access to phi & emr: indian healthcare-it ecosystem
TRANSCRIPT
1
Demonstration of Health - IT Benefits: Access to PHI in India
Presented by
Mr. Amitava ChakrabortyIPR, Space Law & Health-IT Consultant (India,
US, EU)[email protected], +1-408-663-7962
& Advocate Bagmisikha Puhan
IPR Consultant, India
2
When a patient gives personal health information to a healthcare provider, that becomes Protected Health Information (PHI)
PHI Includes:• Verbal information • Information on paper• Recorded information • Electronic information (faxes,
e-mails)PHI can be used or disclosed for
• Treatment, payment, and healthcare operations
• With authorization/agreement from patient
• For disclosure to patient PHI can be used/disclosed without authorization for the following reasons:
• To inform appropriate agencies• Public health activities related to disease
prevention/control , • To report victims of abuse, neglect or domestic
violence • To funeral homes, tissue/organ banks• To avert a serious threat to health/safety
3
1
Diagnosed with Depression
2
3
Received free samples of anti-depressant medications via e-mail
Breach of Confidentiality and Patient Privacy
4
Intended Purpose
• PHI is sensitive personal information, the flow of which is to be made for an intended purpose, only after valid consent of the individual.
• The purpose and the usage of the PHI must be clear to the understanding of the individual, and the consent must then be obtained.
• The covered entities must ensure that the individual is aware of the intended recipients of the PHI.
The above are the most the basic security and privacy rules of adherence.
5
Security and Privacy Standards
• Privacy refers to the authorization of the patient for obtaining, retaining, managing, and transmitting of the data.
• Security refers to the encryption of the data, while retaining, managing, and transmitting of the same to the intended recipients.
• The minimum standards of confidentiality requires that the PHI is reduced to de-identified data. – the identity of the owner of the data should not be tied
to the information which flows from one stakeholder to the other.
6
Reasonable Measures
• Sharing and transmitting of the PHI is inevitable in this Health-IT environment.
• Reasonable efforts to safeguard the identifiable information available with the stakeholders is a mandate and a necessity. – Extends over to the handling of the data, and
the transmitting of the data, over a period of time.
7
Solution Includes:• e-PHI implementation on a secure channel
• computer-implemented cloud based EMR
management on a heterogeneous health
environment
• Authentication based PHI sharing b/w
covered entities
• Designing of a Risk Adjusted Payment
model/system in the healthcare network
• Implementation of State defined privacy and
confidentiality clauses.
US2014297320
US2014150077A1
8
US20040078229
9
THANK YOU
Mr. Amitava ChakrabortyIPR, Space Law & Health-IT Consultant (India,
US, EU)[email protected], +1-408-663-7962
(CA, USA)
&
Advocate Bagmisikha PuhanIPR Consultant, India