Economist Articles

• The End of Privacy
• The Surveillance Society

How they can Co-exist

Theme: Communal costs of privacy. Patient's right to leave access to his patient record open. There has been no empirical study on the costs of impaired access.

Nancy Milford

1. validity and utility: admissible in court using heresy rule; tainted records would not be admissible; according to NS evidence act, ehr is as admissible as paper record; digital signature to authenticate author of stated information by technical means
2. privacy and confidentiality: before data is made into information it needs to be converted -- a digital stream of data using encryption is secure; unique patient identifier; manditory autits; authenticate passwords, leave footprint that can be traced; intelligent routers, etc.
3. patient's right: rights to accuracy of information--patient should be allowed to put in information and dispute information put in by others; Ontario legislation covers entries onto computer screen; problem of long term consent and erosion of consent with hospital act; COACH Guidelines for Security and Privacy;CIHI Privacy, Confidentiality and Security--Data Disclosure Policies and Procedures; Canadian Health Records Association Position statement on Confidentiality of Health Info
4. legislation: legislation in some provinces, such as BC, Alberta, Manitoba, and parts of Ontario; privacy guidelines must be qualified in light of the requirements of the legislation; BC Freedom of Information & Protection of Privacy Act ; Dalhousie's Health Law Institute.

Benefits of Telemedicine: one inadvertent benefit is that you cannot leave out information in a consultation as you would with information that is put into the patient record at sole discretion of health care provider. Patient consent, encryption of information, and physical access to information using key devices (e.g., smart cards, bio-identifier).

Continuum

1. Privacy
2. Need to Know
3. Flexibility; Private & Small Practices; Identifiable and Non-Identifiable (scrubbed) data; Research
4. Policies and Standards:
5. IT and Security

Electronic Commerce

• The Protection of Personal Information
• European Commission Application of a methodology designed to assess the adequacy of the level of protection of individuals with regard to processing personal data: test of the method of several categories of transfer - final report (September 1998)

  Authors: Colin Bennett, Robert Gellman, Nigel Waters and Charles Raab. It tests a methodology for assessing 'adequacy' in 30 case studies of transfers of data to six countries (including the USA), and draws conclusions about adequacy and about the methodology itself. Case studies include Medical/Epidemiological data.

• Access to Information and Privacy and links to Office of the Privacy Commissioner of Canada
• Janice C. Sipior and Burke T. Ward. The Ethical and Legal Quandary of Email Privacy. Communications of the ACM. Dec 1998 Vol 38(12): 48-54.
• Dorothy Nelkin. Information Technologies Could Threaten Privacy, Freedom, and Democracy. Reprinted from National Forum: The Phi Kappa Phi Journal.

Advisory Council on Health Info-Structure

Recommendations:

2.1     Health Canada, in partnership with provincial and territorial
        ministries of health, should recognize in its funding
        decisions for a health infostructure that health information is
        an essential public good which should be readily
            available and accessible to all Canadians as a component of
        Canada's publicly funded health system.

2.2     To understand better the information needs of the public,
            strengthen people's ability to access and use evidence-based
            information, and provide mechanisms for public access to reliable
            health information, Health Canada should:

        (a) undertake, in partnership with other levels of government and
        health stakeholders, an investigation of the health information
        needs of the general public, using a variety of culturally and
        linguistically appropriate, interactive and ongoing strategies;

        (b) promote, in partnership with other federal departments and
         agencies (e.g. the Canada Institute for Scientific and Technical
         Information) and provincial and territorial departments and
             agencies,  the ability of Canadians to access and use
             evidence-based, non-identifiable health information to meet their
             health information needs and concerns by establishing a fund
              that will support demonstration projects; [This is as close as I
              could get to the model promoted by Jim Henderson. Others,
              however, may read it in a different way. I understand that the
               incorporation of clinical health informtics is becoming a big deal
               in many health districts so the folks designing these systems
               maybe a group with which to form an alliance. Also, Alan
               Nymark reported that the issue of evidence-based decision
               making was very prominent in the discussions of the Health
               Accord, the Social Contract and the forthcoming federal budget.
               The provincial health departments, OTOH, are apparently not
                fully up to speed on the concepts embedded within the idea of
                 a health infoway.]

        (c) establish a fund to allow consumer and health intermediaries
                 to develop and provide access to consumer health
                 information; and

        (d) support the Canadian Health Network as one mechanism for
                 providing Canadians with access to reliable health
                 information.

2.3     Health Canada, in partnership with provincial and territorial health
        ministries, should take the lead to:

        (a) ensure that standards/benchmarks/guidelines are developed
                 and implemented to allow the general public to distinguish
                 objective,     empirically based health information from
                 information intended to promote a product; and

        (b) expand these standards/benchmarks/guidelines eventually to
                 include rating criteria for websites providing health
                 information.

2.5     Health Canada should work with other federal departments and
            agencies and specialists in the field to encourage development
            of:

        (a) an Internet search capability which is specific to health and,
                 at a minimum, fully and equally meets the needs of
                 Canada's English-      and French-speaking communities; and

        (b) Internet content on health in French and English.

2.6     Health Canada, in partnership with representatives of user
        communities such as the Canadian Association of Public Data
             Users, should take the lead in approaching Treasury Board and
             other federal departments and agencies to review the policies
            and practices with respect to cost recovery and revenue
            generation governing the availability and redistribution of publicly
        funded collections, statistical databases and other government
        information relevant to health.

2.7     Investments in the digital networking of the Canada Health
            Infoway should be balanced by appropriate investments in the
             other (i.e. non-electronic) mechanisms for sharing information
             that can lead to improved health.

2.8     To ensure that health information is accessible on a universal,
        equitable and affordable basis, it is vital that:

        (a) the federal government continue to ensure universal, equitable
                 and affordable access to existing and future basic
                 telecommunications infrastructure; and

        (b) Health Canada, in partnership with provincial and territorial
        ministries of health, take a leadership role in ensuring
        that health information and health care applications for the general
        public are developed in such a way as to be accessible to all
        citizens, irrespective of their geographic location, income,
        language, disability, gender, age, cultural background or level of
        traditional or digital literacy.

2.9     Health Canada, in partnership with other federal departments,
        provinces and territories, and health stakeholders,
        should:

        (a) ensure establishment of a "Canada Health Space" as a
        universally accessible health information/communications
        commons;

        (b) capitalize on and support the nation-wide networking of health
             intermediaries;

        (c) ensure adequate funding and technical support to health
                 intermediaries to develop and/or maintain their capacity to
             provide the general public with timely, credible and
                "understandable" health information and to assist in
                 overcoming access barriers; and

        (d) accept, as a normal budgeted cost of doing business
             electronically, the need to sustain health intermediaries and
             support them for providing affordable electronic health
                 information services to disseminate health promotion, health
                 protection and other kinds of health information to wider
                 publics, just as such costs have been accepted in the
                 paper-based world in the past.

2.10    Health Canada, in partnership with provincial and territorial
        ministries of health, should work closely with Industry
        Canada to ensure that all public and not-for-profit health care
        institutions in Canada are aware of:

        (a) the Community Access Program; and

        (b) how they can apply for resources to locate public electronic
              access facilities on or near their premises to help ensure that
              their clients can use on-line health information.

2.11    As a means of ensuring more equitable access to health
            information and health care services, Health Canada, in
            partnership with provincial and territorial health ministries, should
            work closely with the Canadian Network for the Advancement of
            Research, Industry and Education, and Industry Canada to
             investigate the further integration of new technologies, including
             satellite technologies, into health networks at all levels.

2.12    Health Canada should establish a non-governmental office of
            citizen     health advocacy to coordinate and facilitate input and
            participation by the general public into health policy deliberations,
            including policies relating to the Canada Health Infoway. This
            office would:

        (a) coordinate and facilitate the linking of community-based
             voluntary health organizations and health consumer
                 organizations to enable or enhance their capacity to
                 participate effectively in health and public policy development;
                 and

        (b) constitute an ongoing, stable mechanism for obtaining reliable
             and representative input and feedback from the health
                 consumer sector.

Canadian Medical Association: CMA Health Information Privacy Code

Papers and Reports

1. Wired for Good: Ethical Issues on the Information Highway. Nuala P. Kenny and David Zitner. work-in-progress.

   Key words: Ethics, information, technology, privacy, confidentiality, data linkage, decision support, telemedicine.

   p. 5 "This paper will review the spectrum of information technologies with potential in health and health care, present some lessons learned from physician experience with these technologies and initiate a reflection on some of the underlying ethical issues which must be addressed to ensure that these technologies achieve their potential for good in health care."

   p. 10 "Password protections, which are easily available in existing technologies, and identify individuals with approved access to personal health information. The levels of privacy protection and security of access supported by new technologies exceed those which are present with paper records where departments cannot provide inforamion about who has accessed a particular health record. Smart card technology provides differential access to data. The ability to sort and retrieve useful health information provides a longitudinal record and can provide prompts issues to be addressed in follow-up. Health care has been slower than banks or business to adopt many of the new and now familiar information technologies; this may cause harm to patients because of the difficulties doctors and patients have in accessing the best information in the right place at the right time.

   Data Sharing, Data Mining and Data Linkage: Data sharing using information systems allows information to be developed from multiple sources as seen in genetic information banks sharing information to identify the genes for breast cancer. Data linkage occurs when information about a particular individual which is collected and maintained in separate locations is accessible with a common key so that those with access to one set of information, have access to both. ....Data mining utilizes artificial intelligence algorithms and database to discover patterns. Data mining methods can discover relationships between demographic characteristics, health care activities, and the results of health care activities to produce new knowledge. Data mining techniques do not necessarily produce information about individual patients, but rather knowledge about particular characteristics which are associated with each other. Health care workers spend substantial effort in the collection of individual patient informatio n but little effort has been dedicated to learning how to 'extract gold from the informational ore'. The private sector techniques learning about patterns of behavior can be used to learn about paterns of illness, including risk factors for populations and the characteristics of patients which make particular interventions more likely to succeed or fail.

   Some Ethical Issues Requiring Physician Reflection: Obligation to Provide the Best Care: p. 14. Respect for patients is a fundamental tenet of good practice. Respecting the privacy of individuals and maintaining confidentiality are essential for that trust which is central to the patient-physician encounter. Privacy is the right to keep personal information to oneself and to be protected from invasion of that privacy. Private information is shared with the physician in every encounter for the purpose of care. If privacy is held too high, the price is non-disclosure of pertinent information which could be used to solve a problem. The price of excessive protection of privacy may be an increase in the cost of obtaining pertinent informatio and the occasional failure to find necessary information.

   Confidentiality is respect for the information shared by an individual with a clinician for the specific purpose of health goals. Confidentiality requires a new definition which protects that trust which is so essential to health care but which recognizes the web of expertise necessary for diagnosis, treatment, reimbursement of care and the generation of new information. For communities, the price of protecting confidentiality is an increase in the cost of collecting and aggregating information which is required for decision support. Standards for protecting privacy and confidentiality in information systems should not be considered separate from the standards set for the traditional paper chart information."

   Decisional Support:p. 17 This technology can also provide invaluable assistance in dealing with the unmanageable volume of medical literatuer and advancing 'evidence-based' medicine. Inappropriate practice variation could be identified and dealt with more effectively if policies and infrastructure for the collection of evidence and the establishment and promulgation of practice guidelines were established. The failure to implement proper decision support tools for clinical care can be adversely effecting patients by contributing to use of outdated information in care decisions. The duty to 'do no harm' surely requires the best information available to be made available to the individual clinical encounter.

   Data Linkage: The new technologies have the power to link health information, shared for a specific health purpose, with other personal information with or without the knowledge of the individual. These possibilities present challenges to traditional understanding of privacy in North America. It has been suggested "that most people are not opposed to giving information about themselves as long as they get something in return". In health, the returns for sharing private information about oneself are opportunities for appropriate care. There is also the opportunity to participate as part of an aggregate to produce new knowledge which is potentially beneficial to the individual as well as to the larger community of patients.

   ...Effective and efficient use of these technologies will require communities to clearly articulate policies related to privacy, confidentiality and the appropriate linkage of information collected for one purpose to other webs of information. Because of this power of information technologies to link together medical and non-medical information regarding patients, families and communities, a broader understanding of health is possible. The social and economic determinants of health can be more readily demonstrated. The importance of population health, effective disease prevention and long-term care burdens can be readily identified. Physicians will need to respond to these areas and become effective advocates for resources.

   Summary:....Technologies exist which can improve the care for large numbers of patients, but communities have not invested in them. The tragic result is that many patients suffer preventable adverse reactions. It is essential that communities and the health care industry discuss ethical and policy issues related to the use of technology in order to facilitate rapid implementation of useful tools to support clinical care, health care administration, research and teaching. To be able to improve the care of patients and not to do so is a fundamental breach of physician duty.

   References focusing on issues of security, privacy and confidentiality:

   1. Robinson DM. A legal examination of format, signature, and confidentiality aspects of computerized health information. Health Law in Canada 1997;17(3):80-86.
   2. Wright T. The privacy commissioner's perspective. Health Law in Canada 1997; 17(3):89-91.
   3. Cavanagh R. Safeguarding government-held information. Health Law in Canada 1997;17(3):69-73.

   The Ethical and Research Implications of Emerging Information Technology in Public Health Service Delivery Systems. Donna Comeau, MSc. CH&E, March 26, 1997.

   Encryption and Public Keys (pg 11): "Irreversible encryption of personal identifiers is considered to be an ideal method of maintaining anonymous individual level data. The most favourable key at this time appears to be RSA which is named after Rivest, Shamir and Adleman, the three MIT scientists who developed the system in 1977 based upon a mathematical relationship between two huge prime numbers. RSA provides affordable and simple technology consisting of a pair of keys, a public key which is available to everyone (and most likely listed in a public key directory) and a private key known and created only by you. RSA ensures private, authenticated, certified and non-repudiated communication.

   Other notable security alternatives include Data Encryption Standard (DES) and the Clipper Chip (policy versions I, II and III), designed by the U.S. National Security Agency (NSA).

   Canadian Medical Informatics 1994-1996 series on access and privacy.

   Bioethics for clinicians. 8. Confidentiality. Irwin Kleinman et al. CMAJ Feb 15, 1997.

   Health information privacy: without confidentiality. The function of the Canadian National Institute for Health Information is mentioned as as example of a wider trend to have a national focal point in the development of national databanks and for administering health information networks. Protection of privacy is considered to be the most important threat to the effectiveness of such networks.

   Health information, privacy, confidentiality and ethics.

   Ensuring Privacy and Confidentiality on Canada's Health IWay. CANARIE, December 1997.

   Health Information Privacy: Proposed New Federal and Provincial Legislation David Robinson Legal Editor

   Serious technology assessment for health care information technology ...Better federal and state laws structuring health data use will help; the industry must also attend more candidly to the technical uncertainties.

   Technical means for securing health information ...Securing health information is an application domain which can learn more from other environments like airlines and banking than from military formalism or academic freedom. The techniques of the 80s using clear separation between public and private areas have to be upgraded. Propositions are made. Costs are evaluated.

   Total quality in information systems management: issues for the health care industry ...The solution is to create a database containing detailed health care patient data. In this paper, we present continuous improvement techniques as a requirement for the design and development of this much needed database.

   The use of personal health information for controlling the costs of delivering health care: does the end justify the means? Two approaches are discussed; the accounting control of costs and the medicalised control of costs. ...the medicalised approach requires limited access to the patients' medical files thus breaching the medical secret. The paper discusses the strict controls necessary to make this approach work in an acceptable fashion.

   Point-of-service computer system and drug-use evaluation: implications for pharmacy practice in ambulatory care....Problems posed by the POS system relate to...(5) the conflict between protecting the privacy of a patient's drug profile and permitting the monitoring of drug interactions. The catastrophic coverage act proposes that POS data be used to assess the appropriateness of drug use with a focus on outcome and quality-of-care issues; for the full intent of the act to be achieved, the components of an effective drug-use-evaluation program must be employed. Drug-use evaluation should eventually decrease health-care costs and improve quality of care.

   The effects of clinical practice guidelines on patient outcomes in primary care: a systematic review Conclusion: there is very little evidence that the use of CPGs improves patient outcomes in primary medical care, but most studies published to date have used older guidelines and methods, whihc may have been insensitive to small changes in outcomes. Research is needed to determine whether the newer, evidence-based CPGs have an effect on patient outcomes.

   A clinical trial of a knowledge-based medical record We conclude that our clinical workstation significantly changed physicians' behavior in terms of their response to alerts regarding primary care interventions and that these interventions have led to fewer patients with HIV infection being admitted to hospital.

   Network information security in a phase III Integrated Academic Information Management System (IAIMS) Five activities being conducted as part of our security project are described: (1) policy development; (2) an authentication server for the network; (3) Kerberos as a tool for providing mutual authentication, encryption, and time stamping of authentication messages; (4) a prototype interface using Kerberos services to authenticate users accessing a network database server; and (5) a Kerberized electronic signature.

   Manitoba network links doctors, pharmacies, labs and home care services [Manitoba Health Information Network] in CBCA Fulltext Business 7/97-9/98. Manitoba's SmartHealth system and Royal Bank of Canada. A bank knows how to manage money and how to keep personal information secure in the computer age (quote from John Williams, president Royal Bank). The system will be accessible to individuals requiring information about their own health records, and by healthcare professionals seeking information about a patient. Security is a big issue and the Manitoba government has already written draft legislation to ensure the privacy and confidentiality of personal recors entered into the HIN database. Individuals will be supplied with a personal identificatio nnumber and a magnetic strip card to access their own records in the database. Physicians and other healthcare professionals such as nurse practitioners will be issued "smart cards" allowing them to access only the information specified on the cards. Benefits from the HIN system will include a reduction in duplicate testing, more and better information for medical research, and cost containment through increased efficiency.

Medical Education and Privacy

Excerpts from: Considerations of the Legal, Ethical and Organizational aspects of the practice of medicine, dated 10/02/98.

3.2 Confidentiality

• Trust in doctor patient relationship
• Patient's right to confidentiality
• Legal obligations to disclose to public authorities
• Disclosure to third parties
  • with consent of patient;
  • duty to notify of planned or required disclosure; and
  • incapacitated patient.
• Rights of minors
• Right to access information only of patients under care, and with consent of patient
• Duty to warn (individuals discovered to be at risk through disclosures made in confidence)

Physicians receive confidential information from and regarding their patients, which they are bound not to disclose. This obligation is the foundation of confidence in the doctor patient relationship. The physician is obliged to recognize the legitimate interests and rights of third parties to patient information, and to disclose this information in an ethical fashion. Electronic communication technology increases the risk of disclosure of confidential information. Candidates will need to be aware of evolving standards and precautions in this regard.

Detailed objectives

• To explain the basis for the physician's obligation to maintain confidentiality.
• To explain reasonable precautions to maintain confidentiality (verbal, telephone, fax or e-mail communication; charts, written or computer stored; and educational or research rounds or presentations).
• To recognize situations in which third parties have a legitimate interest and right to information:
  • legal requirements in the interest of public health;
  • legitimate interest of 3rd parties (e.g., Insurance companies); and
  • duty to warn threatened individuals.
• To recognize reasonable limits to disclosure, and reveal only the relevant and necessary information, in a situation requiring disclosure to a third party.
• To recognize duty to advise patients of known risks of voluntary disclosure (e.g., Risks of disclosure of HIV status).
• To recognize the need to advise patient of obligatory disclosure of information.
• To transmit required information in a timely fashion.
• To recognize and seek guidance where harm from disclosure balances harm of maintaining confidentiality.

4.2 Legal Aspects of Consent

• Voluntary, and informed consent as a fundamental legal requirement
• The elements and practical aspects of consent to investigation, treatment or research
• The right to refuse consent
• Exceptions to the requirement for consent

Rationale The right to security of the person / inviolability mean that it is legally (and ethically) mandatory that the physician obtain the consent of his/her patient (or in the case of the incompetent patient, the patient's lawful substitute) for any medical investigation, treatment, or research. This consent must be voluntarily given and fully informed, and may be expressed or implied and given orally or in writing according to the circumstances. Consent may be lawfully withheld, and this decision must be respected. The law provides for a limited number of exceptions to the requirement for consent.

Detailed objectives

The competent candidate will be able to demonstrate an understanding that:

• It is mandatory that the patient=s consent be obtained for any medical investigation, treatment or research. _ Consent must be freely given and fully informed.
• Full information must be given, in language that the patient or involved person(s) can understand. This must include information regarding the nature of the proposed treatment or investigation, anticipated effects, material or significant risks, alternatives available, and any information regarding delegation of care, and will be given according to the circumstances of each particular case.
• The obligation of disclosure rests with the physician who is to carry out the treatment. It may be delegated in appropriate circumstances to another qualified physician, but responsibility lies with the delegating physician.
• Consent may be expressed or implied, and given orally or in writing (according to the circumstances, noting that by law in some circumstances consent must be written).
• The consenting patient must have the legal capacity to consent, i.e., of a legal age to consent (different provinces specify differing ages at which a patient is deemed to be capable of giving consent). The treatment of minors often raises a number of important legal (as well as ethical and practical) issues for physicians.
• The consenting patient must be competent to consent, i.e., sufficiently capable, for example if young or mentally incapacitated, of understanding the information required for consent and appreciating the reasonably foreseeable consequences. Competence is to be assessed operationally or functionally, i.e., the patient need only be competent to consent to or refuse the particular choice in question.
• If the patient is not competent or lacks capacity to consent, consent may be obtained (according to the law applicable in each province and the specific circumstances) from a court, parent or substitute decision-maker. The law regarding delegation of care is specific to each province, and the physician should be fully aware of local requirements in this regard.
• The patient has the right to refuse consent to treatment, and this decision must be respected, even when this may lead to the death of the patient.
• Consent may be withdrawn at any time, without penalty or any other impact on the provision of care.
• There are a number of exceptions to the requirement for consent, such as for:
  • necessary treatment in a medical emergency;
  • under certain circumstances (including pursuant to mental health legislation) where persons are a danger to the lives or health of others or themselves; and li>_ where the law provides for compulsory treatment.
• Treatment is limited to the scope of consent given, including with respect to the identity of the treating physician.

4.3 Legal Aspects of Confidentiality

• The Duty of Confidentiality: a legal requirement
• Exceptions to the requirement of confidentiality

Rationale Physicians are legally (and ethically) bound to hold any and all information obtained from a patient confidential. This duty ensures that the patient's legal rights (including to reputation and social status) are protected. Confidentiality is of course also recognized as essential for physician-patient respect and trust. Exceptions arise when the patient waives the right to confidentiality or when provided for in law.

Detailed objectives The competent candidate will be able to recognize and apply the following principles in the clinical situation:

• The patient's fundamental right to security of the person, reputation and social status, and various specific provisions in law require that physicians hold all information concerning a patient confidential.
• A physician may not disclose patient information (whether about the existence, nature, extent of illness or any other health information) except where expressly authorized by the patient to do so, or when the law permits or requires such disclosure.
• Exceptions to the duty of confidentiality and the requirement of patient consent for its disclosure are provided for in various (provincial and federal) statutes. These require physicians to report certain confidential information for the protection of public health and other purposes, and in some cases provide for penalties for failure to do so.
• In respect of legal processes involving physicians, physicians may not disclose confidential information even in the case of service of a subpoena or police investigation, except when ordered to do so by a court or pursuant to a search warrant.
• Consent may reasonably be implied, with caution, where inter-health care team communication is essential for the effective provision of care.
• Special care must be exercised not to inadvertently disclose patient confidences, for example in unguarded conversation or to patients= friends or relatives.
• Breach of the duty of confidentiality renders the physician potentially liable for damages to the patient and/or open to disciplinary proceedings before provincial licensing authorities.
• A physician's duty to society may in exceptional circumstances legally justify disclosure of confidential information where, for example it becomes known to a physician that a patient is about to seriously harm or kill another person. There are limitations in law, however, on the duty to warn.
• Due to the complexity of the rule/requirements of, and exceptions to, the duty of confidentiality, advice may be sought from provincial licensing authorities or legal counsel, when in doubt.
• Special care must be exercised with the use of fax, e-mail or other electronic means for the transmission of patient health information, as these methods of transmission can compromise confidentiality.

Additional References

Updated Feb 8, 1999. Return to Top of Page

Medical Informatics Home	Departments	Dalhousie & Affiliates
Nova Scotia	Hospitals	Industry Collaborators
Research	Student Initiatives	Medical Education

 

This page last updated May 6, 1999. Please send comments to Grace Paterson, Medical Informatics, Dalhousie University, Halifax, N.S. B3H 4H7