Week 2 - privacy and security Flashcards
ON RPh Code of ethics 2.9
Members respect the patient’s right to privacy and confidentiality and take every reasonable precaution to protect patient confidentiality by preventing unauthorized or accidental disclosure of confidential patient information.
-this includes technicians and assistants and cashiers
ON RPh Code of ethics 3.6
Members respect patients right to privacy and do not disclose confidential information without the consent of the patient unless authorized by law or by the need to protect the welfare of the patient or the public
PHI - what abbreviate
personal health information
what is PHI
oral or written info about an individual
what is considered PHI
individuals physical or mental health including family history
provision of health care, including the ID of persons providing care
a plan of service for individuals requiring LTC
info relating to payment or eligibility for HC
info relating to donation of body parts/substances or that is derived from the testing or examination of such parts or substances
an individuals health number
info that IDs and individuals substitute decision maker
PHIPA - what abbreviate
Personal health information protection act
PHIPA
-safeguarding PHI
+(3)
you must take reasonable steps to safegurad PHI
- locking filing systems, alarm systems
- passwords, firewalls, virus scanners
- staff training, confidentiality agreements
Passwords - how manage
SHOULD NOT BE UNIVERSAL
-different passwords allow you to track who went into PHI
PHIPA
-requirements of electronic records (3)
electronic records should
- have passwords
- file backups to protect against loss/theft
- records with date/time, note changes, keep OG content if anything changed
written notes with patient name
considered PHI
PHIPA - when there is a breach
notify individuals about a privacy breech
PHIPA - records retention
retain records for as long as needed for legal purposes
PHIPA - record transfers
safely transfer records to another location
PHIPA - record destruction
safely destroy records
- shed/burn hard copies
- physically destroying electronic media
Principles of circle of care: who are considered health information custodians
all healthcare professionals are health information custodians
Principles of circle of care: where must PHI be received from
PHI must be received from the patient, patients agent or another custodian
Principles of circle of care: consent
need consent to share information with a non-custodian
Principles of circle of care: custodian to custodian sharing
for custodian to custodian sharing, patient can withold consent
Principles of circle of care: sharing between disciplines
can only share info that applies to what they do
-dentist ask for PHI
+only share stuff about teetth
Principles of circle of care: sharing within same practice
doc to doc, RPh to RPh
okay - just dont ID patient
-no name, gender, location etc
privacy
right to keep your information to yourself and private
security
systems or processes to ensure information remains protected
confidentiality
principles that information is not made available unless authorized
patient record
piece of PHI
ex. (list of Rx’s, list of patient names on pharmacy paper with pharmacists name on it)
