GMP Training Program Module 7 Information Management Information

GMP Training Program Module 7 Information Management

Information Management Plan (IMP) Goal of IMP: To provide processes to effectively and efficiently manage paper-based and electronic based information systems. 07/2013

IMP Topics Data and Information Privacy and Confidentiality. l Information Security Process: l – Paper Based – Electronic Information Systems l Data Capturing and Processing: – Standardized data and terms – Standardized forms and data systems 07/2013

Data and Information Privacy and Confidentiality l Data/Information Classification System: – Public – Information available to general public – Internal Use Only – Items such as rosters, policies and procedures. OK If public sees – Confidential – Use only within GMP – Public not to see – Restricted Confidential – Most sensitive medical and business information. Release of such information could seriously and adversely affect patients, employees and business associates 07/2013

Data and Information Privacy and Confidentiality (cont. ) l Protected Health Information (PHI)* – HIPAA Definition: “Individually identifiable health information that is maintained or transmitted in any form” – Only “minimum necessary use information” can be released from or used by GMP in the request for information – It is the responsibility of all GMP staff to protect all PHI and report any known or suspected unauthorized access or use of such information * See Orientation Module 12 – HIPAA for more details. 07/2013

Information Security Process Access to Paper Based Information l Patient Information – Access only on a “need-to-know” basis (Homecare Record) l Employee Information – Access limited to President or staff authorized by President. (HR, Medical and Training Records) l GMP Business and Financial Information l Limited access as authorized by President to Accounts Payable, Accounts Receivables, Payroll 07/2013

Information Security Process (cont. ) Access to Electronic Information Systems l Only authorized personnel have access to GMP’s computer system. l Employees with access are accountable for all computing activities they perform. l Misuse or Violations of Computer security procedures may warrant immediate revocation of access and/or termination and civil or criminal legal action. 07/2013

Electronic Information Security l Prohibited Activities: – Using computer for personal business or gain – Interfering with GMP operations – Altering or deleting data or software – Unauthorized browsing of patient, employee, or GMP business information – Installing unauthorized or illegal software – Unauthorized access to internet sites 07/2013

Computer Passwords and User ID l l Passwords and a User ID is required for computer access. Levels of access will be assigned based on information required to perform job duties. Passwords will be changed immediately if they have been used by an unauthorized party. Passwords and ID may not be displayed on computer or at user’s workstation. DO NOT SHARE YOUR PASSWORD OR USER ID WITH ANYONE. 07/2013

Computer Terminals/Workstations As Practical, workstations are to be positioned so screens are not visible to public or unauthorized staff. l Users may not leave terminal unattended for long periods of time. Log off! l Clear screen when leaving terminal for brief time. l 07/2013

Facsimile Machines (FAX) l l Fax machines may not be located in areas that are accessible to visitors or general public. GMP’s Fax Cover Page must be used when transmitting confidential information. Cover Page must include a statement: – “The documents accompanying this fax transmission are confidential Information …. . If you have received this fax transmission in error …. ” l Senders of Fax must ensure appropriate consents have been obtained from Patient. 07/2013

Facsimile Machines (FAX) (cont) l Use “Fax Security Precautions” for all confidential information (see information classifications) – Sending a fax: l l l Ensure each page is marked “Confidential” Verify fax number before sending document Contact Recipient to inform them of transmission – Receiving Fax: l l Immediately remove fax from machine If you are the unintended recipient, immediately deliver it to correct person Protect patient information from unauthorized view or disclosure Immediately contact sender if information was received in error 07/2013

Electronic Mail (e-mail) l Personal use of e-mail and Internet: – Must be limited to meal and break times – Does not interfere with normal business – Does not interfere with work productivities – Messages may not be maintained for more than 30 days l All messages originated or received are considered “property of GMP” and are subject to review and monitoring. 07/2013

Electronic Mail (e-mail) (cont) l Examples of improper use of GMP e-mail and Internet Services: – Sending or forwarding harassing, obscene or threatening messages – Gambling, surfing or downloading pornography – Downloading or sending confidential patient or other protected information – Obtaining access to files of others without proper authorization – Using e-mail system for solicitation, political messages, or other illegal activities 07/2013

Disposal of Files and Data l Printed Material: – Confidential or protected information shall be shredded l Electronic Material – E-mails and correspondence may be deleted using normal programs – Diskettes are to be destroyed by cutting into pieces – Computer tapes and disks may be reused by writing over or reformatting 07/2013

Data Capture and Processing l Only GMP Standardized terminology, classifications, abbreviations, etc. are to be used when recording patient information. l Abbreviations listed on the Joint Commission “DO NOT USE” LIST shall not be used! See handout for Details 07/2013

Data Capture and Processing (cont) l Standardized forms to allow GMP to gather data in a consistent manner: – Patient Information Forms l Patient Intake, POC, PCC – Equipment Maintenance and Control Forms Delivery, Pick-up and Service call forms, l Vehicle Maintenance, safety inspection, trip sheets l – Personnel and HR forms 07/2013

Homecare Record Guidelines l l All patient related paperwork and data entered into the Bonafide database shall be made a permanent part of the Homecare Record. Only authorized staff may make entries in the Homecare Record. Standardized forms and assembly methods are to be used. All paperwork and/or Bonafide database data shall be completed and placed in the Homecare Record within 72 hours after admission of a patient. 07/2013

Homecare Record Guidelines (cont) l Each Homecare Record must contain the following: – Clinical Information – Demographics – Additional Information Relevant communications and transfer forms and/or summaries l GMP service forms (POC, PCC, Delivery) l Consent Forms l See Handout for Details 07/2013

In Summary l l Information is an important resource in the management of quality patient services and business operations. The privacy and confidentiality of information applies to all GMP systems. All of GMP’s information must be safeguarded against inappropriate use, loss, destruction, or tampering. GMP personnel shall use and follow GMP’s standardized data sets, terminology, forms and file layouts. 07/2013

For More Information GMP’s Policy and Procedure Manual l Ask your Supervisor l 07/2013