e-health: Privacy Compliance and the Electronic Health Record Paulette Lacroix, RN, MPH, CMC, CIPP/C September 21, 2010 BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 1
What we will cover Overview of the Provincial Electronic Health Record BC Privacy Legislation Privacy Impact Assessments BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 2
Current State Clinical Information Systems Physician Office EMR Rehab Lab LIS Public Health Home/Community Care Acute Care Pharmanet Residential /Longterm Care Outpatient Clinic Primary Care Clinic PACS BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 3
Interoperability Rehab Rehab Public Health Home/Community Care Public Health Home/Community Care Acute Care Acute Care Residential /Longterm Care Outpatient Clinic Residential /Longterm Care Outpatient Clinic Primary Care Clinic Primary Care Clinic BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 4
The Vision Pan-Canadian e-health Record BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 5
e-health: Definition An integrated, interoperable e-health system in which health care information is accessible, when and where it is needed, to support personal health, health care decision making and health system sustainability. Source: Ministry of Health Services, ehealth Strategic Framework 2005 BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 6
Why a Pan-Canadian e-health Record? Increased patient safety Improved health care decisions Reduced wait times Evidence-based practice standards Supportive team collaboration Increased efficiency with less duplication More accurate information for planning, education, research and service delivery BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 7
1. Funding 2. Standardization Building a Pan-Canadian EHR Architecture HIAL Nomenclature lab, LOINC, SNOMed CT, C-HOBIC Messaging HL7 v.3 3. Governance 4. Legislation BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 8
BC Provincial e-health Record BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 9
Inter-jurisdictional BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 10
Provincial e-health Record Physician Office EMR Lab Lab Results Pharmanet Diagnostic Imaging Shared Health Record Pharmacy Radiology BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 11
BC Project Timeline BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 12
Benefits for A patient A care provider An administrator A researcher BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 13
What Do Canadians Think? 87% agree with ehealth timely access Strong agreement that personal health information most important information to protect Survey CHI and OPC 2007 BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 14
Privacy Legislation BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 15
Privacy Rights and Obligations Charter of Rights and Freedoms Right to privacy Personal Information Personal Body Personal Territory Personal Communications Privacy Legislation enforces obligation to protect identifiable personal information at collection, use and disclosure Canadian Charter of Rights and Freedoms April 17,1982 BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 16
BC Privacy Legislation 1. Public sector - Freedom of Information and Protection of Privacy Act (FOIPPA) 2. Private sector Protection of Personal Information Act (PIPA) 3. EHR Personal Health Information Access and Protection of Privacy Act (e- Health Act) BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 17
Privacy Impact Assessments What? Review system/technology to determine compliance with privacy principles as applied to FOIPPA and/or PIPA Why? BC FOIPPA compels gov t Ministries Best practice - Privacy Commissioners Requirement at Health Authorities BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 18
Value Proposition Conduct privacy impact assessment of e-health product/system before going to market Short Privacy Assessment that covers: Access model Audit log Data flow - purpose, collection, consent, accuracy, storage, retention, disclosure Security requirements Company s compliance with PIPA BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 19
WIIFM Risk Management gaps identified early Product design - privacy and security can be baked into solution Bid process - demonstrate compliance with privacy and security requirements Market equality availability of specialized skills large vendors have in-house BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 20
Your Turn Questions or Comments? BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 21
Thank you! Contact Information Paulette Lacroix, RN, MPH, CMC, CIPP/C PC Lacroix Consulting Inc. placroix@placroix.ca Tel: 604-729-8701 BCIT Sept 21, 2010 PC Lacroix Consulting Inc. 22