SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

Transcription

1 SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND PHYSICIANS USING AN AHS EMR SYSTEM) A DOCUMENT CONCERNING THE ACCESS TO, USE AND DISCLOSURE OF INFORMATION IN THE ELECTRONIC MEDICAL RECORD Information Exchange Protocol (IEP) - August 8,

2 Section A: Document Overview A.1 Purpose of This Document This document, the Electronic Medical Record Information Exchange Protocol (the Protocol ), establishes the specific rules for the access to, use, disclosure and protection of EMR Information contributed to and stored in an EMR System that is owned and operated by AHS (in this Protocol, the EMR System ) including: EMR Information from Participating Physicians and Alberta Health Services; EMR Information that is accessed by EMR Custodians in the EMR System; and, EMR Information that is used for Secondary Use and Disclosure purposes. These rules bind all EMR Custodians and EMR Affiliates utilizing the EMR System. Custodians who choose not to sign the Information Sharing Agreement or other appropriate legal agreements may not access, use or disclose EMR Information in the EMR System. A.2 Why Rules Are Required The Health Information Act establishes the legal authority and limits for the exchange of health information. It makes each Custodian in the health system responsible for the collection, use and disclosure of health information. However, the Health Information Act recognizes that a wide variety of circumstances exist in the delivery of care. While the Health Information Act establishes general rules, it provides Custodians considerable latitude within those rules for discharging their responsibilities. An EMR is an electronic record of an individual's health information. An EMR typically records a history of clinical encounters maintained by Physicians and other health care providers in an electronic information system. Since health information is shared electronically in the EMR System by a large number of Physicians and other health services providers, it is necessary to establish clear and consistent rules for Custodians. The rules set forth in this Protocol define the expected use of EMR Information by EMR Custodians, thereby providing consistency within the larger context of Custodian activity and their obligations under the Health Information Act. Only those rules that are unique to the EMR context are contained within this Protocol. Rules for how information may be collected, used and disclosed in the context of the Alberta EHR may be found in the Alberta Netcare Information Exchange Protocol. A.3 History of This Document This Protocol was created and first released under Version 1.0, February Information Exchange Protocol (IEP) - August 8,

3 A.4 Revisions to This Document This Protocol may be revised from time to time by the Governance Committee with input from the EHRDSC as required. All revisions to this Protocol will be made available to EMR Custodians 30 days prior to the effective date of the revisions. By continuing to access EMR Information in the EMR System following the effective date, an EMR Custodian accepts and agrees to comply with the revisions. The Governance Committee may, at its ongoing meetings, make relatively minor revisions to this Protocol that do not materially affect the continued use of the EMR System. Rather than release continual revisions to the Protocol, these minor revisions will be consolidated and published in periodic updated releases. When published, these updated releases will become effective in the same manner as major revisions. They will be made available to EMR Custodians 30 days prior to the effective date of the revisions. By continuing to access the EMR System following the effective date, an EMR Custodian accepts and agrees to comply with the revisions. A.5 Guiding Legislation The rules outlined in this Protocol have been developed in consideration of the Health Information Act (and other applicable legislation) and serve as a vehicle for the clarification and the operational application of selected sections of that legislation, particularly as it relates to health information in the EMR System. Definitions of terms used in the Health Information Act also apply to those terms when used in this Protocol. A.6 Guiding Principles In its adoption and continuation of this Protocol, the Governance Committee will strive to maintain alignment with the following principles: Protocol rules will recognize and align with legislated and EMR Custodians ethical obligations. Protocol rules will be structured to assure the privacy and security of an individual s health information without placing onerous restrictions and processes on those who have a legitimate need to access and use information from the EMR System. The Protocol will not be a reiteration of the Health Information Act, but rather a document to highlight and clarify important aspects of the Health Information Act as it relates to the use and disclosure of health information in an EMR System. The Protocol will further elaborate on the use and disclosure of health information from the EMR System where the Act does not provide sufficient guidance. Information Exchange Protocol (IEP) - August 8,

4 Protocol rules will articulate EMR Custodian obligations but not necessarily the means by which EMR Custodians are to meet those obligations. In that regard, EMR Custodians should use their professional judgment or other guidelines that may be released from time to time by the Governance Committee. Information Exchange Protocol rules will articulate EMR Custodian obligations but will not provide guidance in matters where discretion may be exercised. Such guidance is expected to be provided through the CPSA and other applicable health professional bodies. A.7 Limitations of This Document This Protocol does not define the scope or necessarily represent the current architecture of the EMR System. In some cases, these rules may infer functionality which exceeds that of the EMR Systems. This approach has been taken to assist EMR Custodians in understanding the possible impacts of future functionality, and to recognize that the EMR System will continue to be an evolving tool for the use of health services providers in their delivery of health services to Alberta residents. A.8 Contact Information Questions regarding this Protocol or requests to contact the Governance Committee can be directed to the Information Stewardship Office ( ISO ) at Information Exchange Protocol (IEP) - August 8,

5 Section B: Terms Used in This Document B.1 Glossary of Terms Used in This Document and Not Defined in the Health Information Act Custodial responsibility EMR Affiliate EMR Custodian The obligation to protect the privacy and confidentiality of EMR Information, and ensure that such information is used only for the purposes and under the terms and conditions stipulated in this Protocol and the Health Information Act and other applicable legislation. Either an individual employed by an EMR Custodian or a person who performs a service for the EMR Custodian as an appointee, volunteer or student or under a contract or agency relationship with the EMR Custodian. A Custodian who is permitted to access, use or disclose EMR Information in accordance with the Information Sharing Agreement and this Protocol Governance Committee Individual Information Sharing Agreement Masking Memorandum of Understanding Participating Physician The committee established under the Memorandum of Understanding having the responsibilities and duties described in that agreement. The individual who is the subject of the EMR Information, or any other person appropriately authorized by section 104 of the Health Information Act including the individual's legal guardian, agent or trustee, a person with appropriate powers of attorney for the person who is the subject of the EMR Information, or the executor of a will or administrator of the estate of the person who is the subject of the EMR Information. The agreement between EMR Custodians, that provides for the rights and obligations of EMR Custodians regarding the use and disclosure of EMR Information through the EMR System. The act of not making available certain EMR Information of a Patient for use or disclosure in the EMR System based on the express instructions of a Patient to his/her Physician, including individual data element masking or global person masking. An agreement entered into between AHS and the AMA establishing the Information Sharing Framework, and the Governance Committee. A Physician that signs a Participating Physician Agreement signifying his/her acknowledgement of the Memorandum of Understanding, Information Exchange Protocol (IEP) - August 8,

6 Primary use and agreement with the terms of the ISA, IMA and this Protocol. The use of EMR Information for the purpose of providing Health Services to Patients and includes the reproduction of that information, but not the Disclosure of that information. Secondary use Security Unmasking The use of EMR information by a Party for any purpose not directly related to the provision of Health Services to the Patient whom is the subject of that information including, without limitation, the provision of Health Services to Patient populations or to advance Patient safety, or health system management. The process of protecting EMR Information by assessing threats and risks to that EMR Information and implementing the procedures and systems to restrict access and maintain the integrity of that EMR Information. The temporary removal of Masking from EMR Information during a session of access to an Individual s EMR Information by an EMR Custodian. Information Exchange Protocol (IEP) - August 8,

7 B.2 Glossary of Terms Used in This Document and Defined in the Health Information Act Affiliate Audit Collect Custodian In relation to a custodian, means (i) an individual employed by the custodian; (ii) a person who performs a service for the custodian as an appointee, volunteer or student or under a contract or agency relationship with the custodian; (iii) a health services participating custodian who has the right to admit and treat patients at a hospital as defined in the Hospitals Act; (iv) an information manager as defined in section 66(1); (v) a person who is designated under the regulations to be an affiliate; but does not include (vi) an agent as defined in the Health Insurance Premiums Act; or, (vii) a health information repository other than a health information repository that is designated in the regulations as an affiliate. A financial, clinical or other formal or systematic examination or review of a program, portion of a program or activity. To gather, acquire, receive or obtain health information. Means (i) (ii) the board of an approved hospital as defined in the Hospitals Act other than an approved hospital that is (A) owned and operated by a regional health authority established under the Regional Health Authorities Act, the operator of a nursing home as defined in the Nursing Homes Act other than a nursing home that is owned and operated by a regional health authority established under the Regional Health Authorities Act; (iii) an ambulance operator as defined in the Emergency Health Services Act; (iv) a provincial health board established pursuant to regulations made under section 17(1)(a) of the Regional Health Authorities Act; (v) a regional health authority established under the Regional Information Exchange Protocol (IEP) - August 8,

8 Health Authorities Act; (vi) a community health council as defined in the Regional Health Authorities Act; (vii) a subsidiary health corporation as defined in the Regional Health Authorities Act; (viii) a board, council, committee, commission, panel or agency that is created by a custodian referred to in sub-clauses (i) to (vii), if all or a majority of its members are appointed by, or on behalf of, that custodian, but does not include a committee that has as its primary purpose the carrying out of quality assurance activities within the meaning of section 9 of the Alberta Evidence Act; (ix) a health services provider who is designated in the regulations as a custodian, or who is within a class of health services providers that is designated in the regulations for the purpose of this sub-clause; (x) a licensed pharmacy as defined in the Pharmacy and Drug Act; (xi) the Department; (xii) the Minister; (xiii) an individual or board, council, committee, commission, panel, agency or corporation designated in the regulations as a custodian; but does not include (xiv) a Community Board or a Facility Board, as those terms are defined in the Persons with Developmental Disabilities Community Governance Act other than a Community Board that is designated in the regulations as a custodian. Department Health information Health professional body Health service The Department administered by the Minister. One or both of the following: (i) (ii) diagnostic, treatment and care information; registration information. A body that regulates the members of a health profession or health discipline pursuant to an Act. A service that is provided to an individual for any of the following purposes: (i) protecting, promoting or maintaining physical and Information Exchange Protocol (IEP) - August 8,

9 Health services provider Individually identifying Minister Non-identifying Record Research Research ethics board Use (ii) (iii) (iv) (v) mental health; preventing illness; diagnosing and treating illness; rehabilitation; caring for the health needs of the ill, disabled, injured or dying, but does not include a service excluded by the regulations. An individual who provides health services. When used to describe health information, means that the identity of the individual who is the subject of the information can be readily ascertained from the information. The Minister determined under section 16 of the Government Organization Act as the Minister responsible for this Act. When used to describe health information, means that the identity of the individual who is the subject of the information cannot be readily ascertained from the information. A record of health information in any form and includes notes, images, audiovisual recordings, x-rays, books, documents, maps, drawings, photographs, letters, vouchers and papers and any other information that is written, photographed, recorded or stored in any manner, but does not include software or any mechanism that produces records. Academic, applied or scientific health related research that necessitates the use of individually identifying health information. A body designated by the regulations as a research ethics board. To apply health information for a purpose and includes reproducing the information, but does not include disclosing the information. Section C: Rules 1.0 Development of the EMR Information Exchange Protocol Topic 1.1 Authority of the Protocol Currency of this Protocol Authority to access and use EMR Version 0.3 of this Protocol was approved by the Steering Committee on February 1, Access to and use of all EMR Information in the EMR System is subject to the terms and conditions of this Protocol. Information Exchange Protocol (IEP) - August 8,

10 Information in the EMR System Application of Protocol This Protocol applies only to the access to and, use and disclosure of individually identifying EMR Information Access to and use of non-identifying information in an EMR System is not covered under this Protocol but is regulated under sections 32(1) and 32(2) of the Health Information Act. Deference to the Health Information Act These rules neither replace nor supersede the Health Information Act Full compliance with this Protocol does not necessarily assure full compliance with the Health Information Act. It is the responsibility of each EMR Custodian to meet his/her or its obligations under the Health Information Act. Topic 1.2 Operation of the Information Exchange Protocol Governance Committee The Governance Committee establishes and amends rules in this Protocol pertaining to the access to, use and disclosure of EMR Information that is in the EMR System. The Governance Committee, or its representative, shall be responsible to liaise with the EHRDSC for the purpose of ensuring continued consistency in their approach to health information sharing. Coming into effect Rules pertaining to the access to and, use and disclosure of EMR Information in the EMR System are documented in this Protocol and come into effect according to the terms of the Information Sharing Agreement. EMR Custodian joint responsibility for accuracy and confidentiality of Health Information Physicians as EMR Custodians In a shared EMR environment, it is recognized that there are multiple health service providers that add or modify Patient Health Information, each sharing responsibility for the accuracy and confidentiality of that information. Each EMR Custodian must make reasonable efforts to ensure that the Health Information that is under that EMR Custodian's custody or control is accurate, complete and that the confidentiality of that Health Information is maintained Any Physician who has signed the Physician Participation Agreement is considered to be an EMR Custodian. In his/her role as an EMR Custodian, a Participating Physician may only use and disclose EMR Information for authorized purposes in Information Exchange Protocol (IEP) - August 8,

11 accordance with this Protocol and the Health Information Act. Alberta Health Services as an EMR Custodian Alberta Health Services is an EMR Custodian. In its role as an EMR Custodian (compared to its role as Information Manager for the EMR System), Alberta Health Services may only use and disclose EMR Information for authorized purposes as per this Protocol and the Health Information Act. Alberta Health Services as Information Manager for EMR Systems Role of the Information Manager Notwithstanding its role as an EMR Custodian, Alberta Health Services is the Information Manager of the EMR System. In its role as the Information Manager of the EMR System, Alberta Health Services is limited to only using and disclosing EMR Information in its capacity of an Information Manager as authorized by the Information Management Agreement and the Health Information Act The Information Manager, in accordance with the Information Sharing Agreement and the Health Information Act, will, in addition to other obligations set forth in the Health Information Act and the Information Management Agreement: a. process, store, retrieve or dispose of EMR Information in the EMR System as required; b. provide information management services for the EMR System, as required; c. monitor and audit EMR Information in the EMR System on a continuing basis; and, d. where required, report to the ISO Should the role of Information Manager for the EMR System be transferred from Alberta Health Services to another organization, this Protocol will continue to guide the operation of sharing of EMR Information in the EMR System. General authority to access EMR Information Any EMR Custodian requiring access to EMR Information in the EMR System may use the EMR Information in respect of which access has been granted, that is stored in the EMR System, where such access: a. has been granted to the,emr Custodian pursuant to the Information Sharing Agreement; b. is consistent with the authorization for access established in this Protocol and the Health Information Act; and, Information Exchange Protocol (IEP) - August 8,

12 c. will be made through a unique system account and profile assigned to that EMR Custodian. General responsibilities of EMR Custodians Each EMR Custodian has a duty pursuant to Section 60 of the Health Information Act to protect the confidentiality of EMR Information in the EMR System and to protect against any reasonably anticipated threat or hazard to the security of that EMR Information, or unauthorized use, disclosure, modification or unauthorized access to the EMR Information EMR Custodians are responsible for all EMR information accessed and used by the EMR Custodian and their EMR Affiliates in the EMR System or while such EMR Information falls under the authority of this Protocol. General responsibilities of EMR Affiliates Any EMR Affiliate of an EMR Custodian who requires access to the EMR System for the purpose of either providing EMR Information to or receiving EMR Information from the EMR System must be authorized by an EMR Custodian for such access EMR Affiliates will retain full responsibility for all EMR Information they access from the EMR System. Responsibility is not restricted to EMR Information which EMR Affiliates or the EMR Custodians have contributed to the EMR System Notwithstanding , any use or disclosure of EMR Information by an EMR Affiliate is considered to be use or disclosure by the EMR Custodian An EMR Affiliate, who is authorized to access and use EMR Information in the EMR System, must do so in accordance with this Protocol. Responsibilities of ISO The ISO may access, use and disclose EMR Information in the EMR System for any of the limited purposes authorized by this Protocol. 2.0 Sources of Information The ISO will, as directed by the Governance Committee, develop, implement and maintain policies and procedures relating to the privacy and Security of EMR Information in the EMR System in compliance with, but not limited to, the Health Information Act and this Protocol. Topic 2.1 Entry of Information as per the Information Sharing Agreement Authority to enter An EMR Custodian may enter EMR Information through the EMR Information Exchange Protocol (IEP) - August 8,

13 information Managing access rights and permissions Retention of EMR Information by the Information Manager System where functionality for the addition or modification of EMR Information in the EMR System has been enabled, and the EMR Custodian has been granted rights to do so. EMR Information entered into the EMR System by an EMR Custodian must align with Standards of Practice set by the CPSA or standards prescribed by other health professional bodies where applicable The Information Manager must implement the necessary functionality within the EMR System to manage access rights and permissions as determined by the Information Sharing Agreement A Record of EMR Information that is entered into the EMR System must be retained by the Information Manager, so that where corrections and amendments are made to EMR Information, a Record of the original EMR Information persists, as it would for a paper-based Record A Record of EMR Information that is entered into the EMR System must contain at least the following elements: a. identification of the EMR Custodian or EMR Affiliate who entered/modified the EMR Information; b. a date and time when the EMR Information was entered/modified; and, c. the EMR Information that was entered/modified A Record of EMR Information must be maintained in accordance with the Standards of Practice of the CPSA, the professional standards of other health professional bodies and/or in accordance with AHS documentation standards, as applicable. 3.0 Individual s Right to Request Access to that Individual s Health Information Topic 3.1 Request to Access Information by Individual who is the Subject of the Information Right to access Subject to the exceptions set out in the Health Information Act, an Individual has the right of access to that Individual s EMR Information stored in the EMR System. Sources of access An Individual may request his/her EMR Information from his/her EMR Custodian and the EMR Custodian will respond to a request for access to records that relate directly to Health Services provided only by that EMR Custodian. Broader requests for records that relate to Health Services provided by more than one EMR Custodian or Custodians Information Exchange Protocol (IEP) - August 8,

14 should be referred to the ISO. In either event, the request for access to records shall be tracked and recorded. Process for access Requests must be responded to within 30 days after receipt of the request In response to a request for EMR Information, an EMR Custodian or the Information Manager, as applicable, will disclose only EMR Information about the requesting Individual, subject to any exceptions to access in the Health Information Act When requested by the Individual, and where practical, the EMR Custodian or Information Manager, as applicable, will provide an explanation of terms, codes or abbreviations used in any presented EMR Information When determining whether to provide an explanation of the EMR Information being presented to an Individual, or any additional explanation beyond that defined in section 3.1.5, the EMR Custodian or Information Manager, as applicable, will, where necessary, confer with other EMR Custodians that have contributed EMR Information to the Individual s Record to comply with the requirements for responding to an access request under the Health Information Act An Individual s request for EMR Information sent to an EMR Custodian must be in writing The EMR Custodian or ISO will verify the identity of the Individual making the request An Individual may be required to pay a fee stipulated by the EMR Custodian or Information Manager prior to receipt of the requested EMR Information. Fees for access requests are specified in the Health Information Regulation. Records of access An Individual may apply in writing to the ISO to receive a record of requests for accesses to EMR Information about that Individual. Topic 3.2 Request to Correct or Amend EMR Information by Individual who is the Subject of the EMR Information Right to correction or amendment An Individual has the right to request a correction or amendment to that Individual s EMR Information in the EMR System where the Individual believes there is an error or omission Where an Individual requests a correction or amendment to that Individual s EMR Information in the EMR System, the request must be made in writing to the EMR Custodian who entered the EMR Information Exchange Protocol (IEP) - August 8,

15 Information where possible. Process for correction or amendment Subject to the Health Information Act, a response to an Individual s request to correct or amend information in the EMR System must be provided to that Individual within 30 days If the EMR Custodian agrees to an Individual s request to make a correction or amendment to EMR Information in the EMR System, the EMR Custodian must give written notice to the applicant stating that the correction or amendment has been made, direct the Information Manager to make the correction or amendment, and the EMR Custodian must notify any person to whom that EMR Information has been disclosed during the one year period before the correction or amendment. 4.0 Primary Uses of EMR Information Topic 4.1 Provision of Health Services Permissible primary uses An EMR Custodian may access and use EMR Information in the EMR System for the provision of Health Services Use of EMR Information in the EMR System shall adhere to the principles of: a. using the least amount of EMR Information necessary for the purpose; and, b. using EMR Information only on a need to know basis EMR Custodians may access and use EMR Information in the EMR System when: a. they are providing Health Services to the Individual; and, b. their access to the EMR Information is necessary for the provision of the Health Service or for making a determination for a related Health Service. Scope of Information Subject to the professional standards of practice of the CPSA and other professional bodies, non-identifying EMR Information in the EMR System may be used by an EMR Custodian for any purpose An EMR Custodian may access and use EMR Information available in the EMR System to the extent permitted under that EMR Custodian s system access profile. Information Exchange Protocol (IEP) - August 8,

16 4.1.6 Where EMR Information has been subjected to Masking, use of such EMR Information by an EMR Custodian will be subject to section 7.2 of this Protocol. 5.0 Secondary Uses of EMR Information Topic 5.1 Secondary Use of EMR Information Guiding principles of secondary uses Secondary use of EMR Information in the EMR System shall adhere to the principles of: a. using the least amount of EMR Information necessary for the intended purpose; b. using the highest degree of anonymity that is reasonable in the circumstances; and, c. using EMR Information based only on a need to know basis Non-identifying Health Information in the EMR System can be used by an EMR Custodian for any non-commercial purpose. Topic 5.2 Secondary Use of EMR Information for Conducting Practice Reviews Authority to use EMR Information for practice reviews EMR Information in the EMR System may be used by an EMR Custodian for conducting practice reviews: a. for the purpose of self-audit to determine whether the Participating Physician s own standards and procedures are being effectively and efficiently executed; or, b. for the purpose of performance or periodic reviews as defined in AHS Medical Staff Bylaws and Covenant Health Medical Staff Bylaws. Topic 5.3 Secondary Use of EMR Information for Conducting Investigations Authority to use EMR Information for Investigations EMR Information in the EMR System may be used by the EMR Custodian for conducting investigations: a. to determine whether the Standards of Practice of the CPSA or standards of other applicable health professional bodies are being complied with; b. to determine whether the requirements of any other governance or oversight body are being maintained; c. if the EMR Custodian is a Participating Physician, to determine whether that Participating Physician s claims submissions are Information Exchange Protocol (IEP) - August 8,

17 accurate and his/her claims practices are compliant with applicable requirements; d. for any other purpose essential to the EMR Custodian s effective provision of Health Services to Individuals; and, e. to investigate breaches of privacy obligations. Topic 5.4 Secondary Use of EMR Information for Research Conditions of secondary use of EMR Information for research EMR Custodians access to EMR Information for research purposes EMR Affiliates access to EMR Information for research purposes EMR Information in the EMR System may be eligible for use in research only where the research proposal has met the requirements set forth in this Protocol A research applicant who is also an EMR Custodian (in this Protocol, the Researcher ) may be eligible to access EMR Information in the EMR System for research purposes where a. his/her research proposal has been approved by a research ethics board; b. his/her request for information has been accepted for review by the Information Stewardship Office; c. the request has been presented through a research protocol summary in a form acceptable by the Information Stewardship Office; and, d. the Researcher has entered into a formal research agreement with the Information Stewardship Office on behalf of the EMR Custodians An EMR Affiliate may be eligible to access EMR Information in the EMR System for research purposes where: a. the Researcher has the research proposal approved by a research ethics board; b. the Researcher s request for EMR Information has been accepted for review by the ISO; c. the Researcher s request has been presented through a research protocol summary in a form acceptable to the ISO; d. the Researcher has entered into a formal research agreement with the ISO on behalf of the EMR Custodians; and, e. the Researcher has identified the EMR Affiliate as part of the research team in the proposals to the research ethics board and the ISO. Information Exchange Protocol (IEP) - August 8,

18 5.4.4 EMR Information provided to a Researcher as a result of successful application under section 5.4 of this Protocol is for the exclusive use of the Researcher and where applicable, other members of the research team, for purposes of conducting the specified research and only for the duration of the research period, as stipulated in the research agreement signed by the ISO on behalf of the EMR Custodians and the Researcher. Role of the ISO The ISO, upon receiving a written application from a Researcher wishing to use EMR Information in the EMR System for research, shall: a. make reasonable efforts to respond to an application within 30 days after receiving the request; b. confirm that the Researcher has had his/her research proposal approved by a research ethics board; c. review the research protocol summary; d. impose additional conditions upon the Researcher as deemed necessary; e. enter into a formal research agreement on behalf of the EMR Custodians with the Researcher; f. consult with the Information Manager to determine whether it is practical to fulfill the request from a technical, resource requirement and cost perspective; and, g. when the above conditions have been met, refer the research request to the Information Manager for processing The ISO may, at its discretion, impose additional conditions upon a Researcher, to ensure the protection of privacy for the EMR Information of Individuals that is available in the EMR System. Scope of access to EMR Information A Researcher who has been approved to use EMR Information in the EMR System for research purposes must only access and use EMR Information described in the research agreement signed by the ISO on behalf of the EMR Custodians when accessing the EMR System for research purposes Where EMR Information has been created in the EMR System in the course of conducting research by a Researcher, that EMR Information may be accessed by that EMR Custodian for the purpose of continuing that research in accordance with section The ISO and Information Manager will not make EMR Information available that has been Masked in the EMR System except where the Individual has provided consent for the Unmasking of that EMR Information for the purpose of the specified research. Information Exchange Protocol (IEP) - August 8,

19 Where provision of additional EMR Information may be required by the Researcher, a revision to the research agreement may be necessary. Such revision may require the Researcher to submit a new proposal for research ethics board approval. Process for provision of EMR Information The Researcher will submit to the ISO, in a form and manner prescribed by the ISO, a research protocol summary The ISO will review the research protocol summary and establish whether: a. the EMR Information being requested is available; b. it is willing to approve Secondary Use of EMR Information for research purposes; c. the request for and provision of the EMR Information is in compliance with the Health Information Act and other applicable legislation; and, d. the request for and provision of the EMR Information meets the condition established under section 5.4 of this Protocol. The research agreement The ISO, in consultation with the EMR Custodians, will create the research agreement including the terms, conditions and restrictions of the Researcher s Secondary Use of EMR Information The ISO, on behalf of EMR Custodians, and Researcher will enter into a formal agreement by executing a research agreement The research agreement will stipulate: a. the scope of EMR Information to be made accessible; b. duration of EMR Information used; c. the names of research team members who are permitted access to the EMR Information; and, d. the terms, conditions and restrictions under which the provided EMR Information is to be used. Topic 5.5 Secondary Use of EMR Information for Provider Education An EMR Custodian may use EMR Information for the purpose of educating other health services providers. Topic 5.6 Secondary Use of EMR Information for Quality Assurance and Quality Improvement Information Exchange Protocol (IEP) - August 8,

20 5.6.1 An EMR Custodian may use EMR Information for quality improvement and quality assurance purposes. Any report generated as a consequence of quality assurance purposes shall contain only non-identifying EMR Information, unless otherwise approved by the Governance Committee. Topic 5.7 Secondary Use of EMR Information for Auditing and Monitoring of the EMR The Information Manager may use EMR Information in the EMR System for the purpose of auditing and monitoring access to and use of the EMR System. The Governance Committee, or its designate, may access and use EMR Information for the purpose of periodic/random audits and monitoring of compliance with the terms and conditions of this Agreement. Topic 5.8 Secondary Use of EMR Information for Internal Management Purposes An EMR Custodian may use EMR Information for internal management purposes as described in Section 27(1) g of the Health Information Act. EMR Information used for this purpose should, where reasonably possible, be non-identifying. Topic 5.9 Secondary Uses of EMR Information for Billing Purposes Participating Physicians whom are EMR Custodians may use EMR Information for the purposes of submitting billing information to Alberta Health & Wellness or other paying agency for the purpose of receiving payment for the provision of Health Services Topic 5.10 Additional Secondary Uses of EMR Information by Alberta Health Services In accordance with section 27(2) of the Health Information Act, Alberta Health Services may use EMR Information in the EMR System to promote the following objectives for which AHS is responsible: a. planning and resource allocation; b. health system management; Information Exchange Protocol (IEP) - August 8,