Privacy

1
Privacy Electronic Health Records a match made
in Heaven

• McMaster University Lecture
• January 24, 2006
• By
• Sylvia Klasovec
• Mike Gurski, Bell Security Solutions Inc

2
Learning Objectives

• Identify and understand the impact of privacy
  legislation on the development of the electronic
  health record
• Comprehend privacy principles surrounding the
  collection, use and disclosure of health
  information via electronic health information
  systems

3
Learning Objectives

• Describe the benefits and challenges of
  implementing the electronic health record in a
  privacy environment
• Apply lessons learned in a health privacy case
  study

4
What is Privacy?

• Privacy is the most comprehensive of all
  rightsthe right to one's personality.
• Samuel Warren and Louis Brandeis
• Privacy is the right to be let alone.
• Judge Thomas Cooley
• Privacy, including informational privacy, is
  grounded in mans physical and moral autonomy and
  is essential for the well-being of the
  individual.
• La Forest J.

5
Hippocratic Oath, 4th Century B.C.

• Whatsoever things I see or hear concerning the
  life of men, in my attendance on the sick or even
  apart therefrom, which ought not be raised
  abroad, I will keep silence thereon, counting
  such thing to be as sacred secrets.
• As quoted by McLachlin J.
• Norberg v. Wynrib (1992)

6
Health Information Privacy Defined

• Right of a patient to exercise choice and control
  about the collection, use and disclosure of
  his/her health information
• Patients always had a reasonable expectation that
  their medical records be kept confidential and
  secure

7
Privacy Security

• Privacy relates to people, process and
  accountability. It gives individuals control
  over their personal information
• Confidentiality addresses only the disclosure
  of information
• Security organizational control of data
  essential component to prevent inadvertent
  release of information

8
Privacy Interests in Health Information

• Extreme sensitivity of personal health
  information
• Computerization of health records scale of
  compromise
• Electronic health data exchanges
• Unauthorized disclosures threaten integrity of
  health system and hinder adoption of province
  wide electronic health records

9
Electronic Health Information Context

• Digital imaging technologies (picture archiving
  and communication system) to capture x-Rays, MRIs
  and CT-scans
• Automated physician offices
• E-prescribing
• Provincial and local health integration networks
  (LHINs)
  

10
Romanow Commission

• Investigated modernization of health system with
  recommendations for establishing electronic heath
  records
• If we are to build a better health system, we
  need a better information sharing system so that
  all governments and all providers can be
  accountable to Canadians.
• The Future of Health Care in Canada, 2002

11
Health Council Report

• The Health Council of Canada was established by
  First Ministers to monitor and report on the 2003
  Accord on Health Care Renewal
• Recommendations
• Acknowledge the value of electronic health
  records and telehealth technologies to improve
  access quality and of care
• Encourage rapid adoption of these tools so that
  interdisciplinary team members can readily share
  patient information
• Health Care Renewal in Canada, January 2005

12
Canadas Health Infostructure

• Advisory Committee on Information and Emerging
  Technologies (ACIET)
• Canada Health Infoway (CHI)
• Canadian Health Network (CHN)
• Provincial health information networks
• Alberta Wellnet
• Saskatchewan Health Information Network
• B.C. HealthNet

13
Canada Health Infoway

• Mandate to work with provinces and territories
  towards development and adoption of pan-Canadian
  interoperable electronic health information
  systems
• Invests with public sector partners in health IT
  initiatives
• Goal is to ensure 50 of Canadians benefit from
  EHR by 2009

14
Promised Advantages of Electronic Health Records

• Reducing medical errors
• Increasing patient safety
• Better access to care
• Improving efficiency and quality of care
• Reducing health care costs

15
Challenges

• Accountability
• Custody and control issues
• Decentralization of patient information
• Multiple users and greater access points
• Consent management
• Change management
• Interoperability of electronic health records
• Inter-jurisdictional use/disclosure issues

16
Catalysts for Change

• International developments (European Union Data
  Protection Directive)
• Public awareness and concern about secondary uses
  of health data
• New patient expectations
• High profile privacy breaches

17
Public Fears about Electronic Health Records

• Health campaigners in UK fear switch from paper
  to electronic health records compromises patient
  confidentiality
• The Guardian (2005)
• Patients are worried about who has access to
  their electronic health record and find lack of
  privacy horrifying
• E-Health Insider (2004)

18
More on Patient Attitudes

• 9 in 10 Canadians support information and
  communications technologies in the health sector,
  provided privacy and autonomy are protected
• Office of Health and the Information Highway,
  Health Canada (2002)
• Over 80 strongly believe electronic health
  records improve ability of health care provider
  to improve care
• Health Care Renewal Report (2005)

19
Health Care Goals

• Consistent privacy rules across the health care
  sector
• Encourage public trust
• Pave the way for integration in the delivery of
  health care
• Adoption of new technologies to support national
  and provincial EHRs

20
Current Legislative Framework

• Manitoba
• Personal Health Information Act
• Saskatchewan
• Health Information Protection Act
• Alberta
• Health Information Act
• Ontario
• Personal Health Information Protection Act

21
Ontarios Personal Health Information Protection
Act (PHIPA)

• Creates comprehensive, uniform rules for
  collecting, using, disclosing and disposing of
  personal health information (PHI)
• Permits free flow of health information for
  health care purposes within health care team
  (implied consent)
• Ensures that personal health information is kept
  confidential and secure in a manner that
  facilitates health care

22
PHIPA (contd..)

• Gives patient right to restrict sharing of health
  records with other health care providers
  (lock-box)
• Sets guidelines for fundraising and research
• Expands and codifies existing right of access
• Provides remedies for privacy breaches
• Creates oversight body

23
Scope and Application

• Health information custodians (HICs) that
  collect, use and disclose personal health
  information (PHI)
• Agents who use PHI (where authorized)
• Recipients (non-health information custodians)
  where they receive PHI from a HIC

24
Health Information Service Providers

• PHIPA regulation limits the use of PHI by IT
  service providers except as necessary for
  providing its services to HICs and prohibits any
  disclosures
• Sets out specific requirements for health
  information network providers to enable two or
  more custodians to disclose PHI electronically to
  each other

25
What is PHI?

• PHI means identifying information that
• Relates to physical/mental health information
• Relates to provision of health care
• Identifies a provider of health care
• Identifies a substitute decision-maker
• Is a plan of service under Long-Term Care Act
• Relates to payments or eligibility for health
  care
• Is his or her health card number
• A record mixed with any of the information above
  is deemed to be a record of PHI

26
Key Principles

• Privacy is fundamental to good information
  management practices patient care
  (complementary)
• Balance the need to protect privacy of individual
  against seamless sharing of PHI for best
  treatment
• Obligation to patients is now codified (privacy
  was always a consideration)

27
PHIPA Based on Fair Information Practices

• Safeguards
• Openness
• Individual Access
• Challenging Compliance

• Accountability
• Identifying Purposes
• Consent
• Limiting Collection
• Limiting Use, Disclosure, Retention
• Accuracy

28
Principle 1 Accountability

• Designate a contact person to
• ensure overall PHIPA compliance
• educate agents of custodian
• respond to access/correction requests
• handle inquiries and complaints from public
• develop a publicly available written statement
  describing your information practices (privacy
  policy)

29
Accountability for PHI

• PHIPA holds agents (employees, service providers,
  suppliers) directly accountable
• Must have permission of HIC to collect, use or
  disclose, retain or dispose of PHI on behalf of a
  HIC
• HIC must ensure that agents are educated and
  informed of their duties

30
Holding Service Providers Accountable

• Health information network providers must comply
  with prescribed requirements, for example
• Conduct a privacy risk assessment
• Provide an assessment of threats, risks, and
  vulnerabilities to the security and integrity of
  personal health information (threat risk
  assessment)
• Provide an electronic record of all accesses and
  transfers
• Notify every custodian of any breach relating to
  the unauthorized access, use, disclosure or
  disposal of personal health information
• Enter into a written agreement with HIC
  concerning services to be provided

31
Principle 2 Identifying Purposes

• Policy must include
• how and for what purpose PHI is collected, used,
  disclosed, retained, disposed
• procedures relating to the physical,
  administrative and technical safeguards in place
  to maintain confidentiality/security of records

32
Principle 3 Consent

• Need consent (express or implied) for the
  collection, use or disclosure of personal health
  information
• Implied consent permitted within
• circle of care
• Otherwise express consent required (unless
  permitted without consent)

33
Implied Consent

• HICs may imply consent when sharing PHI with
  other HICs for the purpose of providing or
  assisting in providing health care (circle of
  care)
• Exception if the individual expressly withholds
  or withdraws consent (lock-box)

34
Checks on the Lock Box

• Notification HIC must advise recipient HIC that
  there is incomplete but relevant information
  that was locked by the patient
• Override HIC may disclose if disclosure is
  necessary to eliminate or reduce a significant
  risk of serious bodily harm to a person or a
  group of persons

35
Lockbox Functionality

• Legal perspective lockbox functions can exist
  both at the chart level and record level and must
  include consent revocation, reinstatement and
  data-masking or blocking capabilities
• Technical perspective most health information
  systems cannot support data locking at field
  level

36
(No Transcript)
37
Express Consent

• Required for disclosures outside the circle of
  care (employer, insurer, marketer)
• Where a HIC discloses to another HIC for a
  non-health care purpose
• Research purposes unless specific requirements
  are met (REB approved research plan)
• fundraising (when using more than name and
  specified contact information)

38
Derogations from Consent

• Derogations from the consent principle are
  allowed in limited circumstances
• As required by law
• To protect the health or safety of the individual
  or others
• To identify a deceased person or provide
  reasonable notice of a persons death
• For OHIP payments or processing health plan
  claims

39
Principle 4 Limiting Collection

• No more than needed to meet identified purpose
• Collected directly whenever possible
• Collected indirectly if
• cannot get consent in a timely manner
  (emergencies)
• cannot rely on information from individual
  (dementia)

40
Principle 5 Limiting Use, Disclosure, Retention

• Use
• Lock-Box protection allows individuals to
  determine what PHI cannot be shared within the
  circle of care
• Disclosure
• HIC can disclose PHI where permitted or required
  under PHIPA
• Retention
• PHI must be securely retained, transferred and
  disposed

41
Principle 6 Accuracy

• Must take REASONABLE STEPS to ensure PHI is as
  accurate, complete and up-to-date as necessary
  for particular use or disclosure and
• Protect PHI from loss, theft or unauthorized
  access, copying, modification or disposal

42
Principle 7 Safeguards

• Must ensure PHI is retained, transferred and
  disposed in secure manner and in accordance with
  professional standards
• Technical firewalls, virus protection,
  passwords and usernames
• Administrative - release of information policies
  (e.g. media, police) use of email for sharing
  PHI
• Physical locked doors, file cabinets, building
  access control

43
Principle 8 Openness

• HIC must make publicly available its Privacy
  Policy
• access/correction/complaints procedures
• how to reach contact person
• Patients must be aware of their rights and your
  information practices
• Health information network providers must provide
  its PIA to HICs and make it available to the
  public upon request

44
Principle 9 Individual Access

• Right of access copy to all records for a
  reasonable fee (30 days) with exceptions
• Legal privilege
• Risk of significant harm
• Request is frivolous or vexatious
• Records must be maintained until procedural
  matters relating to access request exhausted

45
Principle 10 Challenging Compliance

• IPC is the oversight body
• Investigate complaints and conduct
  Commissioner-initiated reviews of alleged
  breaches of PHIPA
• Complaints can be filed based on access or
  correction decision of a HIC or if a person
  believes the HIC has or is about to contravene
  PHIPA or its regulations

46
Bottom Line

• Health information privacy is a complex issue of
  the decade
• It is defined by legislation
• Threatened and enhanced by technology
• Privacy is essential to ensuring public buy-in to
  the EHR

47
Case Scenario

• A new medical clinic would like to share
  discharge summaries, lab and medical imaging test
  results with other physicians at hospitals by
  interfacing its information system with other
  hospital information systems. Physicians would
  be able to access such information remotely. A
  software vendor would provide the software
  application and network connection.

48
Questions

• What type of consent (if any) is required for the
  collection, use and disclosure of PHI via these
  interfaced IT systems?
• Who is responsible for obtaining the requisite
  consent for such data sharing and can patients
  opt out of providing consent?
• Who is responsible for building a consent
  management framework and complying with patient
  consent directives?
• What type of technical privacy and security
  features should be built into the system (if any)
  to achieve privacy and security compliance?
• What other privacy principles must be followed
  and by whom?

49
Final Thoughts

• ...unless the privacy and data security aspects
  of this transforming shift are addressed now, at
  the front end, this entire venture could be
  compromised - if not stillborn because of
  potential public resistance to computerization
  without adequate privacy safeguards
• Dr. Alan Westin,
• Building Privacy by Design in Health Data
  Systems, August 2005

50
Contact information

• Mike Gurski
• 905-751-4310
• Mike.gurski_at_bell.ca
• Sylvia Klasovec
• 416-506-1695
• Sklasovec_at_sympatico.ca