Data Ownership of EHR

THE ETHICAL, LEGAL, SOCIAL ISSUES (ELSI) GUIDELINES
 
For the purposes of these recommendations, the term “privacy” shall mean that only those person or person(s) including organizations duly authorized by the patient may view the recorded data or part thereof. The term “security” shall mean that all recorded personally identifiable data will at all times be protected from any unauthorized access, particularly during transport (e.g. from healthcare provider to provider, healthcare provider to patient, etc.). The term “trust” shall mean that person, persons or organizations (doctors, hospitals, and patients) are those who they claim they are.
 
The following approaches are to be adopted wherever applicable to address the aspects that the terms mentioned above refer to:
  • Privacy would refer to authorization by the owner of the data (the patient) 
  • Security would have as components both public and private key encryption; the encryption techniques used in transit and at rest need to be through different methodologies. 
  • Trust would be accepted whenever a trusted third party confirms identity 
PROTECTED HEALTH INFORMATION
Protected Health Information (PHI) would refer to any individually identifiable information whether oral or recorded in any form or medium that (1) is created, or received by a stakeholder; and (2) relates to past, present, or future physical or mental health conditions of an individual; the provision of health care to the individual; or past, present, or future payment for health care to an individual.
 
Electronic Protected Health Information (ePHI) would refer to any protected health information (PHI) that is created, stored, transmitted, or received electronically. Electronic protected health information includes any medium used to store, transmit, or receive PHI electronically.
 
As per the Information Technology Act 2000, Data Privacy Rules, refers to ‘sensitive personal data or information’ (SPI) as the subject of protection, but also refers, with respect to certain obligations, to ‘personal information’ (PI). Sensitive personal information is defined as a subset of personal information. Followings are Sensitive personal information that relates to:
  1. Passwords 
  2. Financial information such as bank account or credit card or debit card or other payment instrument details 
  3. Physical, psychological and mental health condition 
  4. Sexual orientation 
  5. Medical records and history 
  6. Biometric information 
  7. Any detail relating to (1) – (6) above received by the body corporate for provision of services 
  8. Any information relating to (1) – (7) that is received, stored or processed by the body corporate under a lawful contract or otherwise 
DATA OWNERSHIP
  • The physical or electronic records, which are generated by the healthcare provider, are held in trust by them on behalf of the patient 
  • The contained data in record which are the protected health information of the patient is owned by the patient himself / herself. 
  • The medium of storage or transmission of such electronic medical record will be owned by the healthcare provider. 
  • The “sensitive personal information (SPI) and personal information (PI)” of the patient is owned by the patient herself. Refer to IT Act 2000 for the definition of SPI and PI. 
DATA ACCESS AND CONFIDENTIALITY
  • Regulations are to be enforced to ensure confidentiality of the recorded patient/medical data and the patient should have a control over this. 
  • Patients will have the sufficient privileges to inspect and view their medical records without any time limit. Patient’s privileges to amend data shall be limited to correction of errors in the recorded patient/medical details. This shall need to be performed through a recorded request made to the healthcare provider within a period of 30 days from the date of discharge in all inpatient care settings or 30 days from the date of clinical encounter in outpatient care settings. An audit of all such changes shall be strictly maintained. Both the request and audit trail records shall be maintained within the system. 
  • Patients will have the privileges to restrict access to and disclosure of individually identifiable health information and need to provide explicit consent, which will be audited, to allow access and/or disclosures. 
  • All recorded data will be available to care providers on an ‘as required on demand’ basis 
DISCLOSURE OF PROTECTED / SENSITIVE INFORMATION
  • For use in treatment, payments and other healthcare operations: In all such cases, a general consent must be taken from the patient or next of kin, etc. as defined by the MCI. 
  • Fair use for non-routine and most non-health care purposes: A specific consent must be taken from the patient; format as defined by MCI. 
  • For certain specified national priority activities, including notifiable/communicable diseases, the health information may be disclosed to appropriate authority as mandated by law without the patient's prior authorization 
  • Instances where use and disclosure without individual authorization will be possible are as follows: 
  • Complete record with all identifiers in an “as-is” state, on production of court order 
  • Totally anonymized data, where the anonymization process involves the complete removal of all information that allows the identification of the patient. (List of such personally identifiable information is provided below) 
RESPONSIBILITIES OF A HEALTHCARE PROVIDER
  • Protect and secure the stored health information, as per the guidelines specified in this document 
  • While providing patient information, remove patient identifying information (as provided in the list below), if it is not necessary to be provided 
  • Will ensure that there are appropriate means of informing the patient of policies relating to her/his rights to health record privacy 
  • Document all its privacy policies and ensure that they are implemented and followed. This will include: 
  • Develop internal privacy policies 
  • Ensure implementation of privacy policies, audit and quality assurance 
  • Provide privacy training to all its staff 
PRIVILEGES OF PATIENT OR PERSONAL REPRESENTATIVE
Patient will have the privilege to carry out the activities detailed below, personally, or through their appointed representative.
  • Patients can demand from a healthcare provider a copy of their medical records held by that healthcare provider, which should be provided within 30 days of receipt of communication of request. 
  • Patients can demand from a healthcare provider that stores/maintains his/her medical records, to withhold, temporarily or permanently, specific information that he/she does not want disclosed to other organizations or individuals. 
  • Patient can demand information from a healthcare provider on the details of disclosures performed on the patient’s medical records for any reason whatsoever. When demanded, following details are to be provided for each instance of disclosure: 
  • Date of the disclosure 
  • Name and address of the entity or person who received the information 
  • Brief description of the medical information disclosed 
  • Brief summary of the purpose of the disclosure 
DENIAL OF INFORMATION
Healthcare provider will be able to deny information to a patient or representative or third party, in contravention of normal regulations, if in the opinion of a licensed healthcare professional the release of information would endanger the life or safety of the patients and others. This will include but not be limited to as follows:
  • Information obtained from an anonymous source under a promise of confidentiality. 
  • Psychotherapy notes. 
  • Information compiled for civil, criminal or administrative action. 
ELECTRONIC MEDICAL RECORDS PRESERVATION
Preservation of medical records assume significant importance in view of the fact that an electronic health record of a person is an aggregation of all electronic medical records of the person from the very first entry to the most recent one. Hence, all records must compulsorily be preserved and not destroyed during the life-time of the person, ever.
 
Upon the demise of the patient where there are no court cases pending, the records can be removed from active status and turned to inactive status. HSPs are free to decide when to make a record inactive, however, it is preferable to follow the “three (3) year rule” where all records of a deceased are made inactive three (3) years after death.
 
It is however preferred, and the HSPs are strongly encouraged to ensure, that the records are never be destroyed or removed permanently. The health of the blood relatives and natural descendants of the person can be strongly influenced by the health of the person and on-demand access to these may prove to be hugely useful in the maintenance of the health of the relations.
 
Furthermore, analysis of health data of all persons is expected to greatly benefit in the understanding of health, disease processes and the amelioration thereof.
 
With rapid decline in costs of data archiving coupled with the ability to store increasing amounts of data that may be readily accessible, continued maintenance of such data is not expected to lead to any major impact on the overall system maintenance and use.
 
PATIENT IDENTIFYING INFORMATION
 
Data are "individually identifiable" if they include any of the under mentioned identifiers for an individual or for the individual's employer or family member, or if the provider or researcher is aware that the information could be used, either alone or in combination with other information, to identify an individual. These identifiers are as follows:
 
  • Name 
  • .Address (all geographic subdivisions smaller than street address, and PIN code) 
  • All elements (except years) of dates related to an individual (including date of birth, date of death, etc.) 
  • Telephone, cell (mobile) phone and/or Fax numbers 
  • Email address 
  • Bank Account and/or Credit Card Number 
  • Medical record number 
  • Health plan beneficiary number 
  • Certificate/license number 
  • Any vehicle or other any other device identifier or serial numbers 
  • PAN number 
  • Passport number 
  • AADHAAR card 
  • Voter ID card 
  • Fingerprints/Biometrics 
  • Voice recordings that are non-clinical in nature 
  • Photographic images and that possibly can individually identify the person 
  • Any other unique identifying number, characteristic, or code 
APPLICABLE LEGISLATION
The existing Indian laws including IT Act 2000 and their amendments from time to time would prevail. ( http://deity.gov.in/content/information-technology-act-2000).

  • PUBLISHED DATE : Jun 03, 2015
  • PUBLISHED BY : NHP CC DC
  • CREATED / VALIDATED BY : NHP Admin
  • LAST UPDATED ON : Jan 10, 2017

Discussion

Write your comments

This question is for preventing automated spam submissions