5.     Information Management (Draft Policy)

 

 

i.              General Guidelines

 

Children, youth and their families are best served by the Network when:

 

·  staff in the Network have access to the data they require to support their work together as an efficient team with the child and family

 

·  families can be assured that only authorized staff in the Network have access to their personal information , and the confidentiality of their personal information is protected by appropriate operational practices according to the appropriate legislation

 

·  there are clear guidelines and communication regarding processes and procedures for sharing information, ensuring that it is shared only with informed consent, and that no harm is caused

 

Scope

This framework for privacy and security may include in its scope all children, youth and families served by any staff whose organization is a member of the Network. By virtue of the CTN model, the privacy guidelines will of necessity spill over into the day-to-day operational practice of the CTN partners. These guidelines are intended to guide the Network as a health information custodian, its agents and partners, and specifically, the Network’s use of an electronic client record and single plan of care.

 

This guideline includes requirements under the following legislation:

Personal Health Information Protection Act (PHIPA)

Freedom of Information and Protection of Privacy Act (FIPPA and MFIPPA)

Child & Family Services Act (CFSA)

Education Act

 

ii.            Basic Rights of Individuals with respect to Privacy

 

·  Individuals have the right of access to their own health information

 

·  Individuals have the right to privacy and protection of confidential information, including the right to consent, withhold or withdraw consent

 

·  Individuals have the right to require the correction or amendment of personal health information about themselves.

 

Definitions

           

Confidentiality

Information of some sensitivity not already in the public domain or not readily available

from another public source, and which has been shared in a relationship where the person giving it understood that it would not be shared with others without their express consent.

 

Express Consent

The client provides informed, explicit, verbal or written consent based on their understanding of what will occur and why. Express consent is required if a health information custodian discloses information to a person who is not a health information custodian or to a health custodian but not for purposes of providing or assisting in providing health care.

 

Implied Consent

If personal health information is received for the purpose of providing health care, or assisting in the provision of health care, the client is assumed to have implied consent to collect, use or disclose the information for the purposes of providing health care or assisting in providing health care, unless the custodian becomes aware that the individual has expressly withheld or withdrawn consent.

 

 Health Information Custodian

A health information custodian (HIC) is a person or organization who has custody or control of personal health information as a result of or in connection with performing the person’s or organization’s powers or duties. The Network and some of its members are HICs.

 

Agent, in relation to a health information custodian, is a person who with the authorization of the custodian, acts for or on behalf of the custodian, and not the agent’s own purposes.

 

Health Care and Health Care Practitioners

PHIPA defines health care as any observation, examination, assessment, care, service, procedure that is conducted for a health-related purpose, and is carried out or provided to:

·      diagnose, treat or maintain an individual’s physical or mental condition

·      prevent disease or injury or to promote health

 

Circle of Care

PHIPA does not define “circle of care”. The term refers to those in the health care team who are involved in the care or treatment of a particular person. The Network would identify the circle of care as including the members of the child and youth/family’s team as identified on the Single Plan of Care. 

 

Lockbox

The term “lock box” applies to situations where the individual has expressly restricted disclosure of specific personal health information to others -- even to others involved in the circle of care. This decision and related discussions should be well documented in the patient’s record.  It is to be noted that individuals may not prevent the custodian from disclosing personal health information permitted or required by law.

 

Documentation Guidelines

-Under Development

 

iii.          Information Sharing

 

Electronic Record

Information about children and youth being served by the Network will be recorded in an electronic record.  Only authorized staff with the consent of the young person or child’s parent or guardian will access the electronic record.  In some situations, access to some information will be restricted to a particular category of practitioner or user.  Details about the clinical software application, the electronic record and the single plan of care are in a separate module.

 

Authorized users will access the electronic record and single plan of care either through a secure web interface, through their agency’s secure network, or through another designated user. They will be trained to access and use the software application appropriately, and to ensure that the information is accurate and secure.  A system administrator will oversee the access control process.

 

Guidance for Sharing Information

To enable the development and delivery of an integrated plan of care, Network members need to understand when, why and how to share information with each other, so they can do so confidently and appropriately in daily practice.

 

This will require ongoing learning and collaboration among Network members to develop and practice new processes for integrated assessments, planning and intervention.  Privacy policy, procedures and training will be updated as practices to support integrated working evolve.

 

Staff will continue to be sensitive to the need to protect confidential information, and adhere to their professional codes of conduct. The relationship between providers and client is based on the assumption that the appropriate sharing of information within the relationship is beneficial to the child and family.

 

Principles for Information Sharing

 

1)    Day to day operations are conducted so that personal identifiable information is used in a fair and lawful manner that places the client at the centre of the process

 

2)    There must be a defined and justifiable purpose for sharing information, and it is explained openly and transparently as early in the engagement as possible

 

3)    Every request for disclosure and reason for decision must be recorded

 

4)    Sharing personal identifiable information should be the minimum information required for the stated purpose

 

5)    Personal identifiable information should not be kept for longer than necessary in accordance with the purpose, and be kept accurate and up to date

 

6)    Access to personal identifiable information should be restricted to a ‘need to know’ basis; when in doubt, seek advice

 

7)    Those with access to personal identifiable information should be trained in their responsibilities to protect it

 

8)    Responsibility regarding personal information may extend beyond the death of the person

 

9)    All personal identifiable information must be held in a safe and secure environment, including the means by which it is transmitted or received

 

 

Governance for Information Sharing

 

·  Information sharing agreement will be developed with each of the Network partners that will detail the governance and practice for the privacy and security of personal information through common network approach to privacy and information sharing. It will cover issues related to:

o      Designated contact, Staff confidentiality agreements

o      Operational policies and procedures

o      Security Audit procedures and accountabilities for security

o      Training

o      Data retention, destruction of records

o      Communication to families

o      Problem-solving and conflict resolution

o      Terms of Reference for a Network Privacy Working Group to oversee issues related to privacy and information sharing, including the initial, and ongoing review of the Privacy Impact Assessment (PIA)

 

·  Each member will identify one contact person to ensure compliance with the legislation, be the point person in the organization for the Goldcare system administrator to ensure the right people have access to the electronic record, and to deal with enquiries about information and privacy issues

 

·  Communications/Short Notices:  Notices and Materials will be available  – eventually in multiple languages, to inform children, youth and families about their rights with respect to privacy, and what to expect regarding Network practices. These will take the form of pamphlets, posters, disclaimers on email, website, etc.

 

·  The information sharing agreement will provide a foundation for other CTN data-sharing partnerships, such as membership in the Electronic Child Health Network (eCHN), Ontario Telemedecine Network  (OTN) or Smart Systems for Health (SSHA) that support integrated service delivery to children and families

iv.          Collection, Use and Disclosure

 

·  Generally, personal information can be collected, used and disclosed if the individual consents, or the collection, use or disclosure is permitted or required by legislation

o      Information should not be collected, used or disclosed if other information will serve the purpose

o      Only the information necessary to meet the purpose can be collected, used or disclosed

 

·  Express consent is required to collect, use or disclose personal information for marketing purposes, including vendors

 

·  Express consent is required for participation in a research project. Individuals have the right to expect that the research project has been evaluated for ethics approval, and that the researcher has signed a confidentiality agreement with CTN.

 

·  Personal information should generally be collected directly from individuals, but can be collected indirectly if:

o      The individual consents

o      The information is necessary for the provision of health care and direct collection is not reasonably possible

o      The custodian collects the information from a person who is not a custodian for research purposes

 

·  Custodians can use information without consent or provide to an agent..:

o      For the purpose for which it was collected

o      For purpose for which it is permitted or required by law to disclose

o      For planning or delivering programs or services that the custodian provides or funds

o      For risk management, error management or quality improvement of care

o      For educating agents who provide health care

o      For disposing of information or modifying information to conceal identity

o      To seek consent of the individual

o      For purpose of a proceeding

 

·  Disclosure without consent:  As a general rule, personal information should only be disclosed with the consent of the individual, except where

o      Required by law to disclose – e.g. CFSA Duty to Report, court order

o      Emergency/Urgent circumstances - there are reasonable grounds to believe that the disclosure is necessary to eliminate or reduce a significant risk (good judgement) of serious bodily harm to a person or group of persons

 

·  The recipient of personal information from a custodian must not use or disclose information for any purpose other than the purpose for which it was disclosed.

 

·  The health information custodian must have a process in place to revise inaccurate records

 

General guidelines for Consent

·  The child, youth and family are at the centre of what happens to their information – they are the owners of the information

 

·  The approach to requesting consent to share information must be open, transparent and respectful, with the outcome of making the individual knowledgeable about why data is being collected and how it may be used.

 

·  Providing individuals with all the information they need to make a decision is the basis of informed consent

 

·  Informed Consent  (See definitions) can be: 

o      Explicit/ express

o      Implicit/ implied (HICs to HICs; Circle of Care, except when withheld or withdrawn)

o      verbal or written

o      Withheld or Withdrawn

o      Conditional

 

·  CTN will proactively inform users when they first engage with service as to circumstances by which their information may be gathered, recorded and shared

 

·  The governance framework of network partners must be respected

 

 

Who can Consent

• An individual who is able to understand the relevant information and the consequences of withholding consent. Capacity to consent may be presumed unless there are reasonable grounds to believe that the individual is incapable of consenting.

 

• A parent or guardian, or someone authorized or required by law may consent on behalf of a child who is less than 16 years of age. In general, a parent with only right of access cannot consent on behalf of a child less than 16 years of age.

 

• A substitute decision maker can be determined if an individual authorizes another person to act on their behalf, or if incapable, the parent, guardian, attorney, spouse, parent, parent with right of access only, or another relative or the Public Guardian and Trustee may consent if no one else is available to consent.

 

• The wishes of the child and young person will always be taken into account, and in some cases where there is a conflict and they are capable of informed consent, may override those of the parent.

 

v.            Security of Personal Information

 

Security/Privacy Policy

 

1. A comprehensive security/privacy policy will be in place, including
1. Network and access security; firewalls
2. Hardware and software operation
3. Physical security
4. Annual risk assessment and Privacy audit activity
5. Procedures for dealing with security and privacy incidents or breaches
6. Training

 

2. A process will be set out in the Information Sharing Agreement (see governance) for situations where Network partners do not comply with these guidelines (once approved). For example, inappropriate refusal to disclose information, disregard for policies and procedures or the rights of clients would be discussed initially with the designated person for the agency, and if  unresolved, discussed with the senior manager, in accordance with procedures identified in the Information Sharing Agreement.

 

3. Complaints may be directed to the CTN Privacy Officer (sandy.thurston@ctn-simcoeyork.ca), and if unresolved, can be directed to the Information and Privacy Commissioner (IPC) of Ontario.  See www.ipc.on.ca  

 

4. Audit Policy

CTN’s capacity to audit privacy and security compliance resides in the Goldcare application’s data trail functions.  An audit will be conducted on a regular basis to monitor adherence to the privacy guideline, and address issues identified in the process.

           

System Security and Access

 

At all times, information will be held in a safe, secure environment, including the means by which it is transmitted or received between partner organizations, and, in so far as it is reasonably practicable, to be free from unauthorized or unlawful access or interception, accidental loss or damage. The level of security will be commensurate with the sensitivity and classification of the information to be stored, shared, transmitted or received.

 

Physical Security

·  All computers and other electronic devices should be password protected

·  Workstations and meeting places must provide sufficient privacy for the protection of confidential information during normal working.  Access to locked filing cabinets to be provided where necessary

·  Fax machines used for personal health information must be in a secure location, with a routine that ensures that they are directed to the right person immediately

·  When absent from the computer, personal identifying information must not be on the screen, and the program should be locked from inadvertent access

·  Access to a shredder for secure destruction of  paper records

 

Goldcare – Clinical Software Application for the Electronic Record

·  Access Security: the Designated Contact for each Network member will provide to the CTN System Administrator (michelle.biehler@ctn-simcoeyork.ca), the names of their employees who require access to the electronic record and for what purpose

 

·  The CTN system administrator confirms eligibility and assigns each individual to a user group, identifies any restrictions to access, then notifies the data user of their login ID and password for authenticated access to the system. The system administrator maintains a current database of all system users.

 

·  Each data user will be oriented and trained to the use of Goldcare

 

·  Restricted Acess:  The System Administrator can restrict access for a specific user at the record level.  However, the default is set to allow all users to view all information in the client records in the local teams in which they are involved, with write access restricted to the user’s own user group’s permissions in Goldcare

 

·  LockBox: Any user can restrict access to confidential information that an individual client does not consent to be disclosed. There is provision to ‘lock’ information from view by inserting it into a ‘locked file’ or folder in the Document Manager section of the clinical application.  The information is encrypted and password protected and can only be accessed by the person who has entered it. 

 

·  Password: A password policy is outlined for the use of Goldcare to reinforce the care that must be taken to protect the personal information stored within it.

 

Acceptable Use Policy – CTN Networks, Software, Hardware

 

Appropriate use:

a.    Users will employ only those accounts for which they are authorized, and shall take necessary precautions to prevent others from obtaining access to their computer accounts or passwords

b.    Users will be guided by their professional practice standards

c.     Minimal personal use is acceptable

d.    Data is to be treated as confidential, shared with informed consent

e.    While away from the office, keep all electronic devices with you, secure from theft, loss and unauthorized access. Avoid removing personal information from the office unless necessary and safeguard privacy in all conversations

 

Inappropriate use

a.    Activity for personal gain, or that is in contravention of the Criminal Code or Ontario Human Rights Code is prohibited

b.    Accumulation of unnecessary, outdated or non-work related files is discouraged

c.     activity that jeopardizes the integrity of the network, application or computer, such as installing unauthorized software is prohibited

d.    Intentional breach of privacy or confidentiality

 

 

vi.          Procedures

 

Consent: Roles and Responsibilities

 

	Service Navigators	Service Coordinators	Clinicians/Practitioners
Consent to collect, use, disclose personal information to HICs & non-HICs	Express verbal consent to do the CFI, and refer to service coordinator and initial team
Consent for assessment and planning; and to proceed with the single plan of care when consensus is reached		·      Add information to initial consent to gather, share information with additional members,  to develop plan ·      a single plan of care is consented to as treatment plan and circle of care	·      May need written consent for a specific procedure or assessment
Consent to treat			Regularly, ongoing

 

Consent Form

The way consent is collected may vary depending on the purpose or stage of care. The form for consent allows for all the individual information and wishes to be inserted electronically in either a verbal conversation, or in written form prior to printing and signing.  If there is a necessity to disclose your personal information beyond the parameters of the original consent, especially where express consent is required, individuals will be notified with a request to update the consent.

 

Recording Consent

All requests for consent and consents received – including any conditions or changes, are logged in the individual’s electronic record, in the consent tracking log. Written consents are scanned into the Document manager consent folder.

 

If there are restrictions to access, the System Administrator and Privacy Officer must be notified immediately, to enable the appropriate restrictions to user ID.  In such cases, an alternate process will grant access to only those members who have consent.

 

Consent is refused or withheld

Children/young people and their parents/guardians can refuse to give consent, and refuse to receive treatment and intervention services. In these circumstances, their views must be respected, once they have a clear idea of the consequences of withholding consent.

 

If this occurs, service navigators or coordinators or the Privacy Officer will explore opportunities for supporting the child/or and family in universal settings (e.g. child care, school), perhaps as a stepping stone to encouraging them to take up the more targeted support available. There may be opportunities for parents to participate through drop-in programs (Ontario Early Years Centres, Best Start hubs), parenting support (Hanen Programs, Triple P programs), etc.

 

Process for Managing a Privacy Breach

a.    Identify the scope of the breach and contain it.

 

b.    Report to the agency designated contact person, and the privacy officer, who will investigate as the type of breach warrants; breaches may be categorized as:

                    i.     not serious, e.g. inadvertent access that is unintentional and has no negative consequences, and may require additional training

                  ii.     serious but unintentional, e.g. confidential information was inappropriately disclosed, but without negative intent, and may require a review of practices

                 iii.     serious and malicious intent that requires significant investigation, and potentially involvement of the police

 

c.     Notify the individual whose information was breached that a breach has taken place along with the steps taken to resolve the breach. A HIC must notify the individual at the first reasonable opportunity if the information is stolen, lost or accessed by unauthorized persons.

 

d.    Review and revision of organizational policies or procedures as necessary, and/or Network policies

 

Request to Access/Review Record

a)    Confirm the type of information sought, and the scope of the request, e.g. any particular part of the record, involving a specific incident as well as the individual’s identity

 

b)    Direct the requester to the request form, and submit to the Privacy Officer, who will evaluate and respond to the request within 30 days, with a possible 30 day extension

 

How to Correct Records

a)    Strike out the incorrect information in a manner that does not obliterate it or

b)    Label the information as incorrect and sever from the record, while maintaining a link to the record

c)    If the correction cannot be recorded in the record, every effort must be made to inform persons accessing the record that the information is incorrect and where to obtain the correct information.

 

Complaints Process

a)    Encourage the individual to discuss the nature of their complaint, including other members of the team as needed, clarifying the specifics of the complaint

b)    If further process required, ask the individual to submit complaint in writing to the Privacy Officer who will gather information and make findings

c)    If the complaint is substantiated, immediate action will be undertaken to rectify the situation, responding to the individual with the explanation

d)    If the complaint cannot be substantiated, review the findings with the individual, and indicate the opportunity to make complaint to the IPC

 

vii.        Forms

 

The following draft forms are attached below, and will be posted to the website when finalized:

 

·  Consent

·  Request to access individual record (attached as separate PDF file)

·  Complaint (in development)

·  Fact Sheet for families