FREQUENTLY ASKED QUESTIONS

Transcription

1 FREQUENTLY ASKED QUESTIONS GENERAL What is the Information Sharing Framework (ISF)? The ISF is a set of legal agreements designed to allow physicians to fulfill College of Physicians and Surgeons of Alberta (CPSA) practice standards and legislative requirements under the Health Information Act (HIA). Signing the ISF is a requirement to practice in Alberta Health Services ambulatory or outpatient clinics using a shared Electronic Medical Record system such as eclinician. The ISF establishes a model of information sharing where participants share custodial responsibility; one where all participants contribute information to and use information from a shared information system to support patient care. The ISF was signed into effect in March Why do I have to sign the ISF? Please note that this interpretation comes after extensive consultation with the Canadian Medical Protective Association (CMPA), the CPSA, the Office of the Information Privacy Commission (OIPC), the provincial Faculties of Medicine, as well as legal advisors to both the Alberta Medical Association (AMA) and AHS. The Health Information Act of Alberta and CPSA Practice standard #21 have specific requirements for sharing health information. The ISF fulfills these requirements, and ensures that participating physicians, AHS, and Covenant Health (CH) are sharing health information appropriately. Why was the Information Sharing Framework (ISF) necessary? In 2008, Alberta Health Services (AHS) expanded the use of Electronic Medical Record (EMR) systems to include ambulatory/outpatient clinics, and certain primary care networks and community physician practices. In 2009, AHS and the AMA undertook development of the Information Sharing Framework to address the growing needs for information governance and risk management in a shared EMR. The move towards a shared EMR environment brought forth the development of a set of legal agreements required in order for health information to be shared, as well as a governance structure that would ensure that no single party to the agreements exercises exclusive control of the information

2 stored in the shared EMRs, but each has an equal voice in determining how health information within these systems is accessed, used, disclosed, and protected. What EMR systems fall under the Information Sharing Framework (ISF)? The agreements recognize the ISF to be a provinical framework. eclinician is one of the designated shared EMRs under the ISF. Currently, many physicans using Sunrise Clinical Manager - Ambulatory in Calgary have entered into an interm agareement with AHS. Work is underway to extend the same framework to physicians using Sunrise Clinical Manager Ambulatory in the near future. What is eclinician? eclinician is an AHS operated shared EMR system, used in the Edmonton area, for ambulatory care physicians to schedule and manage patient appointments, initiate or accept referrals, store patient electronic health records, and bill for healthcare services. Who is the Information Manager? AHS is the Information Manager to EMR Custodians and Covenant Health as it relates to their storage of health information in the shared EMR. Who are EMR Custodians? Participating physicians (as regulated by the College of Physicians & Surgeons of Alberta), Covenant Health, and AHS are EMR Custodians of the ambulatory health information stored in the shared EMR. Who are EMR Affiliates? An EMR Affiliate is an employee of an EMR Custodian or a person providing a service on behalf of an EMR Custodian, permitted by the EMR Custodian to access, use or disclose shared EMR information on his/her behalf. EMR Custodians are responsible and accountable for the actions of their affiliates as it relates to their access to the shared EMR. EMR Custodians must take reasonable steps to ensure that their affiliates understand appropriate use of the shared EMR. They must also take reasonable steps to ensure their affiliates are aware of any applicable organizational policies and procedures related to the privacy, security, or protection of health information. EMR Custodians may contact the Information Stewardship Office at any time to request guidance or direction on the steps they can take to protect health information in the shared EMR or manage the risks associated with providing an affiliate with access to the system.

3 Within a shared EMR, can other users easily view patient information if they are not the care provider? Access within a shared EMR system will be assigned according to the role/position of the requestor. Those in positions of providing health services, i.e. physicians, will receive broader access than those in administrative roles. All users are educated on the appropriate use of the shared EMR system and should access only what is pertaining to their current role and responsibilities. Access may also be further limited within the systems by means of masking, sensitive notes, and confidential department status. Can a user access their own information or information of a family member from the shared EMR system? Under current legislation, a user, including EMR Custodians and EMR Affiliates, does not have right to access information of a family member or of themselves unless they are directly involved in the provision of a health service. Individuals have the right to access their own health information through the appropriate and secure channels following the access and disclosure policies and procedures. EMR Custodians and Affiliates must follow the same process as those without access to the shared EMR when obtaining their own health information see EMR Information Exchange Protocol and Individuals that access this information, without going through the proper release process, would be considered in breach of the EMR Information Exchange Protocol and HIA. Shared EMR access is a privilege. Misuse of these systems can result in restriction or suspension of your access rights, which may impact your employment or ability to deliver patient care. How do you ensure that EMR information within the shared EMR is being used appropriately? All EMR Custodians wishing to use or disclose EMR information are required to sign the ISF agreements, certifying that they have read and agree to abide by the terms of the agreements. In addition, regular auditing is completed by the Information Manager to identify inappropriate access, use, and disclosure of EMR information. Auditing is done on a random, routine and by request basis. Who do I contact if I encounter a security or privacy breach involving a shared EMR system? Contact the Information Manager and/or the Information Stewardship Office. Information Manager Legal & Privacy Service privacy@albertahealthservices.ca Information Stewardship Office ISO@albertahealthservices.ca

4 PHYSICIANS Am I obligated to participate in the Information Sharing Framework (ISF)? Prior to gaining access to or using the shared EMR system, you must execute (read, understand and sign) the Physician Participation Agreement under the ISF in order to meet your legal and professional obligations. Physicians must have an Information Management Agreement and Information Sharing Agreement in place prior to storing or scheduling health information in the shared EMR. By signing the Physician Participation Agreement, you become signatory to both the Information Management Agreement and Information Sharing Agreement. College of Physicians and Surgeons (CPSA) Standards of Practice #21 Where a physician places patient information into an electronic record which is not under his or her direct custody or control, there must be in place: A written information management agreement A written information sharing agreement which manages issues related to access, secondary use and disclosure of patient information Health Information Act (HIA) Sections 66 (1) and (2) A custodian must enter into a written agreement with the information manager in accordance with the regulations for the provision of any or all services below: Processes, stores, retrieves or disposes of health information Provides information management or information technology services. How do I participate in the Information Sharing Framework (ISF)? You become part of the ISF by signing the Physician Participation Agreement, which makes you signatory to both the Information Management Agreement and Information Sharing Agreement. The Physician Participation Agreement is a short, easy to read document, written with busy physicians in mind. As with any legal agreement, though, you should be aware of the risks and benefits of participating in the ISF when executing this agreement. Once you sign the PPA, thereby entering the Information Sharing Framework, you share custodial responsibility of shared EMR data. You can then access, use, and disclose information as set out in the EMR Information Exchange Protocol, including broad abilities to access enterprise EMR data for patients under your care.

5 Information you enter into the shared EMR can be seen by other authorized users. The ISF provides protection by establishing controls to mitigate risks associated with sharing health information through a large shared EMR system. If you decide to move to a clinic outside of the shared EMR environment, you have the right to request and receive copies of patient records. The ISF looks out for your interests in terms of information you contribute to the shared EMR. Under the ISF, Alberta Health Services can only use information about you (or any other health services providers using the shared EMR) for the restricted purposes expressly laid out under the EMR Information Exchange Protocol. The Information Stewardship Office, a neutral body, represents physicians and all other participating custodians of the shared EMR. The Information Stewardship Office monitors the Information Manager s compliance with the Information Management Agreement, as well as the other participating custodians compliance with the Information Sharing Agreement. For those big, long-term governance issues about what happens to the shared EMR and all the information you and your colleagues place there, you have a voice through Alberta Medical Association representation on the ISF Governance Committee. What is in it for me? The shared EMR allows better access to comprehensive patient information. The ISF enables you to meet your professional responsibilities when working in a shared EMR, while ensuring consistent rules are applied to all EMR Custodians. Services available to you under the ISF include: Processing of Access and Disclosure requests for patient information. Centralized processing of Research, Quality Assurance and Quality Improvement report extracts. Data remediation or fixing of incorrect patient demographics (Name, DOB, PHN, Date of Encounter etc.) ensuring correct medical information is posted to the correct patient making the EMR trustworthy. Access to, and maintenance of, the EMR. Application of consistent AHS Information Technology and Privacy best practices (i.e. system auditing for privacy, security, and potential breach in the shared EMR environment). Investigation of reported breaches (proactively and retrospectively) with subsequent recommendations for improvement. What are the rules about charting? Your professional obligations still exist and are guided by the College of Physicians & Surgeons of Alberta. Charting etiquette guidelines are available, specific to the eclinician system.

6 Do I have to pay anything to enter this agreement or use the Information Manager services? No fees are charged to administer the ISF or use the Information Manager services. Any/all other previous costs (i.e. private administration to operate your practice, research costs etc.) remain status quo. If I have a questions or concerns about this agreement, where do I go? Contact the Information Stewardship Office. Information Stewardship Office ISO@albertahealthservices.ca If I have questions or concerns about the Information Manager services provided by AHS, where do I go? Contact the Information Manager and/or Information Stewardship Office. Information Manager semr.im@albertahealthservices.ca Information Stewardship Office ISO@albertahealthservices.ca Will the Information Manager or Information Stewardship Office now assume some of my custodial duties? The Information Management Agreement and Information Sharing Agreement outline the services that will be provided by the Information Manager and Information Stewardship Office. However, all EMR Custodians remain responsible for the custodial roles and responsibilities that are contained in the Health Information Act and the ISF agreements. How do I discontinue or end my legal involvement with the Information Sharing Framework (ISF)? A physician may terminate the Physician Participation Agreement by submitting a signed Physician Notice of Termination to the Information Stewardship Office, which will automatically withdraw access to the shared EMR system. The physician may request, from the Information Manager, a copy of the EMR information contributed by him/her.