privacy & patient safety - · pdf fileemr in spaarne hospital •since 2008: epic...
TRANSCRIPT
![Page 1: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/1.jpg)
PRIVACY & PATIENT SAFETY
![Page 2: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/2.jpg)
Disclosure slide
• Nothing to disclose
https://www.linkedin.com/pub/dr-arjen-noordzij/17/486/791
dokter_no
![Page 3: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/3.jpg)
Spaarne Hospital
11/6/2014 © 2012–2014 Healthcare Information and Management Systems Society (HIMSS) 3
![Page 4: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/4.jpg)
EMR in Spaarne Hospital
• Since 2008: Epic
– Introduction in 2 phases
– Enterprise
– Integration: 1 patient, 1 record• Medical
• Financial
– Complete order management
– Closed medication loop
![Page 5: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/5.jpg)
Dutch data protection act
• Access to (electronic) patientdatais strictly restricted to the employees directly involved in the execution of the treatmentcontract of a patient.
• Influence on patient safety?
![Page 6: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/6.jpg)
Dutch data protection act
• Risks
– Type of data
– Processing
• Appropriate security level
• Technical & organizational
– Technical possibilities
– Costs
• Prevention
![Page 7: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/7.jpg)
All users
SamePassword_1
Secretary logs in fora physician Epic demo / training in
production environment
Examples
![Page 8: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/8.jpg)
Facebook incident
• Patient dies during admission
• Nurse marks wrong patient as deceased
– Epic sends message to GP
• Nurse rectifies <1 minute
– Epic sends update to GP
• GP Assistant reads 1st message … not the update
• Posts it on facebook
![Page 9: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/9.jpg)
Organizational measures
• Information
– Code of conduct
– 10 golden rules
– Cases on intranet
– Broad privacy meetings
• Privacy functionary
• Privacy as distinct category in secure reporting of incidents registry
• Immediate dismissal of 2 nurses
![Page 10: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/10.jpg)
Technical measures
• Password policy
• Single sign-on
• Epic
– Audit trail
– (smart logging)
– Breaking-the-glass
![Page 11: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/11.jpg)
![Page 12: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/12.jpg)
Privacy Protection Commission
According to those signals access to electronicpatientdata is not strictly restricted to the employees directly involved in the execution of the treatment contract of a patient.
Balance between behavioural and technical measures
![Page 13: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/13.jpg)
Process
• outpatient & inpatient
• Scoring system
– Satifies PPC requirements
– Impairs patient safety
– Impairs daily practice (efficiency)
– Additional personnel necessary
– Technically feasible
![Page 14: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/14.jpg)
Proposal (1)
• Access defined on speciality level
• Outpatient personnel: access to known patients
• Inpatient personnel
– Access around admission
– Patients admitted for own speciality (or consultation)
– ICU personnel: access to all clinical patients
• ‘unlimited’ access: ICU, OR & ED patients
![Page 15: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/15.jpg)
Proposal (2)
• Breaking-the-glass
– Very effective
– Fear to ‘break the glass’
• Smart queries on breaking-the-glass files
• Manual check
![Page 16: PRIVACY & PATIENT SAFETY - · PDF fileEMR in Spaarne Hospital •Since 2008: Epic –Introduction in 2 phases –Enterprise –Integration: 1 patient, 1 record •Medical •Financial](https://reader031.vdocument.in/reader031/viewer/2022022420/5a7a9dd67f8b9a66798b673f/html5/thumbnails/16.jpg)
Does privacy impair safety?
• Potentially: yes
• With proposed measures: most probably not
• It does impair efficiency (breaking-the-glass)
• Balance between desirability and feasibility
• Opinion PPC versus legislation