Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
access_of_health_information [2016/03/18 00:42] wikiadmin |
access_of_health_information [2016/07/19 15:22] jillian_nadette_de_leon |
||
---|---|---|---|
Line 1: | Line 1: | ||
##ACCESS OF HEALTH INFORMATION | ##ACCESS OF HEALTH INFORMATION | ||
- | **Access of PHCP, Secondary Health Care Provider, Health Facilities**\\ | + | **Access of Health Care Providers.** Upon patient consent, only the health care provider shall have access to the patient's health information and authorized entities as defined in Article IV, Section 1. \\ |
- | *Health facilities shall clearly define access rights and user roles of staff to ensure that only appropriate people have access to the minimum necessary protected health information. The Health Facility shall create policies and procedures to specify the groups and positions that need to access health information to perform their job responsibilities, as well as the types of health information to which they need access. The Chief of Health Facility shall issue a memorandum containing the list of names and information stated in the preceding statement and a copy shall be furnished to the DOH Central Office.\\ | + | |
- | *Upon patient consent, only the attending physician shall have access to the patient's information.\\ | + | |
- | *Read-only access shall be given to secondary healthcare providers and the following information may be accessible:\\ | + | |
- | a. History of past illness\\ | + | |
- | b. Family history of illness\\ | + | |
- | c. History of present illness\\ | + | |
- | d. Allergies\\ | + | |
- | e. Adverse effect of medications given\\ | + | |
- | f. Treatment outcome. Final diagnoses shall be included whether clinical or confirmed.\\ | + | |
- | g. Laboratory and diagnostic procedures\\ | + | |
- | h. Any information approved by the patient for viewing\\ | + | |
- | * The head of the section or unit (ex. medical director, chief nurse) shall approve the creation of user credentials for personnel that shall access the hospital information system. The head of the facility shall approve the system access request.\\ | + | **Accessible Information for Health Care Providers** shall be the following:\\ |
- | + | a.) History of past illness;\\ | |
- | **Access of User/Patient**\\ | + | b.) Family history of illness;\\ |
- | * Consenting patients shall have rights to access, view, request amendments to, and request restriction over how their health information is used. The health facility shall ensure that disclosures and any subsequent changes are documented. | + | c.) History of present illness;\\ |
- | * Patients who gave consent for their information to be processed in PHIE shall have the preference to choose which portal provider to use and shall have access to their own record even if their doctors are not yet enrolled in PHIE.\\ | + | d.) Clinical history, including immunization records, previous operations and treatment;\\ |
- | * For child- joint parental authority, either parent or legal guardian if one has been appointed can have access to the child's health information. If separated, the one granted legal custody, or legal guardian if one has been appointed by court will have the right to access. \\ | + | e.) Allergies;\\ |
+ | f.) Medication history including adverse effects, if any;\\ | ||
+ | g.) Results of laboratory and diagnostic procedures;\\ | ||
+ | h.) Treatment outcome (Final diagnoses shall be included whether clinical or confirmed).\\ | ||
- | **Access of Third Party**\\ | + | **Approval of Access.** The head of the medical record section or unit shall recommend the creation of user credentials for personnel that shall have access to the electronic medical records. The head of the facility shall approve the system access request.\\ |
- | *A 'third party" is a person or organization, other than a member of a Health Care Provider's workforce, that performs certain functions or activities on behalf of, or provides certain services to a Health Care Provider that involve the use of protected health information.\\ | + | |
- | * Patient's medical record shall not be accessible for case study purposes.\\ | + | |
- | * Provisions regarding access of third party providers which use applications that are hosted in their cloud service shall be provided. Accountability of third party providers shall be made explicit. | + | |
- | **Authorization to Access Information**\\ | + | **Access of User/Patient.** Consenting patients shall have the rights to access on how their health information is being used. The health facility shall ensure that disclosures and any subsequent changes are documented.\\ |
- | * Authorization must be written in plain language, and must contain specific information such as: \\ | + | |
- | (a) A description of the health information to be used and disclosed.\\ | + | |
- | (b) The name of the person to whom the health care provider may disclose the health information.\\ | + | |
- | (c) An expiration date.\\ | + | |
- | (d) The purpose which the health information may be used or disclosed. \\ | + | |
- | * A protocol on how to identify authorized persons to access patient information shall be made.\\ | + | |
- | * In cases when the person requesting for information is incapacitated, special power of attorney shall be allowed.\\ | + | |
+ | **For Minors.** Either parent or legal guardian shall have access to the child's health information. If the parents are separated, the one granted legal custody, or legal guardian if one has been appointed by court shall have the right to access.\\ | ||
- | **Others**\\ | + | **Access of Third Party.** A third party is allowed access to health information that is provided in the contract or a required by law.\\ |
- | * In accessing PHIE, there should ba Pin+ security questions.\\ | + | |
- | * Add more specific guidelines for Joint AO VII, item 1.C. Specify what data is to be shown.\\ | + | |
- | (//Can be discussed further. This section was a recent amendment from TWG.//)\\ | + | |
- | * If electronic information system will be used to access information of the patient, it must be done with the same language and portal to the user, user-friendly, real-time batch period with terminals and identified locations.\\ | + | |
- | * For each purpose of accessing data, there shall be an inclusion/exclusion criteria.\\ | + | |
- | * A 24/7 hotline shall be provided to help in cases when necessary information is required at any point in time.\\ | + | |
- | * There shall be no UID or PWD. | + | |
- | * The secretaries of MDs shall not be allowed to access the date for them.\\ | + | |
- | * Best practices on health information exchange must be considered.\\ | + | |
- | * The patient chart should be double-checked before saving the information in the MIS.\\ | + | |
- | \\ | + | |
- | \\ | + | |
- | ---- | + | **Third Party Use and Disclosure.** A third party shall not disclose health information other than as provided by contract or as required by law. They shall also agree to use appropriate safeguards to prevent use and disclosure of the health information other than as provided by contract or as required by law.\\ |
- | ##References | + | A third party shall report to the health care provider any use or disclosure of health information not provided for by the agreement of which it becomes aware, including breaches of unsecured health information, and any security incident of which it becomes aware.\\ |
- | * Herold R., Beaver K. (2015). The Practical Guide to HIPAA Privacy and Security Compliance. 2nd edition. Boca Raton, FL: CRC Press.\\ | + | |
---- | ---- | ||
+ | ##References | ||
+ | * Herold R., Beaver K. (2015). //The Practical Guide to HIPAA Privacy and Security Compliance. 2nd edition//. Boca Raton, FL: CRC Press.\\ | ||
+ | * Grant Thornton (2013). //Third-Party Relationships and Your Confidential Data. Assessing Risk and Management Oversight Processes.// Retrieved from https://www.grantthornton.com/~/media/content-page-files/health-care/pdfs/2013/HC-2013-AIHA-wp-HIPAA-rule-data-control-concerns.ashx | ||
+ | |||
+ | --- | ||
##See Also | ##See Also | ||
* [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] | * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] |