Health Information Privacy, Security, and Medical Records (Alberta) - Vocabulary flashcards

Administrative, Physical, and Technical Safeguards

  • Week 1 focus: safeguarding patient information across administrative, physical, and technical domains.

1. Administrative (people)
-   Policies and procedures
-   Confidentiality oaths
-   Privacy awareness training
-   Code of conduct
-   Access to patient forms controls
2. Physical (security)
-   Locked cabinets
-   Key access controls
-   Alarm systems
-   Fire protection (sprinklers)
-   Secured destruction of information (shredding)
-   Fax machines physical security considerations
3. Technical (computers)
-   Password protection
-   Audit logs (keeps track of activity)
-   Backing up information off site
-   Permission/access based on roles within healthcare
Key patient information access rights

  • A patient may request access to their information.

  • You do not have to provide it immediately; you have 30 ext{ days} to provide it. 30 ext{ days} is the standard window cited.

What is Health Information in Care Settings?

  • Health information encompasses diagnostic, treatment, and care information including health provider information.

  • Registration information includes personal health number.

  • Roles: safeguarding health information aims to protect, promote, and maintain physical and mental health.

1. Collection and Use
-   May only use a patient’s information for what it was collected for.
-   If you want to use it for another purpose, you need consent.
2. Disclosure
-   Disclosure occurs when a custodian leaks information or shares information for a purpose other than what it was collected for.
HIA – Custodians and Affiliates

  • HIA stands for the Health Information Act.

  • Custodians include health service providers who are members of a regulated health profession named in the HIA (private or public):

    • Dentists, dental hygienists, dental surgeons, dental mechanics

    • Physicians, registered nurses, chiropractors

    • Midwives, opticians, optometrists

    • Alberta Health Services (hospitals)

    • Minister of Health

  • HIA – Affiliates: anyone who is an employee of a custodian (examples: Alberta Queen’s Printer, 2018). This includes dental assistants, other employees, volunteers, students, and contractors.

Privacy: Rights and Legislation

  • Privacy: the right of an individual to have some control over how their personal health information is collected, used, and disclosed.

  • Governed by privacy legislation, including Alberta’s Health Information Act (HIA).

  • Codes of ethics: CADA (Canadian Association of Dental Assistants) – outlines the responsibility of the dental assistant to the patient to abide by applicable legislation governing practice, privacy, confidentiality, and human rights.

  • Standards of Practice: ADA’s Standards of Practice require dental assistants to understand the Health Information Act and the custodian’s policies and procedures for protecting patient information.

  • Confidentiality: obligation of a person or organization to protect information entrusted to it.

Patient Information Forms
1. Patient Registration forms collect:
-   Full Name
-   Address, phone numbers
-   Date of birth
-   Employment information
-   Spouse information
-   Insurance information and person responsible for payment
-   Patient signatures and date completed
2. Medical and Dental History Forms
-   Contain personal information regarding current and past medical and dental health conditions
-   Medical Alert Information
3. Patient Consents:
-   Disclosure (release of information)
-   Treatment (informed consent)
-   **HIPAA reference**: Common forms are discussed; note the content uses HIPPA terminology in the transcript.
Common Forms and Examinations (Clinical Documentation)

  • Common forms include Financial policies (policies related to payment and treatment).

1. Physical Examination components:
-   Growth and development evaluation
-   Vital signs
-   Cognition (understanding information)
-   Communication skills
2. Radiographic Exam:
-   Intraoral images: periapical, bitewing, occlusal
-   Extraoral images: panoramic, cephalometric, tomography
3. Extraoral Examination:
-   Findings of temporomandibular joint (TMJ)
4. Intraoral Examination:
-   Charting of periodontal conditions
-   Patient’s chief complaint
-   Findings of occlusal evaluations
-   Evaluations, comments
5. Clinical Examination:
-   Includes patient’s name and date of examination; charting of existing restorations and present condition
Treatment Planning and Documentation

  • Treatment Plan: record the plan of care on the treatment plan form; properly sequence to address all problems identified during examination and diagnosis portions of the patient visit.

  • Treatment plan may change if financial arrangements become a factor.

  • Common forms: Informed Consent – related to a specific treatment or procedure; provides expected outcomes and describes possible complications; commonly used for invasive or extensive treatment (e.g., specialty procedures).

  • Progress Notes: part of the patient record; include date, tooth number, completed treatment, and communication with the patient.

  • PARTS (Problem, Assessment, Recommendation, Treatment, Strategy): used to structure treatment notes.

Rules and Regulations for Chart Entries
1. Handwritten Records:
-   Must be legible in ink.
-   Ideally, treatment notes are completed within 24 ext{ hours}; if late, it should follow the most recent entry, clearly noted as a late entry with a cross-reference to the original chart entry, and include the date and time of the late entry.
-   Mistakes corrected by a single strike-through, immediate correction, and signing the entry.
-   Infection control protocols are required to prevent contamination of paper records during patient care.
-   Provincial and local requirements may require paper records to be secured in a locked cabinet or room when staff are not on-site to monitor access.
Digital Records and EHR (Electronic Health Records)

  • Digital records provide a legible longitudinal record of patient care across healthcare settings over the lifespan.

  • Accessible to authorized personnel in real time.

  • Notes can be entered chairside and in real-time.

  • Creating a standardized format for gathering patient information is challenging due to the need for consensus among all providers.

  • Computerized records require accessible terminals for authorized personnel and password protection.

  • Amendments to clinical digital charts may be required.

  • Infection control of computer hardware (keyboard, mouse) is a consideration; plastic barriers can be used for keyboards and mice.

  • Voice activation or speech recognition can facilitate documentation and improve accuracy.

  • Foot-activated entry for some data (e.g., periodontal probing) is possible.

  • Technical and computer skills of healthcare personnel are critical; support is essential to minimize workflow disruption and protect patient care.

  • Patient access to their records can be impacted by computer skills and internet access.

  • Managing safety of the EHR during data entry may require privacy screens to maintain confidentiality.

Legislation and Privacy Frameworks

  • Health Information Act (HIA) (Alberta)

  • Public and private

    • Scope: Applies to custodians and their affiliates in Alberta.

    • Information Covered: Health information (registration, diagnostic, treatment, care).

    • Application: Legislates collection, use, and disclosure of health information by both private sector and provincially funded public bodies in Alberta.

  • PIPEDA (Personal Information Protection and Electronic Documents Act)

  • private federal

    • Scope: Federal standard.

    • Information Covered: Personal information.

    • Application: Protects personal information in private sector activities across Canada.

  • PIPA (Personal Information Protection Act) (Alberta/BC)

  • Private ( Alberta )

    • Scope: Provincial equivalent for private sector organizations in Alberta/BC.

    • Information Covered: Personal information.

    • Application: Governs how private sector organizations handle personal information and provides a right to access personal information. Does not apply to public bodies in Alberta, but may apply to organizations doing business with them.

  • HPA (Health Professions Act) (Alberta)

  • Public

    • Scope: Governs 32 health professions in Alberta.

    • Application: Oversees governance of professional colleges (e.g., CADA, ADA&C, CRDHA). Regulates health professions to serve public interest through professional regulations, standards of practice, and codes of ethics.

  • Regulatory Notes on FOIP Replacement (June 2025)

    • FOIP (Freedom of Information and Protection of Privacy) was removed.

    • Replaced by PPA (Personal Protection Act) for privacy protection.

    • Replaced by ATI (Access to Information) Act for access initiatives.

    • These regulate public health and private health information.

Retention and Accessibility of Records (Alberta)

  • Adult Patient Records: Must remain accessible for a minimum of 10 ext{ years} following the date of the last service.

  • Minor Patient Records: Must be accessible for a minimum of 10 ext{ years} past the patient’s age of majority.

Practical Implications for Dental Assistants

  • Understand and comply with custodian policies and procedures for protecting patient information.

  • Ensure accurate, timely, and secure documentation across paper and digital formats.

  • Recognize when consent is required for disclosure and how to document informed consent and disclosures.

  • Maintain professional boundaries and confidentiality in all communication methods (in person, phone, email, electronic records).

  • Stay current with changes in privacy law (e.g., updates to FOIP/PPA/ATI interfaces) and regulatory bodies.

Summary of Key Points (Quick Reference)

  • Access to patient information must be granted within 30 ext{ days} when requested by the patient.

  • Information collection, use, and disclosure must align with the purpose of collection and require consents for new uses.

  • HIA defines custodians and affiliates; professional roles listed include dentists, physicians, nurses, optometrists, and others; private and public sector entities are covered.

  • Privacy laws (HIA, PIPEDA, PIPA) regulate handling of health and personal information, with HPA governing health professions in Alberta.

  • Paper records require legible handwriting, late-entry rules, cross-referencing, and secure storage; infection control protocols apply to paper.

  • Digital records enable real-time access and longitudinal care but require strong security measures: password protection, access controls, privacy screens, and barriers for shared devices.

  • Retention periods in Alberta: adults and minors both require at least 10 ext{ years} of accessibility after last service or after majority respectively.

  • Ethics and professional standards are shaped by CADA and ADA guidelines, emphasizing privacy, confidentiality, and patient rights.