Theme 6. Leadership and governance for accountable care
Presentation Materials (members only)
Presentation Slides: Solutions for Managing Patient Privacy across Clinics and Community Partners
(I) A Stewardship Privacy Model for a FHT and its Clinics
Learning Objectives
As the province's third largest FHT, the Guelph FHT has 76 doctors and is operationally broken down into 17 clinics. While privacy is always a challenge, privacy in the Guelph FHT's environment is especially challenging and requires a purposeful privacy governance structure to ensure consistency across clinics, to support FHT staff and to meet legal obligations. Participants will learn about the Guelph FHT's approach to privacy governance, how the model was implemented and how other FHTs may take a similar approach.
Summary
FHTs are continually asked to provide leadership in data. This leadership often involves searching, accessing and summarizing data about clinics. Often, however, the relationship between a FHT and its clinics from a privacy perspective is ambiguous, and questions of custodianship, responsibility and training are unclear. As FHTs are strategically moving to play a even stronger role in data, the question of privacy and privacy governance needs to be formally resolved. As the province's third largest FHT, privacy in the Guelph FHT's environment is especially challenging and requires a purposeful privacy governance structure to ensure consistency across clinics, to support FHT staff and to meet legal obligations. The Guelph FHT's privacy model is based on the concept of privacy stewardship, and sharing privacy roles and responsibilities between the Guelph FHT and its clinics. The goal of this model is to allow the Guelph FHT to participate in regional data programs, while simultaneously giving individual clinics appropriate control and responsibility for their privacy responsibilities. The Guelph FHT's approach is broken down into two parts: the first part of this governance model is based on a common set of privacy principles that are adopted by all clinics. This "Harmonized Privacy Policy" establishes universal privacy policies for all clinics and clearly outlines the role of the FHT and the role of the clinic regarding privacy responsibilities and obligations. The second part of the governance model is a Stewardship Agreement, which formalizes the relationship between the FHT and its clinics from a data and privacy perspective. The presentation will conclude with a review of lessons learned through the process of negotiating this privacy model, and an update on its current status.
Presenters
- Kirk Miller, Director of Performance and Accountability, Guelph FHT
- Justin St-Maurice, Privacy Consultant, St-Maurice Consulting Services
(II) Quality-Based Reporting and PHIPA Compliance
Learning Objectives
Increase overall awareness of privacy, security and confidentiality of data. Review current PHIPA regulations and the relevance to Family Health Teams in quality-based reporting. Provide an overview of the current challenges faced by Family Health Teams in meeting PHIPA requirements Share useful and practical ideas that may be adopted by other FHTs in terms of contract negotiations with internal and external partners, implementation of processes, policies and procedures, and internal quality monitoring through audits.
Summary
Quality-Based Reporting and PHIPA Compliance. No one would argue that information from data is key to improving efficiencies within the healthcare system, influencing public policy development and administration and supporting research to advance patient care. At the same time, information security and privacy in the healthcare sector is an issue of growing importance, where breaches can incur serious consequences for both the individual and the organization involved. The adoption of electronic patient medical records and the increasing need for providers and funders to access and utilize patient data all point towards the need for a better understanding and adoption of policies and protocols regarding information security. The main threats to patient privacy and information security are those that arise from inappropriate access of patient data either internally or by exploiting disclosed data, including big data, beyond its intended use. Compliance with provincial regulations governing privacy and security of health information is mandatory (PHIPA, 2004) and yet, many Family Health Teams and other healthcare organizations are failing to comply and struggling to understand the risks they face by not meeting these requirements. This presentation will highlight some of the challenges faced by the North York Family Health Team in meeting PHIPA requirements as we continually strive to implement best practices in addressing quality-based reporting both internally and with our external partners. The importance of a data flow chart; end-user agreements; staff training and education; privacy, security, data breach and confidentiality policies and procedures; audits; and other necessary checks and balances will be discussed.
Presenters
- Susan Griffis, Executive Director
- Jennifer Leung, Clinical Manager, North York FHT
- Marjan Moeinedin, Quality Information Decision Support Specialist
Authors and Contributors
- Joyce Lo, Project Manager, North York FHT
- Andrew Levstein, Information Technology Support, North York FHT