics 2.9
Members respect the patient’s right to privacy and confidentiality and take every reasonable precaution to protect patient confidentiality by preventing unauthorized or accidental disclosure of confidential patient information.
-this includes technicians and assistants and cashiers
ON RPh Code of ethics 3.6
Members respect patients right to privacy and do not disclose confidential information without the consent of the patient unless authorized by law or by the need to protect the welfare of the patient or the public
PHI - what abbreviate
personal health information
what is PHI
oral or written info about an individual
what is considered PHI
individuals physical or mental health including family history
provision of health care, including the ID of persons providing care
a plan of service for individuals requiring LTC
info relating to payment or eligibility for HC
info relating to donation of body parts/substances or that is derived from the testing or examination of such parts or substances
an individuals health number
info that IDs and individuals substitute decision maker
PHIPA - what abbreviate
Personal health information protection act
PHIPA
-safeguarding PHI
+(3)
you must take reasonable steps to safegurad PHI
- locking filing systems, alarm systems
- passwords, firewalls, virus scanners
- staff training, confidentiality agreements
Passwords - how manage
SHOULD NOT BE UNIVERSAL
-different passwords allow you to track who went into PHI
PHIPA
-requirements of electronic records (3)
electronic records should
- have passwords
- file backups to protect against loss/theft
- records with date/time, note changes, keep OG content if anything changed
written notes with patient name
considered PHI
PHIPA - when there is a breach
notify individuals about a privacy breech
PHIPA - records retention
retain records for as long as needed for legal purposes
PHIPA - record transfers
safely transfer records to another location
PHIPA - record destruction
safely destroy records
- shed/burn hard copies
- physically destroying electronic media
Principles of circle of care: who are considered health information custodians
all healthcare professionals are health information custodians
Principles of circle of care: where must PHI be received from
PHI must be received from the patient, patients agent or another custodian
Principles of circle of care: consent
need consent to share information with a non-custodian
Principles of circle of care: custodian to custodian sharing
for custodian to custodian sharing, patient can withold consent
Principles of circle of care: sharing between disciplines
can only share info that applies to what they do
-dentist ask for PHI
+only share stuff about teetth
Principles of circle of care: sharing within same practice
doc to doc, RPh to RPh
okay - just dont ID patient
-no name, gender, location etc
privacy
right to keep your information to yourself and private
security
systems or processes to ensure information remains protected
confidentiality
principles that information is not made available unless authorized
patient record
piece of PHI
ex. (list of Rx’s, list of patient names on pharmacy paper with pharmacists name on it)
PHI
information pertaining to an individual and their healthcare with their name and information tying it to HC
health information custodian
someone/grps who ensure health information remains secure (bound by low PHIPA)
circle of care
other HCPs involved in providing care to specific patient
implied consent
voluntary agreement through action/inaction of patient
Which types of privacy laws apply to you as a pharmacy student in a community pharmacy in Ontario?
PHIPA
Which types of privacy laws apply to you as a pharmacy student in a hospital setting in Ontario?
PHIPA
When can you access a record or divulge info?
when necessary for care and when youre in the CoC (gives implied consent)
what is a privacy violation
when PHI, intentional or unintentional, divulged to ppl outside CoC without patient consent
How can you safeguard personal health info?
no sharing of passwords
use server
encrypted emails
etc
You are working in a pharmacy and your friend’s boyfriend comes in. You are not filling prescriptions at that moment and he doesn’t see you. After he leaves, are you allowed to go into his file to see what was prescribed?
No
You are working in a hospital and your friend tells you she’s coming to the hospital to visit her girlfriend but doesn’t say why she’s been admitted. You go into her file to see what’s going on. Is this allowed?
no
You are working at a hospital that you went to as a younger person. Are you allowed to look up your own record?
no - need to ask for it
Your parent asks you to bring home a printout of their pharmacy records for their taxes. They fill all prescriptions at your pharmacy. Are you allowed to do this?
No
A patient tries to fill a prescription for Valium. You notice that all prior Valium prescriptions are from different doctors. You worry they are being forged. Can you call other pharmacies to ask if this patient has filled any Valium prescriptions lately and to alert them?
yes
-protecting health and safety of patient/others so can breach
You are working at a store and a physician asks you to send a full drug list for a patient that you both share. Is this allowed?
yes
