Scribd Logo
Upload

Welcome to Scribd!

  • Confidentiality, Integrity and Security of Information

    Uploaded by

    Aniruddha Chatterjee
    143 views9 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    143 views9 pages

    Confidentiality, Integrity and Security of Information

    Uploaded by

    Aniruddha Chatterjee

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    TATA MOTORS HOSPITAL Page 1 of 9

    CHAPTER NAME: IMS


    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02

    Policy & Procedure for Confidentiality,


    Integrity and Security of Information

    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 2 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02

    AUTHORIZED SIGNATORY

    1. Approved By
    Medical Director
    2. Issued By
    Quality Manager

    AMENDMENT SHEET

    Sl. Page No. Clause No. Date of Amendment Made Reasons Signature of Quality
    No. Amendment Manager
    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 3 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02

    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 4 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02
    INDEX

    Sl. No. Policy & Procedure Page No.


    1. Policy & Procedure for Confidentiality, Integrity 5 - 10
    and Security of Information

    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 5 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02
    1.0 POLICY:
    To appropriately, confidentially and securely keep all the patient and non patient related data and
    information generated, provided or kept in the hospital.
    1.1 Privacy and Confidentiality of Information -
    All staffs of TMH shall uphold the privacy and confidentiality of the information resources concerning
    patient records and other information.
    1.1.1 All existing and new staff shall be trained to handle patient and other confidential
    information.
    1.1.2 All staff shall maintain privacy and confidentiality of the confidential information relative to
    their job function.
    1.1.3 All staff shall understand the implications of violation of privacy and confidentiality of
    information.
    1.1.4 Contractual staff and trainee shall be provided with appropriate access depending on their job
    function.
    1.1.5 Staffs, who shall separate from the facility, must obtain clearance from Information
    Technology Department who will delete system access.
    1.1.6 Head of Departments shall notify Information Technology Department when accessing right
    of individuals is to be terminated following involuntary separation or reassignment. This
    notification shall be made as soon as possible, but no later than three working days from last
    date of service.
    1.1.7 Violations of Confidentiality of Information-
    1.1.7.1 Violations will be reported to and investigated promptly by management to determine
    if the cause was due to an individual’s negligence, an accidental mistake, improper
    training, or misunderstanding the information resource and / or policy.
    1.1.7.2 An individual’s access rights may be suspended immediately upon the discovery of a
    possible violation of this policy.
    1.1.7.3 Violation of this policy may result in disciplinary action up to and including
    termination.
    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 6 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02
    2.0 PURPOSE:
    Protected patient information (PPI) is confidential and protected from access, use or disclosure except to
    authorized individual requiring access to such information. Attempting to obtain or use, actually obtaining or
    using, or assisting others to obtain or use PPI, when unauthorized or improper, results in performance
    counseling or disciplinary action up to and including termination.
    All hospital staff members must access and use protected patient information on a "need to know" basis as
    defined by their job role. In addition, when using or disclosing patient information the amount of
    information used or disclosed is limited to the minimum amount necessary to accomplish the intended
    purpose. When requesting patient information from other healthcare providers, staff limits the request to the
    minimum amount necessary. This minimum necessary expectation generally does not apply to situations
    involving treatment or clinical evaluation.

    3.0 DEFINITION (IF ANY):


    3.1. Confidentiality: The safekeeping of data and information is restricted to individuals who have
    authorization, need and reason for access to such data and information.
    3.2. Confidential (Sensitive) Information: Information that requires special safeguards due to its private
    nature. Confidential information includes, but is not limited to, patient care (all information
    regarding a patient’s identity, treatment and diagnosis), personnel, financial and some business
    records.
    3.3. Information Resources: Includes, but is not limited to, computers, faxes, telecommunication
    hardware, software, storage media, computer sign in codes, medical records documentation, and
    information stored, printed and/or processed by a computer system.
    3.4. Security violations are defined as follows:
    3.4.1. Failure to sign off from the access terminal prior to leaving the terminal
    3.4.2. Accessing his / her own patient record, without appropriate permission
    3.4.3. Utilizing another user’s sign in or password.
    3.4.4. Accessing confidential information without a legitimate reason.
    3.4.5. Attempting to and/or circumventing security systems.

    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 7 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02
    3.4.6. Disclosure of confidential information.
    3.4.7. Unauthorized entry, correction, amendments or change to existing data.

    4.0 ABBREVIATIONS (IF ANY):


    OP: Out Patient
    IP: In Patient
    MRD: Medical Records Department
    ITD : Information Technology Department
    HMIS: Hospital Management Information System

    5.0 SCOPE:
    This policy is applicable to following-
     Patient Information contained in HMIS
     Data and information in HMIS regarding various use of hospital management and analysis
     Information in Medical records.
     Information kept in manual registers, forms and files
     Hospital Personnel’s information in their personnel files

    6.0 RESPONSIBILITY:
     All healthcare providers, Medical Records Department
     Information Technology Department

    7.0 DISTRIBUTION:
     The entire patient care areas and Medical Record Department
     Information Technology Department.

    8.0 PROCESS DETAILS:


    8.1 Description of the process-

    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 8 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02
    All patient and non-patient related data and information generated, provided or contained in the hospital
    should be kept appropriately confidential, integrated and secured.
    All information concerning a user, including information relating to his / her health status, treatment or stay
    in the hospital, is confidential, and is to be treated as such
    No person may disclose any information contemplated in above mentioned point unless,
     The user consents to that disclosure in writing
     A court order or any law requires such disclosure; or
     Non-disclosure of the information represents a serious threat to public health
    Without prejudice to the generality of this section, special precautions for the maintenance of confidentiality
    shall be taken, with respect to
     Persons affected with HIV / AIDS and
     Persons with mental health problems
     Person is danger to the national security or to the society.
    Patient records shall be kept confidential, complete and secure both in manual and in electronic form.
    This shall be in accordance with Indian Evidence Act, Indian Penal code, Code of Medical ethics.
    These records shall be safe guarded against loss, destruction and tampering. Adequate space, cleanliness and
    storage furniture shall be maintained in Medical records department.
    Privileged health information shall be used for the purposes of medico legal cases only.
    Patient /physician and other public agency requesting for access to medical records shall be done as per
    Document.

    9. PROTOCOLS:
    9.1 Electronic records:
    These records are kept in HMIS and include patient related information, administrative information and
    various reports.
    Following shall be done to keep the confidentiality, integrity and security of these information.
    1. Access shall be restricted and only through User ID and password.
    2. User ID and Password shall be provided to identify personnel depending on the type of information
    required by him for his job.

    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00
    TATA MOTORS HOSPITAL Page 9 of 9
    CHAPTER NAME: IMS
    Policy & Procedure for Confidentiality, Integrity and Security of Document No.:
    Information TMH/IMS/QSP/02
    3. The IT department shall provide the right to access only after clearance from head of the department
    4. Right to access shall be provided only after proper justification
    5. Any external person request for specific information from HMIS shall be allowed only after written
    permission from either Medical Administrator
    6. Any drive for connecting external hard disk shall restrictively provided in CPUs in hospital. Internet
    facility shall also be restricted, to prevent data or information stealing.
    7. Electronic data shall be protected from virus / Trojans and other computer bugs. Any software, if
    required to be used on computers with hospital information shall be validated and authenticated by
    IT department.

    9.2 Medical records:


    1. Medical records shall be stored in MRD after patient discharge and shall be kept under safe manner.
    2. Medical records for admitted patient shall be kept under custody of nursing staff and shall not be
    allowed for access to people not involved in direct patient care.
    3. A proper track of medical records shall be kept in case these records are transferred from one place
    to another.
    4. It shall be ensured by staff and medical records department that all pages and contents in the medical
    records and appropriately kept and are prevented from loss, tampering or destructions. No loose
    paper shall be allowed in medical records.

    9.3 Activity and responsibility (tabular format):


    Sl. Activity Responsibility
    No.
    1. All patient and non-patient related data and
    information generated, provided or contained in the Medical record department,
    hospital should be kept appropriately confidential, all healthcare providers.
    integrated and secured.
    2. All the protocols for electronic records and medical Medical record department
    records must be followed. & IT Department.

    Approved By:
    Issue No. : 01
    Medical Director Quality System
    Issued By: Quality Manager Procedure Rev. No. : 00
    Issue Date: Rev. Date: 00

    You might also like