Implication of EU Data protection directive and national legislation on hospital administration and ...
Download
1 / 31

Landspitali University Hospital - Iceland Torfi Magnússon MD. landspitali.is - PowerPoint PPT Presentation


  • 131 Views
  • Uploaded on

Implication of EU Data protection directive and national legislation on hospital administration and IT at. Landspitali University Hospital - Iceland Torfi Magnússon MD. www.landspitali.is [email protected] Iceland - Reykjavik. Member of European Economic Area

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Landspitali University Hospital - Iceland Torfi Magnússon MD. landspitali.is' - hazel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Implication of EU Data protection directive and national legislation on hospital administration and ITat

Landspitali University Hospital - Iceland

Torfi Magnússon MD.

www.landspitali.is

[email protected]


Iceland - Reykjavik legislation on hospital administration and IT

  • Member of European Economic Area

  • 60% of EU legislation applies to Iceland

  • Data protection rules originate from EU


Landsp tali university hospital
Landspítali University Hospital legislation on hospital administration and IT

  • Governmental institution

  • 80-85% of hospital services in Iceland


Merger 2000
Merger 2000 legislation on hospital administration and IT

2005

Hospital beds 850

Full time staff 3.850

Admissions 31.100


Milestones in e health at landsp tali
Milestones in e-Health at legislation on hospital administration and ITLandspítali

  • 1973: First electronic registration of lab results

  • 1985: Paper-based record with some computer- generated documents

  • 1990: Computer-generated documents made electronically available.

  • 2000: Focus on inter-operability of EPR systems.

  • 2003: EPR - building a patient-centered record.


Co operation agreement 2006
Co-operation Agreement legislation on hospital administration and IT2006

P.Stradiņš University Hospital (Riga, Latvia) and Landspítali University Hospital (Reykjavik, Iceland)

Focus on IT support for medical and administrative work


The project
The project legislation on hospital administration and IT

e-health support for angio surgery

for doctors and nurses

  • Specialized Electronic Medical Records system

    • extendable to all surgery

  • Application to EEA Grants by P. Stradiņš Hospital in partnership with

    • Landspítali University Hospital and

    • Association of Vascular Surgeons of Latvia


  • Integrated modular medical record legislation on hospital administration and IT system

    Overview of patient history regardless of location

    Brings all the modules together

    Electronic Medical Record

    Integration layer

    Specializedsystems

    Laboratory

    Radiology

    Surgery

    Other systems


    Goals of project
    Goals of project legislation on hospital administration and IT

    • To improve quality and efficiency of care in surgery and anaesthesia

    • To provide better, research and training capabilities

    • To improve statistics and analysis of information

    • To improve exchange of information within the hospital, as well as with the State

    • To develop new joint e-Health solutions that can be used in Baltic, Nordic and other countries.

    • To strengthen Baltic-Nordic co-operation


    Dr. Edvīns Lietuvietis

    Head of Angio Surgery Center

    P.Stradiņš University Hospital

    [email protected]


    Eu vision
    EU vision legislation on hospital administration and IT

    • The EU “Electronic Health Record” aims at

      • compiling existing documentation on medical treatment

        from different sources

      • information on the past and present state of health of an individual “from the cradle to the grave”

      • available in electronic form to all authorized health care professionalswherever and whenever this information is needed

    • Access by unauthorised persons must be virtually impossible


    Ehr a promise for a better future
    EHR – a promise for a better future legislation on hospital administration and IT

    • Increased efficiency within the health care sector

    • Better protection of privacy

    • Enhanced role of the patient as decision maker in the treatment process


    Privacy confidentiality and security cornerstones to the ehr
    Privacy, confidentiality and security legislation on hospital administration and ITcornerstones to the EHR.

    • Privacy

      • The state of being free from intrusion into one's private life or affairs - the right to be let alone.

    • Confidentiality

      • To keep in secret information told in confidence

    • Security

      • Human, technical, physical and environmental security

    EHR need rigorous protection of patient data


    Ehr legal framework
    EHR - Legal Framework legislation on hospital administration and IT

    • Directive 95/46/EC

      of the European Parliament and of the Council

    • Working Document on the Processing of personal data relating to health in electronic health records(15 February 2007)

    • Act on the Protection of Privacy as regards the Processing of Personal Data ( 2000 )

    • Icelandic rules and regulations

      • Act on the Rights of Patients

      • Health Record Regulations (Under revision)


    Directive 95 46 ec
    Directive 95/46/EC legislation on hospital administration and IT

    • Article 8.1

      • Member states shall prohibit the processing of […] data concerning health […]

    • Article 8.3

      • Paragraph 3 shall not apply where processing of the data is required for purposes of preventive medicine, medical diagnosis, the provision of care or treatment […] and where those data are processed […] under national law or rules

    Processing of health data needs sufficient legislative framework in each member country


    Categories of data concerning health
    Categories of data concerning health legislation on hospital administration and IT

    EU:

    All data contained in Electronic Health Records are

    “sensitive personal data”

    • Administrative data, e.g.

      • social security number

      • date of admission to hospital etc.

    • Personal data on health

    • Particularly sensitive data

      • psychiatric treatment

      • HIV

      • abortion


    Aim of the ehr
    Aim of the EHR legislation on hospital administration and IT

    • All necessary patient data is to be available to

    • All authorized health care personnel

    • Wherever and whenever

    • Needed

      and

    • Access by unauthorized persons must be virtually impossible


    Unanswered questions
    Unanswered questions legislation on hospital administration and IT

    • Are all “personal data on health” equally sensitive ?

    • How much do different caretakers “need to know” ?

    • What kind of authorization should different groups of health care professionals have?


    Who needs access to ehr
    Who needs access to EHR? legislation on hospital administration and IT

    • 30 healthcare professions in Iceland

      • Medical doctors

      • Nurses

      • Assistant nurses

      • Secretaries

      • Physiotherapists

      • etc.


    Policy on access control
    Policy on access control legislation on hospital administration and IT

    • “Treatment relationship”

    • Data category and

    • Health care profession


    Treatment relationship basic access
    Treatment relationship - legislation on hospital administration and ITbasic access

    • Health care professionals - working within a clinical unit

    • The patient - treated at the clinical unit

    Department of Cardiology

    Health care professional

    (Password)

    Patient

    (Social security number)

    All authorized health information


    Luh policy different data category different access
    LUH policy: legislation on hospital administration and ITDifferent data category - different access

    • Administrative data Category I

    • Enhanced administrative data Category II

    • Personal data on health - own department Category III

    • Personal data on health - other departments Category IV

    • Particularly sensitive data Category V

    • Strictly protected data (sealed envelope) Category VI


    Luh policy different health care professions different access
    LUH policy: legislation on hospital administration and ITDifferent health care professions - different access

    Group I Administrative health care personnele.g. booking, billing

    Group II Specialized administrative health care personnel e.g. DRG-staff, health economists, analysts

    Group III Assistant nurses

    Group IV Registered nurses, Medical secretaries, physiotherapists

    Group V Medical doctors


    Group I legislation on hospital administration and IT

    Administrative health care personnel

    - booking, billing

    Administrative data Category I-social security number,

    - date of admission to hospital etc


    Group II legislation on hospital administration and IT

    Specialized administrative health care personnel

    - DRG staff, analysts health economists

    Administrative data Category I

    Advanced administrative data Category II

    - social security status

    - diagnosis,

    - procedure (operation),

    - DRG group


    Group III legislation on hospital administration and IT

    Assistant nurses

    Administrative data Category I

    Advanced administrative data Category II

    Personal data on health - own department Category III


    Group IV legislation on hospital administration and IT

    Registered nurses,

    Medical secretaries,

    Physiotherapists

    Administrative data Category I

    Advanced administrative data Category II

    Personal data on health - own dept. Category III

    Extended

    access

    Explanation

    Personal data on health - another department Category IV


    Group V legislation on hospital administration and IT

    Medical doctors

    Administrative data Category I

    Advanced administrative data Category II

    Personal data on health, own dept. Category III

    Extended access

    Explanation

    Personal data on health - other departments Category IV

    Extended access

    Explanation

    Particularly sensitive data Category V

    - Psychiatric treatment

    - HIV

    - Abortion


    Strictly protected data (sealed envelope) legislation on hospital administration and ITCategory VI

    • Information from a third party – relatives

    • Other highly sensitive information

    Access on an individual basis


    Audit committee
    Audit committee legislation on hospital administration and IT

    • Minimum audit

      • Every staff’s EPR use for one day audited every year

    • Additional audit on selected groups

    • Patient audit

      • Upon request, a patient are given list of all personnel who have accessed his/her record


    Thank you legislation on hospital administration and IT


    ad