accessing safeguarding personal health information capital health
TRANSCRIPT
-
8/3/2019 Accessing Safeguarding Personal Health Information Capital Health
1/2
At Capital Health, it is our responsibility to respect confidentiality and privacy. We recognize that personal health information of our
patients is sensitive and protecting the information of our patients, clients and co-workers is important. Access to personal health
information is available to those who need-to-know to provide care, including clinicians, technicians, therapists and other healthprofessionals. We collect and use personal health information while taking measures to ensure privacy and confidentiality of the
information is protected and secure.
Personal information is information about an identifiable individual. It includes name, address, phone number, age, characteristic,
family status, marital status, health information such as blood type DNA or any combination of personal information that can be
linked to identify the individual. An individual has the right to retain control over the collection, use and disclosure of his/her personal
information by law in Canada.
Personal health information may refer to: information on the physical or mental health of the individual, information on any health
service provided to the individual, or information collected incidentally to the provision of health information to the individual. InNova Scotia, the Freedom of Information and Privacy Act (FOIPOP), Personal Information International Disclosure Protection Act
(PIIDPA) and the Hospitals Act provide privacy protection to patients. In addition, Capital Health and the Nova Scotia Department of
Health and Wellness have policies and procedures in place to protect your personal (health) information.
What You Want to Know
Accessing Personal Health Information. Under Capital
Health policies only staff involved in the care of the patient are
permitted to access health information on a need-to-know basis.
Health professionals are also bound by confidentialityrequirements from their professional colleges/regulatory
associations and by the policies at Capital Health.
Consent and Authorized Disclosure: The Hospital Act
enables provisions for clinical access to personal health
information for those clinicians providing ongoing clinical care
to the individual and for other healthcare professionals involved
in your care on a need-to-know basis. Access to personal health
information for administrative, legal, research or personal
inquiry by a family member requires consent of the patient.
Safeguarding Personal Health Information. There are three
components of protecting health information at Capital Health.
Administrative SafeguardCapital Health has a privacy policy
which governs the manner in which service providers andemployees manage personal information. Staff, volunteers and
students sign a pledge of confidentiality as a condition of
employment upon orientation.
Physical SafeguardCapital Health has a number of physical
safeguards which range from locked cabinets, secure fax, screen
savers for terminals and wearing photo identification to ensure
limited access to personal information.
Technical safeguardAccess to personal information is password
protected; all databases must be saved on secure networks; and
personal information is located within a firewall for protection.
Accessing & Safeguarding Personal Health
Information at Capital Health
-
8/3/2019 Accessing Safeguarding Personal Health Information Capital Health
2/2
Granting Access to Electronic Personal Health Information:
A User ID Request Form must be completed and signed by
authorized Managers to access systems at Capital Health. A
role-based access model is used to determine what level of
access will be granted. Individual passwords are assigned for
system protection. Individual system application training is
provided to ensure users accurately access the applications
provided. Processes are in place to suspend user access upontermination of employment.
Monitoring: Capital Health strives to protect and monitor both your
personal information and your personal health informationby:
educating staff, physicians, volunteers and students on the
importance of respecting privacy rights and the importance of
maintaining confidentiality. Capital Health monitors role-based
access to personal health information; adheres to security practices
for electronic and paper records; conducts random audits of user
access and reports potential mis-use of personal health information.
Privacy, Confidentiality and Security: Capital Health has
developed information security policies, standards, and
procedures which are managed through privacy, confidentiality
and security specialist roles across the organization. Our
specialists are trained to look for the weaknesses and
vulnerabilities in target systems and to identify report and
mitigate risk. Our privacy officer oversees the development,
implementation, maintenance of and adherence to Capital
Health privacy principles, policies and procedures.
Enhanced Security of Electronic Information: Capital Health has
implemented an electronic filing system for patient health
information that can only be accessed by authorized members of
your healthcare team through Capital Health computer systems. To
access your personal health information, your healthcare team must
use a series of passwords within a network service. This enhances
security within an electronic record versus paper-based
documentation. In many ways, it is much more secure than moving
paper files from location to location.Network & password protection combined with audit functionality
provides the ability to monitor the access of personal health
information for each patient.