Clinical Information Sharing
Privacy and Security Training and Attestation
InfoCare: On Our Best Behaviours (search for courses matching "InfoCare" and complete online)
Physicians who complete InfoCare training via MyLearningLink (MLL) but find that MLL does not credit them for completion (check online learning tips to minimize technical problems) should email email@example.com with the subject "Move InfoCare to Complete", stating in the body of the email that they completed the course, accept the attestation (as linked above) and request immediate course completion credit.
Information Sharing Compact
A Clinical Information Sharing Compact summarizes rights and responsibilities related to health information sharing that AHS and affiliated physicians agree to uphold:
Key physician responsibilities include:
Patient-Centred - Embrace and support information sharing for patient well-being and clinical improvement.
Provider Access - Care for and secure CIS personal access credentials, while keeping practitioner contact information current and accurate.
Patient Access - Respond to patient queries about CIS records and direct as appropriate to AHS information services.
Disclosure - Respond promptly when made aware of information disclosure needs, respecting patients’ expressed wishes.
Protection of Information - Be aware of and adhere to CIS information protections, and notify AHS when compromise or breach is suspected.
Information Use - Be accountable for the allowed use of CIS health, clinician and organizational information, while respecting the contributions of others.
Clinical Improvement - Identify opportunities for clinical and health system improvement, and collaborate to produce and use the information required.
Accuracy - Completely, accurately and promptly document within the CIS, heeding minimum use norms, and report possible errors.
Governance - Take advantage of opportunities to meaningfully participate in information-sharing governance structures, including reporting information-sharing issues for review.
Prescribers use tools and functions within the CIS to help comply with provisions of CISA, the Information Sharing Compact, organizational policy and health legislation.
Some tools are most commonly applied by registration staff to protect demographic, contact or billing information by changing a patient’s status to “confidential” or marking an encounter as “private”. Other tools are more commonly managed by nursing and other clinical staff to highlight unique information sharing risks that might occur with guardianship or visitor restriction situations.
There are also features to assist with information challenges such as release restrictions and identity theft. Although these issues are often managed through health information management, it is important for all Connect Care users to understand their role in applying and interpreting the associated warnings.
A few tools are more commonly used by prescribers. These mostly relate to extra privacy protections that a prescriber may need to leverage to facilitate patient trust and relationships or otherwise mitigate information-sharing challenges. All are well explained in the resources listed below. Five are particularly important:
Patient Level - Confidential Patient
If turned on, this property applies to the entire Connect Care record including all outpatient, ER, inpatient and continuing care encounters. Identifiable information will not appear in patient lists and way-finding reports (i.e., all encounters are marked “private” automatically) and Break-the-Glass (BTG) protocols are applied to the record at the patient level. The Alberta Netcare Portal is set to match this state, expressed as global person-level masking with BTG required for any information access.
Physicians do not normally directly mark patient records as confidential. However, they can counsel concerned patients about how to submit a request, and their signature is required to support a request (see form listed in resources below).
Encounter Level - Break-the-Glass
If turned on for a specific encounter (e.g., outpatient visit, hospitalization), users need to re-enter their login credentials in order to access information related to the encounter or to open the encounter where Break-the-Glass (BTG) is in play. A reason for seeking access must be provided. All BTG accesses are subject to a BTG audit report.
Prescribers do not normally turn this encounter protection on as it does increase the risk that information will not be accessed as required for continuity of care. If confident about the relevant policies, BTG can be activated for an encounter by opening the patient chart to that encounter, then opening the FYI flags activity, either by activating the flag icon at the top of the Storyboard (leftmost column of the opened chart) or by using the top-right Search function to look up "FYI". A BTG flag can be added with this activity. A reverse process is used to deactivate the BTG status associated with an encounter. Detailed instructions are available in the resources listed below.
Documentation Level - Sensitive Note
If turned on for a specific documentation object (e.g., progress note), then the associated documentation can only be viewed by users belonging to the same login department as the author, by users sharing the same specialty as the author and by the health information management access and disclosure team. The "sensitive" note property can be removed later if circumstances have changed. It cannot be applied to consult notes. Any note marked as sensitive will not be shared to Netcare.
A note is made "sensitive" by selecting the "Sensitive" button appearing at the top of eligible notes in Hyperspace note editing tools. The "sensitive" property can be removed by doing an "Addendum" to the note at a later time, then deselecting the "Sensitive" (lock) icon/button. The Notes tab in Chart Review includes a column with "Sensitive" or "Not Sensitive" showing the status of the listed notes.
Sensitive notes should be rarely used. Particular care is required to separately document information required for patient safety or continuity of care.
Documentation Level - Sensitive Letters
Similar to sensitive notes, the ability to mark a letter as “Sensitive” is available. When a letter is marked sensitive, it will only be routed to the selected recipient(s) of the letter and will be excluded from Netcare and automated eDelivery to the patient’s Primary Care Provider (PCP). The patient’s PCP will only receive a letter marked as sensitive if they are specifically selected as one of the recipients. Additionally, in Hyperspace, viewing of the letter contents will only be available to users with the same specialty as the letter author, users logged into the department of the patient’s encounter, or users logged in to the virtual department that matches the specialty of the encounter department.
A letter can be marked as “Sensitive” by selecting the “Sensitive” button appearing in communications workflow. The “Sensitive” property can be removed by selecting the “Addendum” option in the identified letter and unchecking the “Sensitive’ designation. Only the author of the letter can adjust the sensitive properties of the letter.
Sensitive letters should always be used with discretion and professional judgement, and in a manner that supports access to health information required for continuity of care.
For more information on the use of this feature, see the Confidentiality Practice Guidelines.
Guardianship & Information Access Flag
This is an important "FYI" flag that captures information pertinent to complex situations involving alternate decision-makers or restrictions about sharing patient information with certain members of the patient’s family or support network. This is relevant to prescribers who may be responsible for obtaining informed consent.
Release Restrictions Flag
This "FYI" flag appears when there is information captured in a patient’s record that should be reviewed prior to disclosure and where that information may not otherwise be reviewed (i.e., information about a confidential source of information that should not be disclosed to the patient). This is important to prescribers when they may have concerns that certain information would carry a safety or privacy risk to the patient or another individual if disclosed.
MyLearningLink: Epic – Confidentiality Features in Connect Care (this module helps Connect Care users develop knowledge and understanding of the confidentiality features and context for their use)