Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
access_of_health_information [2016/03/31 11:38]
jillian_nadette_de_leon
access_of_health_information [2016/10/21 12:49] (current)
jillian_nadette_de_leon
Line 1: Line 1:
 ##ACCESS OF HEALTH INFORMATION ##ACCESS OF HEALTH INFORMATION
  
-**Access of PHCP, Secondary ​Health Care Provider, Health Facilities**\\ +**Access of Health Care Providers.** Upon patient consent, only the health care provider ​shall have access to the patient'​s health information and authorized entities as defined in Article IV, Section 1. \\
-  *Health facilities shall clearly define access rights and user roles of staff to ensure that only appropriate people have access to the minimum necessary protected health information. The Health Facility shall create policies and procedures to specify the groups and positions that need to access health information to perform their job responsibilities,​ as well as the types of health information to which they need access. The Chief of Health Facility shall issue a memorandum containing the list of names and information stated in the preceding statement and a copy shall be furnished to the DOH Central Office.\\ +
-  ​*Upon patient consent, only the attending physician ​shall have access to the patient'​s ​information and read-only access shall be given to secondary ​health ​care providers.\\ +
-  *Accessible ​information ​for secondary healthcare providers shall be the following:​\\ +
-   +
-a. History of past illness\\ +
-b. Family history of illness\\ +
-c. History of present illness\\ +
-d. Allergies\\ +
-e. Adverse effect of medications given\\ +
-f. Treatment outcome. Final diagnoses shall be included whether clinical or confirmed.\\ +
-g. Laboratory ​and diagnostic procedures\\ +
-hAny information approved by the patient for viewing\\ +
  
-//Approval of Access//\\ +**Accessible Information for Health Care Providers** shall be the following:\\ 
-* The head of the section or unit (exmedical director, chief nurseshall approve the creation ​of user credentials for personnel that will have access to the hospital information systemThe head of the facility shall approve the system access request.\\ +a.) History ​of past illness;​\\ 
-   +b.) Family history ​of illness;\\ 
-**Access ​of User/​Patient**\\ +c.) History ​of present illness;\\ 
-  * Consenting patients shall have rights to accessview, request amendments to, and request restriction over how their health information is used. The health facility shall ensure that disclosures and any subsequent changes are documented. +d.) Clinical historyincluding immunization recordsprevious operations ​and treatment;​\\ 
-  * Patients who gave consent for their information to be processed in PHIE shall have the preference to choose which portal provider to use and shall have access to their own record even if their doctors are not yet enrolled in PHIE.\\ +e.) Allergies;\\ 
-  * For child- joint parental authorityeither parent or legal guardian ​if one has been appointed can have access to the child'​s health informationIf separated, the one granted legal custody, ​or legal guardian if one has been appointed by court will have the right to access. \\+f.) Medication history including adverse effects, if any;\\ 
 +g.) Results of laboratory and diagnostic procedures;​\\ 
 +h.) Treatment outcome (Final diagnoses shall be included whether clinical ​or confirmed).\\
  
-**Access ​of Third Party**\\ +**Approval ​of Access.** The head of the medical record ​section or unit shall recommend the creation of user credentials ​for personnel ​that shall have access to the electronic medical recordsThe head of the facility ​shall approve the system access request.\\
-  * A "third party" in relation to personal data, means any person other than-\\ +
-(a) the data subject, \\ +
-(b) the data controller, or\\ +
-(c) any data processor or other person authorized to process data for the data controller or processor.  +
-    * Patient'​s ​medical record shall not be accessible ​for case study purposes.\\ +
-    * Provisions regarding access of third party providers which use applications ​that are hosted in their cloud service ​shall be providedAccountability ​of third party providers ​shall be made explicit.+
  
-//__Notes re: Third Party Relationships__//​\\ +**Access ​of User/Patient.** Consenting patients shall have the rights to access on how their health information is being usedThe health facility shall ensure that disclosures ​and any subsequent changes are documented.\\
-  ​Types of 3rd party relationships:​ \\ +
-(1) //​Infrastructure only//- provides key infrastructure,​ such as network and servers, and their administration but doesn'​t provide any applications or application support.\\ +
-(2) //Managed Applications//​- exerts some control over installation,​ maintenance and support of the infrastructure and applicationsIncludes cloud computing, infrastructure ​and software as a service.\\ +
-(3) //All Data//- includes infrastructure and managed applications,​ as well as support, maintenance and disaster recovery of the infrastructure and applications (e.g., backup and recovery site.\\+
  
-**Authorization to Access Information**\\ +**For Minors.** Either parent or legal guardian shall have access to the child'​s ​health information. ​If the parents are separated, ​the one granted legal custody, or legal guardian if one has been appointed by court shall have the right to access.\\
-  * Authorization must be written in plain language, and must contain specific information such as: \\ +
-(a) A description of the health information ​to be used and disclosed.\\ +
-(b) The name of the person to whom the health care provider may disclose ​the health information.\\ +
-(c) An expiration date.\\ +
-(d) The purpose which the health information may be used or disclosed. \\ +
-  * A protocol on how to identify authorized persons ​to access ​patient information shall be made.\\ +
-  * In cases when the person requesting for information is incapacitated,​ special power of attorney shall be allowed.\\+
  
 +**For Incapacitated.** In cases when the person requesting for information is incapacitated,​ a special power of attorney shall be allowed. ​
  
-**Others**\\ +**Access of Third Party.** A third party is allowed access ​to health information that is provided in the contract or a required ​by law.\\
-  * Add more specific guidelines for Joint AO VII, item 1.C. Specify what data is to be shown.\\ +
-(//Can be discussed further. This section was a recent amendment from TWG.//)\\ +
-  * A 24/7 hotline shall be provided ​to help in cases when necessary information is required ​at any point in time.\\ +
-  * There shall be no UID or PWD. +
  
 +**Third Party Use and Disclosure.** A third party shall not disclose health information other than as provided by contract or as required by law. They shall also agree to use appropriate safeguards to prevent use and disclosure of the health information other than as provided by contract or as required by law.\\
 +
 +A third party shall report to the health care provider any use or disclosure of health information not provided for by the agreement of which it becomes aware, including breaches of unsecured health information,​ and any security incident of which it becomes aware.\\