1 / 28

Privacy Education Session CMHA-WECB/CCHC Volunteers/Students

Learn about privacy legislation and how it applies at CMHA-WECB. Understand the Personal Health Information Protection Act (PHIPA), consent, and personal behavior guidelines.

alfredrogers
Download Presentation

Privacy Education Session CMHA-WECB/CCHC Volunteers/Students

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Education SessionCMHA-WECB/CCHCVolunteers/Students Laura Liebrock Chief Quality Improvement & Privacy Officer

  2. Overview An introduction to Privacy Legislation and how it applies at CMHA-WECB What is PHIPA? Consent What I Need to Know Personal Behaviour

  3. What is the PHIPA? Personal Health Information Protection Act • Privacy legislation for the health care sector – e.g. Hospitals, CHCs, Community Mental Health Agencies, CCAC, Public Health Units • Compliance required in November 2004

  4. What is PHIPA? What is the purpose of PHIPA? • To establish rules for the collection, use and disclosure of personal health information (PHI) • To provide individuals with a right to access and correct PHI • To provide for review and resolution of complaints about PHI

  5. When Does PHIPA Apply? PHIPA applies to: • Health Information Custodians (HICs) – organizations like CMHA-WECB that collect, use and disclose PHI • Agents of HICs – employees, students, volunteers, affiliated physicians, therapists, consultants, contractors, researchers • Non HICs – others who receive PHI from a HIC – police, insurers, social service partners

  6. What is Personal Health Information? Personal Health Information (PHI) is: • Oral (spoken) or recorded information (written or electronic) • Information that on its own or linked can be used to identify an individual • Relates to an individual’s physical and/or mental health including diagnosis and family history

  7. What is Personal Health Information? • Relates to health care received or to the people providing the care • OHIP number • Identification of a substitute decision maker • Test results • Anything else included in a record which contains PHI that can identify an individual

  8. Why was PHIPA introduced? • PHI is amongst the most sensitive information available on an individual • PHI in the wrong hands can have a devastating impact on reputation, employment, obtaining insurance and family relationships

  9. Why was PHIPA introduced? • PIPEDA (Personal Information Protection and Electronic Documents Act) January 2004, did not focus on issues related to healthcare • PHIPA provides direction to all individuals who collect, use and disclose personal health information (PHI) • In particular, mental health information carries a negative stigma in our society • Our society is rights based and PHIPA gives the client right of access • The increasing use of electronic information systems may increase risk of disclosure of PHI

  10. Privacy Principles • Accountability • Purpose for Collection • Consent • Limit Collection • Limit Use & Disclosure • Accuracy • Safeguards • Openness • Access • Challenge Compliance

  11. Using the Privacy Principles • Creates new rules for collection, use and disclosure of PHI • Introduces the concept of HIC • Differentiates between: • Disclosure inside and outside the “circle of care” • Disclosure for health care or other purposes • Situations where express, implied or no consent is required

  12. CONSENT Express Consent • Written, verbal, by telephone or electronically • Written, signed consent must be placed in the health record • Verbal consent must be documented in the health record

  13. CONSENT Implied Consent • Is generally understood as being consent given by an individual’s action or inaction • Example – you are opening a record and asking the client for information. They answer your questions, implying consent is given • Example – a client arrives at a lab to have blood work drawn. They sit and put out their arm, implying consent is given.

  14. Personal Behaviour • Wear a name tag and introduce yourself in person and on the phone by your name and status • Share PHI on a need to know basis with people directly involved in the client’s care

  15. Personal Behaviour • Avoid discussions with each other or with clients, in hallways or public areas • Think before you share!

  16. Personal Behaviour • Do not attempt to interpret the privacy legislation – ASK!

  17. Personal Behaviour • Lock your screen when away from your work station

  18. Personal Behaviour Remember to keep your computer screen turned so others cannot view it

  19. Personal Behaviour • Practice a “clean desk” policy • Do not keep client information in your desk/office/home This Not this!

  20. Personal Behaviour Consider the sensitivity of material when, printing, emailing or faxing PHI. Ensure the security of the recipient. Printing Email Fax

  21. Personal Behaviour Correctly dispose of any hardcopy documents containing personal health information by shredding.

  22. Personal Behaviour • Maintain privacy & confidentiality of information related to CMHA/CHC staff and affiliates – respect your colleagues’ right to privacy

  23. Personal Behaviour • Do not review information or ask questions about PHI just for “interest”

  24. Personal Behaviour • Look for privacy issues and report them! • Report all “near misses” • If you have a concern about a privacy issue, report it to Volunteer Services or the Chief Privacy Officer

  25. Personal Behaviour • Contact Laura Liebrock, Chief Quality Improvement & Privacy Officer, for questions relating to PHI and privacy

  26. Non-Compliance • The CPO investigates all breaches • An affected individual may file a complaint with the Privacy Commission, sue the agency for damages and/or sue the individual provider for damages • Max. $250,000 for the agency • Max. $50,000 for the individual

  27. Non-compliance Failure to maintain privacy and confidentiality may result in discipline including: • Loss of privileges • Loss of affiliation • Reporting to your professional college • Civil action • Criminal prosecution • Institutional and personal fines • Termination of contract • Termination of Employment

  28. Summary • If you have any questions about privacy issues always ask Volunteer Services or the Chief Privacy Officer. • Review the privacy handouts and complete the self-assessment. • Electronically sign the Privacy Agreement. • Congratulations – you have completed the privacy orientation!

More Related