Lang Michener - Electronic Health Record Services Review
|
|
|
|
Nymity's Independent Privacy Solutions Review provides an unbiased assessment of the legal and privacy benefits of the Lang Michener Electronic Health Record Services and how these services will help your organization comply with privacy laws, and ensure the security of electronic health records (EHR's). |
Privacy Compliance: Electronic Health Record (EHR)
An electronic health record (EHR) refers to individual patient's or client's personal health information (PHI) in digital format. A single electronic health record is generally considered a comprehensive compilation of a person’s lifetime health care history, accessible through electronic networks by health care providers across different health systems and different points (e.g. acute care hospitals, physician offices). By making a patient’s complete medical history instantly available to all health care providers within a circle of care, EHRs have the potential to improve the delivery of health care. Accuracy, currency, completeness and availability of health data are considered prerequisites to the effective functioning of the health care system. These prerequisites are made possible through EHRs. EHRs lower the risk of injury due to medical information errors, and have the potential to advance health care research and cut associated costs by identifying areas for improvement.
Privacy Law
PHI may be subject to one or more of the 23 privacy laws in Canada, depending on the location of the collection, use, storage and disclosure of the PHI. Ontario, Manitoba, Saskatchewan and Alberta, have all enacted specific health care privacy legislation. In other provinces, PHI is subject to provincial private-sector privacy laws (British Columbia and Quebec), or the federal private-sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). If PHI is transferred across a provincial or federal border it is subject to PIPEDA. If PHI is transferred outside of Canada it may be subject to a set of laws in the country to which the data transferred..
Privacy law requires that the custodian of PHI take steps reasonable in the circumstances to protect the personal health information within its custody against theft, loss, unauthorized use and/or disclosure. In Ontario, the Personal Health Information Protection Act, 2004 (PHIPA) contains the requirement to notify individuals if there has been a breach of their personal health information. PHIPA also provides for regulations prescribing more detailed procedures for records retention, electronic data collection and management of electronic network service providers.
In the absence detailed of legislative guidance, Ann Cavoukian, the Ontario Information and Privacy Commissioner, has articulated certain criteria to regulate the protection of EHRs through her order-making power and through informal guidelines. For example, in Order HO-004 the Commissioner has set out certain criteria to address the security of PHI maintained on portable electronic devices. This Order contains a number of recommended administrative procedures for maintaining and providing access to PHI held on such devices. Essentially, the Order mandates effective encryption of such information and the use of multi-layered access authorization procedures.
Privacy Review: Lang Michener Electronic Health Record Services
Organization's dealing with electronic health records require specialized legal services and need to work with a law firm with an in-depth understanding of both privacy laws and health care laws. Lang Michener's privacy lawyers assist organizations in developing and implementing best practices in health privacy compliance. Lang Michener has the legal expertise and experience to provide specific services for EHR including: |
 |
- Developing privacy and security policies and procedures;
- Consent and privacy compliance via thorough audits of current information practices;
- Advising with respect to threat and risk assessments and privacy impact assessments;
- Assessing compliance requirements under PHIPA;
- Advising with respect to system access procedures including authentication and authorization;
- Drafting data sharing agreements;
- Advising with respect to outsourcing contracts and contracting for services;
- Assistance in responding to breaches; and
- Advising with respect to system audits.
The Lang Michener Privacy Law Group assists clients in understanding privacy laws, adopting effective procedures and managing privacy issues advantageously. With over 15 practitioners in the Group, and representation across Canada, Lang Michener has the depth of resources and talent to assist in developing privacy strategies regardless of the size or complexity of the business. Lang Michener's Privacy Law Group helps clients examine the impact the privacy laws on their operations and implement measures to ensure compliance.
In advising on security protection of EHRs, Lang Michener's Privacy Law Group has reference mot only to existing Canadian legislation, but also seeks guidance from international sources such as the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA). Lang Michener is active within the International Association of Privacy Professionals (IAPP), and has presented at its Canadian Privacy Summit, as well as at conferences focused on EHR in Canada. The Privacy Law Group has also written papers on EHR, for example: BACKGROUND PAPER – REGULATION OF THE SECURITY OF ELECTRONIC HEALTH RECORDS, which was presented at the Shared Risks, Shared Standards Conference Toronto on October 23, 2007.
|
Lang Michener Privacy ROI
To calculate the privacy return on investment (Privacy ROI) of Lang Michener's EHR Services an organization must consider the costs (legal, operational, and in terms of reputation), that a privacy breach and/or being found to be non-compliant would have. Health care organizations adopting EHRs should consider contacting Lang Michener to learn more about the potential risks and the services it offers to address them through the development of appropriate privacy and security procedures. Compliance is complex and the risk levels are high due to the number and complexity of privacy laws, the dynamic changes occurring for contractual provisions, and the shortage of EHR precedents. It will be several years before there is a body of precedents related to EHR systems. However, organizations that want to avoid finding themselves with complaints in the future should start planning now..
The likelihood of a breach is high due to the volumes of information collected, the human processes involved in the collection, and the high-number of transfers and disclosures involved in providing health care.
The sensitivity of the information, the media's interest in privacy breaches in health care, the increasing incidence of identity theft and the concerns with any data that resides outside of Canada increase the privacy risks,and thus Lang Michener's EHR services' ROI.
|
|
Next Steps
Contact Lang Michener directly or speak with: