Privacy and Health Information

Debra Grant, Ph.D.

Senior Health Privacy Specialist Information and Privacy Commissioner/Ontario

Annual CAMRT Conference PEI Association of Medical Radiation Technologies Charlottetown, P.E.I.

June 10, 2005

1

Health Privacy is Critical

•

The need for privacy has never been greater:

– Extreme sensitivity of personal health information – Patchwork of rules across the health sector; with some areas in some jurisdictions still unregulated – Increasing electronic exchanges of health information – Multiple providers involved in health care of an individual – need to integrate services – Development of health networks – Growing emphasis on improved use of technology, including computerized patient records 2

Unique Characteristics of Personal Health Information

• Highly sensitive and personal in nature • Must be shared immediately and accurately among a range of health care providers for the benefit of the individual’s treatment and care • Widely used and disclosed for secondary purposes that are seen to be in the public interest (e.g., research, planning, fraud investigation, quality assurance) 3

Privacy Risks: Unauthorized Disclosures

3 rd Party Disclosures not authorized by patient may threaten integrity of system

 Fear of stigmatization, discrimination, loss of employment opportunities, denial of insurance, denial of housing

California HealthCare Foundation survey:

 One in six people engage in privacy protective behaviour to shield themselves from misuse of their information 4

Privacy Protective Behaviours

       Multiple doctoring Out of pocket payment Avoiding testing Avoiding treatment Lying or withholding information from providers Asking providers to misrepresent diagnosis in records Inaccurate and incomplete information less helpful for primary purposes, such as treatment, and secondary purposes such as research 5

Privacy Defined Information Privacy: Data Protection

– Freedom of choice; control – Informational self-determination – Personal control over the collection, use and disclosure of any recorded information about an identifiable individual 6

What Privacy is Not

Security



Privacy

7

Privacy and Security: The Difference

• Authentication • Data Integrity • Confidentiality • Non-repudiation

Security

• Privacy; Data Protection • Fair Information Practices 8

Fair Information Practices

• Accountability • Identifying Purposes • Consent • Limiting Collection • Limiting Use, Disclosure, Retention • Accuracy • Safeguards • Openness • Individual Access • Challenging Compliance 9

Legislative Context

• Patchwork of privacy laws • Health sector provincially regulated and funded • Provincial public sector legislation (applies to ministries, hospitals, in some jurisdictions) • Provincial health sector legislation (Alberta, Saskatchewan, Manitoba, Ontario) • Federal private sector (commercial health sector) • Provincial private sector (Quebec, B.C., Alberta) 10

Privacy Legislation in Canada

Canada Privacy Act Canada Personal Information Protection and Electronic Documents Act Nunavut Access to Information and

Protection of Privacy Act

Northwest Territories Access to

Information and Protection of Privacy Act

Yukon Access to Information

and Protection of Privacy Act BC Freedom of Information and Protection of Privacy Act

BC Personal Information Protection Act Alberta Personal Information

Protection Act

Alberta Freedom of Information

and Protection of Privacy Act

Alberta Health Information Act Sask. Freedom of Information and

Protection of Privacy Act

Sask. Local Authority Freedom of

Information and Protection of Privacy Act

Sask.

Health Information Protection Act

Manitoba Freedom of Information

and Protection of Privacy Act

Manitoba Personal Health

Information Act

Newfoundland & Labrador Access to Information

and Protection of Privacy Act

Prince Edward Island Freedom

of Information and Protection of Privacy Act

Nova Scotia Freedom of

Information and Protection of Privacy Act

Nova Scotia

Part XX of the

Municipal Government Act

New Brunswick Right to Information Act New Brunswick Protection of Personal

Information Act

This map is based on information taken from the Atlas of Canada Web site http://atlas.gc.ca. C 2003. Her Majesty the Queen in Right of Canada with permission of Natural Resources Canada.

Ontario Freedom of Information and

Protection of Privacy Act

Ontario Municipal Freedom of

Information and Protection of Privacy Act

Ontario Personal Health Information

Protection Act

Quebec Act Respecting Access to

Documents held by Public Bodies and the Protection of Personal Information

Quebec Act Respecting the Protection of 11

Impact of Legislation on Practice

• Most jurisdictions do not have privacy legislation that has been/will be declared substantially similar to the federal legislation

– more than one statute may apply

• All privacy statutes are based on

“fair information practices”

12

FIPs

Fair Information Practices

1.

Accountability

• for personal information designate an individual(s) accountable for compliance 2.

Identifying Purposes

• purpose of collection must be clear at or before time of collection 3.

Consent

• individual has to give consent to collection, use, disclosure of personal information 13

FIPs

(cont’d)

4.

Limiting Collection

• collect only information required for the identified purpose; information shall be collected by fair and lawful means 5.

Limiting Use, Disclosure, Retention

• consent of individual required for all other purposes 6.

Accuracy

• keep information as accurate and up-to-date as necessary for identified purpose 7.

Safeguards

• protection and security required, appropriate to the sensitivity of the information 14

8.

9.

10.

FIPs

(cont’d)

Openness

• policies and other information about the management of personal information should be readily available

Individual Access

• upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and be given access to that information, be able to challenge its accuracy and completeness and have it amended as appropriate

Challenging Compliance

• ability to challenge all practices in accord with the above principles to the accountable body in the organization 15

Ontario’s PHIPA

Personal Health Information Protection Act

• Came into force November 1, 2004 • Applies to organizations and individuals involved in the delivery of health care services (including the Ministry of Health) • The only health sector privacy legislation in Canada based on consent • Perhaps the only health sector privacy legislation that will be declared substantially similar to the federal legislation 16

Records Management: General Practices

• Must take reasonable steps to ensure accuracy • Must maintain the security of PHI • Must have a contact person to ensure compliance with legislation, respond to access/correction requests, inquiries and complaints from public • Must have information practices based on fair information practice and transparent to the public • Must be responsible for actions of agents – train and educate all staff on privacy and security 17

Issues Raised by Medical Radiation Technologists

• Individuals right of access to personal health information – who should be fulfilling the request • Analogue images – must share original; custodian may not have custody or control of the image 18

Privacy Issues: Emerging Medical Radiation Technology

• Move from analogue to digital imaging has both benefits and risks • Digital images do not deteriorate; easier to store and manipulate • Digital images can be shared electronically • Digital images are one type of electronic health record – has some of the same advantages and challenges as any other EHR 19

Electronic Health Records (EHR)

    

Advantages

Improve quality and lower cost of health care Quick access to wide range of data Better security through more effective access controls and audit trails Improve privacy protection by limiting access to those with a need-to-know (e.g., role based access) Better data for health system management, enhancing quality of care, and research 20

More about EHRs… Challenges

 Facilitates data linkages and data sharing  Unauthorized access is more catastrophic due to volume of records and quantity and quality of data  Multiple users and multiple access points raises accountability issues and increase vulnerability 21

Key Questions about EHRs

       Is participation voluntary or compulsory?

What data should be entered on EHR?

Is data centralized or stored at point of generation?

How do you manage consent, particularly when integrating legacy systems not designed with consent in mind?

What level of security constitutes “reasonable steps”? Who has access to what information and for what purposes? If data centralized, who has custody and control of EHR? Who is accountable?

22

Digital Imaging

• Digital imaging is considered to be a key building block for the EHR by CHI – substantial funding investment • Digital imaging systems enable health care providers to view, manage, distribute and electronically store patients’ test images, MRIs, X-rays, CT scans, PET scans, and medical files from any location connected to the system • The PACS (picture archiving and communication system) captures, stores and sends images using digital technology 23

Digital Imaging Pilots

• London, Ontario pilot – goal is to share patient information among care providers across 8 hospitals, through a highly secure information network, to provide a seamless continuum of care • Plan to expand pilot to other hospitals in Southwestern Ontario • Radiologists and clinicians timely access to virtual imaging across the region will enhance patient care • Second pilot implemented by the Fraser Health Authority involving 12 regional hospitals in B.C.

• CHI plans to fund two more digital imaging pilot projects 24

Privacy Issues

• Who retains custody and control of the shared archive of images?

• Who decides who has access to what information in the archive and under what circumstance? • Who checks for privacy breaches?

• Under what legislative authority can a custodian transfer custody and control of the images to a central archive?

• What is the legal status of a central archive? (e.g., agent, custodian, registry, etc) 25

Attitudes of Canadians

• Office of Health and the Information Highway, Health Canada reviewed public opinion polls on the use of information and communications technology in the health sector (2002) • Review suggests Canadians would welcome expanded role for information and communications technologies in the health sector, provided privacy and autonomy are protected • 9 in 10 Canadians from all regions of the country support the development of information systems that would make it easier to access and share information • But, Canadians have serious fears about the erosion of personal privacy and doubts about the security of the Internet 26

Initiatives to Address Privacy Issues

• Harmonization of Privacy Rules • Standardization of Privacy and Security Architecture for EHRs 27

Advisory Committee on Information and Emerging Technologies (ACIET)

• Dec. 2002, Federal/Provincial/Territorial Deputy Ministers of Health created ACIET • Mandate to provide policy development and strategic advice on health information issues and emerging health products and technologies 28

ACIET on Privacy

• Privacy one of five initiatives identified for ACIET • Examine how to adequately protect privacy of personal health information that will be collected/used/disclosed in a EHR system • Pan-Canadian Personal Health Information Privacy and Confidentiality Framework finalized January 2005 – endorsed by all provinces and territories, except Saskatchewan and Quebec • Framework loosely based on Ontario’s new

Personal Health Information Protection Act

29

Canada Health Infoway (CHI)

• CHI was established in 2000 to foster and accelerate the development and adoption of pan-Canadian interoperable electronic health information systems • Currently working on an EHR Privacy and Security Conceptual Architecture 30

Ontario’s E-Health Office

• Consent management framework • Technological privacy principles for PHIPA compliance • All work is being coordinated with work of CHI 31

Legislation Necessary but Not Sufficient for Privacy Protection

• “The most effective means to counter technology’s erosion of privacy is technology itself.”

Alan Greenspan, Federal Reserve Chairman

• “A technology should reveal no more information than is necessary…it should be built to be the least revealing system possible.”

Dr. Lawrence Lessig, Harvard, September 1999

32

Making Health Privacy Work: What You Can Do

• Think beyond legislation • Use technology to help protect health information: – Build privacy right into design specifications – Minimize collection and routine use of personally identifiable information – use aggregated or coded information if possible – Use encryption where practicable – Think about anonymity and pseudonymity – Conduct privacy impact assessments 33

How to Contact Us

Debra Grant Senior Health Privacy Specialist

Information & Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 Phone: (416) 325-9170 Web: www.ipc.on.ca

E-mail: [email protected]

34