Transcript COACH Guidelines Review: Background
Health Data Use in Canada: ’Secondary” but Important, MIE 2009
E. Sawatsky & Assoc. .Inc
Secondary Use of Data
Canada’s EHR: We want information. We want privacy.
Translation: we want our society to provide good healthcare & provide human rights, respect and a society that values us.
Privacy advocates are concerned
E. Sawatsky & Assoc. .Inc
Why DO we want an EHR?
For better healthcare, better planning predicated on better data, more available to the right person at the right place at the right time But… for the right use Use is not always described explicitly
E. Sawatsky & Assoc. .Inc
The Unknown: Change
Business goals: Patient safety Financially sustainability Legal compliance Good corporate citizen Credible Trusted When the organization fails in one area it can create a lack of trust so that opportunities are lost in another. E.g. a privacy breach may affect a future business opportunity.
E. Sawatsky & Assoc. .Inc
The World is Changing
The world and its complexity – The technology Persons and their expectations All of which relate to both privacy and the EHR as well as how we use health data for other purposes E. Sawatsky & Assoc. .Inc
Privacy is About Data
Data represents a person, in a certain way.
It can be:
Complete, or not
Accurate, or not
Relevant, or not
Unbiased, or not and from,
any number of perspectives
E. Sawatsky & Assoc. .Inc
Complex Environments
There is greater risk due to: More stakeholders Political issues External partners (i.e. less control) New technology Less flexible organizational culture High investment Low tolerance for failure E. Sawatsky & Assoc. .Inc
Complex Environments
But most of all the complexity comes from ….
the need to integrate data, to provide integrated Services …….
…..to an
‘integrated’ Individual
A integrated ‘system’ includes: data, technology, people and processes – within a scope (program, dept, organization, the world.
E. Sawatsky & Assoc. .Inc
Complex Environments
Require
Greater oversight
More planning, reporting, communication
More data protection
Privacy culture
There is a conflict with those who would like things to remain simple, less overhead.
E. Sawatsky & Assoc. .Inc
Complex Environments
An era of dramatic change and opportunity Adoption of electronic medical records across the system. Barriers have been dramatically eliminated due to the electronic format. Significantly easier to link data - far more significant disclosures.
The potential value to individual patients and the health system is huge, as are the potential risks.
Requires a a policy infrastructure which balances the public interests with the right of an individual – the balance of the positive needs of society versus the autonomy of the individuals. Fundamental is the ethical use of information - often with vague definitions and/or categorizations – requires more clarity and effective oversight of the entire process. Where consent is not required an effective governance model is key to uphold the principles : openness, transparency, and accountability E. Sawatsky & Assoc. .Inc
Complex Environments
The level of due diligence must be commensurate with potential risks, fulfill legal and ethical duties, and should at a minimum include: Definition of the purpose and data requirements of the secondary use Assessment the legal considerations Assessment of the ethical considerations Apply specific rules for research Establishing the consent model, and engage an approval and oversight process as required Establishing the data and security controls Source:
Alberta College of Physicians and Surgeons
E. Sawatsky & Assoc. .Inc
Complex Environments
Requires a strong business focus in order that the various risks are: Identified, Assessed, Mitigated, Balanced, ………. And privacy risk is only one Requires the assumption that data will be protected Requires understanding of the ‘business’ within its broad context: financial, legal, public relations E. Sawatsky & Assoc. .Inc
How Can We Change the Approach to Privacy
Often the previous approach has failed Privacy is a societal construct We cannot build a new concept with outdated methods Will the concern go “out of date” Privacy as an industry is not yet well evolved. (what is a PIA for anyway?) A task on a project plan?
An exam at the end of your project?
A risk management exercise?
E. Sawatsky & Assoc. .Inc
The Data Warehouse
The Provincial Health Services Authority: Mandate: to ensure the planning, coordination, accessibility, quality, efficiency and effectiveness of selected province wide health care programs by separately incorporated organizations.
Province-wide coordination of certain programs, services and support systems which are required by or applicable to all six health authorities and/or the B.C. Ministry of Health.
Each of PHSA and these five agencies are classed as “public bodies” under the FIPPA legislation, and are subject to its public disclosure rules. The agencies (Branches) are: British Columbia Cancer Agency, British Columbia Centre for Disease Control British Columbia Mental Health Society British Columbia Transplant Society Children's and Women’s Health Centre E. Sawatsky & Assoc. .Inc
The Data Warehouse
PHSA and its Branches - further information-sharing is appropriate in support of a data warehouse. Operate as an Integrated Program, performing information analysis and planning for PHSA and Branches. Will provide integrated data and information products and services in support of coordination & management of PHSA, PHSA Programs and Branch programs.
Formulation of health service delivery policy , Policy analysis, evaluation and correction, Synchronization of health programs and activities, Regulation and enforcement, Intelligence gathering to monitor and evaluate programs and services, Communication.
E. Sawatsky & Assoc. .Inc
The Data Warehouse
Program activities include providing information, data and reports in order to support performance management, quality and safety of services, and program evaluation. Use of identifiable data is subject to ethics rules.
FIPPA states no harm must come to the individual.
Will use ISO standards currently being developed for Clinical Data Warehouse, Dr. Andrew Grant University of Sherbrooke, Quebec E. Sawatsky & Assoc. .Inc
The Data Warehouse: An ‘Integrated Program’
Requirement: legal standing Requirement: appropriate governance Requirement: Accountability Requirement: Policy Requirement: Defined Purposes Requirement: Controls Default: Anonymisation E. Sawatsky & Assoc. .Inc
An Integrated Program
Governance is Key Operating Policy Budgets Tools: Agreements Tools: Terms of Reference Requirement: protect ‘secrets’ E. Sawatsky & Assoc. .Inc
Risks: Collection
Privacy law always states:
collect only what you need
Data Warehouse = all data How do you know tomorrow’s questions How can the risk be reduced?
MBUN? Anonymous?
Saying ‘no’ – builds trust Strong operational policy & flawless execution E. Sawatsky & Assoc. .Inc
Risk: Use
The University of Ottawa, Department of Medicine has developed some new Privacy Enhancing Technology.
Based on a Strong mathematical foundation, and Peer reviewed algorithms They have a new paper published in the
Journal of the American Medical Informatics Association
describing their de identification algorithm: http://www.jamia.org/cgi/content/abstract/M3144v1 which produces a globally optimal solution that ensures minimal distortion of the data, and they (say they) show that it is the fastest algorithm available today that is optimal and that is suitable for health datasets. It is implemented in their Privacy Analytics tool.
The tool performs assessment of the risk of re-identification, de identification, pseudonymization.
E. Sawatsky & Assoc. .Inc
Risk: Disclosure
For what purposes may data be disclosed? May be different from the collection uses. This distinction will be made in the ISO Data Use standard now in development.
What technical controls are applied?
What administrative controls are applied?
Expensive? No question Valuable? No question E. Sawatsky & Assoc. .Inc
Risk: Retention
Physical and technical and administrative controls must be absolutely impeccable. We know this. We may not always do it Destruction techniques must be solid Openness and transparency for all collection, use and disclosures Language is an issue. USA didn’t like “disclosure” - wanted “sharing”.
E. Sawatsky & Assoc. .Inc
Risks: Retention
Risks to groups – First Nations, PWA, family relationships Linkage policy must be carefully set Privacy law says: no harm Who decides what is harmful?
E. Sawatsky & Assoc. .Inc
Risk: Retention
What if the organization fails?
Who will take the data?
Who should take the data?
What will be expected?
What will Archives want?
E. Sawatsky & Assoc. .Inc
Changes Required
Assumptions Identified data disclosed only under strict control, very limited and justified No access to identifiable data except in justifies and defined circumstances Continued oversight to ensure procedures don’t slip Process to define new purposes OPENNESS TRUSTED E. Sawatsky & Assoc. .Inc
Registries Data & Services
Client Registry Provider Registry Location Registry Terminology Registry
HIAL & Services
PHS Reporting Shared Health Record Drug Information
EHR Data & Services
Diagnostic Imaging Laboratory Business Rules EHR Index Message Structures Normalization Rules Longitudinal Record Services Common Services Communication Bus Security Mgmt Data Privacy Data Configuration
Data Warehouse
Health Information Public Health Services
POINT OF SERVICE
Public Health Provider Pharmacy System Pharmacist Radiology Center PACS/RIS Radiologist Lab System (LIS) Lab Clinician Hospital, LTC, CCC, EPR Physician Office EMR EHR Viewer Physician/ Provider Physician/ Provider Physician/ Provider E. Sawatsky & Assoc. .Inc
What’s in a name? Secondary vs. Primary
CIHI & HSU Canadian Institute for Health Information uses the term, ‘health system use’ but that is only one way of grouping some of the use descriptions.
Everyone wants the data Assumptions have been made that it will be available but now the discussions have meaning – they are taking place. There can be quite a bit of conflict and we are working through that E. Sawatsky & Assoc. .Inc
Canada Health Infoway and The Canadian Institute for Health Information
CHI: provides leadership, is arm’s length and national, but their strategy is to enable the P/Ts and CHI so that the individual systems are ready to ‘disclose’ data in a standardized way and that is designed in. Data will go from HA – MOH – CIHI (high level rolled up) CIHI has a definition of Health System Use E. Sawatsky & Assoc. .Inc
Canada Health Infoway and The Canadian Institute for Health Information
CHI & CIHI’s opinions go into the ISO data purposes work that Canada is doing.
CIHI is working toward a Pan Canadian data set. They have worked out the technology approach and now will engage the public and physicians. In December of ‘08 the Ministers of Health made the decision to include secondary use in their design Infoway (CHI) funded projects will ensure it is included.
E. Sawatsky & Assoc. .Inc
Canadian Institute for Health Information: Approach
Health System Use Project: A collaboration of the Provinces, Territories and Federal governments, Canada Health Infoway (Infoway, CHI) and Canadian Institute for Health Information (CIHI) Being done using two working groups with senior representation Health System Use (HSU) of data is essential to improving patient care and managing the health system.
Timing is critical for Health System Use as significant investments in EHR/EMRs are being made now. Canadians support the public system and improvements in it (i.e. EMR/EHR = better information) Strong support from heavy users (seniors and those with chronic diseases) There is general trust that the public system will protect privacy E. Sawatsky & Assoc. .Inc
.
Canadian Institute for Health Information: Approach
Resistance and opposition more likely to be initiated by stakeholders Physician concern regarding “score-carding” Physician concern will be articulated as violations of patient/physician privilege Commercial sale of data will threaten privacy and expose patients to discrimination by insurance companies, employers etc They mean to have one flexible covenant that can provide an umbrella of assurance which 1.
Will reflect the philosophy of current legislation 2.
Will be written in plain language 3.
Articulates how data will and will not be used E. Sawatsky & Assoc. .Inc
Jurisdiction Findings 5 Part Strategy Next Steps
A 5-PART STRATEGY to address technical requirements
1 2 3 4 5
Defining the Vision Seizing Opportunities Supporting Jurisdictions Developing Standards to Support Health System Use Getting the Architecture Right Health System Use Presentation to Conference of Deputy Ministers E. Sawatsky & Assoc. .Inc
33
Appendix A
Defining the Vision
Framework and Illustrative Examples (draft)
DIRECT PATIENT CARE AND IMPROVED HEALTH OUTCOMES
Clinical Program Mgmt (inc. QI and DS) Health System Mgmt (Administrative) Surveillance (Pop. Health and Health Services) Research Use of data for direct management of health services and programs including quality improvement & decision support (program level)
Example:
Chronic disease management tools based on clinical practice guidelines are used by physicians to screen for and then assess and recommend care for chronic disease sufferers
Use of data to manage health system performance including analyses, planning, and monitoring, for example
Example:
Analysis of ACSCs led to development of access initiatives in low SES neighbourhoods
Use of data for population health services surveillance
Future example:
Use of data from ERs and primary care offices for real time management of influenza
Use of data for research
Future example:
Use of EMR data to study impact of cardiac care guidelines on morbidity, mortality in large populations
E. Sawatsky & Assoc. .Inc
3
Appendix B
Seizing Opportunities
Incorporate limited set of primary health care data requirements into Infoway’s EMR Investment Strategy - Summer 2009.
PRIMARY HEALTH CARE
Candidates for future HSU priorities
DRUGS HEALTH HUMAN RESOURCES CLINICAL / ADMINISTRATIVE DATA (e.g., DAD/Lab/DI ) Infoway
EMR Investments Drug Information Systems (based on CeRx) Provider Registries EHR Specifications
PUBLIC HEALTH WAIT TIMES ADMISSION / DISCHARGE / TRANSFER
Immunization Repository EMR, Hospital System Enhancements Align with Potential Standard E. Sawatsky & Assoc. .Inc
3
Appendix D
Standards Framework
E. Sawatsky & Assoc. .Inc
3
Canadian Province’s Approach
Different in each province but they are moving in the same general direction.
Timing is different Smaller populations do it sooner E. Sawatsky & Assoc. .Inc
ISO Standards Work
Data Uses/Purpose of Use/ for ‘processing ‘ Meant to support electronic communication.
Was identified as a gap in 13606 A fundamental principle underlying data use is that the purposes for which data was orginally collected and that subsequent processing activities be the same or are Permitted.
A standardised list of purposes, forms the foundation for correspondence of permitted purpose between users, systems, organisations or policy domains.
First categorize on who benefits: exclusively the patient? Or a more broad benefit?
Dipak Kalra/UK Elaine Sawatsky/Canada, Italy, Brasil, Finland E. Sawatsky & Assoc. .Inc
Data Use
Interoperability standards are expanding the capacity for organizations to exchange data. In order that data collection, storage, access, analysis, linkage, communication, disclosure and retention of the data (collectively called processing) is appropriate it will require fully computable policy that are themselves interoperable, so that requests between heterogeneous systems can all be evaluated consistently.
Knowing the purpose for which access to information is intended is essential in order to determine if access to data for processing activities are appropriate. This problem has become not only one of determining that a user has permission to access particular items of information but also that the user has permission to use them for a specified purpose.
It is therefore essential to ensure that the context within which access and use is asserted is the correct one. Purpose when clearly defined, helps to ensure that access to protected information items is granted to properly authorized users under a specific, appropriate and unambiguous policy. The explicit declaration of intended purpose prior to being granted access also helps to ensure that users understand that such access does not imply that use is also permitted for other undeclared purposes. Purpose of use helps bring clarity to situations where there are multiple and potentially conflicting contextually sensitive policies for identical users’ access to identical information items.
E. Sawatsky & Assoc. .Inc
AB College of Physicians & Surgeons
Secondary use of health data can enhance health care experience, expand knowledge ,strengthen understanding and support public health goals. Secondary use is a necessary and accepted part of our health system supporting the effectiveness, efficiency and sustainability of the health system and an integral part of the cycle of research, medical evidence, accepted knowledge base It is therefore critical to promote and enable secondary uses. Secondary uses are almost always directed to populations and impact broader social, political and cultural aspects The following principles relating to secondary uses are added to the CPSA data stewardship principles: Openness and transparency for all secondary uses Oversight and accountability Respect for personal privacy Patient, health system or social benefit Balance and reciprocity E. Sawatsky & Assoc. .Inc
AB College of Physicians & Surgeons
Absent in this environment is a governance process that would provide an ongoing review and oversight of the application of “reasonable public expectations” in specific approvals and uses, as well as the monitoring of parallel and unrelated events impacting the overall balance (i.e. evaluate incremental impacts of secondary uses and reaching the “slippery slope” or crossing a “tipping point”).
A governing body, spanning health system sectors and groups as well as having public representation could provide this oversight. The mandate would be to protect the public interest as well as vulnerable individuals and populations by setting and monitoring parameters for purposes deemed within the “public interest” and “reasonable public expectations”. Physicians who will be using data for secondary purposes, or disclosing information for subsequent secondary purposes are expected to perform a level of due diligence prior to using or disclosing information for secondary uses. E. Sawatsky & Assoc. .Inc
Contacts
Ognjenka Djurdjev, Corporate Director PHSA, [email protected]
Khaled el Emam, U of Ottawa, [email protected]
Louie Barre, Canadian Institute for Health Information, [email protected]
E. Sawatsky & Assoc. .Inc