SmartWard Pty Ltd offers a unique safety critical workflow engine (SWE) for hospitals, aged care facilities and other clinics. SmartWard’s SWE provides an Electronic Health Record (eHR), decision support and quality assurance at all stages of care to deliver better patient outcomes, while reducing healthcare costs.
We are committed to supporting our customers in protecting the privacy of patient information and to handling personal information in accordance with the Privacy Act 1988 (Commonwealth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation.
SmartWard’s customers are hospitals, aged care facilities other healthcare providers or an individual clinician. These customers, or in some cases, individual clinicians working in those clinics, make care plans and records using SmartWard and are the owners of these medical plans and records to the extent that they are their business record and property. However, the patient is the ultimate owner of the information in the record. Patient privacy requires that the patient information is kept confidential, secure and that the data retains integrity.
This policy describes SmartWard’s approach to helping its customers maintain patient privacy. The policy is an integral part of SmartWard’s Quality Management System (ISO9001 certified) and relevant staff are trained to understand its rationale and to implement it in company operations.
SmartWard’s software enables its customers to record and store patient information. SmartWard recognises that patient information should be released to others only with the patient’s permission or as allowed by law.
Responsibility for obtaining patient permission to release data, and decisions on to whom this information is released, are the responsibility of the customer that has licensed SmartWard’s software. SmartWard does not deal directly with patients and refers any queries from patients about data held in the SmartWard system to the customer to manage.
SmartWard staff only access or copy individual patient information when needed to diagnose issues reported by customers or to monitor system performance and when authorised by the customer to do so. When copied, all data is de-identified according to company-approved procedures to ensure no identifiable patient data leaves the production data environment.
Only individuals authorised by the hospital clinic, aged care facility, other clinic or the clinician become registered users within SmartWard. The nominated customer representative identifies the various staff roles within the clinic or facility and determines what information is needed by each role.
The customer’s system administrator, nominated by the customer representative, creates user accounts within the customer’s own identity store. Management of these user accounts and related authentication credentials is the responsibility of the customer.
In addition to supporting its customers to maintain confidentiality through appropriate permissions and user access, SmartWard also supports its customers’ security policies and procedures to protect patient information against unauthorised external access.
SmartWard is ISO 9001 certified through its entire development process.
SmartWard implements the following measures to ensure data security:
SmartWard co-operates with the customer on the physical security of and access to client hardware running SmartWard applications. Each party’s responsibilities are specified in a in Service Level Agreement with the customer. Generally, the customer’s responsibility includes:
SmartWard also co-operates with the customer in the implementation of a data disposal plan and in the removal of data from reusable hardware.
Should an unauthorized user gain access to clinical information contained in SmartWard, SmartWard will assist the customer, to the extent practical, to identify the extent of the unauthorised access and to enable the Customer to notify affected patients if that is required.
SmartWard recognises that data used in clinical decision-making must be accurate. The responsibility for taking measurements, and entering data accurately, rests with the customer’s staff. Once entered into a SmartWard SWE, all data is time, date and user identity stamped. Once saved into a SmartWard SWE, data can be changed by an authorised user. In that event, the previous record is retained and the date, time and identity of the user making the change is recorded.
SmartWard’s SWE may alert a clinician that an abnormal observation has been entered. This will be according to rules and guidelines provided officially to SmartWard by the customer and responsibility for the integrity of the rules and guidelines lie exclusively with the customer.