Protecting privacy in CareConnect

Work group evaluates options surrounding patient confidentiality

Important decisions are being made daily about CareConnect, UCLA's electronic health record program, which will affect about 15,000 future users and improve the care we provide to every one of our patients.

Many complex decisions go through an extensive approval process -- discussion at validation sessions, by work groups, and by advisory groups before being considered by CareConnect's Executive Oversight Board -- including some that surround the issue of patient confidentiality.

A Confidentiality Work Group, made up of faculty and staff members from clinical, medical records, privacy, and information security departments, was formed specifically to evaluate CareConnect functions relating to protecting patient records.

"Our patients trust UCLA Health System with their health and personal information. We're committed to protecting patient privacy, and we're working through this work group to incorporate the required protections into CareConnect," said Ann S. Chang, chief information security officer, UCLA Health System and David Geffen School of Medicine at UCLA.

The Confidentiality Work Group is one of more than 40 groups formed to evaluate workflows that needed further discussion beyond the validation process. These issues have such wide interest throughout the health system that several physicians, as well as staff members from billing and ambulatory clinics, who were not part of the work group crowded into the Sept. 7 session to take part in the discussion.

The discussion surrounded: private encounters, when patients request that their visit remain confidential; confidential addresses, when correspondence is sent to a different address from a patient's permanent address; "break-the-glass," a set of security checks that require a CareConnect user to enter a reason and password each time they access the medical information of patients; and pseudonyms, confidential names to protect a patient's real name and identity.

Debate surrounded break-the-glass requirements, including how often a CareConnect user would need to break-the-glass when accessing a patient's records. The work group recommended enforcing break-the-glass requirements for access to medical records of all UCLA Health System patients who are employees. The Security Advisory Group will pass along the recommendation to the Executive Oversight Board for final resolution sometime later this year.

Another popular topic was the use of pseudonyms, which Chang said currently involves about 80 health system patients. It's a process that comes with its share of challenges.

"Pseudonyms give us a way to hide patient identities, but the downside is that patients can forget they have a pseudonym. As a result, they may end up having two medical record numbers -- one under their pseudonym, and another under their true name. We are working to figure all that out," Chang said.

Chang said the Confidentiality Work Group is on a very tight deadline, as many decisions need to be made by the end of October, and other findings will be forwarded to the Security Advisory Group and EOB for resolution. The work group also plans to involve individuals from departments such as billing, ambulatory, admissions, and registration.

The focus is on protecting privacy with minimal impact on providers, while making sure the confidentiality functions are as easy and straightforward as possible for the front desk employees who will be setting these options up for patients on a daily basis, she said.

Though there is a significant amount of work ahead to evaluate all options provided by CareConnect, Chang is confident the system will streamline and improve current processes.

"CareConnect is one system that will replace 65 systems. We will only have to address breaking the glass in one system; we will only have one system to audit. That helps us to be more consistent. We will be able to protect patient privacy in CareConnect in a more consistent and thorough manner than ever before," she said.

The seventh round of validation sessions will be held Oct. 4 - 6. Click here to visit the validation page.

Click here for a current list of work groups on the CareConnect website.

Below are photos from the Confidentiality Work Group session:

The Confidentiality Work Group tackles issues such as when CareConnect users must "break-the-glass" by entering a reason and password before being able to access a patient's records.	It's standing-room only as physicians and staff from billing and ambulatory clinics who are not part of the work group crowd into the conference room on Sept. 7 to participate in the discussion.
Margrit Carlson, MD, (left) a specialist in infectious diseases, asks a question, as Paula Van Gelder (center), assistant director, health information management services; and Angela Price (right), project manager, faculty practice group - ambulatory operations, look on.	Robert Gross (left), chief privacy officer, and Ann S. Chang (right), chief information security officer, review CareConnect workflows related to patient confidentiality.