This blog is designed primarily to provide information on the topic of patient privacy and confidentiality through blog posts, relevant and useful links, and a comprehensive slide show. This topic is meant to stimulate discussion, comments, and feedback surrounding the issue of patient privacy and confidentiality in the context of EHR's and other forms of communication and storage technology.
Wednesday, February 18, 2009
Privacy and Confidentiality: A Brief Introduction
This blog is designed primarily to provide information on the topic of patient privacy and confidentiality through blog posts, relevant and useful links, and a comprehensive slide show. This topic is meant to stimulate discussion, comments, and feedback surrounding the issue of patient privacy and confidentiality in the context of EHR's and other forms of communication and storage technology.
Definitions
Confidentiality: the duty of someone who has received confidential information in trust to protect that information and disclose to it others only in accordance with permissions, rules or laws authorizing its disclosure (CNA, 2003).
Informed Consent: the process of giving permission or making a choice about care based on sufficient information to make a decision (CNA, 2008).
Security: safeguards to ensure that information is accessed, used, or disclosed only as authorized and to prevent unauthorized processing of heath information (CNA, 2003).
What nurses can do to safeguard patient privacy and confidentiality
- the CNA Code of ethics
- their province or territories practice standards
- federal/provincial legislation and acts
- their own hospital or organizations policies
The rising popularity of using computer based technologies as opposed to paper based systems, brings with it new security risks. Most importantly, is the threat to breaches of patient privacy and confidentiality. This technology speeds the transmission in which information is shared with others and is convenient. Given this efficiency however, hospital staff often neglect privacy implications (Milholland, 1994). Most breaches are done inadvertently on the part of the health care workers. According to Feeg (2001), this can be attributed to the way staff members manipulate and share data without patient consideration. Potential breaches in security are considered one of the major downfalls of electronic documentation (Celia, 2002). Nurses should become educated in the ways in which they can decrease these threats, in order to better uphold their responsibilities to their patients. These safeguards include, but are not limited to:
- learn and follow your place of works' policy for collection, use, and disclosure of patient information
- do not share your access password with co-workers
- change your password frequently
- assure your password is difficult for others to guess
- know what steps to take to report breaches in patient confidentiality
- restrict access to information that is needed to do your job only
- familiarize yourself with privacy legislation
- know when it is okay to share patients information
- what to do if a patient asks for access to their records
- avoid using client names or other identifiers when faxing information
- make sure to log off computers when not in immediate use
It is important fro nurses to not only safeguard our patients but ourselves. Nurses who breach patient confidentiality, even if unintended may face negative consequences. These can include having their licence suspended by their licensing body, disciplinary action taken by their employer, or legal action taken by the patient (CNPS, 2005).
Nurses should also be aware of the security measures put in place by their employer to protect electronic patient information. These can include:
- frequent audits to monitor user activity
- limiting large numbers of photocopies, downloading, and printing of patient information or records
- use of "lock-out" systems if a staff member attempts to log on with a password more than a few times
- de-activation of staff passwords who are no longer employed by the hospital/institution
- timed log off after a certain amount of time
- inactivated records should be protected from loss, defacement, unauthorized disclosure
- installation of anti-virus software
- precautions against theft of computers and laptops (ie: cameras, locked doors)
- encryption protection for Internet transfer of patient information
- prohibition of uploading unauthorized software onto computers
- assuring access to patient information is on a need to know basis
- all access of all users is tracked
- use of secondary level authentication (ie: additional passwords, biometric identification)
(American Health Information Management Association, 2000)
What do patients need to know about their privacy and confidentiality rights?
Although patients trust nurses and doctors in maintaining their confidentiality and privacy, there is still fear of security breaches in respect to electronic health records. Nurses can a play a role in helping educate patients about the benefits of electronic health records such as:
- increased portability
- access to the information at the right time by the right person
- aiding healthcare professionals in providing more efficient quality care
- faster diagnosis
- decreased medical errors
- gives patients control over their records as access would be subject to their consent
(Siman,1999)
E-Liabilities: New Risks in Health Technology
1. E-practice liabilities: these include risks surrounding confidentiality, accuracy and user authenticity of the record, back-up systems, e-prescribing, and telehealth. For example: electronic documentation after treatment, the time entered wrongly reflects the time care was actually given.
2. System security liabilities: these risks involve security system failures, encryption errors, and hacking.
For more information regarding liabilities and the EHR, go to:
http://www.cmpa-acpm.ca/cmpapd04/docs/submissions_papers/com_electronic_health_records-e.cfm#issues
Is it every justifiable to breach confidentiality?
1. To prevent serious harm or death to the person or a third party (CNA, 2002).
2. Public Health & Safety ie: communicable diseases
3. Child Protection legislation
4. Court order or legal obligation to disclose (CNA, 2002).
5. Emergencies
Think of your own practice setting and think of a situation that would fall under one of the above categories.
References
American Health Information Management Association (2000). Practice brief: Information security: a checklist for healthcare professionals. Retrieved February 14, 2009, from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_000042.hcsp?dDocName=bok1_000042
Canadian Medical Association (2004). Electronic Health Record. Retrieved March 13, 2009, from http://www.cma.ca/index.cfm/ci_id/8433/la_id/1.htm
Canadian Nurses Association (2008). Code of ethics for registered nurses. Ottawa: Author.
Canadian Nurses Association (2003). Privacy and health information: challenges for nurses and for the nursing profession. Ottawa: Author.
Canadian Nurses Protective Society (2008). Confidentiality of health Information. Info Law: A legal Information Sheet for Nurses, 1(2).
Canadian Nurses Protective Society (2005). Privacy. Info Law: A Legal Information Sheet for Nurses, 14(2).
Celia, L.M. (2002). Keep electronic records safe. Registered Nurse, 65(6), 69-71.
Ekos Research Associates (2007). Electronic health information and privacy survey: what Canadians think. Retrieved February 15, 2009, from http://www2.infoway-inforoute.ca/Documents/EKOS_Final%20report_Executive%20Summary_EN.pdf
Feeg, V.D. (2001). Threats to privacy and confidentiality in today's IT culture. Pediatric Nursing, 27(2), 122-124.
Leestma, R. (2003). Implementing technological safeguards to ensure patient privacy. Caring, 22(2), 16-18.
Milholland, K. (1994). Privacy and confidentiality of patient information. Journal of Nursing Administration, 24(2), 19-24.
Siman, A.J. (1999). The Canadian health infostructure (CHI): A promising prescription for the health care system. Health care Information Management and Communications Canada, 13(2), 28-30.
Smit, M., McAllister, M., & Slonim, J. (2005). Building public trust for electronic health records. Retrieved February 15, 2009, from http://www.lib.unb.ca/Texts/PST/2005/pdf/smit.pdf
Vigoda, M. (2008). E-record, e-liability: addressing medico-legal issues in electronic records. Journal of American Health Information Management Associates, 79(10), 48-52.