Click the >> arrow to play the video.

This is the third episode in the 8-part series, Health Information Privacy and Security Policies and Procedures orientation training.

Welcome Back to the Privacy Procedure Orientation Training series!

This training series is part of the Health Information Privacy and Security Policies and Procedures that your clinic has purchased.

In this episode, we will review the essential principles of privacy rights as they apply to patients, employees, and healthcare providers. These principles ensure the protection and secure handling of personal health information (PHI) under privacy laws.

Privacy Legislation: Right of Access

One of the key aspects of privacy rights is understanding the difference between an access request and a disclosure request for health information. An access request allows an individual to view or obtain a copy of their own health records, while a disclosure request is made by someone other than the individual the information concerns.

Access requests and disclosure requests that include personally identifying and sensitive information that is not covered by the Health Information Act will only be accessed by the individual that the information is about following the authority that the information was collected. Often, in Alberta, this is the Personal Information and Protection Act (PIPA).

For requests outside Alberta or from a Primary Care Network, it’s important to first refer the request to the attending healthcare provider.

Processing Access and Disclosure Requests

Your clinic’s Health Information Privacy Procedures Manual contains various forms to assist you in handling access and disclosure requests. These forms can also be uploaded into your EMR and generated as needed. Speak with your supervisor or clinic manager to understand how your clinic uses these forms in compliance with privacy procedures.

There are many forms that you can use from the manual to assist you to process access and disclosure requests easily and consistently.

Some of these forms can also be uploaded into your EMR and generated on an as-needed basis. Speak with your supervisor or clinic manager to learn more about how these forms are used in your clinic.

Understanding Masking in Alberta Netcare Portal

If you have access to the Alberta Netcare Portal, it’s important to know how masking is applied. This includes informing patients about their masking options and processing requests to mask their personal health information in the portal. Read this section for more information.

Security Camera Footage Access

If your clinic uses security cameras, individuals have the right to request access to images captured by these cameras. Follow your clinic’s privacy procedure to process these access or disclosure requests in a compliant manner.

Ensuring Accuracy and Completeness of Health Information

As a custodian, you have a duty to ensure that the health information in your clinic is accurate and complete. This includes tracking and correcting any inaccurate or incomplete data in health records, including those in the EMR. Individuals also have the right to request corrections or amendments to their health information.

Individuals may make a request to any custodian participating in the Alberta EHR, also known as Alberta Netcare Portal, to make a correction or amendment to their health information.

Collection, Use, and Disclosure of Health Information

Your clinic should collect personally identifying health information only when necessary, and where possible, directly from the individual. Disclosure of personal information should be limited to the purposes for which it was originally collected, following the appropriate legal authority under the Health Information Act (HIA).

Before using or disclosing health information, your clinic must ensure that the information is accurate and complete.

Patient Communication About Information Collection

When patients visit the clinic, it’s your responsibility to inform them why their personal health information is being collected, how it will be used, and how they can request access. Your clinic should display a collection notice in a location where it is visible to patients.

When patients attend the clinic, we have a responsibility to tell them why we are collecting their personal health information, how it will be used, how it will be protected, and how they can request access to their own information.

Media Communications and Social Media

If your clinic engages in media communications or uses social media, it’s important to follow the clinic’s policies on these activities. Review the clinic’s expectations and speak with your supervisor or privacy officer if you have questions.

Next Episode: Information Handling

In the next episode, we’ll explore how to handle health information securely and comply with privacy procedures for collection, use, and disclosure.

Stay tuned!

 

Don’t Have Written Privacy Policies and Procedures Yet?

If your clinic hasn’t yet purchased the Health Information Privacy and Security Policies and Procedures templates from Information Managers Ltd., don’t worry! You can still follow along with this training and refer to your current clinic’s procedures.

If you don’t have written policies in place yet, now is a great time to get started. Check out our customizable templates to help your healthcare practice stay compliant and protect patient information. Learn more at https://informationmanagers.ca/policy-and-procedure-template/.