Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
access_of_health_information [2016/03/29 15:03]
jillian_nadette_de_leon
access_of_health_information [2016/10/21 12:49] (current)
jillian_nadette_de_leon
Line 1: Line 1:
 ##ACCESS OF HEALTH INFORMATION ##ACCESS OF HEALTH INFORMATION
  
-**Access of PHCP, Secondary ​Health Care Provider, Health Facilities**\\ +**Access of Health Care Providers.** Upon patient consent, only the health care provider ​shall have access to the patient'​s health information and authorized entities as defined in Article IV, Section 1. \\
-  *Health facilities shall clearly define access rights and user roles of staff to ensure that only appropriate people have access to the minimum necessary protected health information. The Health Facility shall create policies and procedures to specify the groups and positions that need to access health information to perform their job responsibilities,​ as well as the types of health information to which they need access. The Chief of Health Facility shall issue a memorandum containing the list of names and information stated in the preceding statement and a copy shall be furnished to the DOH Central Office.\\ +
-  ​*Upon patient consent, only the attending physician ​shall have access to the patient'​s ​information and read-only access shall be given to secondary ​health ​care providers.\\ +
-  *Accessible ​information ​for secondary healthcare providers shall be the following:​\\ +
-   +
-a. History of past illness\\ +
-b. Family history of illness\\ +
-c. History of present illness\\ +
-d. Allergies\\ +
-e. Adverse effect of medications given\\ +
-f. Treatment outcome. Final diagnoses shall be included whether clinical or confirmed.\\ +
-g. Laboratory ​and diagnostic procedures\\ +
-hAny information approved by the patient for viewing\\ +
  
-//Approval of Access// +**Accessible Information for Health Care Providers** shall be the following:​\\ 
-The head of the section or unit (exmedical director, chief nurseshall approve the creation ​of user credentials for personnel that shall access to the hospital information systemThe head of the facility shall approve the system access request.\\ +a.) History ​of past illness;​\\ 
-   +b.) Family history ​of illness;\\ 
-**Access ​of User/​Patient**\\ +c.) History ​of present illness;\\ 
-  * Consenting patients shall have rights to accessview, request amendments to, and request restriction over how their health information is used. The health facility shall ensure that disclosures and any subsequent changes are documented. +d.) Clinical historyincluding immunization recordsprevious operations ​and treatment;​\\ 
-  * Patients who gave consent for their information to be processed in PHIE shall have the preference to choose which portal provider to use and shall have access to their own record even if their doctors are not yet enrolled in PHIE.\\ +e.) Allergies;\\ 
-  * For child- joint parental authorityeither parent or legal guardian ​if one has been appointed can have access to the child'​s health informationIf separated, the one granted legal custody, ​or legal guardian if one has been appointed by court will have the right to access. \\+f.) Medication history including adverse effects, if any;\\ 
 +g.) Results of laboratory and diagnostic procedures;​\\ 
 +h.) Treatment outcome (Final diagnoses shall be included whether clinical ​or confirmed).\\
  
-**Access ​of Third Party**\\ +**Approval ​of Access.** The head of the medical record ​section or unit shall recommend the creation of user credentials ​for personnel ​that shall have access to the electronic medical recordsThe head of the facility ​shall approve the system access request.\\
-  * A "third party" in relation to personal data, means any person other than-\\ +
-(a) the data subject, \\ +
-(b) the data controller, or\\ +
-(c) any data processor or other person authorized to process data for the data controller or processor.  +
-    * Patient'​s ​medical record shall not be accessible ​for case study purposes.\\ +
-    * Provisions regarding access of third party providers which use applications ​that are hosted in their cloud service ​shall be providedAccountability ​of third party providers ​shall be made explicit.+
  
-**Authorization to Access ​Information**\\ +**Access ​of User/​Patient.** Consenting patients shall have the rights to access on how their health information ​is being used. The health ​facility ​shall ensure that disclosures and any subsequent changes are documented.\\
-  * Authorization must be written in plain language, and must contain specific information such as: \\ +
-(a) A description of the health information ​to be used and disclosed.\\ +
-(b) The name of the person to whom the health ​care provider may disclose the health information.\\ +
-(c) An expiration date.\\ +
-(d) The purpose which the health information may be used or disclosed. \\ +
-  * A protocol on how to identify authorized persons to access patient information ​shall be made.\\ +
-  * In cases when the person requesting for information is incapacitated,​ special power of attorney shall be allowed.\\+
  
 +**For Minors.** Either parent or legal guardian shall have access to the child'​s health information. If the parents are separated, the one granted legal custody, or legal guardian if one has been appointed by court shall have the right to access.\\
  
-**Others**\\ +**For Incapacitated.** In cases when the person requesting ​for information is incapacitated, a special power of attorney shall be allowed.  
-  ​* In accessing PHIE, there should ba Pin+ security questions.\\ + 
-  * Add more specific guidelines ​for Joint AO VIIitem 1.C. Specify what data is to be shown.\\ +**Access ​of Third Party.** A third party is allowed access ​to health ​information ​that is provided in the contract or a required ​by law.\\ 
-(//Can be discussed further. This section was recent amendment from TWG.//)\\ + 
-  * If electronic information system will be used to access information ​of the patient, it must be done with the same language and portal to the user, user-friendly,​ real-time batch period with terminals and identified locations.\\ +**Third Party Use and Disclosure.*A third party shall not disclose health information other than as provided by contract ​or as required by lawThey shall also agree to use appropriate safeguards to prevent use and disclosure of the health information ​other than as provided by contract or as required by law.\\ 
-  For each purpose ​of accessing data, there shall be an inclusion/​exclusion criteria.\\ + 
-  ​* A 24/7 hotline shall be provided ​to help in cases when necessary ​information is required ​at any point in time.\\ +A third party shall report to the health care provider any use or disclosure of health ​information ​not provided for by the agreement of which it becomes aware, including breaches of unsecured health information,​ and any security incident of which it becomes aware.\\
-  There shall be no UID or PWD +
-  * The secretaries of MDs shall not be allowed ​to access ​the date for them.\\ +
-  * Best practices on health information ​exchange must be considered.\\ +
-  * The patient chart should be double-checked before saving ​the information ​in the MIS.\\+
  
  
Line 57: Line 31:
  
 ##​References ##​References
-* Herold R., Beaver K. (2015). The Practical Guide to HIPAA Privacy and Security Compliance. 2nd edition. Boca Raton, FL: CRC Press.\\+* Herold R., Beaver K. (2015). ​//The Practical Guide to HIPAA Privacy and Security Compliance. 2nd edition//. Boca Raton, FL: CRC Press.\\ 
 +  * Grant Thornton (2013). //​Third-Party Relationships and Your Confidential Data. Assessing Risk and Management Oversight Processes.//​ Retrieved from https://​www.grantthornton.com/​~/​media/​content-page-files/​health-care/​pdfs/​2013/​HC-2013-AIHA-wp-HIPAA-rule-data-control-concerns.ashx
  
 --- ---
 ##See Also ##See Also
   * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]]   * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]]