TECHNOLOGY IN HEALTHCARE/PATIENT EXPERIENCE/HOSPITAL PERFORMANCE INDICATORS
The use of personal health information in clinical care:
Finding the right balance By Alice Melcov
n the clinical care setting, a patient’s personal health information (PHI) is a powerful catalyst for optimizing healthcare outcomes. When utilized appropriately, it can have a critical role to play in enhancing the quality of care that a patient receives. Recent regulatory and legislative developments have aimed to enhance protections around the collection, use and disclosure of PHI in the clinical context; however, these advancements have been centered on the concept of enhancing legislative compliance through disciplinary measures. Much of the focus of these developments has been on the punitive aims of the Personal Health Information Protection Act (PHIPA) – the primary piece of legislation governing PHI – and in particular, has sought to advance legislative compliance by emphasizing the legal consequences for breaching patient privacy. Undoubtedly, PHI is among the most sensitive types of information. Patients are entitled to expect that their confidential details will not be inadvertently or purposefully disclosed without proper authorization – and that those who do
so will be disciplined and/or sanctioned appropriately. Yet, PHIPA, like many other pieces of legislation, has multiple purposes. Apart from its punitive rationale, focused on deterring unwanted conduct, the legislation
Patients are entitled to expect that their confidential details will not be inadvertently or purposefully disclosed without proper authorization – and that those who do so will be disciplined and/or sanctioned appropriately. also seeks to create a framework to facilitate the effective provision of healthcare. In this regard, it recognizes the importance of disclosure of PHI to clinical care, and aims to provide secure parameters within which PHI can be freely exchanged between patients and clinicians, and also within a patient’s circle of care.
This more positive aim of the legislation corresponds to how PHI is used to advance clinical care. A patient who knows that his or her PHI will remain confidential is more likely to be forthcoming about sensitive medical details. In turn, this may give clinicians a more complete medical history, allowing them to implement the most appropriate care plan. As part of the privacy compliance framework, PHIPA envisions clinicians (or health information custodians generally) to be key players in safeguarding PHI – knowing that they may rely on patient’s full and frank disclosure of PHI as an important tool in diagnosis and treatment advice. When considering the collection, use and disclosure of PHI in clinical care, a proper balance must be struck between the various purposes of PHIPA. Overemphasizing the punitive aims of the legislation risks creating a climate of fear around how to appropriately use and disclose PHI – particularly for clinicians. On the other hand, in focusing only on the importance of facilitating the flow of PHI, one may overlook the clinical and practical significance of the deterrent aims of the legislation. An ideal approach to the
conversation around privacy compliance is one where the negative consequences for breaching privacy are equally voiced and heard alongside more encouraging, positive-based rationales. In striking the right balance, it is also important to consider the broader institutional context. The use, disclosure and collection of PHI does not occur within an operational vacuum – paper charts, electronic information systems and institutional policies (as they relate to IT) are all vehicles that are used to enable (or sometimes prevent) access and disclosure of PHI. These operational aspects may come with their own limitations and resource challenges. Accounting for these operational factors is also a significant part of the privacy compliance picture, given the practical daily workflow implications. Additionally, in the compliance environment, the role of relevant stakeholders has to be considered. For example, the Ontario Information and Privacy Commissioner plays an important role in ensuring that individual health care providers and health care institutions are accountable for meeting legislative requirements. Continued on page 20
NOVEMBER 2015 HOSPITAL NEWS
Technology in Healthcare, Patient Experience & Hospital Performance Indicators. Special MEDEC Annual Supplement.