PHIPA

Created by

Leyla

Cards (40)

Personal Information Protection and Electronic Documents Act (PIPEDA) 
Legislation enacted to regulate the collection, use and disclosure of personal information in the hands of the commercial private sector organizations
PIPEDA does not apply to personal health information (PHI) in Ontario
Personal Health Information Protection Act (PHIPA) 
Ontario's health specific privacy legislation
Maintaining a patient's confidentiality
Fundamental to the partnership between the pharmacy and the patient
Important that patients have confidence in all pharmacy staff
Patient's right to confidentiality 
Patient has the right to expect that his personal health information (PHI) is kept confidential and is used only for the purpose for which it was given
OCP members 
Have both ethical and legal obligations to respect the confidential nature of their patients' personal health information (PHI) and protect the privacy of the individual
Confidentiality Agreement 
Each pharmacy designated manager should ensure that all members of the pharmacy team confirm their commitment and respect to patient confidentiality by signing a Confidentiality Agreement Form
NAPRA Standards of Practice for Pharmacy Technicians 
Ensure confidentiality of patient information and request and release such information only where appropriate and legally allowed
Personal Health Information Protection Act, 2004 
Governs the manner in which personal health information (PHI) may be collected, used and disclosed within the health sector
Personal Health Information includes
Information about a patient's medical history, family history, physical or mental conditions, existing or planned treatment and care, payments for health care, organ's donation, etc.
Information about a patient's medication (both prescription and OTC medications)
Personal details (demographic information, address, phone number, etc.)
The individual's health number
Custodian
Health care practitioners (doctors, nurses, dentists, chiropractors, dieticians, physiotherapists, medical laboratory technologists, midwives, etc.), hospitals, pharmacies, psychiatric facilities, laboratories, ambulance services, long-term care homes, retirement homes and homes for special care, medical officers of health of boards of health, the Minister of Health and Long-Term Care, Canadian Blood Services
When collecting, using and disclosing PHI, always remember
Do I have the patient's consent?
Is the information required by law?
Am I exercising my professional judgment to protect the patient or another from harm?
Consent 
A custodian needs to obtain an individual's consent to collect, use and disclose PHI, unless PHIPA allows the collection, use or disclosure without consent
Consent must be 
Knowledgeable
Voluntary (not obtained through deception or coercion)
Related to the information in question
Given by the individual
Express consent 
Consent that has been clearly and unmistakably given, either orally or in writing
Implied consent 
Consent that a custodian concludes has been given based on an individual's action or inaction in particular factual circumstances
Circle of care 
Term used to describe health information custodians and their authorized agents who can assume a patient's implied consent when collecting, using, disclosing or handling personal health information for the purpose of providing direct health care
Circle of care includes
Health care practitioners, Community Care Access Centres (CCACs), service providers to CCACs, public hospitals, private hospitals, mental hospitals, psychiatric facilities, independent health facilities, homes for the aged, nursing homes, pharmacies, laboratories, ambulances, and community health or mental health centres
Consent within "Circle of Care"
A custodian (or their agent) is able to share personal health information with another custodian (or their agent) for the purpose of providing health care even without express consent. Disclosure for treatment purposes would be barred only if the client, or the client's substitute, had indicated that the information not be shared.
Consent in Pharmacy 
Consent from patient is considered to be automatically bestowed to a pharmacy and staff by the patient presenting a prescription to the pharmacy to be dispensed
Brochure "Circle of Care: Sharing Personal Health Information for Health-Care Purposes" created by Information & Privacy Commissioner describes when health information custodians can assume a patient's implied consent to collect, use or disclose personal health information
Protect Privacy and Confidentiality
1. Obtain patient consent
2. Information about patients must not be disclosed without their consent other that in exceptional circumstances, or where required by law or by order of a Court
3. Make sure that patients understand: what information will be released, why the information is being released and to whom, the likely consequences of releasing the information
PHIPA guidelines for releasing personal health information without consent
Public interest and Grave hazards: toxic discharge or other grave environment hazards
Health and Safety of an individual or Risk of serious harm to a person or group: Example - a reasonable fear of suicide
Disclosure to public health authorities: Example - an outbreak in a hospital of a potentially dangerous condition
Compassionate circumstances: PHI may be released without consent if an individual is injured, incapacitated or ill, or unable to consent
Providing health care: PHI may be disclosed to another health information custodian unless the patient has expressly forbidden it
Liability protection: Heads of institutions, health information custodians and those acting on their behalf are protected from actions and proceedings if they were acting in good faith and do what is reasonable under the circumstances
Disclosure of personal health information without patient consent is permitted 
When a police officer presents a warrant
When required by Rules of Court in a lawsuit
When requested by an inspector or investigator authorized under federal or provincial legislation
To the executor of the patient's estate (ask for a certifying letter if in doubt)
The Guiding Principles of NAPRA
Electronic and paper records that carry PHI (prescriptions, patient profiles and reports) are the property of the pharmacy and identify an individual with a pharmacy service
Use or disclosure of PHI only with the consent of the patient. Exceptions include preventing harm to the patient or when required by lawful authority, or for purpose of research or education when the identity of the patient is concealed
Duty to inform the patient of the anticipated use or disclosure of PHI collected
Collection and use of PHI only for the purpose of providing pharmacy services
Disclosure of PHI only to those who have a legitimate need for that information
The patient can revoke consent at any time
The pharmacist shall establish policies governing the retention, security and destruction of PHI to maintain patient confidentiality and privacy
Before using or disclosing PHI, ensure that the information is accurate, complete and not misleading
Lawful agents (such as guardians or executors of estates) can exercise the rights of individuals
Keeping PHI confidential
1. Prevent accidental disclosure of information
2. All records, registers, prescriptions and other sources of confidential information must be stored securely and be kept out of sight of persons who should not have access to them
The patient is concealed 
The patient's identity or personal information is hidden or not revealed
The Guiding Principles of NAPRA (cont'd) 
Duty to inform the patient of the anticipated use or disclosure of PHI collected
Collection and use of PHI only for the purpose of providing pharmacy services
Disclosure of PHI only to those who have a legitimate need for that information
The patient can revoke consent at any time
The Guiding Principles of NAPRA (cont'd) 
The pharmacist shall establish policies governing the retention, security and destruction of PHI to maintain patient confidentiality and privacy
Before using or disclosing PHI, ensure that the information is accurate, complete and not misleading
Lawful agents (such as guardians or executors of estates) can exercise the rights of individuals
Keeping PHI confidential 
Prevent accidental disclosure of information
Obtain patient consent
Document the conversation with the patient to protect yourself from liability
Precaution should be used in spousal requests for information, as well as requests about dependent children
As for requests from a third party, inform yourself about the agreement between the patient and the third party
Keeping PHI confidential 
Conversations concerning patients should be restricted to those who "need to know"
Ensure that the recipient of the information is aware of the confidentiality of the information and will respect it
When sending PHI over the Internet, double-check the email address of the recipient and ensure that the network being used is secure
Maintain records of requests for disclosure and details of the information disclosed
Keeping PHI confidential 
Protect information that is visible on the computer screen from being viewed by unauthorized people
Credit card number provided by patient to prepay prescriptions for delivery should be not be directly viewable from the patient's profile
Supervise any maintenance, housekeeping or repair personnel at all times when in the pharmacy
Keeping PHI confidential
Do not leave detailed phone message on an answering machine that could be accessed by others
Use a fax machine that is located in a secure place in the pharmacy
Keeping PHI confidential 
Be careful about talking to or about patients in the dispensary since the conversation may be overheard by others standing near the dispensary
The pharmacy counter should be designed so that only one patient can be at the window at any given time
Keeping PHI confidential at the Drop-off area
Request information from a new patient in a discreet manner, by keeping tone of the voice low
If a patient is ordering a refill and there are other customers nearby, avoid mentioning the name of medications that the patient is taking, instead mention medications by using color and form the drugs
Keeping PHI confidential at the Pick Up area 
When a customer is picking up a prescription, confirm his/her identity and the medication or product ordered by asking appropriate questions
If the spouse or a family member is picking up the prescription for the patient, verify that the patient has given his/her consent
Delivery labels on bagged prescription medication for pick up or delivery should not reveal the name of the medication that the patient is taking
Keeping PHI confidential in Prescription delivery 
Delivery report stapled to the bagged prescription should not reveal PHI to the driver
Prescription must be delivered to and acknowledged by the patient in person. The patient must sign the delivery report for the driver to bring back it to the pharmacy for audit
If the prescription delivered is new, the patient should call the pharmacist for counseling
Keeping PHI confidential in Patient counselling 
Should be located in a separate room or separate area of the pharmacy for patient privacy
Keeping PHI confidential in Disposal of patient identifiable information 
Shredding documents with PHI is an effective and inexpensive method of ensuring confidentiality
Disposing in confidential waste bin for destruction by a shredding company
If a patient brings back a used vial or bottle, erase the patient's name and Rx number using a permanent marker or peel off the prescription label for shredding
Keeping PHI confidential in Computer records 
Suitable passwords, Personal Identification Number (PIN) or other restricted access systems must be in place
Avoid sharing your password with another employee to protect yourself from liability
Computers must be situated so that data cannot be seen intentionally or accidentally by unauthorized persons
Level of access to patient's records by various members of the pharmacy team should be appropriate/limited to their duties