1. 1 Privacy and Health Information Debra Grant, Ph.D. Senior Health Privacy Specialist Information and Privacy Commissioner/Ontario Annual CAMRT Conference PEI Association of Medical Radiation Technologies Charlottetown, P.E.I. June 10, 2005

2. 2 Health Privacy is Critical The need for privacy has never been greater: –Extreme sensitivity of personal health information –Patchwork of rules across the health sector; with some areas in some jurisdictions still unregulated –Increasing electronic exchanges of health information –Multiple providers involved in health care of an individual – need to integrate services –Development of health networks –Growing emphasis on improved use of technology, including computerized patient records

3. 3 Unique Characteristics of Personal Health Information Highly sensitive and personal in nature Must be shared immediately and accurately among a range of health care providers for the benefit of the individual’s treatment and care Widely used and disclosed for secondary purposes that are seen to be in the public interest (e.g., research, planning, fraud investigation, quality assurance)

4. 4 Privacy Risks: Unauthorized Disclosures 3 rd Party Disclosures not authorized by patient may threaten integrity of system  Fear of stigmatization, discrimination, loss of employment opportunities, denial of insurance, denial of housing California HealthCare Foundation survey:  One in six people engage in privacy protective behaviour to shield themselves from misuse of their information

5. 5 Privacy Protective Behaviours  Multiple doctoring  Out of pocket payment  Avoiding testing  Avoiding treatment  Lying or withholding information from providers  Asking providers to misrepresent diagnosis in records  Inaccurate and incomplete information less helpful for primary purposes, such as treatment, and secondary purposes such as research

6. 6 Privacy Defined Information Privacy: Data Protection –Freedom of choice; control –Informational self-determination –Personal control over the collection, use and disclosure of any recorded information about an identifiable individual

7. 7 What Privacy is Not Security  Privacy

8. 8 Authentication Data Integrity Confidentiality Non-repudiation Privacy; Data Protection Fair Information Practices Privacy and Security: The Difference Security

9. 9 Fair Information Practices Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, Retention Accuracy Safeguards Openness Individual Access Challenging Compliance

10. 10 Legislative Context Patchwork of privacy laws Health sector provincially regulated and funded Provincial public sector legislation (applies to ministries, hospitals, in some jurisdictions) Provincial health sector legislation (Alberta, Saskatchewan, Manitoba, Ontario) Federal private sector (commercial health sector) Provincial private sector (Quebec, B.C., Alberta)

11. 11 Canada Privacy Act Canada Personal Information Protection and Electronic Documents Act BC Freedom of Information and Protection of Privacy Act BC Personal Information Protection Act Alberta Personal Information Protection Act Alberta Freedom of Information and Protection of Privacy Act Alberta Health Information Act Sask. Freedom of Information and Protection of Privacy Act Sask. Local Authority Freedom of Information and Protection of Privacy Act Sask. Health Information Protection Act Manitoba Freedom of Information and Protection of Privacy Act Manitoba Personal Health Information Act Ontario Freedom of Information and Protection of Privacy Act Ontario Municipal Freedom of Information and Protection of Privacy Act Ontario Personal Health Information Protection Act Quebec Act Respecting Access to Documents held by Public Bodies and the Protection of Personal Information Quebec Act Respecting the Protection of Personal Information in the Private Sector Nunavut Access to Information and Protection of Privacy Act Northwest Territories Access to Information and Protection of Privacy Act Yukon Access to Information and Protection of Privacy Act New Brunswick Right to Information Act New Brunswick Protection of Personal Information Act Privacy Legislation in Canada Nova Scotia Freedom of Information and Protection of Privacy Act Nova Scotia Part XX of the Municipal Government Act Prince Edward Island Freedom of Information and Protection of Privacy Act Newfoundland & Labrador Access to Information and Protection of Privacy Act This map is based on information taken from the Atlas of Canada Web site http://atlas.gc.ca. C 2003. Her Majesty the Queen in Right of Canada with permission of Natural Resources Canada.

12. 12 Impact of Legislation on Practice Most jurisdictions do not have privacy legislation that has been/will be declared substantially similar to the federal legislation – more than one statute may apply All privacy statutes are based on “fair information practices”

13. 13 FIPs Fair Information Practices 1.Accountability for personal information designate an individual(s) accountable for compliance 2.Identifying Purposes purpose of collection must be clear at or before time of collection 3.Consent individual has to give consent to collection, use, disclosure of personal information

14. 14 FIPs (cont’d) 4.Limiting Collection collect only information required for the identified purpose; information shall be collected by fair and lawful means 5.Limiting Use, Disclosure, Retention consent of individual required for all other purposes 6.Accuracy keep information as accurate and up-to-date as necessary for identified purpose 7.Safeguards protection and security required, appropriate to the sensitivity of the information

15. 15 8.Openness policies and other information about the management of personal information should be readily available 9.Individual Access upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and be given access to that information, be able to challenge its accuracy and completeness and have it amended as appropriate 10.Challenging Compliance ability to challenge all practices in accord with the above principles to the accountable body in the organization FIPs (cont’d)

16. 16 Ontario’s PHIPA Personal Health Information Protection Act Came into force November 1, 2004 Applies to organizations and individuals involved in the delivery of health care services (including the Ministry of Health) The only health sector privacy legislation in Canada based on consent Perhaps the only health sector privacy legislation that will be declared substantially similar to the federal legislation

17. 17 Records Management: General Practices Must take reasonable steps to ensure accuracy Must maintain the security of PHI Must have a contact person to ensure compliance with legislation, respond to access/correction requests, inquiries and complaints from public Must have information practices based on fair information practice and transparent to the public Must be responsible for actions of agents – train and educate all staff on privacy and security

18. 18 Issues Raised by Medical Radiation Technologists Individuals right of access to personal health information – who should be fulfilling the request Analogue images – must share original; custodian may not have custody or control of the image

19. 19 Privacy Issues: Emerging Medical Radiation Technology Move from analogue to digital imaging has both benefits and risks Digital images do not deteriorate; easier to store and manipulate Digital images can be shared electronically Digital images are one type of electronic health record – has some of the same advantages and challenges as any other EHR

20. 20 Electronic Health Records (EHR) Advantages  Improve quality and lower cost of health care  Quick access to wide range of data  Better security through more effective access controls and audit trails  Improve privacy protection by limiting access to those with a need-to-know (e.g., role based access)  Better data for health system management, enhancing quality of care, and research

21. 21 More about EHRs… Challenges  Facilitates data linkages and data sharing  Unauthorized access is more catastrophic due to volume of records and quantity and quality of data  Multiple users and multiple access points raises accountability issues and increase vulnerability

22. 22 Key Questions about EHRs  Is participation voluntary or compulsory?  What data should be entered on EHR?  Is data centralized or stored at point of generation?  How do you manage consent, particularly when integrating legacy systems not designed with consent in mind?  What level of security constitutes “reasonable steps”?  Who has access to what information and for what purposes?  If data centralized, who has custody and control of EHR? Who is accountable?

23. 23 Digital Imaging Digital imaging is considered to be a key building block for the EHR by CHI – substantial funding investment Digital imaging systems enable health care providers to view, manage, distribute and electronically store patients’ test images, MRIs, X-rays, CT scans, PET scans, and medical files from any location connected to the system The PACS (picture archiving and communication system) captures, stores and sends images using digital technology

24. 24 Digital Imaging Pilots London, Ontario pilot – goal is to share patient information among care providers across 8 hospitals, through a highly secure information network, to provide a seamless continuum of care Plan to expand pilot to other hospitals in Southwestern Ontario Radiologists and clinicians timely access to virtual imaging across the region will enhance patient care Second pilot implemented by the Fraser Health Authority involving 12 regional hospitals in B.C. CHI plans to fund two more digital imaging pilot projects

25. 25 Privacy Issues Who retains custody and control of the shared archive of images? Who decides who has access to what information in the archive and under what circumstance? Who checks for privacy breaches? Under what legislative authority can a custodian transfer custody and control of the images to a central archive? What is the legal status of a central archive? (e.g., agent, custodian, registry, etc)

26. 26 Attitudes of Canadians Office of Health and the Information Highway, Health Canada reviewed public opinion polls on the use of information and communications technology in the health sector (2002) Review suggests Canadians would welcome expanded role for information and communications technologies in the health sector, provided privacy and autonomy are protected 9 in 10 Canadians from all regions of the country support the development of information systems that would make it easier to access and share information But, Canadians have serious fears about the erosion of personal privacy and doubts about the security of the Internet

27. 27 Initiatives to Address Privacy Issues Harmonization of Privacy Rules Standardization of Privacy and Security Architecture for EHRs

28. 28 Advisory Committee on Information and Emerging Technologies (ACIET) Dec. 2002, Federal/Provincial/Territorial Deputy Ministers of Health created ACIET Mandate to provide policy development and strategic advice on health information issues and emerging health products and technologies

29. 29 ACIET on Privacy Privacy one of five initiatives identified for ACIET Examine how to adequately protect privacy of personal health information that will be collected/used/disclosed in a EHR system Pan-Canadian Personal Health Information Privacy and Confidentiality Framework finalized January 2005 – endorsed by all provinces and territories, except Saskatchewan and Quebec Framework loosely based on Ontario’s new Personal Health Information Protection Act

30. 30 Canada Health Infoway (CHI) CHI was established in 2000 to foster and accelerate the development and adoption of pan-Canadian interoperable electronic health information systems Currently working on an EHR Privacy and Security Conceptual Architecture

31. 31 Ontario’s E-Health Office Consent management framework Technological privacy principles for PHIPA compliance All work is being coordinated with work of CHI

32. 32 Legislation Necessary but Not Sufficient for Privacy Protection “The most effective means to counter technology’s erosion of privacy is technology itself.” Alan Greenspan, Federal Reserve Chairman “A technology should reveal no more information than is necessary…it should be built to be the least revealing system possible.” Dr. Lawrence Lessig, Harvard, September 1999

33. 33 Making Health Privacy Work: What You Can Do Think beyond legislation Use technology to help protect health information: –Build privacy right into design specifications –Minimize collection and routine use of personally identifiable information – use aggregated or coded information if possible –Use encryption where practicable –Think about anonymity and pseudonymity –Conduct privacy impact assessments

34. 34 How to Contact Us Debra Grant Senior Health Privacy Specialist Information & Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 Phone: (416) 325-9170 Web: www.ipc.on.ca E-mail: debra.grant@ipc.on.ca