Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
access_of_health_information [2016/02/25 22:30] jillian_nadette_de_leon |
access_of_health_information [2016/07/01 21:26] jillian_nadette_de_leon |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ##ACCESS OF HEALTH INFORMATION | ##ACCESS OF HEALTH INFORMATION | ||
| - | **Access of PHCP, Secondary Health Care Provider, Health Facilities**\\ | + | **Access of Health Care Providers.** Upon patient consent, only the health care provider shall have access to the patient's health information and authorized entities as defined in Rule IV, Section 1. \\ |
| - | *Health facilities shall clearly define access rights and user roles of staff, encoders and editors of data. The Chief of Health Facility shall issue a memorandum as to who shall have access to health information specifically a list of who are authorized to open, add, enter, print, view , revise and approve data. A copy shall be furnished to the DOH Central Office.\\ | + | |
| - | *Upon patient consent, only the attending physician shall have access to the patient's information.\\ | + | |
| - | *Read-only access shall be given to secondary healthcare providers and the following information may be accessible:\\ | + | |
| - | a. History of past illness\\ | + | |
| - | b. Family history of illness\\ | + | |
| - | c. History of present illness\\ | + | |
| - | d. Allergies\\ | + | |
| - | e. Adverse effect of medications given\\ | + | |
| - | f. Treatment outcome. Final diagnoses shall be included whether clinical or confirmed.\\ | + | |
| - | g. Laboratory and diagnostic procedures\\ | + | |
| - | h. Any information approved by the patient for viewing\\ | + | |
| - | + | ||
| - | **Access of User/Patient**\\ | + | |
| - | * Patients who gave consent for their information to be processed in PHIE shall have the preference to choose which portal provider to use and shall have access to their own record even if their doctors are not yet enrolled in PHIE.\\ | + | |
| - | * For child- joint parental authority, either parent or legal guardian if one has been appointed can have access to the child's health information. If separated, the one granted legal custody, or legal guardian if one has been appointed by court will have the right to access. \\ | + | |
| - | **Access of Third Party**\\ | + | **Accessible Information for Health Care Providers** shall be the following:\\ |
| - | * Patient's medical record shall not be accessible for case study purposes.\\ | + | a.) History of past illness;\\ |
| - | * Provisions regarding access of third party providers which use applications that are hosted in their cloud service shall be provided. Accountability of third party providers shall be made explicit. | + | b.) Family history of illness;\\ |
| + | c.) History of present illness;\\ | ||
| + | d.) Clinical history, including immunization records, previous operations and treatment;\\ | ||
| + | e.) Allergies;\\ | ||
| + | f.) Medication history including adverse effects, if any;\\ | ||
| + | g.) Results of laboratory and diagnostic procedures;\\ | ||
| + | h.) Treatment outcome (Final diagnoses shall be included whether clinical or confirmed).\\ | ||
| - | **Authorization to Access Information**\\ | + | **Approval of Access.** The head of the medical record section or unit shall recommend the creation of user credentials for personnel that shall have access to the electronic medical records. The head of the facility shall approve the system access request.\\ |
| - | * A protocol on how to identify authorized persons to access patient information shall be made. The person requesting for information should present an authorization letter and 2 valid IDs. \\ | + | |
| - | * In cases when the person requesting for information is incapacitated, special power of attorney shall be allowed.\\ | + | |
| - | **Others**\\ | + | **Access of User/Patient.** Consenting patients shall have the rights to access on how their health information is being used. The health facility shall ensure that disclosures and any subsequent changes are documented.\\ |
| - | * In accessing PHIE, there should ba Pin+ security questions.\\ | + | |
| - | * Add more specific guidelines for Joint AO VII, item 1.C. Specify what data is to be shown.\\ | + | **For Minors.** Either parent or legal guardian shall have access to the child's health information. If the parents are separated, the one granted legal custody, or legal guardian if one has been appointed by court shall have the right to access.\\ |
| - | (//Can be discussed further. This section was a recent amendment from TWG.//)\\ | + | |
| - | * If electronic information system will be used to access information of the patient, it must be done with the same language and portal to the user, user-friendly, real-time batch period with terminals and identified locations.\\ | + | **Access of Third Party.** A third party is allowed access to health information that is provided in the contract or a required by law.\\ |
| - | * For each purpose of accessing data, there shall be an inclusion/exclusion criteria.\\ | + | |
| - | * A 24/7 hotline shall be provided to help in cases when necessary information is required at any point in time.\\ | + | **Third Party Use and Disclosure.** A third party shall not disclose health information other than as provided by contract or as required by law. They shall also agree to use appropriate safeguards to prevent use and disclosure of the health information other than as provided by contract or as required by law.\\ |
| - | * There shall be no UID or PWD. | + | |
| - | * The secretaries of MDs shall not be allowed to access the date for them.\\ | + | A third party shall report to the health care provider any use or disclosure of health information not provided for by the agreement of which it becomes aware, including breaches of unsecured health information, and any security incident of which it becomes aware.\\ |
| - | * Best practices on health information exchange must be considered.\\ | + | |
| - | * The patient chart should be double-checked before saving the information in the MIS.\\ | + | |
| + | ---- | ||
| + | |||
| + | ##References | ||
| + | * Herold R., Beaver K. (2015). //The Practical Guide to HIPAA Privacy and Security Compliance. 2nd edition//. Boca Raton, FL: CRC Press.\\ | ||
| + | * Grant Thornton (2013). //Third-Party Relationships and Your Confidential Data. Assessing Risk and Management Oversight Processes.// Retrieved from https://www.grantthornton.com/~/media/content-page-files/health-care/pdfs/2013/HC-2013-AIHA-wp-HIPAA-rule-data-control-concerns.ashx | ||
| --- | --- | ||
| ##See Also | ##See Also | ||
| * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] | * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] | ||