Patient access to general practice electronic health information and interaction with their health care team via patient portals

The Royal New Zealand College of General Practitioners VERSION 1.0 DECEMBER 2014 Patient access to general practice electronic health information and interaction with their health care team via patient portals Guidance for PHOs and general practices The Royal New Zealand College of General Practitioners Expert Advisory Group on Patient Portals

2 Patient Portal Expert Advisory Group Susan Wells (Chairperson) Karl Cole John Morgan Maree Munro Ashwin Patel Matthew Stokes Andrew Terris Jo Fitzpatrick Jeanette McKeogh – Project Sponsor Joanna Parry – Project Administrator

3 Preface Patient access to electronic health records – A consumer view Trust me, I’m a doctor. And we do. Doctors and nurses feature in the 2014 Readers Digest top ten most trusted professions in New Zealand and have been polling this way for many years. As the 2014 commentary states “we place our lives in their hands. We trust them because of their ‘degree of training and dedication to preserve our quality of life.’” This paper provides guidance for health practitioners as they introduce access to electronic information, and a new means of communication and interaction with health services, to their consumers via a patient portal.

It is timely to consider the impact of the introduction of a patient portal into a clearly important and trusted relationship for many New Zealanders. First, do no harm... The possible harms are outlined in this paper: concerns over privacy and security; the challenges of health literacy for a lay population; an increase in workload and demand on services for health practitioners; and the possibility of increasing disparities in health as New Zealanders who would most benefit are not able to access this new intervention. These are all legitimate concerns, some better founded than others and they are all able to be addressed to some degree.

Consumers trust their health practitioners to see to the IT and technical aspects of privacy and security. The safeguard from a consumer point of view will be found in the transparency of the system – a clear briefing on where their information is stored, its potential uses to deliver quality care for them and others like them, the ability to access their information at any time and most importantly, the ability to see who else has accessed their information. This latter provision is both the most contentious and the most important. It is not that consumers do not trust health practitioners.

They want to know who is on their care team and what role those people play. In fact, many consumers are staggered to discover that the ability to share information amongst health practitioners is not widely available. The Shared Care portal in Auckland has this facility and enquiries to date have sought information rather than express outrage or accusation. It is sad that the most publicised breaches of trust have been unauthorised access and use of consumer health information. This provision addresses that issue.

Consumer health literacy is important. The paper reinforces the need for appropriately complex medical terms to address clinical requirements. While that need remains, the much maligned Doctor Google is testament to the fact that people are hungry for health information. Dr Google has no quality controls and leads people down some very strange garden paths. The opportunity provided by a patient portal is to link consumers to trusted sites and reliable consumer health information - which is personally relevant to them and their health. This is likely to increase the quality of health care relationships.

Consumers are aware of the pressures and limitations on their health practitioners. They commonly express concerns about ‘wasting the doctor’s time’ or ‘not wanting to bother the doctor’. Consumers are keenly aware of the time limits imposed on consultation times in primary care. A patient portal

4 encourages the development of a partnership approach. Consumers can follow up and prepare for consultations or gain a greater understanding of their medications, using accurately recorded information rather than relying on memory and impressions of a doctor’s visit.

The digital divide is real but decreasing. Recent data (2012) reveals 80% of New Zealand households have access to the internet and there are 4.9 million mobile phones for a population of 4.43 million. (Statistics NZ 2012.) New Zealanders now own more mobile phones than there are people and ownership crosses all population groups. Clearly part of the solution is to ensure access using mobile technology.

The paper does not deal with the harms of NOT offering a patient portal to health consumers – the harms of ‘business as usual.’ Most health consumers and particularly those with long term conditions and/or heavy users of health services have patient stories on ‘business as usual.’ For many consumers, business as usual is:  Old fashioned – appointments need to be made during business hours.  Inconvenient– the need to attend appointments during business hours.  Disrespectful– waiting times are longer than appointment times.  Demanding – prescription refills are a chore, problems need to fill a short time frame.

Tedious – covering the same information with a number of health practitioners or service providers.

Compartmentalised – dealing with health problems and bits of body not all of me.  Uncoordinated – multiple appointments for different symptoms with the same cause.  Inefficient – the ‘right hand not knowing what the left hand is doing.’  Mysterious – uncertainty about what the pink pills are actually treating, what the doctor meant.  Dangerous – missed or clumsy connections transferring across services. Many health practitioners also share these frustrations. While patient access to electronic information and interaction with health care services via patient portals can’t address them all, they do have the potential to change the face of primary health care and bring consumers and their doctors closer together.

As a New Zealander, my vision is to see doctors in the top three most trusted professions. This paper is a pathway to a better future for us all. A future which is in your hands – uptake of a patient portal is most strongly influenced by a trusted health professional who simply offers them the opportunity to connect and be informed via this medium. The possibilities are great and the journey will be taken in small steps. The first step is for you to offer me access to a patient portal. I trust you will have the courage to do that. Jo Fitzpatrick

5 Contents Contents Preface ___ 3
Introduction ___ 7
What is the status quo ___ 7
What is a patient portal ___ 7
Aims of this document ___ 8
Scope ___ 8
Methods ___ 8
Potential benefits and risks of patient portals ___ 9
Evidence for patient and provider benefits and risks ___ 10
Impact on patient-provider partnership ___ 10
Health impacts of portals on patients ___ 11
Work impact of portals for providers ___ 11
Disparities of adoption ___ 12
Getting ready for patients to access medical records ___ 13
PHO strategies to support portal implementation ___ 13
Health information availability ___ 14
Privacy, confidentiality and security of health information ___ 15
Significant privacy impacts of patient portals – a guide for practices ___ 15
Rule 1.

Purpose of collection of health information ___ 16
Rule 2. Collection from the source of health information ___ 16
Rule 3. Collection of health information from the individual ___ 17
Rule 4. Manner of collection of health information ___ 17
Rule 5. Storage and security of health information ___ 17
Rule 6. Right of access ___ 19
Rule 7. Correction of health information ___ 19
Rule 8. Accuracy of health information-check before use ___ 20
Rule 9. Retention of medical records ___ 20
Rule10. Limits on use of health information ___ 20
Rule 11. Limits on disclosure ___ 22
Rule 12: Unique identifiers .

6 Common issues to be addressed ___ 22
Security, registration and authentication ___ 22
Informing patients of implications of record access ___ 23
Patient sharing record with someone else ___ 24
Correction of record-accuracy of record ___ 24
Patients contributing to record ___ 25
Writing clinical notes ___ 25
Laboratory results ___ 26
Online communication ___ 26
Third party data or other data that the health professional wishes to remain confidential ___ 27
Children ___ 28
References . . 29

7 Introduction Many consumers have considerable experience with online transactions including shopping, banking, travel reservations and even higher education.

However, health care services have been slow to embrace the opportunities afforded by the internet and electronic media to enable people to look after their health in a similar way. Over the last decade, new technologies have been developed to allow patients to view their medical records via secure internet portals. These patient portals have been advocated as a path towards improving the quality and safety of health services. They promote patient engagement in their own care, allow patients to be well-informed of their health care needs and facilitate a more collaborative partnership with their health care team.1,2 The National Health Information Technology (HIT) plan includes the concepts of three portals; a selfcare portal, a maternity portal and shared care portal for patients with complex chronic disease.3 The plan has an aspirational goal that by the end of 2014: “New Zealanders will have a core set of personal health information available electronically to them and their treatment providers regardless of the setting as they access health services.” 4 What is the status quo? Patient access to their own health records is a fundamental patient right enacted in the Privacy Act 1993 and Health Information Privacy Code 1994.

A patient who requests their health information is given access within 20 working days usually without charge, and in a form that the individual prefers.5 However, as these records have been paper-based or ‘locked up’ within health services’ electronic health record (EHR) systems, patient access has been relatively uncommon due to logistic and structural barriers.

What is a patient portal? Given confusion around the term, we use the same definition from Wikipedia as provided in a recent review of patient portals that have been developed in conjunction with New Zealand GP patient management systems:6 “Patient Portals are health care related online applications that allow patients to interact and communicate with their health care providers, such as physicians and hospitals. Typically, portal services are available on the Internet at all hours of the day and night. Some patient portal applications exist as standalone websites and sell their services to health care providers.

Other portal applications are integrated into the existing website of a health care provider. Still others are modules added onto an existing electronic medical record (EMR) system or PMS. What all of these services share is the ability of patients to interact with their medical information via the Internet. Currently, the lines between an EMR, a personal health record, and a patient portal are blurring.” As highlighted in this definition, patient portals are an evolving intervention that allows a patient to interact with their health information and their health care team via the internet.

There is a variety of ways a portal can be implemented and the extent of health service data that they have available.

8 For example, some patient portals have been developed as an addition to a GP’s patient management system whereas others allow direct contribution from multiple sites and services (e.g. Shared Care Portal). In USA they are commonly defined as personal health records tethered or connected to a provider’s EHR.7 These portals are usually paired with secure messaging functions and the ability to request an appointment or a prescription refill. Irrespective of their architecture, patient portals represent a new way of patient-clinician interaction and concerns have been raised about their use.

Some of these include the privacy and security of online records, patient confusion caused by medical jargon or test results, the potential effect on doctors’ workload and whether disparities in access to electronic media may increase disparities in patient outcomes.

Aims of this document In April 2014, the Royal New Zealand College of General Practitioners (RNZCGP) convened an Expert Advisory Group for patient portals to scope out and develop a resource for general practices. The aim was to provide guidance to PHOs and their general practice teams seeking to implement patient portals and support their patients in the safe use of this technology. Scope This review aimed to find policies, guidelines, clinical protocols or codes of practice for the use of patient portals particularly for primary care services. The generated data was summarised and presented to the Expert Advisory Group at the first meeting.

The summary became the basis for discussion and the scope of this document. In particular, this guide will not include the various potential IT architecture or configurations, discuss vendor contracting or the business model that the practices/PHO might adopt for portals. Furthermore, this document will not cover “clinician to clinician” portals such as Summary Care Records or sharing other patient data between health services.

Methods The Chair of the Expert Advisory Group for Patient Portal, Sue Wells, undertook a literature review, searching electronic medical databases for the evidence for the impact of portals on patients, providers and health services. Grey literature was also retrieved. The latter included the websites of professional GP colleges including the American College of Physicians, Royal Australian College of GPs, Royal College of GPs (United Kingdom), Canadian Medical Association, the College of Family Physicians of Canada, as well as websites of the Medical Council of New Zealand, Medical Protection Society, the Office of the Privacy Commissioner, World Health Organisation, the Office of the National Co-ordinator for Health IT (US) and the Department of Health and Human Services (US).

To understand the work that had already been conducted in New Zealand regarding shared records and patient portals, the Chair also contacted the National Health IT Board, Patients First, Midland Health Network, Compass Health, Canterbury District Health Board and Pegasus Health. In addition she also communicated with experts in the United States, Australia, United Kingdom, Denmark and Sweden.

9 Potential benefits and risks of patient portals The adoption of patient portals imposes a significant change to ‘usual’ primary care practice and work flows. There are set-up and on-going costs with implementation and licensing as well as the initial burden of work involved for patient registration. Once portals are up and running in the practice, what are the expected potential benefits and risks? Table 1 includes the majority of the claims (potential benefits and risks) noted in the literature which are relevant to the New Zealand health care context. They are categorised according to positive or negative claims and whom these most affect – consumers, health professionals, population health/funders.1,2,8-13 Table 1: Potential benefits and risks of patient portals for consumers, health professionals, funders and society Potential benefits of patient portals Potential risks, concerns and challenges from patient portals Consumer, patients and their caregivers  Support wellness and self-management activities  Improve understanding of health issues  Increase sense of control over health  Increase control over access to personal health information  Support timely, appropriate preventive services  Support health care decisions and responsibility for care  Strengthen communication with providers  Improve relationship with providers  Verify accuracy of information in provider records  Support home monitoring for chronic diseases  Support understanding, appropriate and continued use of medications  Support continuity of care across time and providers  Avoid duplicate tests  Reduce adverse drug interactions and allergic reactions  Reduce hassle through online appointment scheduling and prescription refills  Increase access to providers via e-visits  Increase in patient confusion  Increase in patient anxiety  Risk of breaching privacy and security  Risk if patients use this mode of communication in times of emergency Health professionals  Improve access to data from other providers and the patients themselves  Increase knowledge of potential drug interactions and allergies  Avoid duplicate tests  Improve medication adherence  Provide information to patients for both health care and patient services purposes  Improve efficiency in providing patients with specific information or services (e.g., lab results, Rx refills, e-visits)  Improve documentation of communication with patients  Increase in workload with initial implementation  Increase in health professional workload with patient concerns and messaging queries  Increase in litigation  Risk of privacy and security breaches

10  Improve customer service (transactions and information)  Support wellness and preventive care  Improve workforce productivity  Encourages a more open and honest relationship with patients Funders/ Societal/ Population Health Benefits  Support wellness and preventive care  Improve workforce productivity  Promote empowered health care consumers  Strengthen health promotion and disease prevention  Improve the health of populations  Expand health education opportunities  Increase disparities due to differential uptake especially if do not address health literacy issues, special needs (visual, cognitive or physical limitations) and access to internet  Increase health care utilisation (e.g.

GP visits, hospitalisation and ED visits.) Evidence for patient and provider benefits and risks. Given the potential benefits and risks, evidence was sought from the literature looking at the impact of portals on patients and providers. Six recent systematic reviews were retrieved that focused on patient access to their electronic health records and e-communications with their health care team.9,14-18 The majority of the literature to date has come from qualitative analyses, cross-sectional surveys, or descriptive cohort studies. The most recent systematic review15 identified 20 randomised controlled trials published between 1970 and 2013.

The patient population of interest for nearly half of the controlled studies were patients with chronic diseases including diabetes, cancer, heart failure and high blood pressure.15 Existing literature showed that most patients are highly enthusiastic and positive about the opportunity to access their health records through patient portals.19 However, health professionals are far more reticent and usually express concerns that patients may be confused and overwhelmed by the medical jargon or that they will be bombarded by patients sending messages to them.20,21 Internationally and from early experiences in New Zealand, these concerns have not eventuated.28,29 Of note, Davis Giardina et al.(2014) found that there was no “evidence to substantiate any negative patient outcomes resulting from access to health information.” 15 In particular, access to a portal was not associated with an increase in patient anxiety.

From the Open Notes project conducted in three large US health care organizations, the majority of patients viewing at least one visit note reported that they:20  understood their health conditions better (77-85%)  remembered their care plan better (76-83%)  felt in more control of their care (77-87%)  were able to take better care of themselves (70-72%)  were better prepared for visits (69-80%)  would take medications better (60-78%). Impact on patient-provider partnership W. Edwards Deming (1900-1993), one of the pioneers of quality improvement, argued that “97% of what is important isn't measured or isn’t measurable.” Only proxy measures therefore are available to look at the impact of portals on the patient-provider partnership.

11 The most consistent finding is that allowing patients to read medical records leads to improved patient-provider communication.2,20 Patients being able to access their GP records have reported feeling that they have more trust and confidence in their doctor and that it helped them feel like partners in health care.22 Accessing their health information online also:  helped patients prepare for consultations;  helped to clarify complex communication that occurred during consultations; and  being able to review the record at home after a consultation assisted their memory, understanding and self-reported adherence to their care plan.

20,22 Doctors who were involved in the Open Notes project where visit notes were opened up as well as other portal functionalities commented that it “strengthened relationships with some of their patients (including enhanced trust, transparency, communication, and shared decision making) and that participation was easier than expected or seemed to make no difference to their work lives.” 20 Health impacts of portals on patients The randomised controlled trials to date have investigated the effect of patient portals on various patient outcomes such asphysiological outcomes (e.g. BP control or HbA1c), psychological outcomes (e.g.

depression, quality of life), health behaviours, adherence, patient satisfaction and self-efficacy. The evidence from these studies is promising but mixed. While some have shown improvements, others have found no impact. While evidence is sparse, there is data suggesting that the use of secure messaging can improve glucose outcomes in patients with diabetes and increase patient satisfaction.17 Furthermore, Goldweig et al. (2012) found that secure messaging as part of a webbased management program was more effective than secure messaging alone.17 Several factors regarding the literature for the above patient outcomes need to be taken into account.

Firstly, the current data available represents very mixed, heterogeneous study populations, differing portal designs, mixed interventions, different measured outcomes and mostly very short time frames (one year or less). Most of the literature comes from the US where compared to nonusers, the majority of portal users have private insurance, higher incomes and are mostly white. As such, these people may have better health outcomes anyway and access to a portal might be too weak an intervention to show improvements compared to controls. Secondly, the design of patient portals may be a crucial factor for patient engagement and the ability to get the most value from this technology.

Studies have noted the lack of portal design and content for chronic disease management, 18,23 and low use of the portal as a natural hub for multidisciplinary care co-ordination and case management.23 Work impact of portals for providers Evidence for portal use and time and resource efficiency has been largely descriptive. A recent qualitative study of US health care institutions indicated physician acceptance of this technology occurred as it made their indirect care work easier and that physicians found this form of communication “just saved time.”21 The major time saver was losing the ‘telephone tag’ and automatic documentation of patient-provider asynchronous communications.21 In the Open Notes project, very few doctors (0-5%) reported longer consultations as a result of patients reading their visit notes.

Furthermore, few reported having to spend more time addressing patient concerns outside of the consultation (0-8%).20

12 The implementation of patient portals has not been associated with increased litigation.20,24 It has been reported that around 28% (17-35%) of all visits do not require face-to-face appointments25,26 and the premise is that online messaging may substitute for some consultations. Indeed an assessment of the impact of patient-provider electronic communication indicated that office visits could be reduced by 10-20% in integrated settings.27 However, studies of the actual impact of patient portals on health care utilisation are mixed. Conducted in different US regions, three studies documenting experiences within Kaiser Permanente are notable.28-30 The first two found that implementing a patient portal linked to the Kaiser EHR, reduced primary care visits by 6.7% in one study30 and by 25.3% in the other.28 However, the third study found a marked increase in all health care utilisation.29 Matching for age, sex, utilisation frequencies, and chronic illnesses, they categorised patients as portal users or nonusers.

Then they compared individual patient utilisation of services in the year after they registered on the portal to the previous year. Compared to non-adopters, they found that adoption of a patient portal was associated with increased telephone contacts (+0.3 per member/year) office visits (+0.7 per member/year), emergency department visits (11.2 per 1000 members/year) and hospitalisations (19.9 per 1000 members/year). No explanation was given for possible reasons for this increase. It will be important to follow-up these cohorts in the longer term to investigate whether the pattern of utilisation continues.

For all three of these studies, confounding may still be a problem.31 Utilisation will need to be monitored in New Zealand. As yet, these findings have not been mirrored in early experience of portal use here.

Disparities of adoption All new technologies and interventions have the capacity to increase disparities in health outcomes due to differential uptake. In fact many have raised concerns about portals exemplifying the inverse care law32 – those with most need would be least able to access and use them. Indeed, patients that adopt portals in the US have been reported to be very different from non-adopters by age, gender, ethnicity, socioeconomic status and presence of co-morbidities.33-37 The differences vary whether the measure is ‘getting registered’ or ‘active accounts’ (i.e. patients use the portal once registered).

The reasons given for the differences include no provider encouragement to register, lack of patient need (young healthy people may not see the value), health literacy issues, special needs (visual, cognitive or physical limitations), language barriers, no internet, no computer, lack of computer literacy and patient fears or mistrust of the system.

However, differences in uptake are likely to be an issue for high risk populations with chronic disease. Compared to the ‘healthy’, these patients have greater information needs, often complex care plans, multiple providers and poly-pharmacy requiring co-ordinated and sustained care over time. Experience in the US is that patients with chronic disease are less likely than healthy adults (62% vs. 81%) to have internet access.38 However, this is rapidly changing with the rise in the adoption of smart phone technology.39 Indeed, once chronic disease patients have internet access, they are more likely to seek health information online38 and also to adopt portals than those without chronic disease.37,40 Portal adoption will need to be monitored carefully in New Zealand.

The availability of smart phone apps is likely to be important for reducing disparities in uptake due to lack of computer access.

13 Getting ready for patients to access medical records This section looks at an overall approach for primary health care organisations (PHOs) to consider if they are embarking on implementing patient portals in their member practices. The discussion then looks more at the practice and health professional level regarding readiness for enabling record access, privacy and security concerns and other key issues raised by patients and health professionals. PHO strategies to support portal implementation It is not in the scope of this document to discuss IT architecture, or to guide vendor contracting or the business model that the practices and/or PHOs adopt for portals.

However, should PHOs wish to support their practice to implement portals, recent research indicates that the following steps facilitate implementation success – both with health professional acceptance and patient uptake.21 1. Have a vision. With patient involvement, work out how patient portals could be a part of the PHO strategic priorities. For example, some PHOs might have a vision of better supporting the patient and their whanau and strengthen the partnership with their health care team. For another PHO, the portal might be a vehicle to achieve evidence-based care such as appropriate CVD risk management for all those who have been risk assessed.

In Midlands Health Network, the portal fits into their overall transformational plan – The Model of Care. 2. Articulate the PHO vision widely and in what way the portal might be pivotal to the envisioned change.

3. Gather a governance group and identify consumer and frontline health care staff who are interested. As the portal is a whole of practice intervention – include patients, nurses, receptionists, practice managers as well as GP leaders. The first task of the governance group should be to check whether the vision is one they all support and how the portal can support this vision. This group then works to ensure the privacy and security standards (including a Privacy Impact Assessment) are in place and maintained, the extent of the initial pilot and how practices will be supported. There should be ongoing governance of patient portals in order to manage maintenance of the standards put in place at the time of implementation and to ensure that the portal continues to function as intended.

4. Have a communication plan. Provide patient education and information during the portal registration process. There needs to be careful advertising and printed material available for patients to understand how the portal will work and what security measures will be in place. Having pamphlets to hand out to patients to start the conversation as well as when they register along with posters for the practices are really useful. 5. Start small. For example, one practice, one doctor. Depending on circumstances, the practice might start with a subset of the portal functions and gradually introduce more.

6. In the early adopting pilot sites, conduct two work process design projects. One on how to register patients to the portal and a second on how implementing the portal can be incorporated to make practice work easier. International experience is to formally map the work flows in practice processes where a portal will bring about a change in the status quo.21 This will typically include prescriptions, telephone queries, appointments and how laboratory test results are communicated. Process flows will clearly show what is currently happening and where the bottlenecks are. Then repeat the process by mapping how they will occur with the portal.

14 7. Communicate the stories of the early adopting pilot sites to other practices. A useful strategy internationally was having champions – patients who tell their story of the importance of the portal for them and members of the health care team (GP, nurse, receptionist, practice manager) who visit other practices, discuss issues and concerns and bring their own ‘tried-andtested’ experiences in early adopting practices.21 8. Train practice teams on the use of their patient portal system. For registration, one of the keys to patient uptake is that everyone in the practice team has a role in letting patients know about the portal and signing them up.

Furthermore, all practice members need to be comfortable navigating the portal so that they can guide patients and their queries. Consider scripting roles of each of the practice team.

9. Set targets. For example, Midlands Health Network in a Model of Care practice set a target of 50 patients signed up to the portal per month. International evidence suggests that the most successful strategy for portal adoption is if their trusted health professional encourages them to do so.21 10. Monitor uptake and actively seek feedback from practices on issues that arise. 11. Communicate to practices and to patients what is happening, what the problems have been and how they have been addressed. Celebrate success and continue to monitor. Health information availability The most common functions and features available to patients through portals connected to their health care team are listed below.

9,23,41,42  Problem list  Medications  Allergies and alerts  Record of visits (time/date/provider)  Immunisations  Laboratory results  Provision of condition-specific information and helpful links to other websites that have patient friendly education resources to help understand medical terms and care  Clinical summary record  Pathology and radiology results  Family history, social and lifestyle history  Visit consultation notes  Operation notes  Secure patient-provider messaging functionality  Prescription refill requests  Appointment requests and in some cases the ability for patients to self-schedule appointments  Patient reminders (for preventive care or appointments)

15 The functions most commonly used by patients internationally are viewing laboratory results, requesting an appointment, messaging their health care team and requesting a prescription refill.23 Most portals internationally provide links to trusted consumer educational resources from all aspects of data (e.g. weblinks from each diagnosis or each laboratory test.) There are a variety of approaches that a general practice could consider with respect to offering record access and online transactions. New Zealand is in an early phase of implementation of portal technology and what we do will emerge and mature over time.

Advice from other health systems is to consider a staged approach – introducing access to some of the data and functionality available and then gradually extend access as patients and health professionals develop confidence.21,43 Therefore, while the patient can always request access to their full set of notes, initially only a subset of these is made available online. It is in essence an alternative way for patients to be more informed and involved in their care. Opening up functions and health information gradually allows the practice to sort out their work flow processes, new roles and responsibilities and adapt to this new way of working.

Some practices may wish to make consultation notes available and if so may decide on a start date going forward rather than all notes from all times in the past. However, all decisions about what data is available should be made in agreement with the patient.

Privacy, confidentiality and security of health information For both patients and health professionals, it is vital that privacy and confidentiality of health information is maintained. To maintain trust in their GPs, patients need to continue to have confidence that their health information will not be inappropriately shared or accessed. Practices should have a policy on access to patient portals which is compliant with the Privacy Act 1993 and the Health Information Privacy Code 1994. A formal Privacy Impact Assessment (PIA) is an ideal place to gain an understanding of the impact of the portal on each of 12 rules of the Health Information Privacy Code 1994.44 The Advisory Group believes that the capacity to conduct the PIA is likely to be at the PHO rather than at the practice level.

The practice’s patient portal should provide a secure environment which enables patients to view their clinical summary and medication list, laboratory test results and to interact with their practice (including messaging the practice team, making appointments and requesting a repeat prescription). Functionality of the patient portal should meet current accepted standards for security (e.g., HISO standards), access, auditability, information ownership and use.

Patient portals use the internet and patient information is sometimes stored on a web-based server (i.e. separate to the practice systems). Having an internet connection is a genuine security risk and all practices are encouraged to review their IT risk management. This includes assigning responsibilities for IT security, having policies and procedures in place, ensuring access control and other risk management measures. Significant privacy impacts of patient portals – a guide for practices Each PHO or group who are considering implementing Portals will need to work through a privacy impact assessment for themselves.

The following guide sets out significant impacts, but is not intended as a replacement. Differing portal architecture or implementation of other data sharing (for

16 example Clinician-to-Clinician portals with summary care records) will require consideration and adaptation of the guidance given here. This section has been adapted from the Privacy Impact Assessments conducted by Midlands Health Network Ltd45 and Compass Health46 and provides acknowledgement where segments of these documents have been used. In addition, guidance has been drawn from documents published by Medical Council of New Zealand47 and the Office of the Privacy Commissioner.44 The impact a portal might have on each of the 12 rules of the Health Information Privacy Code 199444 has been identified.

For each rule we outline its intent, describe in general how the rule is applied currently and then describe what impact a patient portal might have. The portal architecture that is used to frame this assessment relates to those connected to a GP’s patient management system. Current instances of this type of portal are ManageMyHealth [MedTech], Health 365 [My Practice] and Accession Patient [Intrahealth]. In this scenario, the portal connects patients through a password protected internet connection directly to a subset of their electronic health records either stored as an extract from the practice in a separate database or retained within general practice electronic systems.

It allows patients access to their health records or to an agreed subset of their health information and provides patients with the ability to electronically communicate with the practice with queries and various other functions such as prescription refills or appointment requests.

Rule 1. Purpose of collection of health information Health information must only be collected for a lawful purpose that is related to the function or activity of the health agency. How the rule is currently applied: All health professionals collect and record patient health information and decisions made about their medical care. The purpose is to provide a record of a patient’s medical history and on-going treatment as well as meeting medico-legal requirements to describe and support the management of the patient’s health care. Information is also collected for the purpose of sharing with other health professionals such as for referrals or to ensure continuity of care for the patient.

The information may also be recorded for statutory or statistical purposes. Impact of a patient portal: The portal does not change the current purpose of collecting health information Rule 2. Collection from the source of health information In most cases, health information must be collected directly from the person who the information is about. However, sometimes it is acceptable to collect information from other people instead. For example, where the patient has authorised you to collect the information from someone else. How the rule is currently applied: In almost all circumstances in general practice, information is collected directly from the patient or from parents, guardians, or caregivers.

Impact of a patient portal: The portal provides a new collection opportunity for the patient (and/or their authorised representative) to send information electronically to their general practice team that may be able to be incorporated into their electronic medical record.

17 Rule 3. Collection of health information from the individual When a general practice collects health information from an individual, it has to take reasonable steps to make sure that person is aware of the information flows and the purpose of those flows. The individual needs to know that data will be collected, why it is being collected, who will get the information, who will be storing the information and that they have right to access it. They also need to know whether they have to supply the information or if it is voluntary and what will happen if the information isn’t provided.

How the rule is currently applied: Usually these steps are carried out at the time of patient enrolment into a practice/PHO with the patient signing an enrolment form with specially designed privacy statements.

The practice may well also have pamphlets that the patient can take home with them and notices on waiting room walls. The supply of information from a patient to their health care professional is nearly always voluntary with the patient choosing to disclose what they wish. Impact of a patient portal: Although patients will have signed an enrolment form, it will be necessary to confirm with the patient the impact of registering with the portal in terms of where it is stored (e.g. depending on the portal product this may be a view the patient has into the local practice PMS system or a secure web server that uploads patient information from the patient management system), who has access to the information and the voluntary nature of the process.

Rule 4. Manner of collection of health information Health information must be collected in a lawful, fair and not unduly intrusive manner. How the rule is currently applied: Health professionals deal with sensitive personal information on a daily basis and have processes in place for the collection of health information. These processes are already governed by professional quality standards such as those outlined RNZCGP Foundation Standard 20 – Continuity of care is facilitated by the registration of new patients; and Standard 21 – Patient records meet the requirements to describe and support the management of health care provided.

Impact of a patient portal: Although the portal provides a new opportunity for exchange of information between the patient and their health care team, the manner it is collected should not change. Rule 5. Storage and security of health information Agencies holding health information must ensure that there are reasonable safeguards in place to prevent loss, unauthorised access, misuse or disclosure of health information. How the rule is currently applied: A patient’s medical history and other related health information is usually stored within the practice’s patient management system. As outlined in the Compass Health Privacy Impact Assessment,46 “Almost all general practices are connected to the internet, usually by a broadband internet connection.

This internet connection is used primarily for the use of normal business email, web browsing and for creating secure messaging gateways to communicate electronically with other health professionals (most often using the HealthLink product). The terminology “surface area” is often used to describe how much potential there is for threats to attack the security of a system. Having an internet connection is a genuine security risk. The

18 associated surface area for attack it provides is extremely minimal if it is configured correctly. Having an internet connection has a high business benefit which outweighs the associated risks.” 46 The Health Information Security Framework (HISO 10029.1) provides recommendations for health agencies on safeguarding health information so that it is “produced, stored, disposed of and shared in a way that ensures the information’s confidentiality, integrity and availability.” 48 Impact of a patient portal: Some portals utilise the internet and patient information is stored on a secure web-based server (i.e.

separate to the practice systems). In addition it will be important to review Privacy Statements and Security measures relating to each portal vendor’s product in terms of encryption during transmission and within the portal webserver.

The following text has been excerpted from from the Privacy Impact Assessment conducted by Compass Health.46 It relates to the ManageMyHealth portal but the advice is pertinent to the other instances of PMS-linked portals currently available. “At present the data is secured with a single-factor authentication mechanism, requiring anyone wishing to access it to have a matching pair of username and password. The risk with the most likelihood of occurring is one where a patient or provider compromises the system security by inadvertently or deliberately giving others their username and password.

To mitigate this, it will be important within the patient information to stress the importance of keeping their username and password safe and to only give it to other people that are acting as their guardian or advocate if they wish to. It will also be important to ensure that health professionals are educated fully as to their responsibilities and measures that they need to take to ensure the safety of the system. Organisations will also be asked to ensure that their network, processes and procedures meet a minimum security standard (based on HISO recommendations.)” 48 There is also a risk that a web-based portal can be compromised by software vulnerabilities.

In particular, developers need to ensure that sites are robust against cross-site scripting attacks, which may provide unintended access into an underlying database. Therefore, any patient portal should be subject to a robust information security risk assessment before it is loaded with live data. The Privacy Commissioner has also advised that passwords are (a) often compromised, and (b) usually not strong. Passwords are also particularly vulnerable to socially engineered password resets (i.e. calling the helpdesk and requesting a password reset). Password reset protocols need to be robust against attackers who are likely to know important facts about people (such as estranged family members or investigators).

Patients having registered to a portal can allow other health professionals (and indeed whoever they wish) access to the health information that has been transferred to the portal. This scenario is likely to be useful when patients travel and need to seek health care from other health professionals not usually involved in their care. However, as an additional security measure, audit functionality for the patient is highly recommended. Depending on the product, it will be important to check whether the portal provides audits of access to the system and what the audit entails (e.g. displays date, time,

19 type of access and who accessed the information). In addition, check with vendors regarding blocking access with repeated failed attempts to log on. Rule 6. Right of access Patients have a right to access their own health information upon request. Health agencies are required to deal with such a request within 20 working days and in general, give the information without charge and in a form that the individual prefers. General practices can refuse to give access in some situations. For example, if giving the information would endanger patient safety, prevent detection and investigation of criminal offences or involve an unwarranted breach of someone else’s privacy.44 How the rule is currently applied: Currently, if patients want to view their health information they need to make contact with their general practice and request this.

This is usually given as a print-out of the electronic information or provided face-to-face with their health professional. General practices have existing processes if there is a need to withhold the information. Impact of a patient portal: The portal substantially facilitates access to a patient’s own health information. Patients who have registered to the portal will have daily access to their health information uploaded from the patient management system to the portal. However, this is unlikely to be the complete health record but a subset that is agreed upon by the GP and the patient as well as the technical capabilities of the portal product.

The GP still retains the ability to withhold information by making a judgement call on the appropriateness of the information to be uploaded. The patient still retains the right to request and receive access to all their health information at their general practice using the standard process as set out in the Privacy Act.

Rule 7. Correction of health information Patients share their health information with their doctor to better their own health care. Comprehensive and accurate records are integral to providing quality care. Patients have the right to ask the general practice to correct the information held about them, if they think it is wrong. The health professional has an obligation to correct the information when it is wrong. Or if they feel it is inappropriate to do so, they are obligated to attach a note to the patient record outlining the request, the patient’s view about what the correct information is and the subsequent refusal.

How the rule is currently applied: At the present time any request for correction would have generally come from a patient viewing their own health records either as a print-out or face-to-face with their health professional. The practice might arrange an appointment with the patient and the health professional responsible for the information. The health professional would then either be able to correct the information, or decide that the information was accurate and not need correction. In the latter case, they would usually make a note within the PMS daily record, as to the patient’s request, subsequent refusal and grounds for not changing the information.

Impact of a patient portal: The portal substantially facilitates access to a patient’s own health information and also usually allows the patient to communicate directly through the portal to their health care professional if they see an error or gap in the health information and ask for correction/addition to the source data (i.e. the electronic health record located in the patient management system). Furthermore, the patient has the ability to review whether the correction has

You can also read
Next part ... Cancel