Aninteresting article on the Medico-Legal and Privacy aspect of the PCEHR from aPartner at HollmanWeb Lawyers has come to hand.
The articleis entitled:
Update on Personally Controlled Electronic HealthRecords
It is foundon Page 6 of their August 2011 Health Law Bulletin.
Key for theblog are medico-legal and privacy issues raised by Alison Choy Flannigan who isa Partner with the firm.
Under theheading of Medico-Legal we read about the sorts of issues that need to beconsidered by practitioners:
- “If a medical practitionerconsults with a patient and is negligent in entering information onto thePCEHR, there are more clinicians relying upon it, so the potential for liabilityfrom a negligent assessment of a patient or negligently prepared medical recordincreases.
- Health professionals must bemindful that the PCEHR is not a complete medical record and must continue to be vigilant in continuing toobtain independent information from patients. Information may be excluded fromthe PCEHR at the request of a patient and missing information is unlikely to beflagged.
- If a medical practitioner hasrelied upon information on the PCEHR which is incorrect, then the medical practitionerwill need to track the author of the original information to join as across-defendant.
- If a patient instructs a medicalpractitioner not to include information on the PCEHR then the medicalpractitioner will be under an obligation to inform the patient the risks andconsequences of this.
- Direct access to a medical recordmay be denied if providing access would pose a serious threat to the life orhealth of any individual. In those cases, the patient is usually providedaccess through another medical practitioner. If consumer access requests aredealt with centrally, measures should be implemented to ensure that a clinicalassessment is made in relation to whether or not a patient's request for accessor information could pose a serious threat to the life or health of anyindividual. Arguably such information should not be included in the PCEHR.
- Often a request for access can bean indicator of a potential claim which can be resolved quickly by the clinicianby early discussions with the patients. There should be a mechanism so thatrelevant clinicians are informed if there is a potential claim early.”
Under theheading of Privacy Issues we read:
“There arealso a number of privacy issues, including:
- Obtaining adequate privacy consent frompatients;
- Ensuring that the systems can accuratelyimplement the consent options of patients, such as limiting access or prohibitingaccess to the PCEHR to health professionals nominated by patients.
- Ensuring that only information which is requiredto provide treatment for the patient is collected.
- Privacy issues if the system involves a numberof system vendors and subcontractors or cloud computing.
- Uniformity of the usage of medical terms and abbreviationsand clear handwriting is preferred to protect data quality.
- Clear understanding of the information flows andpotential for leakage of personal health information to unapproved persons oroverseas.
- Data security issues.
- Patient and participating health professionalidentification and verification issues.
- Education and training of participating health professionals.”
You canaccess the full bulletin from this link
The full articleprovides lots of context on the PCEHR and the full bulletin is well worth aread.
Thecomplexity of this issues raised only suggest to me we have more than a little way to go in education consumers andclinicians on their responsibilities and obligations - and indeed I am not atall sure some of the points can actually be satisfactorily addressed.
I have to sayit is good to find some insightful coverage on these areas of the PCEHR.Readers who need advice in the PCEHR domain could clearly do worse than consultthis team! That might include more than a few worried clinicians to judge fromthe issues raised!
David.