slide1
Download
Skip this Video
Download Presentation
Landspitali University Hospital - Iceland Torfi Magnússon MD. landspitali.is

Loading in 2 Seconds...

play fullscreen
1 / 31

Landspitali University Hospital - Iceland Torfi Magnússon MD. landspitali.is - PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on

Implication of EU Data protection directive and national legislation on hospital administration and IT at. Landspitali University Hospital - Iceland Torfi Magnússon MD. www.landspitali.is [email protected] Iceland - Reykjavik. Member of European Economic Area

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Landspitali University Hospital - Iceland Torfi Magnússon MD. landspitali.is' - hazel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
Implication of EU Data protection directive and national legislation on hospital administration and ITat

Landspitali University Hospital - Iceland

Torfi Magnússon MD.

www.landspitali.is

[email protected]

slide2

Iceland - Reykjavik

  • Member of European Economic Area
  • 60% of EU legislation applies to Iceland
  • Data protection rules originate from EU
landsp tali university hospital
Landspítali University Hospital
  • Governmental institution
  • 80-85% of hospital services in Iceland
merger 2000
Merger 2000

2005

Hospital beds 850

Full time staff 3.850

Admissions 31.100

milestones in e health at landsp tali
Milestones in e-Health at Landspítali
  • 1973: First electronic registration of lab results
  • 1985: Paper-based record with some computer- generated documents
  • 1990: Computer-generated documents made electronically available.
  • 2000: Focus on inter-operability of EPR systems.
  • 2003: EPR - building a patient-centered record.
co operation agreement 2006
Co-operation Agreement 2006

P.Stradiņš University Hospital (Riga, Latvia) and Landspítali University Hospital (Reykjavik, Iceland)

Focus on IT support for medical and administrative work

the project
The project

e-health support for angio surgery

for doctors and nurses

  • Specialized Electronic Medical Records system
      • extendable to all surgery
  • Application to EEA Grants by P. Stradiņš Hospital in partnership with
      • Landspítali University Hospital and
      • Association of Vascular Surgeons of Latvia
slide8

Integrated modular medical record system

Overview of patient history regardless of location

Brings all the modules together

Electronic Medical Record

Integration layer

Specializedsystems

Laboratory

Radiology

Surgery

Other systems

goals of project
Goals of project
  • To improve quality and efficiency of care in surgery and anaesthesia
  • To provide better, research and training capabilities
  • To improve statistics and analysis of information
  • To improve exchange of information within the hospital, as well as with the State
  • To develop new joint e-Health solutions that can be used in Baltic, Nordic and other countries.
  • To strengthen Baltic-Nordic co-operation
slide10

Microsoft technology software

  • Ultra mobile PC hardware
  • Wireless network
  • Training and support

Dr. Edvīns Lietuvietis

Head of Angio Surgery Center

P.Stradiņš University Hospital

[email protected]

eu vision
EU vision
  • The EU “Electronic Health Record” aims at
    • compiling existing documentation on medical treatment

from different sources

    • information on the past and present state of health of an individual “from the cradle to the grave”
    • available in electronic form to all authorized health care professionalswherever and whenever this information is needed
  • Access by unauthorised persons must be virtually impossible
ehr a promise for a better future
EHR – a promise for a better future
  • Increased efficiency within the health care sector
  • Better protection of privacy
  • Enhanced role of the patient as decision maker in the treatment process
privacy confidentiality and security cornerstones to the ehr
Privacy, confidentiality and securitycornerstones to the EHR.
  • Privacy
    • The state of being free from intrusion into one\'s private life or affairs - the right to be let alone.
  • Confidentiality
    • To keep in secret information told in confidence
  • Security
    • Human, technical, physical and environmental security

EHR need rigorous protection of patient data

ehr legal framework
EHR - Legal Framework
  • Directive 95/46/EC

of the European Parliament and of the Council

  • Working Document on the Processing of personal data relating to health in electronic health records(15 February 2007)
  • Act on the Protection of Privacy as regards the Processing of Personal Data ( 2000 )
  • Icelandic rules and regulations
    • Act on the Rights of Patients
    • Health Record Regulations (Under revision)
directive 95 46 ec
Directive 95/46/EC
  • Article 8.1
    • Member states shall prohibit the processing of […] data concerning health […]
  • Article 8.3
    • Paragraph 3 shall not apply where processing of the data is required for purposes of preventive medicine, medical diagnosis, the provision of care or treatment […] and where those data are processed […] under national law or rules

Processing of health data needs sufficient legislative framework in each member country

categories of data concerning health
Categories of data concerning health

EU:

All data contained in Electronic Health Records are

“sensitive personal data”

  • Administrative data, e.g.
    • social security number
    • date of admission to hospital etc.
  • Personal data on health
  • Particularly sensitive data
    • psychiatric treatment
    • HIV
    • abortion
aim of the ehr
Aim of the EHR
  • All necessary patient data is to be available to
  • All authorized health care personnel
  • Wherever and whenever
  • Needed

and

  • Access by unauthorized persons must be virtually impossible
unanswered questions
Unanswered questions
  • Are all “personal data on health” equally sensitive ?
  • How much do different caretakers “need to know” ?
  • What kind of authorization should different groups of health care professionals have?
who needs access to ehr
Who needs access to EHR?
  • 30 healthcare professions in Iceland
      • Medical doctors
      • Nurses
      • Assistant nurses
      • Secretaries
      • Physiotherapists
      • etc.
policy on access control
Policy on access control
  • “Treatment relationship”
  • Data category and
  • Health care profession
treatment relationship basic access
Treatment relationship - basic access
  • Health care professionals - working within a clinical unit
  • The patient - treated at the clinical unit

Department of Cardiology

Health care professional

(Password)

Patient

(Social security number)

All authorized health information

luh policy different data category different access
LUH policy: Different data category - different access
  • Administrative data Category I
  • Enhanced administrative data Category II
  • Personal data on health - own department Category III
  • Personal data on health - other departments Category IV
  • Particularly sensitive data Category V
  • Strictly protected data (sealed envelope) Category VI
luh policy different health care professions different access
LUH policy: Different health care professions - different access

Group I Administrative health care personnele.g. booking, billing

Group II Specialized administrative health care personnel e.g. DRG-staff, health economists, analysts

Group III Assistant nurses

Group IV Registered nurses, Medical secretaries, physiotherapists

Group V Medical doctors

slide24

Group I

Administrative health care personnel

- booking, billing

Administrative data Category I-social security number,

- date of admission to hospital etc

slide25

Group II

Specialized administrative health care personnel

- DRG staff, analysts health economists

Administrative data Category I

Advanced administrative data Category II

- social security status

- diagnosis,

- procedure (operation),

- DRG group

slide26

Group III

Assistant nurses

Administrative data Category I

Advanced administrative data Category II

Personal data on health - own department Category III

slide27

Group IV

Registered nurses,

Medical secretaries,

Physiotherapists

Administrative data Category I

Advanced administrative data Category II

Personal data on health - own dept. Category III

Extended

access

Explanation

Personal data on health - another department Category IV

slide28
Group V

Medical doctors

Administrative data Category I

Advanced administrative data Category II

Personal data on health, own dept. Category III

Extended access

Explanation

Personal data on health - other departments Category IV

Extended access

Explanation

Particularly sensitive data Category V

- Psychiatric treatment

- HIV

- Abortion

slide29
Strictly protected data (sealed envelope) Category VI
  • Information from a third party – relatives
  • Other highly sensitive information

Access on an individual basis

audit committee
Audit committee
  • Minimum audit
    • Every staff’s EPR use for one day audited every year
  • Additional audit on selected groups
  • Patient audit
    • Upon request, a patient are given list of all personnel who have accessed his/her record
ad