electronic communication of personal health information
play

Electronic Communication of Personal Health Information A - PowerPoint PPT Presentation

Oct 19, 2023 •276 likes •636 views

Electronic Communication of Personal Health Information A presentation to the Porcupine Health Unit (Timmins, Ontario) May 11 th , 2017 Nicole Minutti, Health Policy Analyst Agenda 1. Protecting Privacy when Communicating Electronically 2.

  1. Electronic Communication of Personal Health Information A presentation to the Porcupine Health Unit (Timmins, Ontario) May 11 th , 2017 Nicole Minutti, Health Policy Analyst

  2. Agenda 1. Protecting Privacy when Communicating Electronically 2. Communicating PHI by Email 3. Electronic Health Records and Bill 119 4. Mobile Devices 5. Unauthorized Access 6. Ransomware

  3. Protecting Privacy when Communicating PHI Electronically • The need to protect the privacy of individuals’ personal health information has never been greater given the: – Extreme sensitivity of personal health information – Number of individuals involved in the delivery of health care to an individual – Increased portability of personal health information – Emphasis on information technology and electronic exchanges of personal health information

  4. Consequences of Inadequate Attention to Privacy • Discrimination, stigmatization and psychological or economic harm to individuals based on the information • Individuals being deterred from seeking testing or treatment • Individuals withholding or falsifying information provided to health care providers • Loss of trust or confidence in the health system • Costs and lost time in dealing with privacy breaches • Legal liabilities and ensuing proceedings

  5. Security of Records of PHI & Data Minimization Regardless of the means of communicating personal health information… Security of PHI • PHIPA requires records of PHI to be retained, transferred and disposed of in a secure manner • Custodians must take reasonable steps in the circumstances to ensure: – PHI is protected against theft, loss and unauthorized use or disclosure – Records of PHI are protected against unauthorized copying, modification and disposal Data Minimization • Custodians must not collect, use or disclose: – PHI if other information will serve the purpose – More PHI than is reasonably necessary to meet the purpose

  6. Agenda 1. Protecting Privacy when Communicating Electronically 2. Communicating PHI by Email 3. Electronic Health Records and Bill 119 4. Mobile Devices 5. Unauthorized Access 6. Ransomware

  7. Communicating PHI by Email • The Personal Health Information Protection Act sets out rules for protecting the privacy of individuals and the confidentiality of their personal health information (PHI), while at the same time facilitates effective and timely care. • Any communication of PHI involves risk, but communicating PHI by email has its own set of unique risks that must be considered by health information custodians and their agents in order to protect the privacy of their patients and the confidentiality of their records of personal health information.

  8. Technical, Physical & Administrative Safeguards • Under PHIPA, custodians are obligated to implement technical, physical and administrative safeguards to protect the PHI of their patients. • Technical Safeguards: – Encrypting portable devices – Strong passwords – Firewalls and anti-malware scanners • Physical Safeguards: – Restricting access, locking rooms where email is sent – Keeping portable devices in secure location

  9. Technical, Physical & Administrative Safeguards • Administrative Safeguards: – Notice in emails that information is confidential – Providing instructions for when email is received in error – Communicate by professional vs personal accounts – Confirming recipient email address is current – Checking that email address is typed correctly – Restricting access to email system and content on need-to-know basis – Informing individuals of email changes – Acknowledging receipt of emails – Recommending that recipients implement these safeguards

  10. Email Among Custodians • The IPC expects emailing of PHI among custodians to be secured by use of encryption. • There may be exceptional circumstances where communication of PHI between custodians through encrypted email may not be practical (e.g. emergencies) • Custodians should look to their health regulatory colleges for applicable guidelines, standards or regulations on the use of unencrypted email to communicate PHI.

  11. Email Between Custodians & Patients • Where feasible, custodians should use encryption for communicating with their patients. • Where it is not feasible, custodians should consider whether it is reasonable to communicate through unencrypted email. – Are there alternative methods? – Is it an emergency? – Would the patient expect you to communicate with him or her in this way? – How sensitive is the PHI to be communicated? – How much and how frequently will be PHI be communicated?

  12. Policy, Notice and Consent Policy • Custodians are expected to develop and implement a written policy for sending and receiving PHI by email Notice and Consent • Custodians are expected to notify their patients about this policy and obtain their consent prior to communicating via email that is not encrypted • Consent may be provided in verbally or in writing

  13. Data Minimization, Retention and Disposal of PHI Data Minimization • Custodians have a duty to limit the amount and type of personal health information included in an email Retention and Disposal • Custodians are required to retain and dispose of PHI in a secure manner • PHI should only be stored on email servers and portable devices for as long as is necessary to serve the intended purpose

  14. Training and Privacy Breach Management Training & Education • Comprehensive privacy and security training is essential for reducing the risk of unauthorized collection, use and disclosure of PHI Privacy Breach Management • Custodians are expected to have a privacy breach management protocol in place that identifies the reporting, containment, notification, investigation and remediation of actual and suspected privacy breaches

  15. Guidance from the IPC: Communicating PHI by Email • Obligations under PHIPA • Understanding and addressing the risks including: – Safeguards – Policy, notice & consent – Data minimization – Retention & disposal of PHI – Training – Privacy breach management

  16. Agenda 1. Protecting Privacy when Communicating Electronically 2. Communicating PHI by Email 3. Electronic Health Records and Bill 119 4. Mobile Devices 5. Unauthorized Access 6. Ransomware

  17. The Promise of Electronic Health Records • Potential to facilitate more efficient and effective health care and improve the quality of health care provided • Accessible by all health care providers involved in the health care of an individual, regardless of location • More complete than paper records which tend to be spread over a wide range of health care providers • Easier to read and locate than paper records • Can be designed to enhance privacy, i.e. through access controls, audit logs and strong encryption

  18. The Peril of Electronic Health Records • If privacy is not built into their design and implementation, electronic health records pose unique risks to privacy • Make it easier to transfer or remove personal health information from a secure location • May attract hackers and others with malicious intent • Increases the risk of authorized individuals accessing personal health information for unauthorized purposes

  19. Bill 119: Proclaimed Provisions Proclaimed provisions Definition of “use” has been clarified to include “viewing” of personal • health information New provision requires custodians to take steps that are reasonable in • the circumstances to ensure PHI is not collected without authority • Requires prescribed types of privacy breaches to be reported to our office and to relevant regulatory colleges • Removes the requirement that prosecutions be started within 6 months of when the offence occurred • Doubles the fines for offences from $50,000 to $100,000 for individuals and $250,000 to $500,000 for organizations

  20. Bill 119: Provisions Not Yet Proclaimed Provisions not yet proclaimed • Provisions related to the provincial electronic health record (EHR) • These provisions will: - Set out the rules for the collection, use and disclosure of personal health information in a provincial EHR - Establish processes by which individuals can implement consent directives with respect to their personal health information - Establish processes by which individuals can access their records of personal health information from the provincial EHR

  21. Agenda 1. Protecting Privacy when Communicating Electronically 2. Communicating PHI by Email 3. Electronic Health Records and Bill 119 4. Mobile Devices 5. Unauthorized Access 6. Ransomware

  22. Mobile Devices • Mobile devices may be especially vulnerable to loss, theft, or accessed by unauthorized individuals • If it is necessary to retain personal health information on mobile devices: – Only retain the minimal amount of personal health information and for the minimal amount of time necessary – Ensure personal health information is strongly encrypted – Ensure the encryption keys are not stored with or on the device – Ensure the use of strong password protection • Develop a policy and procedures for secure retention on mobile or portable devices – Provide training to agents on the policy and procedures, – Regularly audit compliance with the policy and procedures, – Regularly review the policy and procedures

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Establishing a Personal Electronic Health Record in the Rhine-Neckar Region Sarajevo 31th of

Establishing a Personal Electronic Health Record in the Rhine-Neckar Region Sarajevo 31th of

Establishing a Personal Electronic Health Record in the Rhine-Neckar Region Sarajevo 31th of August 2009 Oliver HEINZE 1 , Antje BRANDNER 1 , Bjrn BERGH 1 1 Department of Information Technology and Medical Engineering University Hospital

682 views • 19 slides
Social Media What is Social Media? forms of electronic communication (such as Web sites) through

Social Media What is Social Media? forms of electronic communication (such as Web sites) through

EDUCATE HONOR CHALLENGE Social Media What is Social Media? forms of electronic communication (such as Web sites) through which people create online communities to share information, ideas, personal messages, etc. Social Media Platforms

410 views • 14 slides
Key Terminology Health Information Technology (HIT) - Computer systems and electronic technologies

Key Terminology Health Information Technology (HIT) - Computer systems and electronic technologies

Key Terminology Health Information Technology (HIT) - Computer systems and electronic technologies used for health and health care purposes Health Information Exchange (HIE) - An electronic means to share computerized health information, it can

451 views • 13 slides
Electronic Communication Lecture 5 COMPSCI111 Todays lecture u Looking at how different

Electronic Communication Lecture 5 COMPSCI111 Todays lecture u Looking at how different

Electronic Communication Lecture 5 COMPSCI111 Todays lecture u Looking at how different types of electronic communication work u Email u Instant messaging u Forums u Issues with electronic communication u Spam u Netiquette u Security

511 views • 29 slides
Electronic Communication Lecture 5 COMPSCI111/111G Todays lecture u Looking at how

Electronic Communication Lecture 5 COMPSCI111/111G Todays lecture u Looking at how

Electronic Communication Lecture 5 COMPSCI111/111G Todays lecture u Looking at how different types of electronic communication work u Email u Instant messaging u Forums u Issues with electronic communication u Spam u Netiquette u Security

456 views • 29 slides
Adoption of Electronic Health Records (EHRs) and Agency Health Information Technology

Adoption of Electronic Health Records (EHRs) and Agency Health Information Technology

Indian Health Services (IHS)/638 Adoption of Electronic Health Records (EHRs) and Agency Health Information Technology (HIT)/Health Information Exchange (HIE) Strategy Jakenna Lebsock, MPA Region 9 HITECH Meeting August 26-27, 2014 Overview

249 views • 22 slides
The Case for De-identification Khaled El Emam uOttawa & CHEO RI Electronic Health

The Case for De-identification Khaled El Emam uOttawa & CHEO RI Electronic Health

The Case for De-identification Khaled El Emam uOttawa & CHEO RI Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 1 Section 1 Electronic Health Information

413 views • 23 slides
Privacy and your business: An introduction to the Personal Information Protection and Electronic

Privacy and your business: An introduction to the Personal Information Protection and Electronic

Privacy and your business: An introduction to the Personal Information Protection and Electronic Documents Act SLIDE (1) Title Slide PRIVACY AND YOUR BUSINESS: An introduction to the Personal Information Protection and Electronic Documents Act.

294 views • 26 slides
Module 6 ~ General Outline Personal Communication Communication Within the SSIO Always

Module 6 ~ General Outline Personal Communication Communication Within the SSIO Always

Module 6 C OMMUNICATION Personal & Organisational ORIENTATION PROGRAMME FOR SSIO OFFICE BEARERS Module 6 ~ General Outline Personal Communication Communication Within the SSIO Always strive to satisfy your conscience before

585 views • 25 slides
TLS in the wild An Internet-wide analysis of TLS-based protocols for electronic communication

TLS in the wild An Internet-wide analysis of TLS-based protocols for electronic communication

TLS in the wild An Internet-wide analysis of TLS-based protocols for electronic communication Ralph Holz School of Information Technologies Faculty of Engineering & Information Technologies Team This is joint work with Johanna

678 views • 28 slides
Electronic Health Record Use: Health Care Providers Perception at a Community Health Center

Electronic Health Record Use: Health Care Providers Perception at a Community Health Center

Electronic Health Record Use: Health Care Providers Perception at a Community Health Center Gina Robinson CentroMed San Antonio, TX Introduction The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed

343 views • 11 slides
5/20/2015 Colorado Health Information Technology Overview - Electronic Health Records and

5/20/2015 Colorado Health Information Technology Overview - Electronic Health Records and

5/20/2015 Colorado Health Information Technology Overview - Electronic Health Records and Public Health S ettings May 20, 2015 Chris Wells, CDPHE Public Healt h IT Direct or Topics Overview of Health IT in Colorado Health and Health

477 views • 6 slides
Utah Medicaids Electronic Health Record (EHR)/Health Information Technology (HIT) Program

Utah Medicaids Electronic Health Record (EHR)/Health Information Technology (HIT) Program

Utah Medicaids Electronic Health Record (EHR)/Health Information Technology (HIT) Program Uses DIRECT Utmcaidhit@chiedirect.net Utah established this account to be able to receive DIRECT messages from providers The Utah Health

213 views • 5 slides
Communication Networks II www.kom.tu-darmstadt.de www.httc.de Network Applications - Electronic

Communication Networks II www.kom.tu-darmstadt.de www.httc.de Network Applications - Electronic

Communication Networks II www.kom.tu-darmstadt.de www.httc.de Network Applications - Electronic Mail Prof. Dr.-Ing. Ralf Steinmetz TU Darmstadt - Technische Universitt Darmstadt, Dept. of Electrical Engineering and Information Technology,

760 views • 41 slides
Personal Health Budgets for Continuing Health Care Andr Fox PHB Programme Director Personal

Personal Health Budgets for Continuing Health Care Andr Fox PHB Programme Director Personal

Personal Health Budgets for Continuing Health Care Andr Fox PHB Programme Director Personal Health Budgets- Key Areas Covered. 1. History of PHB In North East London 2. How PHBs fit with local NHS. 3. What is a Personal Health Budget?

319 views • 18 slides
Initiative Electronic Health Record (EHR) Incentive Program Medical Assistance

Initiative Electronic Health Record (EHR) Incentive Program Medical Assistance

Medical Assistance Health Information Technology Initiative (HIT) Pennsylvania Department of Public Welfare Office of Medical Assistance Programs Health Information Technology (HIT) Initiative Electronic Health Record (EHR)

334 views • 22 slides
E-mail invoicing process Aptiv Services Introduction of the new process We are pleased to

E-mail invoicing process Aptiv Services Introduction of the new process We are pleased to

March 21, 2019 E-mail invoicing process Aptiv Services Introduction of the new process We are pleased to introduce a new e-mail invoicing solution for Aptiv suppliers which will improve quality of our invoice handling process. E-mail Invoicing

624 views • 5 slides
Pandemic Telehealth vs Steady-State Telehealth In steady-state telepractice, several

Pandemic Telehealth vs Steady-State Telehealth In steady-state telepractice, several

Pandemic Telehealth vs Steady-State Telehealth In steady-state telepractice, several considerations are taken prior to starting therapy to determine appropriateness of the model. Equipment Client preference for therapy modes (in-person

459 views • 7 slides
ACTS REAL ESTATE AND GENERAL TOPICS PRESENTED BY MICHAEL KENNEDY, ESQ. JAMES KNAPP , ESQ. KEY

ACTS REAL ESTATE AND GENERAL TOPICS PRESENTED BY MICHAEL KENNEDY, ESQ. JAMES KNAPP , ESQ. KEY

REMOTE INK NOTARIAL ACTS REAL ESTATE AND GENERAL TOPICS PRESENTED BY MICHAEL KENNEDY, ESQ. JAMES KNAPP , ESQ. KEY INFORMATION - Emergency Rules for Notaries Public and Remote Notarization 180 days from March 24, 2020 Guidance on

726 views • 25 slides
Investor Presentation: Market Eye 6 November 2019 Rob Goss Chief Financial Officer

Investor Presentation: Market Eye 6 November 2019 Rob Goss Chief Financial Officer

Investor Presentation: Market Eye 6 November 2019 Rob Goss Chief Financial Officer Audinate: pioneering the future of the AV industry Dante technology distributes audio & video signals across computer networks The Dante Audinate is

673 views • 19 slides
Secure file transmission of PHI, RHI and sensitive information Background File Transfer

Secure file transmission of PHI, RHI and sensitive information Background File Transfer

Secure file transmission of PHI, RHI and sensitive information Background File Transfer Application (FTA) Web Application Use Outlook Plug In Use Workspace Use 2 Information Privacy & Security Executive Committee

318 views • 20 slides
and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA

and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA

Information Privacy and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should be able to: Define privacy practices

691 views • 37 slides
Employer Overview S T A T E O F K A N S A S - P R I V A T E A N D C O N F I D E N T I A L

Employer Overview S T A T E O F K A N S A S - P R I V A T E A N D C O N F I D E N T I A L

Employer Overview S T A T E O F K A N S A S - P R I V A T E A N D C O N F I D E N T I A L Benefits of KPCpay Convenient, accurate, safe and secure 24/7 Pay immediately, get instant confirmation Avoid Post Office delays

354 views • 12 slides
Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden

Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden

Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden University Medical Center (LUMC) Tuesday 1st April 2014 from 11.30 12.00 #EBMT2014 www.ebmt.org Data confidentiality requested topics Explanation

512 views • 20 slides

More recommend