Patients will benefit from health care providers having access to their test results when they are needed, where they are needed, reducing redundant tests and reducing wait times. Health Care Providers (Radiologists, Technologists, referring Clinicians, Clinical Specialists) will have access to read and consult on digital diagnostic images taken anywhere in the province in a timely manner resulting in reduced errors, reduced turnaround time and improved patient care.
Clinical Information Systems provide the ability to input patient health information on line and improve access to patient information across health care sites. These systems optimize the use of limited radiologist and other clinical resources, using technology that allows them to provide support to remote, rural, and urban communities, regardless of their physical location, resulting in reduced turn-around times for test results, and the potential to reduce waiting lists.
An Electronic Health Record is designed to facilitate the sharing of data between clinics, hospitals, pharmacies and other points of care, with the objective to securely get the right information to the right person at the right time. Privacy, security and confidentiality of patient data are critical to the implementation of any system that utilizes that data.
Manitobans expect their personal health information to be properly protected and access to the information to be properly controlled.
Manitoba eHealth believes privacy must be respected, that personal health information is protected and confidentiality maintained.
Manitoba eHealth will build systems to respect patient privacy through protecting data from unauthorized access and auditing its use.
Manitoba eHealth performs a Privacy Impact Assessment (PIA) on all projects that involve personal health information. A PIA identifies privacy risks and provides strategies to mitigate those risks.
Today, each region has its own privacy policies based on the Manitoba Legislation (PHIA, FIPPA). Manitoba eHealth intends to create a Security and Privacy Council (SPC) to ensure policies support compliance with legislation and industry best practices to securely share data across Manitoba’s health sector.
Manitoba eHealth is developing a Security Management Framework that will improve the security postures of the Manitoba healthcare sector by establishing a province-wide IT Security Management Framework for the healthcare sector. The framework will establish a series of projects to move the Manitoba healthcare sector to this target state. It will also ensure the security controls to be implemented and managed by the regional authorities are aligned with the requirements of legislation (e.g. PHIA, FIPPA) and industry best practices (e.g. ISO/IEC 17799:2005, ISO/IEC 27001:2005, draft ISO/DIS 27799).
The EHR will contain a number of security services that will work in layers to protect the personal data. For example, the access control services and audit services will ensure that only authorized users have access to appropriate data and that all transactions on that data is audited. Another example is a patient’s identity data will be stored separately from their health information, which will be stored in multiple repositories, linked together by an internal index. Only the system can access the index, and without the index, individuals cannot be linked to their healthcare records.
Manitoba eHealth will create an ongoing information security and awareness training program for the healthcare sector that would train staff, management and other stakeholders in the information security goals, policies, and acceptable practices.
Manitoba eHealth plans to harmonize the existing Threat Risk Analysis Plans and Vulnerability Management Plans that exist in the regions to ensure the assessments are conducted using a consistent methodology throughout the health sector to improve the security on critical assets.
Manitoba eHealth’s EHR systems will restrict access to information to a limited number of known and authorized individuals and keep it secret from anyone else. This includes information residing in, or in transit by the EHR system.
Manitoba eHealth is investigating ways to allow patients to restrict access to certain portions of their health information and to give instructions to their healthcare provider about the circumstances under which the information can be shared with other healthcare providers.