The IT programs and changes that hospitals develop will be guided by the recommendations of privacy and information sharing officers to ensure that patient data is securely stored. Therefore, IT and Privacy will face many common burning questions and should work together on developing solutions. In order to plan for demographic data collection, your IT department will need answers on a number of questions around the entry, storage, and use of demographic data.
Note: Options for Data Retrieval
IT solutions around data retrieval should consider the form in which data needs to be accessed, i.e. classified (e.g. identifiable, de-identified, in aggregate form, etc). This is defined by who will see the data, what you need to link demographic data to, and which items will remain visible for service provisions.
The Data Use and Disclosure Standard by Cancer Care Ontario (CCO) uses the following classifications for CCO data:
Identifiable Record-Level Data
Data that includes elements that directly identify an individual. By definition, identifiable record-level data contains personal health information
De-identified Record-Level Data
Data that includes elements that may constitute identifying information because there may be reasonably foreseeable circumstances in which the data could be utilized, alone or with other information, to identify an individual. Thus, de-identified record-level data may contain personal health information
Summed and/or categorized data that is analyzed and placed in a format that precludes further analysis (for example, in tables or graphs) to prevent the chance of revealing an individual’s identity (individual records cannot be reconstructed). Aggregate data does not include personal health information.1
IT Solutions: Hardware
National Health Services Scotland (NHSScotland) has stated that the benefits of using portable devices “are massive” due to the ability to facilitate information exchange.
In response to challenges that may arise from using such tools, NHSScotland developed a document illustrating the challenges and opportunities in embracing mobile solutions. These include a list of mobile devices and an FAQ section for those considering using these devices.
The goals and objectives of IT and Privacy are interdependent; neither can be successful without the other. Therefore, the Steering Committee should facilitate and encourage cooperation.
- Cancer Care Ontario (2011). Chief Privacy Officer and Chief Information Officer Data Use and Disclosure Standards. ↩