Skip to main content

Managing Confidentiality in the Independent Private Hospital Sector




Managing Confidentiality in the Independent Private Hospital Sector

Guidelines for private health practitioners, staff, students and patients

Introduction
It is vital that all who work in the private health sector have a practical understanding of how to maintain confidentiality. Privacy and confidentiality are terms often used interchangeably. Privacy concerns the practices of government agencies e.g. a Hospital, whilst confidentiality concerns the actions of individual staff.

Privacy is the right of individuals to keep information about themselves from being disclosed; that is, our patients and parents (forthwith referred to as patients) are in control of access to themselves or information about themselves. Patients decide who, when, and where to share their health information.

Confidentiality is how, as staff employees, take care of private information once it has been disclosed. This disclosure of information results from a relationship of trust; it assumes that health information is given with the expectation that it will not be divulged except in ways that have been agreed upon, e.g. for treatment or payment of services.

Please refer to UNAPH Policy Manual for policies specifically related to Privacy as this brochure includes more general information about what is confidential information and outlines your responsibilities.

All information supplied by patients and other information that is used in daily work must remain confidential.

Patient Information
Information provided by patients enables health care providers to care and treat them in the most appropriate manner. In order to facilitate this, patients must feel comfortable divulging personal and sensitive information to these staff. If patients do not feel comfortable, there is a risk that important information may not be disclosed, thus compromising care of the patient.

Patients may not want their friends or relatives knowing that they are a patient of a particular clinic so staff must be discreet with this information. In the same way, staff who have children or relatives who are patients of a particular clinic also expect all staff to be discreet.

Hospital information
Other information created or received by a hospital also needs to be treated confidentially. For example, information contained in human resource notes, meeting minutes or tender submissions must be treated confidentially. There are many hospital databases (both department based and hospital-wide) which include patient and staff information. Access to these databases is privileged and must not be abused in order to obtain information that is not relevant to your work. Please refer to the ICT Security policies for further information.
All types of information whether it is stored in hard copy or electronically must be treated with sensitivity and discretion.

Acting responsibly
You are in a position of trust working at a hospital where privileged personal information is collected and recorded for a variety of required purposes. You may also encounter a patient whom you already know as part of your role. However, you may not have known that patient was here had you not been working there. It is important to remember that some information only became known to you during your course of employment at a hospital. That information is confidential and must not be discussed other than in the course of your work when relevant to the performance of your role. Staff should refer to the Hospital Code of Conduct in the Policy Manual for guidance in this matter.

Implications
Failure to handle confidential information in a sensitive and discreet fashion will diminish patient trust. Unnecessary embarrassment or suffering may be caused or patients may no longer give staff relevant information needed for care and treatment. In some instances, patients may believe they can no longer use private health services. Patient care is at risk. Inappropriate use of this information will undermine the Hospital and other staff and imply that other staff are indiscreet and that the Hospital is not committed to protecting patient information from unauthorized disclosure.

The Health Records and Information Privacy Act both allow for fines to be allocated to individuals and institutions that breach this legislation. A hospital employee may also be instantly dismissed for a flagrant breach of confidentiality.

Maintaining confidentiality
There are a number of practical steps that can be taken to ensure you preserve confidentiality of information. You can also reassure patients that their personal information is treated with sensitivity and discretion in the way you handle their information. Listed below are some examples:
At work:
·         Handle medical records as confidential documents. Don’t leave them in the corridor or take them to the cafeteria. Don’t leave them on display in public areas or in an area that is unattended by staff.

·         Be discreet when discussing patients and their personal details. Don’t hold the discussion in front of others who are not involved with the patient’s care and refrain from discussing patients when it is not relevant to their care.

·         Make sure you have the Hospital Privacy Matters screen saver installed, and a short time set prior to commencement.

·         The lockable security bins must be used for disposal of paper based confidential information.
·         If you believe confidentiality is being breached in any way by any staff, please inform your Manager or the Hospital Privacy Officer.
·         Check that fax numbers and emails are correct before sending confidential information.

·         Be aware of what might be heard by callers when using the phone that is not appropriate: put them on hold if necessary.

·         Do not disclose your co-workers private information with staff or patients unless permission has been sought.

·         Information can be sent to other health care providers for ongoing patient care, whilst obtaining consent where appropriate.

At home:
·         Do not discuss with family or friends a hospital’s patients details and if asked inform them that you are not permitted to disclose any information. This includes patient names.

·         Do not discuss patient information with the media and follow Hospital Policy in regard to any interactions you have with them.

Maintaining patient and hospital confidentiality doesn’t require lots of effort, it should be second nature. All staff have an obligation to act responsibly when we have privileged access to, or knowledge of, confidential information.

Protection and Use of your Healthcare Records
The basic information about laws and principles that determine:
.                      •           The privacy and confidentiality of health care records
.                      •           Rights to access health care records
.                      •           Rules about the use and disposal of health care records.

As these laws and principles cover many issues, this is a summary of the main points only. It relates principally to private hospitals, extended care services and some public community and residential services. However, many of the issues discussed here also apply to other health care services.
While information about patients may be used to help improve treatment and outcomes, this must be done in an ethical way that strictly conforms to the law. If you, a member of your family or a caregiver have any questions about privacy, confidentiality or access to personal information, please ask a member of your health care team or the patient representative. They will be able to answer questions from you, relatives or friends. This contains a summary of the rules concerning use of, access to and disposal of your health care records and the privacy and confidentiality issues relating to this. Updates may become necessary as laws and guidelines are introduced or changed.
What information is collected and why
During your diagnosis and treatment, doctors, nurses and other health care professionals will need to collect information about you, your condition and the outcomes of treatment. This information is important because it will assist in planning your treatment during your stay and after discharge. For example, information may be collected about your age, your symptoms, any medications you may be taking, past illnesses which play a role in your current condition, health risks (such as smoking, weight and family history), test results (such as X-ray examinations), your treatment and recovery.
How information is used
Information relating to your health care may be shared with other health care professionals within the treating health service, according to standards set by law, so they can plan your treatment with you. It may also be shared with other health care services, outside the health service you are treated at, when you are discharged so that your care and treatment can be continued. The information is then kept and securely stored because doctors and other health care professionals may need to review it if you need more care at a later date. Other health care services that you attend in the future may ask for access to this information to assist with planning your care.
If you have any concerns about your information being shared with other health care services, you should speak to a member of your health care team or the patient representative.
Other Uses to Improve our Healthcare System
Information relating to your healthcare is also important because doctors, other health care professionals and hospitals often need to determine the effectiveness of a particular investigation or treatment. Or they may study other issues about treatment, such as possible side effects, complications or costs. They may use this information for planning, evaluation, and other quality improvement activities. All of these activities benefit the community because they lead to great advances in health care.
Health service staff and other researchers may also use this information for research purposes. In most cases, the information will be de-identified (i.e. information which may identify you personally is removed). Private hospitals and other health care services review proposed research projects to ensure that they are ethical and that patient privacy and confidentiality are protected.
In addition, some de-identified information may be passed from your hospital or other health care service to the Ministry of Health (MOH). Rather than being used for personal treatment and care, the information is used to compile results about the health care outcomes of diagnosis, treatment and related issues. This is important for funding, planning and improving health care quality. The Ministry of Health is interested in health care information that assists with the provision of improved services, not details which could be used to identify a specific person.
The law also requires that certain information about patients who have specific conditions and treatment (for example, some infectious diseases and types of cancer) must be reported to databases or registers maintained by the Ministry of Health or other health care bodies. Private hospitals and other health care services must follow these legal requirements. Patient information recorded on these databases and registers is kept strictly confidential.

Laws and Principles that Protect Patient Information
Laws that protect patient information have been written with two key principles in mind:
1. To protect the confidentiality of patients’ health care information.
2. To allow the gathering and use of important health care information to ensure that safe and effective treatment can be provided, and where there is a public interest in its collection and use, such as facilitating improvements to our health care system.
All health service providers and those who collect identifying health information about you must comply with the Health Privacy Principles.
In addition, private hospitals and community health centres have additional legal obligations to protect the confidentiality of patient information. Information that identifies patients cannot be disclosed to third parties except in limited circumstances, such as:
§  when the patient agrees to disclosure of the information
§  if the patient has died, the senior next–of-kin agrees to disclosure
§  for further medical treatment
§  for research, if the research project is permitted by law and is approved by the hospital’s ethics committee, in accordance with guidelines on the ethical conduct of research
§  to a court in criminal proceedings, or
§  in other limited circumstances.

Special rules also govern the disclosure of information by mental health services. If you are receiving mental health services from a public hospital, your health information is specially protected under the law.
Health care services that receive funds from the Ministry of Health must strictly follow the Health Privacy Principles and other relevant laws to ensure the protection of personal and health information.
For more information about what happens to your health information at the particular hospital at which you are receiving services, contact the hospital’s privacy officer or patient representative.
Your Right to Access your Information
Your health care team is the best source of information about your medical condition and treatment. If you want access to information that may have been collected and compiled in the course of providing your care, ask your health care team or the patient representative.
The Freedom of Information and the Health Records Laws give you a right to access information about your health care held in the public and the private sectors. On reviewing the records, you can also ask for amendments to be made if the records contain information that is wrong or inaccurate.
The Freedom of Information Law applies to all private hospitals, public hospitals, Ministry of Health and other public health care services.
A request for access to information held by such organizations can be handled informally or formally as a request under the Freedom of Information (FOI) Law. The access provisions of the FOI Act impose formal processes for responding to access requests. While these apply to the vast majority of applications, it is recognized that in some limited circumstances, such a process is neither necessary nor appropriate.
The hospital may therefore provide you with access to your health information without requiring a formal FOI request if all of the following apply to that information:
§  it is easy to find and retrieve, and
§  it is small in volume, and
§  it is easily separated from other information which may be exempted by law from release.

If you seek access to your information through FOI, a special application form may be needed. You may have to pay a fee, especially if photocopying is required; so discuss whether a fee will apply and how much it is likely to be. The patient representative will assist you. If your request for specific information is refused, you can ask for a review of the decision. The patient representative or freedom of information officer will explain the steps you may wish to take.
The Health Records Law governs your access to information held by private sector health service providers, such as general practitioners (GPs), private specialists, dentists,
physio-therapists etc, as well as by all other private organizations which don’t provide a health service but still collect health information, such as insurance companies, sporting clubs and employers. A fee for access may be charged. Requests for access should be made to the health service provider directly.
In some cases, you may not want to access your health information yourself, but want it to be made available to another health service provider. Both public and private sector health service providers are obliged by health privacy principle of the Health Records Laws to provide a copy or a written summary of such information to another health service provider at your request. You can also authorize the other provider to make the request on your behalf.
Disposal of Healthcare Records
The information about you that health care professionals have collected and recorded must be securely stored. It can only be destroyed according to the binding standards set by the Health Privacy Principles or by other laws such as the Public Records Laws, which apply to public sector organizations. The Ministry of Health and the Public Records Office may produce the Public Health Services Patient Information Records General Disposal Schedule and guidelines that specifies the period of time for which records of patients in private and public hospitals must be retained. Most patient records may be kept for a minimum of seven years. However, for most hospital admissions, the main patient record may be kept for a minimum of fifteen years and some types of documents may be permanently retained by health care services. You may ask the freedom of information officer for further details, if necessary.

Further advice
For further advice, speak with the patient representative or the freedom of information officer. The following information can be obtained from libraries or the internet:
§  Information about the Health Privacy Principles and the Health Records laws
§  Public Health Services Patient Information Records General Disposal Schedule Guidelines
§  Information on patients’ rights provided by the Ministry of Health, including the Private Patients’ Hospital Charter

Complaints
If you have a complaint that concerns privacy or confidentiality, you may contact your health care provider, the patient representative, the freedom of information officer or the chief executive of your private healthcare unit. If the complaint is not resolved, you can contact the Ministry of Health, private facilities Commissioner. The office will investigate complaints about health care providers and the handling of health information and assists in resolving disputes.
Names of Acts
Laws that define or affect privacy and confidentiality relevant to public health care agencies include:
§  Aged Care Law
§  Cancer Law
§  Freedom of Information Law
§  Health Act
§  Health Records Laws
§  Health Services Act
§  Infertility Treatment Laws
§  Medical Practice Act
§  Mental Health Laws
§  Public Records Laws




Uganda National Association of Private Hospitals (UNAPH),
www.unaph.org
www.ugandaprivatehospitals.blogspot.com
P.O.Box 29324 Kampala, Uganda
Email: unaph22@yahoo.com , unaphserv@gmail.com

Comments

Post a Comment

Popular posts from this blog

Private Health Insurance Guidelines

Private Health Insurance Guidelines Private Health Insurance is currently widely used by both formal and informal sector in Uganda, given its potential to improve access to healthcare, most people who purchase private health insurance find that they get good service from their health fund and have no problems when they need to use or claim on their insurance. However a percentage of subscribers find health insurance problems and Uganda National Association of Private Hospitals (UNAPH) receives inquiries and complaints almost every three months which has prompted us to advise a list of tips to help avoid problems with private health insurance. 1. Keep your Premium Payments up-to-date It is your responsibility to make sure that your premium payments are up to date and you remain financial with your health fund. Most funds require you to pay your premiums in advance. They will normally allow some leeway if you fall behind in your payments by up to a few weeks. However, f...
3 comments
Read more

Guidelines for Private Ambulance Services

  Guidelines for Private Ambulance Services Introduction In Uganda, it has increasingly become popular for politicians and other people to donate ambulances to their people. Some health officials have been concerned of politicians donating to their constituencies ambulances they have termed as sometimes substandard. Ambulances are not ordinary cars. An ambulance is not the word on top, but it's the service and content inside that vehicle, an ambulance must have life-supporting machines, provisions for blood transfusion, oxygen, fluids and a driver with defensive driving skills so that the life of a patient is sustained while on transit to a health facility. Besides, even most private health centers have been purchasing and installing ambulances in their facilities without following the recommended guidelines for this emergency field of medicine. These guidelines are for implementation by any private sector organization or institute, operating or intending to op...
1 comment
Read more

Central Medical Store (CMS), Uganda

Central Medical Store (CMS), Uganda Central Medical Stores (CMS) will be one of the supporting units under Uganda National Association of Private Hospitals (UNAPH) to specifically serve its members i.e independent private hospitals and clinics in Uganda. It will be responsible to ensure the continuous supply of good quality Pharmaceuticals, Medical Supplies and Laboratory Supplies, through timely cost effective procurement. The Central Medical Stores will enter into maximum price contracts with Pharmaceutical Manufactures and suppliers to provide Medical and Pharmaceutical supplies. These supplies will be distributed adequately and efficiently to private Health Facilities. Mission ; To ensure the continuous supply of quality Pharmaceutical and Related Medical Supplies in the Private-for-Profit (PFP) hospital sector through: efficient processing of requisitions, procurement, storage and distribution in accordance with the National Drug Authority. Vision: We envision a...
2 comments
Read more