This press release from Ireland’s Health Information and Quality Authority is of note:
A new guide on how to protect people’s privacy within healthcare services has been published by the Health Information and Quality Authority.
Professor Jane Grimson, Director of Health Information at HIQA said: “With so much information being collected, used and shared in the provision of health and social care, it is important that appropriate steps are taken to protect the privacy of each person to ensure that personal information is handled legally, securely and efficiently.”
“Information is a vital resource in the delivery of high quality, safe healthcare for patients but there is a very real need to strike a balance between using personal health information to improve the delivery of care while also protecting people’s rights to privacy and confidentiality.”
It has been estimated internationally that up to 30% of a country’s total health budget is spent on health information – collecting, storing, managing and searching for it. It is therefore essential that it is managed as efficiently and effectively as possible in order to ensure value for money. Privacy Impact Assessments can make an important contribution to this.
“The public has the right to expect that their private information will be safeguarded and protected when it is given to those who deliver health services,” Professor Grimson said.
HIQA’s guidelines are a practical resource on how to strike this balance by outlining how, in practice, privacy can be appropriately considered and protected.
“We have developed the Guidance on Privacy Impact Assessment in Health and Social Care as a resource to show service providers how to ensure that they protect the privacy rights of the people using their services and to assist them in strengthening their own governance arrangements around health information,” said Professor Grimson.
Importantly, privacy impact assessments (or PIAs) also bring value and cost savings to healthcare projects. When conducted in the early stages of work, PIAs can demonstrate whether or not a project meets legal requirements for the storage of personal information and is viable to continue before significant investment is made.
The Authority’s guidelines provide a step-by-step guide on how to undertake a PIA and the important factors to be considered at each stage of the process. It is intended as a resource for all those involved in healthcare delivery, project planning and research.
Hat-tip, Irish Medical Times