Data Inspection Board has decided to initiate a review of all county councils to see how care providers restrict employee access to patient data and caregiver can detect unauthorized access.
In August, the Data Inspection Board, DI, finished with an examination of the Karolinska University Hospital in Stockholm. The audit found that staff had the authority to access patient data. The hospital also lacked written policies that describe what is unauthorized access to patient data.
– Patient law is clear, medical staff should only have access to the patient information needed to perform their tasks. There must also be effective and documented procedures to detect unauthorized access, says Suzanne Isberg, who led the DI’s review of the Karolinska Hospital, in a press release.
The results of the survey will allow the Authority is now conducting a similar control of all the country’s other counties and regions.
Matters DI will ask is if there is a documented need and risk analysis, and if there are written guidelines that describe what is unauthorized access.
One needs and risk analysis, according to DI, indicating the access to patient data as various staff need to have and what the risks are if the staff can access more or to get patient data than necessary to perform their duties.
“When someone such as opening a patient record shall be logged. logs can then be checked to see if the access was unauthorized. The inspection work required written policies that describe what is unauthorized access,” the authority said in a statement.
Photo: TT
No comments:
Post a Comment