In EMIS Web, confidentiality policies are designed to protect patients’ personal data while allowing appropriate access for clinicians and administrative staff. These policies serve as a safeguard within the healthcare setting, helping to ensure that sensitive information is accessed only by authorised users.
Standard Confidentiality Policies in EMIS Web
EMIS Web includes several standard confidentiality policies that restrict access to specific healthcare professionals. The policies are:
- Clinician Only: Grants access exclusively to clinicians within the organisation.
- Doctor Only: Restricts access to doctors only, within data-sharing agreements.
- Mental Health Professionals: Designed for mental health practitioners to access records pertinent to mental health care.
The Confidentiality Policy Manager in EMIS Web allows practices to apply these policies to patient records or individual data items. For example, you can protect the entire record of a patient who may have relatives within the practice, or specific items such as sensitive medical conditions.
Applying and Managing Confidentiality Policies
Confidentiality policies function as flags on patient records or data items, dictating who can access that information. These policies are assigned to work groups, essentially collections of job categories that define which users can apply or access the confidential information.
Users assigned to a relevant work group can view information covered by a confidentiality policy without restriction, while those not included in the group may see an indication of confidentiality but cannot access the protected details unless they can override the policy.
"Applying confidentiality policies to specific records saves time by ensuring sensitive information is only viewed by necessary personnel, improving security and streamlining access management."
RBAC (Role-Based Access Control) activities are essential for managing confidentiality policies. For instance, users with the B0080 Establish Sealing Controls activity can apply or remove confidentiality policies, while B0070 Access Patient Sealed Data allows for policy override in clinical necessity, with proper auditing measures.
