demonstration of health - it benefits: access to phi in india
DESCRIPTION
Explains about PHI, what PHI includes, how PHI can be used or discolsed for treatment, payment and healthcare operations and how to receive medications via e-mail. For more information visit: http://www.transformhealth-it.orgTRANSCRIPT
1
Demonstration of Health - IT Benefits: Access to PHI in India
Presented by
Mr. Amitava ChakrabortyIPR, Space Law & Health-IT Consultant (India,
US, EU)[email protected], +1-408-663-7962
& Advocate Bagmisikha Puhan
IPR Consultant, India
2
When a patient gives personal health information to a healthcare provider, that becomes Protected Health Information (PHI)
PHI Includes:• Verbal information • Information on paper• Recorded information • Electronic information (faxes,
e-mails)PHI can be used or disclosed for
• Treatment, payment, and healthcare operations
• With authorization/agreement from patient
• For disclosure to patient PHI can be used/disclosed without authorization for the following reasons:
• To inform appropriate agencies• Public health activities related to disease
prevention/control , • To report victims of abuse, neglect or domestic
violence • To funeral homes, tissue/organ banks• To avert a serious threat to health/safety
3
1
Diagnosed with Depression
2
3
Received free samples of anti-depressant medications via e-mail
Breach of Confidentiality and Patient Privacy
4
Intended Purpose
• PHI is sensitive personal information, the flow of which is to be made for an intended purpose, only after valid consent of the individual.
• The purpose and the usage of the PHI must be clear to the understanding of the individual, and the consent must then be obtained.
• The covered entities must ensure that the individual is aware of the intended recipients of the PHI.
The above are the most the basic security and privacy rules of adherence.
5
Security and Privacy Standards
• Privacy refers to the authorization of the patient for obtaining, retaining, managing, and transmitting of the data.
• Security refers to the encryption of the data, while retaining, managing, and transmitting of the same to the intended recipients.
• The minimum standards of confidentiality requires that the PHI is reduced to de-identified data. – the identity of the owner of the data should not be tied
to the information which flows from one stakeholder to the other.
6
Reasonable Measures
• Sharing and transmitting of the PHI is inevitable in this Health-IT environment.
• Reasonable efforts to safeguard the identifiable information available with the stakeholders is a mandate and a necessity. – Extends over to the handling of the data, and
the transmitting of the data, over a period of time.
7
Solution Includes:• e-PHI implementation on a secure channel
• computer-implemented cloud based EMR
management on a heterogeneous health
environment
• Authentication based PHI sharing b/w
covered entities
• Designing of a Risk Adjusted Payment
model/system in the healthcare network
• Implementation of State defined privacy and
confidentiality clauses.
US2014297320
US2014150077A1
8
US20040078229
9
THANK YOU
Mr. Amitava ChakrabortyIPR, Space Law & Health-IT Consultant (India,
US, EU)[email protected], +1-408-663-7962
(CA, USA)
&
Advocate Bagmisikha PuhanIPR Consultant, India