We begin by defining the clinical and non-clinical reasons for which health information custodians collect, use, retain and disclose personal health information.
A key next step to ensuring privacy protective information sharing is the definition of a custodianship model; as defined in Ontario’s PHIPA, custodians are healthcare providers responsible for the management of personal health information. These include: individual healthcare practitioners and group practices; community service providers under the Long-Term Care Act, 1994; community care access centres; public or private hospitals; psychiatric facilities under the Mental Health Act; institutions under the Mental Hospitals Act; and independent health facilities under the Independent Health Facilities Act.
In the context of an EHR initiative, a steward will be designated to review and revise policies, processes, and procedures and to ensure the proper operation of shared records.
Liability is defined as a legal obligation, due at present or at some time in the future. By establishing liability, we help to define the roles, responsibilities, and accountabilities of EHR participants.
>Power and authority
In conjunction with liability, we define different EHR participants’ right and ability to manage (collect, retain, disclose, and correct) personal health information.
We help our clients to develop policies for management of data quality, records management, assurance of accuracy, retention and archiving, and secondary use of data.
We work with our clients to define policies for the application of legislative requirements, including management of information safeguards, compliance auditing, identity validation and management, implementation of consent rules, breach management, and proactive and reactive monitoring of technology assets.
>Templates for Participant Roles
Controls include frameworks such as provider agreements, patient disclaimers, and mandatory and discretionary requirements that define the roles of EHR participants.