Skip header and navigation
CMA PolicyBase

Policies that advocate for the medical profession and Canadians


17 records – page 1 of 2.

Information program for Canadians on genetically modified organisms

https://policybase.cma.ca/en/permalink/policy379
Last Reviewed
2020-02-29
Date
1999-08-25
Topics
Health information and e-health
Resolution
GC99-81
That the Canadian Medical Association urge the federal government to create an information program for Canadians on genetically modified organisms.
Policy Type
Policy resolution
Last Reviewed
2020-02-29
Date
1999-08-25
Topics
Health information and e-health
Resolution
GC99-81
That the Canadian Medical Association urge the federal government to create an information program for Canadians on genetically modified organisms.
Text
That the Canadian Medical Association urge the federal government to create an information program for Canadians on genetically modified organisms.
Less detail

Addressing professional issues of Canadian physicians and medical practice

https://policybase.cma.ca/en/permalink/policy465
Last Reviewed
2020-02-29
Date
1999-08-25
Topics
Physician practice/ compensation/ forms
Resolution
GC99-60
That the Canadian Medical Association be the national focus for enhancing organized medicine's effectiveness in addressing the variety of professional issues facing Canadian physicians and medical practice.
Policy Type
Policy resolution
Last Reviewed
2020-02-29
Date
1999-08-25
Topics
Physician practice/ compensation/ forms
Resolution
GC99-60
That the Canadian Medical Association be the national focus for enhancing organized medicine's effectiveness in addressing the variety of professional issues facing Canadian physicians and medical practice.
Text
That the Canadian Medical Association be the national focus for enhancing organized medicine's effectiveness in addressing the variety of professional issues facing Canadian physicians and medical practice.
Less detail

Socially responsible investing

https://policybase.cma.ca/en/permalink/policy13718
Last Reviewed
2020-02-29
Date
2017-08-23
Topics
Physician practice/ compensation/ forms
Resolution
GC17-20
The Canadian Medical Association recommends that MD Financial Management Inc. provide information regarding socially responsible investing when marketing and advising on its investment portfolios.
Policy Type
Policy resolution
Last Reviewed
2020-02-29
Date
2017-08-23
Topics
Physician practice/ compensation/ forms
Resolution
GC17-20
The Canadian Medical Association recommends that MD Financial Management Inc. provide information regarding socially responsible investing when marketing and advising on its investment portfolios.
Text
The Canadian Medical Association recommends that MD Financial Management Inc. provide information regarding socially responsible investing when marketing and advising on its investment portfolios.
Less detail

Putting Patients First : Comments on Bill C 6 (Personal Information Protection and Electronic Documents Act) : Submission to the Senate Standing Committee on Social Affairs, Science and Technology

https://policybase.cma.ca/en/permalink/policy1979
Last Reviewed
2019-03-03
Date
1999-11-25
Topics
Ethics and medical professionalism
Health care and patient safety
Health information and e-health
  2 documents  
Policy Type
Parliamentary submission
Last Reviewed
2019-03-03
Date
1999-11-25
Topics
Ethics and medical professionalism
Health care and patient safety
Health information and e-health
Text
CMA commends the federal government for taking this important first step that begins the debate on privacy and the protection of personal information. The issues are complex and the interests at stake significant. CMA welcomes the opportunity to provide comments on Bill C-6 and hopes that its input will strengthen the Bill by ensuring that patient privacy and the confidentiality of medical records are adequately protected. CMA’s chief concern with Bill C-6 is the inadequacy of its provisions to protect the right of privacy of patients and the confidentiality of their health information. The right of privacy encompasses both the right to keep information about ourselves to ourselves if we so choose and to exercise control over what subsequently happens to information we confide in trust for the purpose of receiving health care. In recent years, this right, and the ability of physicians to guarantee meaningful confidentiality, have becoming increasingly threatened. Computerization of health information facilitates easy transfer, duplication, linkage and centralization of health information. Captured in electronic form, patient information is potentially more useful for the purpose of providing care. However, thus captured, it also becomes much more valuable and technically accessible to various third parties -- private and public, governmental and commercial -- wishing to use this information for other purposes unrelated to providing direct care. An additional concern is that the demand for health information, referred to by some commentators as ‘data lust’, is growing, partly as a consequence of ‘information hungry’ policy trends such as population health. There is also a disturbing tendency toward ‘function creep’, whereby information collected for one purpose is used for another, often without consent or even knowledge of the individual concerned and without public knowledge or scrutiny. Furthermore, initiatives concerning health information technology tend to be dominated by those who seek access to this information for secondary purposes. From this perspective, privacy may appear less as a fundamental right than as a hindrance or even roadblock. As we move further into the information age there is some danger that we will become so spell-bound by the promise of information centralization and database linkages that we lose sight of the patients who confided this information or reduce them to impersonal ‘data subjects’. To avoid this danger and the allure of the technology we need to ground the application of information technology and practices in well-tested, enduring principles. We need to put privacy first rather than treat it as a nuisance or impediment. Rules and regulatory regimes concerning health information should be based on the principle of patient privacy because ultimately health information technology is not about ‘bits and bytes’ or ‘data’ or even ‘data subjects’ but about patients, and patients deserve to be treated with respect and dignity and to have their wishes and choices valued and respected. If we are to put patients first the right of privacy must be given primacy in rules concerning health information. This does not mean that this right is absolute. What it does mean is that the burden of proof must rest with those whose purposes, however compelling they may be, encroach upon the right of privacy. It means that we value patient privacy at least enough to demand explicit justification of any proposal that would diminish privacy. Bill C-6 begins with the right premise: that “rules to govern information collection, use and disclosure” should recognize the “right of privacy”. However, it fails to recognize the special nature of health information and to tailor its provisions accordingly. In consequence there is confusion and uncertainty about Bill C-6's application to health care. Even more seriously, however, Bill C-6 fails to recognize that health information requires stronger or greater privacy protection than other types of information. The inadequacy of Bill C-6 for health care is not surprising because clearly it was not drafted with health information in mind. Rather, it is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. The world of health care is very different from that of commerce and consequently requires distinct rules that are more protective of privacy. Confiding information to your physician under the trust of the patient-physician relationship is not on par with giving your address to a salesclerk when you purchase a toaster or rent a movie. Health information is special by nature. Canadians know this. In a recent Angus Reid poll commissioned by CMA Canadians told us loudly and clearly that they regard their health information as especially sensitive. However, the obvious sensitivity of health information is not the only thing that makes it special and in virtue of which it warrants distinct rules to strengthen privacy protection. It is important to recognize that this information is typically collected under the trust patients vest in their physicians. Patients confide their information for the purpose of receiving care and in the expectation that it will be held in the strictest confidence. This purpose, and the preservation of this trust, should be given primacy in rules concerning health information. It is also important to recognize that the trust under which patients confide in their physicians is fundamental to the patient-physician relationship. If patients can not trust their physicians to protect their information and keep it secret they will not confide it as freely as they do. In consequence, the ability of physicians to provide the care needed would be severely diminished. Rules relating to health information must be developed in recognition of its special nature and the circumstances of trust and vulnerability in which it is initially collected or confided. Patients confide in their physicians for the purpose of receiving care. The potential that the information thus confided may subsequently be used for other purposes must not impede the therapeutic purpose or diminish the trust and integrity of the patient-physician relationship. In recent years the secondary use of information for purposes other than those for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. Putting patients first means ensuring that health information, in all but exceptional and justifiable circumstances, is used only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Moreover, a distinction must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Bill C-6 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The laxness and breadth of these exemptions as applied to health information is unacceptable. These uses, without the patient’s consent (or even knowledge), reduce the patient to a means to someone else’s end, however worthwhile that end may be. Moreover, the absence of consent (or even knowledge) undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. CMA has developed and adopted a Health Information Privacy Code (Appendix A) in recognition of the special nature of health information and to give primacy to patients and to the right of privacy. This Code begins from the same starting point as Bill C-6, the Canadian Standards Association (CSA) Code which the Bill includes as Schedule 1. However, unlike Bill C-6, the CMA Code tailors the CSA Code to the specific circumstances of health information. The CMA Health Information Privacy Code, therefore, is able to address issues specific to health information that Bill C-6 either fails to address or, even worse, exacerbates. In light of the clear deficits in Bill C-6 and the inadequate protection of patient privacy and health information confidentiality, CMA urges this committee to accept the recommendations put forward in this brief to strengthen the Bill’s provisions for protecting privacy and to accept the amendment (Appendix B) CMA has prepared to give effect to these recommendations. CMA believes that Canadians desire and deserve no less than this as concerns the right of privacy with respect to health information. I. Introduction The Canadian Medical Association is the national voice of Canadian physicians. Our mission is to provide leadership for physicians and to promote the highest standard of health and health care for Canadians. The CMA is a voluntary professional organization representing the majority of Canada's physicians and comprising 12 provincial and territorial divisions and 43 affiliated medical organizations. On behalf of its 46,000 members and the Canadian public, CMA performs a wide variety of functions, including addressing the emerging issue of electronic health information and confidentiality and privacy. It is in this capacity that we present our position on Bill C 6, The Personal Information Protection and Electronic Documents Act. CMA commends the federal government for taking this important first step of beginning the debate on privacy and the protection of personal information. The issues are complex and the interests at stake significant. CMA welcomes the opportunity to provide comments on Bill C-6 and hopes that its input will strengthen the Bill by ensuring that patient privacy and the confidentiality of medical records are adequately protected. In preparing this brief CMA has had the benefit of the final report of the federal Advisory Council on Health Infostructure, Canada Health Infoway: Paths to Better Health: Final Report. (“Advisory Council Report”) Where appropriate, CMA cites the findings contained in the Report. CMA wishes to underscore the key themes of its brief: A. Health information is special by its nature. Rules relating to health information must be developed in recognition of its special nature. Ensuring protection of privacy and confidentiality of the patient record must take precedence over other considerations. Bill C-6 fails to do this. Bill C-6 is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. The world of health care is very different from that of commerce and consequently requires distinct rules. B. Typically, health information is confided in the context of the therapeutic relationship and under the trust upon which this relationship is built. Rules concerning health information -- and in particular its collection, disclosure and use for purposes unrelated to the provision of direct care -- must be consistent with the expectations of patients about confidentiality and must not exploit the trust patients have in their physicians or compromise the ability of physicians to earn and maintain this trust. C. Health information must, in all but exceptional and justifiable circumstances, be used only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Moreover, a distinction must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Bill C-6 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The laxness and breadth of these exemptions as applied to health information is unacceptable. These uses, without the patient’s consent (or even knowledge), reduce the patient to a means to someone else’s end, however worthwhile that end may be. Moreover, the absence of consent (or even knowledge) undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. D. The root of most of the problems in applying Bill C-6 to health care information is its failure to distinguish among purposes for the collection, use and disclosure of health information. In particular, the Bill fails to distinguish between the primary purpose, which is to deliver care to and for the benefit of an individual patient, and secondary purposes, which are not for the direct benefit of the patient (and indeed may even use the patient’s information to his or her detriment). Provisions to protect privacy should give recognition to the difference between these purposes and should not hinder the ability of physicians and others to provide care consistent with the patient’s wishes. Moreover, the Bill has no effective mechanism to distinguish legitimate purposes, which should be permitted, from illegitimate purposes, which should not, notwithstanding the limitation to “purposes that a reasonable person would consider are appropriate in the circumstances” in Section 5(3). E. In recent years the secondary use of information for purposes other than the purpose for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. This Brief will first look at the apparent rationale of Bill C-6 and its potential application to health information. The brief will then describe why CMA considers health information to be special in nature and worthy of special protection. Finally, the brief reviews the difference in approach between Bill C-6 and CMA’s Health Information Privacy Code to illustrate that Bill C-6 provides inadequate protection to patient privacy and medical confidentiality. II. Rationale and Scope of Bill C-6 A. Rationale of Bill C-6 The driving force behind Bill C-6 is the support and promotion of electronic commerce. The second part of the Bill is devoted to permitting electronic versions of documents and signatures to be legitimate or ‘originals’ if the provisions of the Act are followed. Part 2 of the Bill is quite distinct from Part 2 and both parts could stand alone as separate pieces of legislation. Part 2 simply allows electronic versions of documents and signatures to be recognized as legitimate. On its face, this has little to do with the protection of personal information except to the extent that storage of documents in electronic form provides greater ability to access, link and merge information. Certainly, the Bill appears to draw on this connection by including, in its statement of purpose, the provision of a right of privacy in an era in which technology increasingly facilitates the collection and free flow of information. Part 1 concerns all forms of personal information, electronic and otherwise. It gives some protection to personal information by requiring consent in some instances. In CMA’s view, a fundamental difficulty with Part 1 and with the Bill in general is that its goal is to promote commerce and thus all information is implicitly considered as falling within the ‘commercial’ realm. In the case of health information this is surely not the case or the only consideration. Moreover, this creates a clash of values when applied to a health care system that is a public system. The Advisory Council Report takes a firm stand on this issue and states that legislation respecting the privacy protection of health information, “should also contain a clear prohibition against all secondary commercial use of personal health information.”Moreover, Bill C-6 fails to distinguish and priorize different purposes for collecting, using and disclosing information and in doing so treats all purposes as more or less equal and subject to the same rules. CMA takes a quite a different view when it comes to health information and will expound its view throughout this brief. B. Scope - Application to Health Records CMA has argued from the outset that C 6 (and its predecessor C 54) will apply to some health information. This view now appears to be widely accepted. Nevertheless, it is unclear as to what extent Bill C 6 will apply to health records. The full name of the Act states, in part: An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances . . . . What are these circumstances? Section 4(1) states that Part 1 (the part protecting personal information) applies in respect of personal information that: (a) the organization collects, uses or discloses in the course of commercial activities; or (b) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business. The definition of commercial activity given in 2(1) that commercial activity Ameans any particular transaction, act or conduct or any regular course of conduct that is of a commercial character@ is circular and does nothing to clarify uncertainties concerning the Bill’s scope. There are two points to be made here as concerns the application of this Bill to health information. The first concerns clarity around where commercial ends and health care begins. Which health care settings that operate for profit are excluded from the Act? This question speaks to the difficulty of delineating what activity is considered health care and what activity is considered commercial. Moreover the increase in public/private partnerships and joint funding of endeavours within the health care sector, which the government appears to be promoting, may make it increasingly difficult to make this distinction; for example in the area of research. The second concerns the specification of different regimes for information protection and privacy rights, depending on whether the information is deemed to come under commercial activity. This is clearly not desirable. However, the solution to this problem is not to reduce the privacy rules for all health information to the lowest common denominator but to raise them to a higher level of protection than is afforded commercially acquired information. Subjecting all health information to the regime laid out in the CMA Health Information Privacy Code would achieve this objective. In preparing this brief CMA has assumed that the Bill will provide a scheme that applies to at least some health information. Three years after it is in force it will apply equally to activities that occur strictly within the provinces, unless there is legislation in the province that is substantially similar to the Bill (see sections 27(2)(b) and 30). No doubt the extent of the federal government’s ability to legislate in this area generally will be the subject of extensive debate. However, CMA has no comment on this debate and provides its opinion in the interests of ensuring that the rules that relate to health information are compatible with preserving the integrity of the patient physician relationship and the protection of patient privacy and health information confidentiality. The federal government has an opportunity to provide Canadians with strong privacy rights in health information. It is incumbent upon the government to do so. C. Scope - Government Excluded Bill C-6 expressly excludes a large part of government activity from its ambit. Although government activity is to some extent governed by the Privacy Act, R.S.C. 1985, P-21, the rules of this Act provide less protection than those of Bill C-6. Government should subject itself to at least the same rules that it requires of the private sector in so far as it is a collector and user of information. Indeed, government’s practices relating to the collection, storage, merging, transfer and use of health information should be subject to more stringent rules than those found in either the Privacy Act or Bill C-6. The Advisory Council Report also calls for the same rules to apply to the public and private sectors, rules that are more stringent than those found in the Privacy Act or Bill C-6. Therefore, CMA recommends: That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. III. Considerations Regarding Patient Privacy and Confidentiality: Medical Context Versus Commercial Context A. CMA’s Position The world of health care is very different from that of commerce and consequently requires distinct rules that are more protective of privacy. Confiding information to your physician under the trust of the patient-physician relationship is not on par with giving your address to a salesclerk when you purchase a toaster or rent a movie. Health information is special by nature. Canadians know this. In a recent Angus Reid poll commissioned by CMA Canadians told us loudly and clearly that they regard their health information as especially sensitive. However, the obvious sensitivity of health information is not the only thing that makes it special and in virtue of which it warrants distinct rules to strengthen privacy protection. It is important to recognize that this information is typically collected under the trust patients vest in their physicians. Patients confide their information for the purpose of receiving care and in the expectation that it will be held in the strictest confidence. This purpose, and the preservation of this trust, should be given primacy in rules concerning health information It is also important to recognize that the trust under which patients confide in their physicians is fundamental to the patient-physician relationship. If patients could not trust their physicians to protect their information and keep it secret they would not confide it as freely as they do. In consequence, the ability of physicians to provide the care needed would be severely diminished. Rules relating to health information must be developed in recognition of its special nature and the circumstances of trust and vulnerability in which it is initially collected or confided. Patients confide in their physicians for the purpose of receiving care. The potential that the information thus confided may subsequently be used for other purposes must not impede the therapeutic purpose or diminish the trust and integrity of the patient-physician relationship. In recent years the secondary use of information for purposes other than those for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. Putting patients first means ensuring that health information, in all but exceptional and justifiable circumstances, is used only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Moreover, a distinction must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Bill C-6 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The laxness and breadth of these exemptions as applied to health information is unacceptable. These uses, without the patient’s consent (or even knowledge), reduce the patient to a means to someone else’s end, however worthwhile that end may be. Moreover, the absence of consent (or even knowledge) undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. CMA has developed and adopted a Health Information Privacy Code (Appendix A) in recognition of the special nature of health information and to give primacy to patients and to the right of privacy. In commenting on this Code the Advisory Council Report notes: The Code represents an important contribution to the deliberations of Canadians and legislators on how to safeguard privacy across the health domain. In his 1998-99 Annual Report, the Federal Privacy Commissioner writes in support of the Health Information Privacy Code: Legislators looking for guidance on health information privacy law need not re-invent the wheel; the Canadian Medical Association’s Health Information Privacy Code is a comprehensive benchmark for achieving a high national level of protection for personal information. The Code could be the basis for drafting legislation. Given the grumblings that the Code sets the bar too high, perhaps some Health Infoway funds should be used to study the impact of its implementation. The patients at the heart of this system deserve no less. There are several key principles that guided the development of the Health Information Privacy Code and upon which it is based: 1. The provision of health care to all Canadians irrespective of social circumstances or health status is a highly regarded value in Canadian society. The system is publicly funded and universally accessible. 2. The right of privacy is fundamental to a free and democratic society. 3. Rules relating to health information must recognize its special nature. Health information has a high level of sensitivity and is confided or collected in circumstances of vulnerability and trust for the primary purpose of benefiting the patient. 4. The hallmark of the medical profession since the time of Hippocrates has been the willingness and ability to hold information confided secret. 5. The patient-physician relationship is one of trust. A central feature of this trust is the belief of patients that information confided in or collected by physicians and other health care providers will be kept secret. 6. Patients believe that the information they disclose or that is gathered as a result of their seeking health care will be used to provide them with health care. Use beyond the provision of health care without knowledge or consent goes beyond what a patient’s reasonable expectations were when information was confided or collected and therefore is a breach of the trust patients place in their physicians. 7. Except in very limited circumstances, consent is required for health information collection, use, disclosure or access for any purpose. 8. Information required to provide patients with the health care sought should be readily available to those who require it to provide an aspect of care as consistent with the wishes of the patient. 9. Uses of health information for purposes other than the provision of health care to the person seeking care should be subject to rules that: - protect and promote privacy and confidentiality; - generally require express consent; - can be justified according to specific criteria. 10. Patients should know the uses to which their health information may be put prior to disclosing it. 11. Patients may be reluctant to disclose information if they are concerned about the uses to which the information is put or the persons entitled to access it. B. Public Opinion To determine the public’s views on issues concerning privacy and health information, CMA commissioned Angus Reid to conduct research in two forms, quantitative (survey) and qualitative (focus groups), and has found the following: 1. Canadians believe that health information is the most sensitive type of information, and indeed more sensitive than their financial information. 1. 2. Canadians believe that their health information will be kept confidential and consider this to be important. 3. Canadians believe it important to know and control how their health information is shared with others. 4. Canadians do not want their health information released to third parties (including governments and researchers) without their knowledge and consent. 5. Canadians have concerns about the release of delinked or anonymous information to third parties without their consent. 6. Some Canadians are reluctant to confide information to their physicians due to concerns about it subsequently being disclosed to others without their consent. 7. Patients believe that privacy rules should apply equally to the public and the private sector. These findings are consistent with the published literature and other findings relating to the public’s concerns about privacy and confidentiality. The CMA Health Information Privacy Code was developed in consideration of these views. Once developed, its principles were subsequently tested with the public in a series of cross-country focus groups and it was found that the Code appears to enjoy considerable public support. C. The Advisory Council Report The Advisory Council Report relates to the electronic health record. However, given the direction towards the greater use of technology and the underlying principles informing the Advisory Council, its recommendations are generalizable to all health information. A key principle of the Advisory Council Report is that access by health care professionals should be based on a need-to-know basis under the strict control of the patient. The Council, like CMA, calls for scrutiny and justification of secondary uses of health information. The Council is opposed to the use of multipurpose identifiers on the grounds that it becomes too easy for government officials from one department to gain access to a person’s health record or to combine a number of records to assemble a comprehensive profile. (Anecdotal evidence suggests that this concern may be justified and that there are insufficient safeguards preventing the flow of health information among government departments.) The Council recommends that all governments ensure that they have legislation to address privacy protection specifically aimed at protecting personal health information through explicit and transparent mechanisms. Included in these mechanisms are: * The provision of a precise definition of free and informed consent, as well as a statement of principle that informed consent should be the basis for sharing personal health information; * Any exemption to the requirement of informed consent should be clearly set out in law. More specifically, legislative guidance should be provided on how to balance the right of privacy with the public good for research purposes to implement a coherent and harmonized pan-Canadian system for independent, ethical review. * There should be provisions regulating secondary uses of non-identifiable health information. These provisions should address privacy concerns surrounding the degree to which data might be linked back to an identifiable individual. * Legislation should set clear limits on access to and use of health information by third parties outside the health care system. To prevent the serious invasions of privacy that can result from the unrestricted linking of personal health information with other kinds of information on the same individual, the legislation should contain provisions prohibiting the use for any other purpose of unique personal identifiers in health information systems. D. The Approach in Bill C-6 Bill C-6 begins with the right premise: that “rules to govern information collection, use and disclosure” should recognize the “right of privacy”. However, it fails to recognize the special nature of health information and to tailor its provisions accordingly. In consequence, there is confusion and uncertainty about Bill C-6's application to health care. Even more seriously, however, Bill C-6 fails to recognize that health information requires stronger or greater privacy protection than other types of information. The Bill makes a cursory attempt at distinguishing among varying types of personal information and gives inadequate additional protection to information that is highly sensitive (such as health information), notwithstanding the provisions in Paragraph 4.3.4 of Schedule 1 concerning consent which do provide some latitude for more stringent requirements in the case of sensitive information. The Bill permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purposes. In the context of health information, these grounds should be subject to intense scrutiny to determine their relevance and legitimacy. Some of these grounds would not withstand scrutiny if subjected to the tests established in the CMA’s Health Information Privacy Code. E. Conclusion CMA believes that health information is special and deserves a higher level of privacy protection than other types of information. The Advisory Council Report also recognizes that distinct rules, more protective of privacy, are required for health information. The Council’s Report places strong emphasis on the protection of privacy, recognizes that, as a general rule, the flow of health information should be on a need-to-know basis and under the control of the patient through the exercise of free and informed consent, and requires limits on the secondary use of health information. The inadequacy of Bill C-6 for health care is not surprising because clearly it was not drafted with health information in mind. Rather, it is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. However, the world of health care is very different from that of commerce and distinct rules that are more protective of privacy. The CMA Health Information Privacy Code begins from the same starting point as Bill C-6, the Canadian Standards Association (CSA) Code which the Bill includes as Schedule 1. However, unlike Bill C-6, the CMA Code tailors the CSA Code to the specific circumstances of health information. The CMA Health Information Privacy Code, therefore, is able to address issues specific to health information that Bill C-6 either fails to address or, even worse, creates. It offers a template for the protection that should be specifically accorded to the right of privacy in health information, a template that appears to have considerable public support and is designed to uphold patient confidence in their physicians and the health care system. Amending Bill C-6 to incorporate the principles in the CMA Code would ensure adequate privacy protection. CMA recommends: That Bill C-6 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Health Information Privacy Code provide the basis of such provisions. CMA developed the Health Information Privacy Code in recognition of trends and developments that pose new threats to patient privacy and the trust of the therapeutic relationship. In recent years the secondary use of information for purposes other than the purposes for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. CMA’s Health Information Privacy Code provides a test to which legislation addressing health information should be subjected. This test (found in section 3.6 of the CMA Code) states: Any proposed or existing legislation or regulation made under legislative authority that permits or requires health information collection, use, disclosure or access shall be subjected to the following legislative test: (a) There must be demonstration that: (i) a patient privacy impact assessment has been conducted, the analysis has been made public and has been duly considered prior to the introduction of legislation [section 3.5 of the Code provides guidance with respect to the patient privacy impact assessment]; (ii) collection, use, disclosure and access will be limited to the greatest degree possible to ensure that * the collection of health information by persons external to the therapeutic context will neither trade on nor compromise the trust of the patient-physician relationship; * patients are not likely to be inhibited from confiding information for primary purposes; * the ability of physicians to discharge their fiduciary duties to patients will not be compromised; and, * patient vulnerability will not be exploited; (iii) collection, use, disclosure and access will be restricted to what is necessary for the identified purpose(s) and will not impede the confiding or collection of information for primary purposes; (iv) provisions exist for ensuring that patients are provided with knowledge about the purpose(s) and that, subject to 3.6(b), patient consent is clearly voluntary; (v) the means used are proportionate and the collection will be limited to purposes consented to or made known to the patient; (vi) the patient’s privacy will be intruded upon to the most limited degree possible in light of the purpose(s) consented to or made known to the patient; (vii) linkage of the health information will be limited; and (viii) unless clear and compelling reasons exist: * all reasonable steps will be taken to make health information anonymous; and * if it has been demonstrated that making health information anonymous would render it inadequate for legitimate uses, the information will be collected and stored in a deidentified-relinkable format. (b) When nonconsensual collection, use, disclosure or access is permitted or required by legislation or regulation that meets the requirements of the Code, the following conditions must also be met: (i) the right of privacy has to be violated because the purpose(s) could not be met adequately if patient consent is required; and (ii) the importance of the purpose(s) must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. (c) Any legislative provision or regulation that permits or requires health information collection, use, disclosure or access nonconsensually shall not, without compelling reasons, be applied retroactively to existing health information. In its current form, Bill C-6 would not pass the scrutiny of the test. Consequently, CMA recommends: That the proposed rules for health legislation be subject to the legislative test found in CMA’s Health Information Privacy Code and formulated in light of this process. IV. Specific Comments on Bill C-6 From the Perspective of CMA’s Health Information Privacy Code This section highlights some key distinctions between the approach taken by Bill C-6 and CMA’s Health Information Privacy Code. It uses examples to illustrate divergent approaches taken for the purpose of demonstrating that Bill C-6 is inadequate in the protection it accords health information and to show how the CMA Health Information Privacy Code would address the issues adequately. A. General Bill C-6 and CMA’s Health Information Privacy Code are based on the Canadian Standards Association’s Model Code for the Protection of Personal Information (CSA Code). Bill C-6 and the CMA Code also augment the CSA Code’s provisions where considered necessary. The need to extend the provisions of the CSA Code demonstrates that the CSA Code, being general in nature, provides inadequate protection to information in many instances. The CSA recognized this at the time it developed its Code and specifically issued additional, specific guidance for health information in the form of an appendix to the Workbook for applying the Code. The Workbook begins: Information regarding one’s health and health records may be among the most sensitive of all personal data. Individuals are concerned that inappropriate disclosure of such information could unduly affect their employment status or their lives in general. . . Some health information is obtained directly from health care providers who have been given a patient’s private information with the expectation that this information will remain as a private communication. Health care providers . . . in turn, feel that such concerns could influence individuals to withhold vital information or avoid treatment to ensure their private information remains as such. Implementation of privacy procedures that adhere to the principles in the CSA Code and rigid applications of such procedures are essential steps for organizations that require access to health information, to maintain an individual’s trust that sensitive personal information remains confidential. In designing and implementing such procedures, organizations should recognize the sensitive nature of such information and also the fact that the primary reason that health care providers maintain records is to ensure that safe and efficacious care is provided. The Workbook goes on to list 7 interpretative points to augment the CSA Code, providing additional privacy protection as it applies to health information, including the following: requirements for the individual’s knowledge and consent be rigidly followed. Consent to acquire and disclose health information should be undertaken with the individual’s full knowledge of the scope of information to be requested. Bill C-6 does not include these additional interpretive points. It does not give due recognition that health information, because of its high sensitivity, deserves even stronger protection than is provided in the CSA Code as appended in Schedule 1 of the Bill (which even the Committee that drafted the CSA Code recognized). Although Bill C-6 and the CMA Code are based on the CSA Code, each takes a different approach to the ultimate protection accorded information and to the right of privacy. This divergence demonstrates that there are many ways to resolve issues left unresolved by the CSA Code. In other words, it is not a foregone conclusion that basing provisions on the CSA Code will result in appropriate or adequate protection of information. Rather, resolution of issues requires thought and deliberation and will depend in some measure on the primacy given to certain values. Bill C-6 appears to have given access primacy in the pursuit of commerce, whereas CMA gives privacy protection primacy in the pursuit of the provision of health care in accordance with physicians’ fiduciary obligations to patients and the integrity of the patient-physician relationship. CMA did not develop its approach in a vacuum. It reviewed, and was inspired by, the report of the House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities, entitled Privacy: Where Do We Draw the Line? This report articulates and makes explicit many of the issues that should be informing the current debate on Bill C-6. In addition, the Report of the Advisory Council takes a very different approach than Bill C-6. The Report recognizes the need to pay more than lip service to protecting privacy and confidentiality and recommends specific measures aimed at doing this. B. Primacy of the Therapeutic Purpose The root of most of the problems in applying Bill C-6 to health care is its failure to distinguish among purposes for the collection, use and disclosure of health information. In particular, the Bill fails to distinguish between the primary purpose, which is to deliver care to and for the benefit of an individual patient, and secondary purposes, which are not for the direct benefit of the patient and indeed may even involve using the patient’s information to his or her detriment. Under Bill C-6, the same rules apply equally to both the primary and to secondary purposes. In other sectors this failure to distinguish different purposes and to fashion rules in light of salient differences may not pose problems. In the health care sector, however, the consequences could be quite serious. As applied to secondary purposes, the provisions in Bill C-6 fail to limit access appropriately. Access to information may occur in ways that are inappropriate and violate the privacy of patients. As applied to the primary purpose -- the use of a person`s information to provide that person with care -- the rules in the Bill, if rigidly construed, may inhibit access that would otherwise be appropriate and consistent with the patient`s right of privacy. For example, the consent provisions in the Bill could create impediments to information flow where various members of a ‘health care team’ require information about the patient in order to be effective for the patient’s benefit; the provisions in the Bill that seek to limit the extent of information collection could inhibit physicians from being as extensive as they sometimes are and should be in collecting information from patients for the purpose of providing care; the provisions in the Bill requiring that the patient`s request to review his or her record be in writing could in fact be a barrier to patient access which might otherwise be facilitated informally and consistently with the patient`s wishes by a simple verbal request. Such consequences no doubt would be unintended by the drafters of the Bill; the drafters might even argue that for someone to interpret the provisions mentioned above as potentially leading to these consequences would be to misinterpret them. Regardless, the fact is that the Bill, on these matters and others, is somewhat strained when its provisions are applied to health care. The CMA Health Information Privacy Code, however, is not. It begins from the same starting point as Bill C-6, which is the CSA Code. However, the CMA, recognizing (as the drafters of the CSA Code apparently also did) that the CSA Code would need to be tailored to deal adequately with health information, did so in drafting its Health Information Privacy Code. This document was written from the ground up not just with privacy first and foremost as a value but also with specific reference to the health sector. And it is based on the fundamental premise that not all purposes for the use of health care are equal and that the therapeutic purpose must be given primacy. Thus the CMA Health Information Privacy Code avoids the kind of problems identified above that might arise as Bill C-6 is applied to health information. For example, it specifies that the collection of health information for the primary purpose of providing care “may be as extensive as necessary to fulfil these purposes and reflect the high level of trustworthiness and accountability of health professionals in the therapeutic context” (3.2) but that for any secondary purposes it should be “as minimal as necessary in recognition of the need to protect the patient’s right of privacy in the therapeutic context” (3.3.). As concerns consent, which CMA recognizes to be core to the protection of privacy, the CMA Code articulates rules for consent in recognition of the importance of timely information flow in the team context and as appropriate to meet the purpose for which the patient has confided the information in the first place, which is to receive care. It stipulates that consent for the primary purpose may therefore be implied, albeit with certain qualifications. Moreover, where consent is required, the provisions of the Code allow that “the conveyance of generic information is a reasonable means of providing knowledge” in most circumstances, which means that this requirement is unlikely to create unreasonable burdens that would diminish rather than strengthen the therapeutic relationship. Finally, the CMA Code limits itself to issues of principle concerning patient access to their records; Bill C-6, by specifying that requests must be in writing, could in fact be creating a barrier to patient access or an undue burden upon the patient-physician relationship as there may be instances when an informal request would be quite appropriate. C. Knowledge of Purpose Prior to Collection Bill C-6 Bill C-6 is ambiguous in its provisions relating to whether or not a person should know the purposes for which information will be used prior to disclosure. This is due in part to the use of the term “knowledge and consent” as one concept rather than distinguishing the knowledge requirement from the consent requirement. What a person should know in relation to the purposes for which information might be used or disclosed, prior to its being given, is distinct conceptually from whether the person must consent before information can be used or disclosed for a particular purpose. Schedule 1 of the Bill contains a number of principles. For the purposes of this Brief the schedule will be referred to in terms of the principles (and their subparagraphs). Principle 2 addresses the identification of purposes for which information will be used or disclosed. Provided a purpose is identified it becomes a legitimate purpose (this Brief recognizes that the addition of the “reasonable person” clause in 5(3) takes precedence and provides some grounds for distinguishing legitimate and illegitimate purposes). Subparagraph 3 states that the identified purposes should be specified at or before the time of collection. Section 5(2) of the Bill states that the use of ‘should’ in schedule 1 indicates a recommendation and does not impose an obligation. Therefore, according to subparagraph 3, it is recommended but is not obligatory that disclosure occur. On the other hand, principle 3 addresses consent and appears to impose an obligation by stating that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Similarly subparagraph 2 appears to create something of an obligation by stating, “organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used.” Section 7(1)(a) permits the collection of information without knowledge and consent when collection is clearly in the interests of the individual and consent cannot be obtained. The intent of this section could be made clearer, particularly in terms of who determines the “interests of the individual.” Otherwise this exception could give undesirable licence to collect without knowledge or consent. The provision in section 7(1)(b) is more problematic. This section appears to favour withholding knowledge from an individual if such knowledge would compromise accuracy, defeat the purpose for collection or prejudice the use. In some instances it may well be that, if an individual is provided with knowledge of the purposes for which information is collected and the uses to which it will be put, he or she may choose to withhold information rather than disclose it, and in doing so would clearly compromise accuracy, defeat the purpose for collection or prejudice the use to which the information will be put. This is contrary to principle 4.4.2, which recognizes that information should not be collected by misleading or deceiving individuals. The intent of this section should be far clearer and circumscribed in such a way as to make it clear that it is not permissible to withhold knowledge or not seek consent simply on the basis that if a person had knowledge they would not wish to disclose information. Section 7(1)(c) allows collection without knowledge or consent for journalistic, artistic or literary purposes. This provision is totally inappropriate in the case of health information. CMA Health Information Privacy Code The CMA Health Information Privacy Code is considerably more restrictive that Bill C-6. It recognizes that, in the therapeutic context, health information is confided or collected under the patient’s presumption that it is necessary to meet his or her therapeutic needs. The potential that health information may be subsequently collected, used, disclosed or accessed for other purposes without patient consent should be made known to patients before information is confided or collected for the primary therapeutic purpose. Moreover, it is not acceptable to withhold knowledge from patients deliberately out of concern that knowledge could inhibit them from confiding important information fully and truthfully. The CMA Health Information Privacy Code limits the nonconsensual collection of health information to circumstances where it is either permitted or required by legislation or ordered or decided by a court of law. In addition, the CMA Code gives explicit direction to legislators with respect to the conditions under which legislation should permit or require health information collection (see section 3.6 of CMA Code). In the case of nonconsensual collection, the following conditions are stipulated: 1. The right of privacy has to be violated because the purposes could not be met adequately if patient consent is required; and 2. The importance of the purposes must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. D. Use Without Knowledge Or Consent Bill C-6 Once information has been collected and despite the limits, inadequate though they be, placed on collection without knowledge or consent, it can be put to even greater use than for the purposes for which it has been collected (with or without knowledge or consent). Section 7(2) opens up dramatically the uses to which collected information may be put without either knowledge or consent. At a minimum, and with little additional administrative effort, the enumerated grounds of section 7(2) (and 7(3) should be made known to an individual prior to their disclosure of information, which would be in keeping with the principle of openness and explicitness. Section 7(2)(a) allows use in connection with the investigation of an offence. In the medical context this could be problematic, particularly if it is interpreted to impose an obligation. Generally, there is no obligation to assist in the investigation of an offence, and indeed the fiduciary duty between patient and physician and the duty of confidentiality owed to the patient by the physician would suggest that physicians not offer information, despite its usefulness. Section 7(2)(b) recognizes emergency situations. However, as worded, section 7(2)(b) would allow access to anyone’s information if it is for the purpose of acting in an emergency threatening the life, health or security of an individual. The implications of this section should be carefully thought through. It is not desirable to give such a broad licence to access anyone’s information on the basis of an emergency. There should be some limiting principle that takes into account the prevailing view that people generally are not required to go to the assistance of others (emergency or otherwise) and that information about oneself is considered worthy of protection against use or disclosure, despite its potential benefit to others (for example, genetic information or HIV or Hepatitis C status). Section 7(2)(c) is very problematic as it permits the use of “identifiable” information for a host of purposes, including statistical and research, when it is impractical to seek consent. Even though the Commissioner must be informed of the use before the information is used the Commissioner has no power to approve or reject the use. If the use is legitimate under the Bill there would be no grounds open to the Commissioner to cause an audit to occur. This section gives significant scope for the secondary use of information that has been collected without knowledge or consent; in the case of health information it is very problematic. CMA Health Information Privacy Code The CMA Code makes a clear distinction between the primary purpose for the collection and use of health information and secondary purposes for its use. The key distinction between these two categories is that primary purposes relates to the provision of the health care benefit sought whereas secondary purposes are ends or aims that are not directly related to the provision of care. The CMA Code divides secondary purposes into two categories: 1. Secondary legislated purposes are those purposes that have been subjected to the legislative test specified in the Code and have subsequently been written into law; 2. Secondary nonlegislated purposes are any other purposes, such as education or research not governed by legislation, that meet the provisions of the CMA Code and the secondary nonlegislative test provided by the Code. The tests that the CMA Code requires of both relate to: 1. Impact on privacy. 2. Impact on the patient-physician relationship, especially confidentiality and trust. 3. Impact on the willingness of patients to disclose information. 4. Impact on patients’ ability to receive care. 5. Evidence of broad public support for the measure. 6. The use will not exploit or compromise the trust of the patient-physician relationship. 7. Patient vulnerability will not be exploited. 8. Under most circumstances patients will be fully informed of the purpose and patient consent will be clearly voluntary. 9. Patient privacy will be intruded upon to the most limited degree possible. 10. Linkage of health information will be restricted and consented to by patients. In other words, the CMA Code does not permit any and all secondary purposes for the use of health information. Rather, it requires justification for the secondary use and assurance that the secondary use will neither impede nor undermine the patient-physician relationship and the provision of health care to the patient. This test is much more privacy protective than the “reasonable person” test the Bill contains in Section 5(3). Moreover, the CMA Code only permits use without consent if it is permitted or required by legislation or when ordered or decided by a court of law. The Advisory Council Report Like the CMA, the Advisory Council Report makes distinctions among various types of uses. The Report calls for legislation to clearly prohibit all secondary commercial use of personal health information (in which respect the Advisory Council takes an even stronger position than the CMA). In addition, the Report recommends that there be provisions regulating secondary uses of non-identifiable health information and that such provisions should address privacy concerns surrounding the degree to which such data might be linked back to an identifiable individual. In this context, the Report recommends that legislation set clear limits on access to and use of health information by third parties outside the health care system. In addition the Report reviews the uses of health information for statistical and research purposes. In connection with research, the Report calls for a number of safeguards and restrictions: 1. Where the data sets used have a higher level of potential identifiability, “the general rule should be informed consent and stringent assurances about privacy protection and security arrangements are necessary before a researcher can have access to personally identifiable information.” 2. The Report recognizes that in some instances it may be impractical to obtain consent from patients. Whether in anonymous or identifiable form, the Report requires that notice be given about the use of the information. In the case of the use of identifiable information, the Report states that the research should be subject to independent ethics review with the onus on the person seeking to use the information without consent to demonstrate that: (a) a tangible public good of significant benefit will result; (b) consent is impossible to secure at a reasonable cost; (c) less identifiable data will not serve the same purpose; and (d) no harm can occur to any person directly or indirectly as a result of this use of his or her personal information. E. Disclosure Without Knowledge Or Consent Bill C-6 The comments found under C. and D. above apply equally here. Section 7(3) adds further instances when collected information can be disclosed to others without knowledge or consent. CMA Health Information Privacy Code In the case of secondary use of health information, the CMA Code takes a far more restrictive approach. As concerns use, disclosure or access, it states: The potential that health information, in whole or in part, may be subsequently collected, used, disclosed or accessed for other purposes without their consent, and what those purposes might be, must be made known to the patient by reasonable means before it is confided or collected for primary purposes. Moreover, the CMA Code recognizes that information disclosed by one organization is collected by another. The Code defines collection to mean: the act of accessing, receiving, compiling, gathering, acquiring or obtaining health information from any source, including third parties, and by any means. It includes information collected from the patient, as well as secondary collection of this information in whole or in part by another provider or user. The collecting organization should be bound by the provisions of the CMA Code, which generally requires consent for use for any purpose and always requires knowledge of the potential purposes that information will or must be put to prior to the information being disclosed. CMA’s Code states: Health information custodians must ensure that third parties privy to health information have adopted this Code or are bound by equivalent provisions. Finally, the CMA Code explicitly recognizes that information can be retrieved from a variety of sources to formulate records. Any and all such practices and the composite form developed are given the same degree of protection as that accorded information collected directly from the patient. F. Consent Bill C-6 In those cases where consent for collection, use or disclosure are required, the provisions in Bill C-6 are inadequate as applied to health care. Schedule 1 distinguishes between express and implied consent. Express consent is not adequately defined and it appears that this is not equivalent to what in health care is called ‘informed consent’. For example, Principle 4.3.2. says that “organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used”. In the health care context, the notion of ‘reasonableness’ with respect to the doctrine of informed consent applies not to the effort to advise or inform (that much is assumed or given) but rather to determinations regarding what information should be provided to the patient. In addition, the application of some of the means described in Principle 4.3.7 by which individuals can give consent, and in particular the ‘negative option’ checkoff box in (b), may be quite problematic in the health care context. The broad scope allowed to implied consent in the Bill is also worrisome as applied to the health care setting. Principle 4.3.6 says “implied consent would generally be appropriate when the information is less sensitive”. However, with implied consent the issue is not the sensitivity of the information but rather the wishes of the patient. It is appropriate to infer consent even when the information is very sensitive provided one has reason to believe this is grounded in the patients wishes; conversely, it is not appropriate to infer consent, even in the case of information deemed not to be sensitive, if there is reason to believe the patient would object if asked explicitly. CMA Health Information Privacy Code The CMA Code furnishes clear definitions for consent: “Consent” means a patient’s informed and voluntary agreement to confide or permit access to or the collection, use or disclosure of his or her health information for specific purposes. For purposes other than the provision of direct care, which is the purpose for which the patient presents in the first place, the consent must always be explicit or express since there is no logical connection between secondary purposes and the desire to achieve care. Therefore inferences cannot be made with any confidence. The Code defines express consent as follows: “Express consent” is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the provider seeking consent. The CMA Code defines implied consent to disallow the loose use of the term, which is increasing today, to justify access for purposes (secondary purposes in particular) that the patient may not wish to occur: Implied consent arises where agreement may reasonably be inferred from the action or inaction of the individual and there is good reason to believe that the patient has knowledge relevant to this agreement and would give express consent were it sought. The CMA Code also lays out clear rules for the use of the concept of consent and makes clear that consent can be inferred for primary purposes (i.e., the provision of health care to the patient) but not for secondary ones, which require express consent. The Code grounds the notion of implied consent not in the desire to subvert express consent and thereby gain access to information that might otherwise be denied but rather in the wishes of the patient and the importance of providing health care for therapeutic purposes as consistent with those wishes. Advisory Council Report In addition to being more stringent than Bill C-6 about exemptions to consent, the Advisory Council Report also gives greater importance to defining the term clearly and strictly. It says that any legislation concerning health information should: contain a precise definition of free and informed consent, as well as a statement of principle that informed consent should be the basis for sharing personal health information. Although not as precise and emphatic on the subject of consent as is the CMA Health Information Privacy Code, the Report is certainly more so than is Bill C-6. G. Information Flow Within Organizations Bill C-6 Bill C-54 defined use to include “the transfer of personal information within an organization.” Bill C-6 no longer defines use, which leaves it uncertain whether the definition of use quoted above from Bill C-54 would be a reasonable interpretation of Bill C-6. If so, this would create a problem. Interpreting use in this way could have the effect of inappropriately restricting the free flow of information within an organization. In the health care context this is not a reasonable or desirable outcome and would hinder, rather than promotes, the patient’s right of privacy. CMA Code The CMA Code recognizes that the free flow of health information is desirable to the extent that it furthers the provision of the health care benefit sought and that it occurs with patient consent. The Code defines the primary purpose to mean: (i) Primary therapeutic purpose is the initial reason for a patient seeking or receiving care in the therapeutic context, and pertains to the delivery of health care to a particular patient with respect to the presenting health need or problem. It encompasses consultation with and referral to other providers on a need-to-know basis. (ii) Primary longitudinal purpose concerns developing composite health information about a particular patient, such as a detailed medical history, beyond direct application to the presenting health need or problem, in order to enhance ongoing care to that person. The Code goes on to state that: Health information collection, use, disclosure or access for the primary therapeutic and longitudinal purposes may be as extensive as necessary to fulfil these purposes and reflect the high level of trustworthiness and accountability of health professionals in the therapeutic context. And further states that: Security safeguards shall impede as little as possible health information collection, use, access and disclosure for primary purposes. Finally, in addressing consent the Code states: Consent to health information collection, use, disclosure and access for the primary therapeutic purpose may be inferred. Consent to subsequent collection, use, disclosure and access on a need-to-know basis by or to other physicians or health providers for this purpose, and for this purpose alone, may be inferred, as long as there is no evidence that the patient would not give express consent to share the information. The principles in the CMA Code that give effect to the patient’s right to control what happens to his or her information are not incompatible with the free flow of information among members of a health team for the purpose of providing care to the patient. Indeed, they facilitate and enable this flow to the extent this is in keeping with the patient’s wishes. H. Information Protected Bill C-6 The Bill covers “personal information” which is defined to mean “information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an oganization.” This definition raises a host of questions: 1. Does the Bill cover information that has been delinked to an identifiable individual but that could be relinked to identify them? 2. Does the Bill only exclude anonymous information - that is, information that could never be relinked to an identifiable individual? And if so, is there an unjustified assumption that information can, in all cases, be rendered truly anonymous? 3. In the case of delinked and anonymous information, who decides that information about an identifiable individual can be rendered delinked or anonymous? The holder of the information or the person to whom the information pertains? 4. Is it accurate or reasonable to assume that people have no interest in information emanating from them once it has been rendered delinked or anonymous? 5. Given that anonymous information is generated from personal information, is the act or process rendering personal information into anonymous form considered a use under the terms of the Bill, and if so does this use require consent? In considering these questions, it is important to keep in mind that the concept of “anonymity” means different things to different people. Moreover, there are no generally used or accepted standards that address what is required to render identifiable information truly anonymous. As a consequence, different people use different standards (of varying degrees of rigour), if they use a standard at all. It is also important to note that, in virtue of sophisticated techniques for identifying individuals from supposedly anonymous information, there is debate about the extent to which true anonymity can ever be achieved or guaranteed. CMA Health Information Privacy Code In light of issues concerning the definition of ‘personal information’ and in the interest of ensuring a thorough scrutiny of information practices, the CMA Code provides a broad definition of health information: Health information means any information about a patient that is confided or collected in the therapeutic context, including information created or generated from this information and information that is not directly or indirectly linked to the provision of health care. It includes all information formats. The CMA Code covers identifiable information, delinked information, anonymous information and any composite form that is produced when health information is linked to other information about the patient. CMA’s research indicates that patients have an interest in their information even when it is in delinked and in anonymous formats. This view has recently received support from a decision of the High Court of Justice in England that is particularly relevant in the context of the commercial use of health information (Source Informatics Ltd. v. Department of Health). The issue arose because a prescription database company sought judicial review of a Department of Health policy document that advised National Health Service GPs and pharmacists not to sell “anonymous” prescribing or dispensing information. The document contained the following analysis: Anonymisation (with or without aggregation) does not, in our view, remove the duty of confidence towards the patients who are the subject of the data. Apart from the risk of identification of a patient despite anonymisation, the patient would not have entrusted the information to the GP or the pharmacist for it to be provided to the data company. The patient would not be aware of or have consented to the information being given to the data company, but would have given it to be used in connection with his care and treatment and wider NHS purposes. Anonymisation of the data (with or without aggregation) would not obviate a breach of confidence. . . .The duty of confidence may in some circumstances be outweighed by the public interest in disclosure. However we have severe reservations that disclosure by GPs or NHS pharmacists of dispensing information to X or other data companies would be argued to be in the public interest. Indeed it might well be contrary to the public interest if the data company is further selling the information on doctors prescribing habits to the pharmaceutical industry. High Court Justice Latham upheld the policy document, arguing that the information in question, though anonymous, was nonetheless confidential. He also argued that consent to its release was necessary and could not be implied, and that the breach of confidentiality involved in selling this information could not be justified as being in the public interest: In my view, it is impossible to escape the logic . . . that the proposal involves the unauthorised use by the pharmacist of confidential information. . . . In my judgement what is proposed will result in a clear breach of confidence unless the patient gives consent, which is not part of the proposal at present. Nor is it suggested that the patient can be said to have given implied consent. . . . I recognize that, for some, the sensitivity, as they see would see it, of the information may be such that they would feel that any use of the information without their consent, would be unconscionable. In other words it would be a breach of trust which they were reposing in the pharmacist. . . I have come to the conclusion that . . . this [is] a type of situation . . . in which there is a public interest in ensuring that confidences are kept. It is important that those who require medical assistance should not be inhibited in any way from seeking or obtaining. As I have indicated, I believe that there may be some patients who will feel very strongly that the pharmacist should not give any information obtained from the prescription without their consent. In view of the fact that there is a growing industry in so-called anonymous health information, it is important to ensure that this information is protected as consistent with the duties of health care providers and the expectation patients have that their providers will keep their information confidential. Advisory Council Report The Advisory Council Report addresses this issue in a number of ways. In making recommendations concerning the definition of health information, the Report calls for legislation that embodies: a clear definition of health information, broad enough to incorporate health information collected in public and private systems and to ensure that equal obligations and penalties apply to both public and private sectors. The Report recognizes a spectrum of data formats: completely anonymous, linked to pseudo-identities, code linked and reidentifiable, completely identifiable. In terms of sensitivity, the Report notes that information that can be re-identified is somewhat more sensitive than completely anonymous data or anonymous data linked to pseudo-identities and that completely identifiable health information is the most sensitive type of health information. The Report also notes that there can be some degree of risk of re-identification of what was believed to be anonymous data through such processes as data matching and the results of analysis using small cells. In this light, the Report recommends that legislation should recognize: A definition of personal health information, which takes into account the spectrum of potential identifiability in the case of health information. Furthermore, in the case of secondary uses of health information, the Report notes that provisions regulating secondary uses of non-identifiable health information must form part of any comprehensive legislation. Such provisions should address privacy concerns surrounding the degree to which data might be linked back to an identifiable individual. The Report raises further issues relating to the use of delinked and anonymous data. The Report notes that there may be group interests and concerns regarding data collected and states: Privacy can also be a concern for groups such as Aboriginal and immigrant communities. These communities worry that research on their members could be released to the media without notice and used in a negative way. This emerging issue is growing in importance and, in the Council’s view, should be a serious consideration in the context of ethical reviews of proposed research projects. It is important to note that, in these instances, it is not the fact that data is linked to an identifiable individual that is of concern. Rather, it is the ability to accumulate, process and dissect information that has ramifications for an individual because they are part of a group segregated and identified by the research. Finally, the Report considers the use of person-oriented data (data linked to individuals in a form where personal identifiers have been replaced by a code) for statistical purposes and notes that this too raises concerns about privacy. The Report notes that: “These concerns have traditionally been seen as a tradeoff against data access for research and analysis in the public interest.” The Report restates this to provide a more positive view of privacy and states: the best way for analysts to maintain the public’s consent to use sensitive (but anonymous) health data is to show the public that privacy, confidentiality and security are being taken seriously. In view of the issues concerning the definition of personal information and in the interest of ensuring maximum scrutiny of practices concerning health information and maximum protection of the right of privacy with respect to health information, CMA recommends: That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite information produced when health information is linked to any information about a person from any other source. I. Individual Access Bill C-6 Bill C-6 restricts the right of individual access to personal information. The grounds for denying access to information are inappropriate in the health care context. CMA Code The CMA Code follows the prevailing case law as it relates to medical records. Primarily this gives patients a right of access to their record in all but very limited circumstances. These circumstances are when there is a significant likelihood of a substantial adverse effect on the physical, mental or emotional health of the patient or substantial harm to a third party. The onus lies on the provider to justify denial of access on these grounds. J. Accuracy and Amendment Bill C-6 Bill C-6 requires that information be as accurate, complete and up-to-date as possible and that it shall not be routinely updated unless this is necessary to fulfil the purpose for its collection. In so far as amendment is concerned, Bill C-6 permits amendment to the record in specified circumstances. CMA Code The CMA Code takes a different approach in light of the nature and purpose of health information. The Code recognizes that the recording of statements of fact, clinical judgements and determinations or assessments should reflect as nearly as possible what has been confided by the patient and what has been ascertained, hypothesized or determined to be true using professional judgement. In terms of amending the record in light of a patient’s request, the CMA Code seeks to preserve the original record but also provide for noting the patient’s concerns. To accommodate both requirements the CMA Code states: Patients who have reviewed their information and believe it to be inaccurately recorded or false have the right to suggest amendments and to have their amendments appended to the health information. K. Sensitivity Bill C-6 Schedule 1 recognizes that medical records have a high level of sensitivity attached. For this reason this information may warrant special attention concerning consent, reasonable expectations, individual access and the degree of security that is appropriate. CMA Code The CMA Code recognizes that, even as all health information is sensitive (when considered against other forms of information about individuals), there are also variations in the level of sensitivity in various aspects of the health record. The CMA Code defines the “sensitivity of health information” to refer to: the patient’s interest in keeping the information secret. It varies according to the nature of the information, its form, and the potential negative repercussions of its collection, use or disclosure on the patient’s interests. Under the Code’s consent provisions it is stated that: Although all health information is sensitive and should be treated as such, the more sensitive the health information is likely to be, given what is known about the circumstances or preferences of the patient, the more important it is to ensure that consent is voluntary and informed. With respect to security the Code states: The development of security safeguards with respect to levels of access for various users shall recognize the differences in the sensitivity of health information and permit access accordingly. Moreover, the Code recognizes that health information is special and therefore requires distinct rules that afford stronger privacy protection not just due to its sensitivity but also to the circumstances of vulnerability and trust under which it is initially confided or collected. These special circumstnaces, which include much more than sensitivity, are outlined in Principle 2 of the Code. Bill C-6, by contrast, fails to consider these other features that make health information a special case. In consequence its provisions are not adquately tailored to the special nature of health information and do not accord it the strong privacy protection it warrants. V. Conclusions The increased capacity to collect, store, transfer, merge and access information, coupled with trends that support increased use of and access to information, have the potential to erode our traditional understanding and protection of privacy and confidentiality. The issues are complex and the choices we must make are difficult. Nevertheless, these issues should be squarely on the table and the choices that we make must be clear, transparent and defensible. Of paramount importance is that the public is not mislead into believing that their information is being protected or kept confidential when in fact it is not. Therefore, even to refer to Bill C-6 as the “Personal Information Protection and Electronic Documents Act” should be the subject of debate. Is the Bill truly about information protection or is it actually about permitting access to information? The approach to rules for information in Bill C-6 is directed toward commerce and appears to have access, and not privacy, as its dominant value, notwithstanding the Bill’s reference to a “right of privacy”. In CMA’s view, the Bill’s approach is inadequate when applied to health information. Based on the evidence, it seems highly likely that the public would also find Bill C-6 inadequate. Bill C-6 was not developed with health information in mind. In consequence there is confusion and uncertainty about its application to the health care context. Even more seriously, however, Bill C-6 fails to recognize that privacy with respect to health information requires stronger or greater protection than other types of information. CMA presents a different approach, an approach that recognizes the special nature of health information; an approach that puts patients first and values privacy and the preservation of the trust and integrity of the patient-physician relationship. This approach appears to be well-grounded in the values that Canadians hold about privacy and would likely enjoy broad public support. In addition, the CMA approach draws support from the Federal Advisory Council Report, which like CMA recognizes the importance of preserving patient privacy and the confidentiality of the health record in an era of increased use of technology. Implicitly, the Report recognizes that the benefits of such technology cannot be realized if public support, based on respect for privacy, cannot be secured. The CMA’s Health Information Privacy Code does what Bill C-6 fails to do. Amending Bill C-6 to incorporate the principles in the CMA Code would ensure adequate privacy protection. In light of the clear deficits in Bill C-6 and the inadequate protection of patient privacy and health information confidentiality, CMA urges this Committee to accept its recommendations and the amendment that incorporates them. Nothing less would give Canadians the high level of privacy protection they desire and deserve when it comes to their health information. VI. Summary of Recommendations That Bill C-6 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Health Information Privacy Code provide the basis of such provisions; and That any proposed rules for health legislation be subject to the legislative test found in CMA’s Health Information Privacy Code and formulated in light of this process; and That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite information produced when health information is linked to any other information about a person from any other source; and That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. CMA has drafted an amendment to Bill C-6 (Appendix B) which, if accepted, would achieve all of these recommendations and adequately give Canadians the kind of privacy protection with respect to their health information that they deserve and desire.
Documents
Less detail

Listening to our Patient's Concerns : Comments on Bill C 54 (Personal Information Protection and Electronic Document Act) : Submission to the House of Commons Standing Committee on Industry

https://policybase.cma.ca/en/permalink/policy1980
Last Reviewed
2019-03-03
Date
1999-03-18
Topics
Health care and patient safety
Health information and e-health
Ethics and medical professionalism
  2 documents  
Policy Type
Parliamentary submission
Last Reviewed
2019-03-03
Date
1999-03-18
Topics
Health care and patient safety
Health information and e-health
Ethics and medical professionalism
Text
Over the last year, CMA has become increasingly concerned that debate on the issues concerning health information have been framed in terms of access to information with an attendant erosion of privacy and confidentiality. This one-sided approach comes at a time of expansion in our capacity to collect, store, merge, transfer and access information, coupled with trends both in the health care sector and generally related to the use of information To address these concerns and to ensure that privacy and confidentiality in the medical context are valued, protected and preserved, CMA developed and adopted a Health Information Privacy Code. This Code should form the basis of all legislation governing the collection, use and disclosure of health information. Health information is special by its nature. Rules relating to health information must be developed in recognition of its special nature. Ensuring protection of privacy and confidentiality of the patient record must take precedence over other considerations. Bill C-54 fails to do this. Bill C-54 is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. CMA considers the world of health care to be very different from that of commerce and consequently requiring distinct rules. Health information use must, in all but exceptional and justifiable circumstances, occur only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Bill C-54 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The evident lack of protection accorded health information based on such ground, is unacceptable. The absence of protection undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. Moreover, distinctions must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Not all purposes for the collection and use of health information are equal. Collection and use beyond the therapeutic context should be subjected to rigorous scrutiny before they are permitted to occur. Bill C-54 fails to make such a distinction and treats all purposes that could be identified for information collection or use as equal. Moreover, the Bill has no mechanism to distinguish legitimate purposes, which should be permitted from illegitimate purposes, which should not. In light of the clear deficits in Bill C-54 and the inadequate protection of patient privacy and health information confidentiality, CMA makes the following recommendations: That Bill C-54 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Code provide the basis of such provisions; and That the proposed rules for health legislation be subject to the legislative test found in CMA’s Code and formulated in light of this process; and That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite form produced when information is linked to any information about a person from any other source; and That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. I. Introduction The Canadian Medical Association is the national voice of Canadian physicians. Our mission is to provide leadership for physicians and to promote the highest standard of health and health care for Canadians. The CMA is a voluntary professional organization representing the majority of Canada's physicians and comprising 12 provincial and territorial divisions and 43 affiliated medical organizations. On behalf of its 45,000 members and the Canadian public, CMA performs a wide variety of functions, including addressing the emerging issue of electronic health information and confidentiality and privacy. It is in this capacity that we present our position on Bill C 54, The Personal Information Protection and Electronic Documents Act. CMA commends the government for taking the first, important step of beginning the debate on the protection of personal information. The issues are complex and the interests at stake significant. CMA welcomes the opportunity to provide comments on Bill C-54. CMA hopes that its input will strengthen the Bill by ensuring that patient privacy and the confidentiality of medical records are adequately protected. In preparing this brief CMA has had the benefit of the final report of the federal Advisory Council on Health Infostructure, Canada Health Infoway: Paths to Better Health: Final Report. (“Advisory Council Report”) Where appropriate, CMA cites the findings contained in the report. CMA wishes to underscore the key themes of its brief: A. Health information is special by its nature. Rules relating to health information must be developed in recognition of its special nature. Ensuring protection of privacy and confidentiality of the patient record must take precedence over other considerations. Bill C-54 fails to do this. Bill C-54 is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. CMA considers the world of health care to be very different from that of commerce and consequently requiring distinct rules. B. Health information use must, in all but exceptional and justifiable circumstances, occur only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Bill C-54 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The evident lack of protection accorded health information based on such ground, is unacceptable. The absence of protection undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. Moreover, distinctions must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. C. Not all purposes for the collection and use of health information are equal. Collection and use beyond the therapeutic context should be subjected to rigorous scrutiny before they are permitted to occur. Bill C-54 fails to make such a distinction and treats all purposes that could be identified for information collection or use as equal. Moreover, the Bill has no mechanism to distinguish legitimate purposes, which should be permitted from illegitimate purposes, which should not. This brief will first look at the apparent rationale of Bill C-54 and its potential application to health information. The brief will next describe why CMA considers health information to be special in nature and worthy of special protection. Finally, the brief reviews the difference in approach between Bill C-54 and CMA’s Health Information Privacy Code to illustrate that Bill C-54 provides inadequate protection to patient privacy and health record confidentiality. II. Rationale and Scope of Bill C-54 A. Rational of Bill C-54 The driving force behind Bill C-54 is the support and promotion of electronic commerce. The second part of the Bill is devoted to permitting electronic versions of documents and signatures to be legitimate or ‘originals’ if the provisions of the Act are followed. Part two of the Bill is quite distinct from part one and both parts could stand alone as separate pieces of legislation. Part two simply allows electronic versions of documents and signatures to be recognized as legitimate. On its face, this has little to do with the protection of personal information except to the extent that storage of documents in electronic form provides greater ability to access, link and merge information. Certainly, the Bill appears to draw on this connection by including, in its statement of purpose, the provision of a right of privacy in an era in which technology increasingly facilitates the collection and free flow of information. Part one concerns all forms of information, electronic and otherwise. It gives some protection to personal information by requiring consent in some instances. In CMA’s view, a fundamental difficulty with part one and the Bill in general is that it’s goal is to promote commerce and thus all information is implicitly considered as falling within the ‘commercial’ realm. In the case of health information this is surely not the case or the only consideration. Moreover, this creates a clash of values when applied to a health care system that is a public system. The Advisory Council Report takes a hard line on this issue and states that legislation respecting the privacy protection of health information, “should also contain a clear prohibition against all secondary commercial use of personal health information.” Because all information is subjected to similar rules, there is no attempt within the Bill to distinguish some purposes for collecting information from other purposes. The Bill takes the approach that the purposes should be known and documented. While not stated explicitly, the assumption is that all purposes identified are legitimate and are permitted. CMA has quite a different view when it comes to health information and will expound its view throughout this brief. B. Scope - Application to Medical Records CMA is uncertain whether or to what extent Bill C-54 will apply to health records. The full name of the Act states, in part: An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances.... What are these circumstances? Section 4(1) states that Part 1 (the part protecting personal information) applies in respect of personal information that: (a) the organization collects, uses or discloses in the course of commercial activities; (b) the organization collects, uses or discloses interprovincially or internationally; or (c) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business. It should further be noted that three years after the Act is in force it will apply equally to activities that occur strictly within the province unless there is legislation in the province that is substantially similar to the Bill (see sections 27(2)(d) and section 30). The first issue is the provision of section 4(1)(a) - collection, use and disclosure in the course of commercial activities. There seems to be an assumption on the part of government that this automatically excludes health records, (although the Act fails to define what is meant by commercial activity). Is this accurate or does the assumption fail to recognize that there is not a clear, unambiguous distinction between what might constitute commercial activity or other activity? There are two points to be made here. The first concerns clarity around where commercial ends and health care begins. Which health care settings that operate for profit are excluded from the Act? This question speaks to the difficulty of delineating what activity is considered health care and what activity is considered commercial. Moreover it recognizes that the increased encouragement to public/private funding of endeavours within the health care sector may make it increasingly difficult to make this distinction; for example in the area of research. The second concerns the movement of health information from the health care setting (recognizing that this is not easily distinguished from the commercial setting) to the commercial setting; for example, health information provided to insurance companies. When health care information is collected in a health care setting and transferred to a commercial setting, which rules apply - Bill C-54 or no rules? In CMA’s view, there is no clear way of distinguishing commercial activity from health care activity in a way that ensures that the health care record is subject to different rules than those pertaining to other records. Moreover, the dilemma for government is that even if such distinction could occur, would it be desirable that health records be subject to no rules? Put in another way, will those organizations that currently collect health care information be entitled to claim that since the information forms part of the health record they are not subject to the provisions of C-54? Under such a regime health care records would be subject to an even lower standard than that provided for information collected in the commercial context. In terms of the provisions of 4(1)(b) - interprovincial and international transfer of information. This appears to apply to all information. In the existing environment and developments such as the “health information highway,” interprovincial transfers of information, the capacity for the central collection and storage of information, mechanisms such as telephone and cable to transfer information and general trends related to population health, it seems likely that interprovincial traffic will grow rather than diminish. The significance of this section, therefore, cannot be underestimated. Finally, the provisions of 4(1)(c) may well contain health information about the employee. In preparing this brief CMA has assumed that the Bill will provide a scheme that applies to some health information. No doubt the extent of the federal governments ability to legislate in this area generally will be the subject of extensive debate. However, CMA has no comment on this debate and provides its opinion in the interests of ensuring that the rules that relate to health information are compatible with preserving the integrity of the patient-physician relationship and the protection of patient privacy and health information confidentiality. CMA considers that the government has an opportunity to provide Canadians with strong privacy rights in health information. Indeed, CMA believes that it is incumbent upon the government to do so. C. Scope - Government Excluded Bill C-54 expressly excludes a large part of government activity from its ambit. While government activity is to some extent governed by the Privacy Act, R.S.C. 1985, P-21, the rules of this act provide less protection than those of Bill C-54. Government should subject itself to at least the same rules that it requires of the private sector in so far as it is a collector and user of information. Moreover, CMA is of the view that government’s practices relating to the collection, storage, merging, transfer and use of health information must be subject to more stringent rules than those found in either the Privacy Act or Bill C-54. The Advisory Council Report also calls for the same rules to apply to the public and private sectors, rules that are more stringent than those found in the Privacy Act or Bill C-54. Therefore, CMA recommends: That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. III. Considerations Regarding Patient Privacy and Confidentiality: Medical Context Versus Commercial Context A. CMA’s Opinion Over the last year, CMA has become increasingly concerned that debate on the issues concerning health information have been framed in terms of access to information with an attendant erosion of privacy and confidentiality. This one-sided approach comes at a time of expansion in our capacity to collect, store, merge, transfer and access information, coupled with trends both in the health care sector and generally related to the use of information To address these concerns and to ensure that privacy and confidentiality in the medical context are valued, protected and preserved, CMA developed and adopted a Health Information Privacy Code, which is appended to and forms part of this brief. In commenting on this Code the Advisory Council Report notes: The code represents an important contribution to the deliberations of Canadians and legislators on how to safeguard privacy across the health domain. There are a number of principles underpinning the Health Information Privacy Code: 1. The provision of health care to all Canadians irrespective of social circumstances or health status is a highly regarded value in Canadian society. The system is publicly funded and universally accessible. 2. The right of privacy is fundamental to a free and democratic society. 3. Rules relating to health information must recognize its special nature. Health information has a high level of sensitivity, it is confided or collected in circumstances of vulnerability and trust for the primary purpose of benefiting the patient. 4. Physicians now and historically promise that they will keep their patients’ information secret; this is a hallmark of the profession. 5. The patient-physician relationship is one of trust and a central feature of this trust is the belief in patients that information confided in or collected by physicians and other health care providers will be kept secret. 6. Patients believe that the information they disclose or that is gathered as a result of their seeking health care will be used to provide them with health care; uses beyond the provision of health care without knowledge or consent go beyond what a patient’s reasonable expectations were when information was disclosed or gathered and is a breach of the trust patients place in their physicians. 7. Except in very limited circumstances, consent is required for health information collection, use, disclosure or access for any purpose. 8. Information required to provide patients with the health care sought should be readily available to those who require it to provide an aspect of care. 9. Uses of health information for purposes other than the provision of health care to the person seeking care should be subject to rules that: - protect and promote privacy and confidentiality; - generally require express consent; - can be justified according to specific criteria. 10. Patients should know the uses to which their health information is put prior to their disclosure of it. 11. Patients may be reluctant to disclose information if they are concerned about the uses to which the information is put or the persons entitled to access it. B. Public Opinion To determine the public’s view on these issues, CMA commissioned Angus Reid to conduct research in two forms, quantative (survey) and qualitative (focus groups), and has found the following: 1. Patients believe that their health information will be kept confidential and consider this to be important. 2. Patients believe it important to know and control how their health information is shared with others. 3. Patients do not want their health information released to third parties (including governments and researchers) without their knowledge and consent. 4. Patients may have concerns about the release of delinked or anonymous information to third parties without their consent. 5. Patients may be reluctant to confide information as a result of concerns related to its use or disclosure. These findings are consistent with general findings relating to the public’s concerns about privacy and confidentiality. C. The Advisory Council Report The Advisory Council Report relates to the electronic health record. However, given the direction towards the greater use of technology and the underlying principles informing the Advisory Council, CMA believes that the recommendations are generalizable to all health information. A key principle of the Advisory Council is that access by health care professionals should be based on a need-to-know basis under the strict control of the patient. The Council, like CMA calls for scrutiny and justification of secondary uses of health information. The Council is opposed to the use of multipurpose identifiers on the grounds that it becomes too easy for government officials from one department to gain access to a person’s health record or combine a number of records to assemble a comprehensive profile. (Anecdotal evidence suggests that this concern may be justified and that there are insufficient safeguards preventing the flow of health information among government departments) The Council recommends that all governments ensure that they have legislation to address privacy protection specifically aimed at protecting personal health information through explicit and transparent mechanisms. Included in these mechanisms are: * The provision of a precise definition of free and informed consent, as well as a statement of principle that informed consent should be the basis for sharing personal health information; * Any exemption to the requirement of informed consent should be clearly set out in law. More specifically, legislative guidance should be provided on how to balance the right of privacy with the public good for research purposes to implement a coherent and harmonized pan-Canadian system for independent, ethical review. * There should be provisions regulating secondary uses of non-identifiable health information. These provisions should address privacy concern surrounding the degree to which data might be linked back to an identifiable individual. * Legislation should set clear limits on access to and use of health information by third parties outside the health care system. To prevent the serious invasions of privacy that can result from the unrestricted linking of personal health information with other kinds of information on the same individual, the legislation should contain provisions prohibiting the use for any other purpose of unique personal identifiers in health information systems. D. The Approach in Bill C-54 Bill C-54 is inadequate in its protection of health information. The Bill makes a meagre attempt at distinguishing among varying types of personal information and gives no additional protection to information that is highly sensitive (such as health information). The Bill permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purposes. In the context of health information, these grounds should be subject to intense scrutiny to determine their relevance and legitimacy. In CMA’s view and according to the tests established in the CMA’s Code, some of these grounds would not withstand such scrutiny. E. Conclusion CMA’s Code offers a template for the protection that should be accorded health information, a template that appears to have some public support and that strives to retain patient confidence in their physicians and the health care system. The Report of the Federal Advisory Council also recognizes that special rules are required for health information. The Council’s Report places strong emphasis on the protection of privacy, recognizes that as a general rule the flow of health information should be on a need-to-know basis and under the control of the patient through the exercise of free and informed consent and requires limits on the secondary use of health information. In CMA’s view, Bill C-54 should incorporate specific rules relating to health information and CMA’s Code should form the basis of these rules. CMA recommends: That Bill C-54 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Code provide the basis of such provisions. In addition, CMA’s Code provides a test that legislation addressing health information should be subjected to. This test (found in section 3.6 of the CMA Code) states: Any proposed or existing legislation or regulation made under legislative authority that permits or requires health information collection, use, disclosure or access shall be subjected to the following legislative test: (a) There must be demonstration that: (i) a patient privacy impact assessment has been conducted, the analysis has been made public and has been duly considered prior to the introduction of legislation [section 3.5 of the Code provides guidance with respect to the patient privacy impact assessment]; (ii) collection, use, disclosure and access will be limited to the greatest degree possible to ensure that * the collection of health information by persons external to the therapeutic context will neither trade on nor compromise the trust of the patient-physician relationship; * patients are not likely to be inhibited from confiding information for primary purposes; * the ability of physicians to discharge their fiduciary duties to patients will not be compromised; and, * patient vulnerability will not be exploited; (iii) collection, use, disclosure and access will be restricted to what is necessary for the identified purpose(s) and will not impede the confiding or collection of information for primary purposes; (iv) provisions exist for ensuring that patients are provided with knowledge about the purpose(s) and that, subject to 3.6(b), patient consent is clearly voluntary; (v) the means used are proportionate and the collection will be limited to purposes consented to or made known to the patient; (vi) the patient’s privacy will be intruded upon to the most limited degree possible in light of the purpose(s) consented to or made known to the patient; (vii) linkage of the health information will be limited; and (viii) unless clear and compelling reasons exist: * all reasonable steps will be taken to make health information anonymous; and * if it has been demonstrated that making health information anonymous would render it inadequate for legitimate uses, the information will be collected and stored in a deidentified-relinkable format. (b) When nonconsensual collection, use, disclosure or access is permitted or required by legislation or regulation that meets the requirements of the Code, the following conditions must also be met: (i) the right of privacy has to be violated because the purpose(s) could not be met adequately if patient consent is required; and (ii) the importance of the purpose(s) must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. (c) Any legislative provision or regulation that permits or requires health information collection, use, disclosure or access nonconsensually shall not, without compelling reasons, be applied retroactively to existing health information. In its current form, Bill C-54 would not pass the scrutiny of the test. Consequently, CMA recommends: That the proposed rules for health legislation be subject to the legislative test found in CMA’s Code and formulated in light of this process. IV. Specific Comments on Bill C-54 From the Perspective of CMA’s Health Information Privacy Code This section highlights some key distinctions between the approach taken by Bill C-54 and CMA’s Health Information Privacy Code. The purpose of this section is to illustrate through examples the divergence of approaches taken with the ultimate aim of demonstrating that Bill C-54 is inadequate in the protection it accords health information. A. General Bill C-54 and CMA’s Health Information Privacy Code are based on the Canadian Standards Association’s Model Code for the Protection of Personal Information (CSA Code). Bill C-54 and the CMA Code also augment the CSA Code’s provisions where considered necessary. The need to extend the provisions of the CSA Code demonstrates that the CSA Code, being general in nature, provides inadequate protection to information in many instances. Although Bill C-54 and the CMA Code are based on the CSA Code, each takes a different approach to the ultimate protection accorded information. This divergence demonstrates that there are many ways to resolve issues left unresolved by the CSA Code. In other words, it is not a foregone conclusion that basing provisions on the CSA Code will result in appropriate or adequate protection of information. Rather, resolution of issues requires thought and deliberation and will depend in some measure on the primacy given to certain values. Bill C-54 appears to have given access primacy in the pursuit of commerce, whereas CMA gives privacy protection primacy in the pursuit of the provision of health care in accordance with physicians fiduciary obligations to patients and the integrity of the patient-physical relationship. CMA did not develop its approach in a vacuum. It reviewed and was inspired by the report of the House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities, entitled Privacy: Where Do We Draw the Line? This report articulates and makes explicit many of the issues that should be informing the current debate on Bill C-54. In addition, the Report of the Advisory Council takes a very different approach to Bill C-54. The Report recognizes the need to pay more than lip service to protecting privacy and confidentiality and recommends specific measures aimed at doing this. B. Information Protected Bill C-54 The Bill covers “personal information” which is defined to mean “information about an identifiable individual that is recorded in any form.” This definition raises a host of questions: 1. Does the Bill cover or not information that has been delinked to an identifiable individual but that could be relinked to identify them? 2. Does the Bill only exclude anonymous information - that is, information that could never be relinked to an indentifiable individual? And if so, is there an unjustified assumption that information can, in all cases, be rendered truly anonymous? 3. In the case of delinked and anonymous information, who decides that information about an identifiable individual can be rendered delinked or anonymous? The holder of the information or the person to whom the information pertains? 4. Is it accurate or reasonable to assume that people have no interest in information emanating from them once it has been rendered delinked or anonymous? CMA Health Information Privacy Code The CMA Code provides a broad definition of health information: Health information means any information about a patient that is confided or collected in the therapeutic context, including information created or generated from this information and information that is not directly or indirectly linked to the provision of health care. It includes all information formats. In addition, the CMA Code covers identifiable information, delinked information, anonymous information and any composite form that is produced when health information is linked to other information about the patient. CMA’s research indicates that patients may have an interest in their information when it is in delinked and anonymous formats. Advisory Council Report The Advisory Council Report addresses this issue in a number of ways. In making recommendations concerning the definition of health information the Report calls for legislation that embodies: a clear definition of health information, broad enough to incorporate health information collected in public and private systems and to ensure that equal obligations and penalties apply to both public and private sectors. The report recognizes a spectrum of data formats: completely anonymous, linked to pseudo-identities, code linked and reidentifiable, completely identifiable. In terms of sensitivity, the Report notes that information that can be re-identified is somewhat more sensitive that completely anonymous data or anonymous data linked to pseudo-identities and that completely identifiable health information is the most sensitive type of health information. The Report also notes that there can be some degree of risk of re-identification of what was believed to be anonymous data through such processes as data matching and the results of analysis using small cells. In this light, the Report recommends: A definition of personal health information, which takes into account the spectrum of potential identifiability in the case of health information. Furthermore, in the case of secondary uses of health information, the Report notes that provisions regulating secondary uses of non-identifiable health information must form part of the legislation. Such provisions should address privacy concerns surrounding the degree to which data might be linked back to an identifiable individual. The Report raises further issues relating to the use of delinked and anonymous data. The Report notes that there may be group interests and concerns regarding data collected and states: Privacy can also be a concern for groups such as Aboriginal and immigrant communities. These communities worry that research on their members could be released to the media without notice and used in a negative way. This emerging issue is growing in importance and, in the Council’s view, should be a serious consideration in the context of ethical reviews of proposed research projects. It is important to note that in these instances it is not the fact that data is linked to an identifiable individual that is of concern. Rather, it is the ability to accumulate, process and dissect information that has ramifications for an individual because they are part of a group segregated and identified by the research. Finally, the Report considers the use of person-based data but not people’s names, for statistical purposes and notes that this too raises concerns about privacy. The Report notes that: “These concerns have traditionally been seen as a tradeoff against data access for research and analysis in the public interest.” The Report restates this to provide a more positive view of privacy and states: “the best way for analysts to maintain the public’s consent to use sensitive (but anonymous) health data is to show the public that privacy, confidentiality and security are being taken seriously.” Recommendation That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite form produced when information is linked to any information about a person from any other source. C. Knowledge of Purpose Prior to Collection Bill C-54 Bill C-54 is ambiguous in its provisions relating to whether or not a person should know the purposes for which information will be used prior to disclosure. This is due in part to the use of the term “knowledge and consent” as one concept rather than distinguishing the knowledge requirement from the consent requirement. What a person should know in relation to the purposes information might be used or disclosed for, prior to its being given is distinct conceptually from whether the person must consent before information can be used or disclosed for a particular purpose. Schedule 1 of the Bill contains a number of principles. For the purposes of this brief the schedule will be referred to in terms of the principles (and their subparagraphs). Principle 2 addresses the identification of purposes that information will be used or disclosed for. Provided a purpose is identified it becomes a legitimate purpose under the Bill. Subparagraph 3 states that the identified purposes should be specified at or before the time of collection. Section 5(2) of the Bill states that the use of ‘should’ in schedule 1 indicates a recommendation and does not impose an obligation. Therefore, according to subparagraph 3, it is recommended but is not obligatory that disclosure occur. On the other hand, principle 3 addresses consent and appears to impose an obligation by stating that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Similarly subparagraph 2 appears to create something of an obligation by stating, “organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used.” The relationship between these sections should be clarified and made consistent. CMA is pleased to note that principle 3 has been modified to define when, and only when, organizations may collect information without knowledge or consent. Section 7(1)(a) permits the collection of information without knowledge and consent when collection is clearly in the interests of the individual and consent cannot be obtained. The intent of this section could be made clearer, particularly in terms of who determines the “interests of the individual.” Otherwise this exception could give undesirable license to collect without knowledge or consent. The provision in section 7(1)(b) is more problematic. This section appears to favour withholding knowledge from an individual if such knowledge would compromise accuracy, defeat the purpose for collection or prejudice the use. In some instances it may well be that if an individual is provided with knowledge of the purposes for which information is collected and the uses to which it will be put, they may choose to withhold information rather than disclose it, and in doing so would clearly compromise accuracy, defeat the purpose for collection or prejudice the use the information will be put to. This is contrary to the principle found in principle 4.1 which recognizes that information should not be collected by misleading or deceiving individuals. The intent of this section should be far clearer and circumscribed in such a way as to make it clear that it is not permissible to withhold knowledge or not seek consent simply on the basis that if a person had knowledge they would not wish to disclose information. Section 7(1)(c) allows collection without knowledge or consent for journalistic, artistic or literary purposes. This provision is totally inappropriate in the case of health information. CMA Health Information Privacy Code The CMA Code is considerably more restrictive that Bill C-54. It recognizes that in the therapeutic context, health information is confided by or collected from patients under the patient presumption that it is necessary to meet his or her therapeutic needs. CMA also believes that the potential that health information may be subsequently collected, used, disclosed or accessed for other purposes without patient consent should be made known to patients before information is confided or collected for the primary therapeutic purpose. CMA further notes that it is not acceptable to withhold knowledge from patients deliberately out of concern that knowledge could inhibit them from confiding important information fully and truthfully. CMA limits the circumstances the nonconsensual collection of health information to those: 1. Permitted or required by legislation; 2. When ordered or decided by a court of law. Moreover, the CMA gives explicit direction to legislators with respect to the conditions under which legislation should permit or require health information collection (see section 3.6 of CMA Code). In the case of nonconsensual collection, the following conditions are stipulated: 1. The right of privacy has to be violated because the purposes could not be met adequately if patient consent is required; and 2. The importance of the purposes must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. While Bill C-54 is clearly enabling the collection of information, it does not, in CMA’s opinion put sufficient emphasis on or provide protections that preserve privacy and confidentiality, especially in the medical context. D. Use Without Knowledge Or Consent Bill C-54 Once information has been collected and despite the, albeit inadequate, limits placed on collection without knowledge or consent, it can be put to even greater use than the purposes it has been collected for with or without knowledge or consent. Section 7(2) opens up dramatically the uses to which collected information may be put without either knowledge or consent. At a minimum and without little additional administrative effort, the enumerated grounds of section 7(2) (and 7(3))should be made known to an individual prior to their disclosure of information, which would be in keeping with the principle of openness and explicitness. Section 7(2)(a) allows use in connection with the investigation of an offence. In the medical context this might be problematic particularly if it is interpreted to impose an obligation. Generally, there is no obligation to assist in the investigation of an offence and indeed the fiduciary duty between patient and physician and the duty of confidentiality owed to the patient by the physician would suggest that physicians not offer information despite its usefulness. Section 7(2)(b) recognizes emergency situations. However, as worded, section 7(2)(b) would allow access to anyone’s information if it is for the purpose of acting in respect of an emergency threatening the life, health or security of an individual. The implications of this section should be carefully thought through. Do we really intend to give such a broad licence to access anyone’s information on the basis of an emergency. In CMA’s view there should be some limiting principle that takes into account the prevailing view that people generally are not required to go to the assistance of others (emergency or otherwise) and that information about oneself is considered worthy of protection against use or disclosure despite its potential benefit to others for example, genetic information or HIV, Hepatitis C status. Section 7(2)(c) is very problematic as it permits the use of “identifiable” information for a host of purposes, including statistical and research, when it is impractical to seek consent. Even though the Commissioner must be informed of the use before the information is used the Commissioner has no power to approve or reject the use, and since the use is legitimate under the Bill provided the Commissioner has been notified there would be no grounds open to the Commissioner to cause an audit to occur. This section gives significant scope to use information that has been collected without knowledge or consent and certainly in the case of health information is problematic. CMA Health Information Privacy Code The CMA Code makes a clear distinction between the primary purpose for the collection and use of health information and secondary purposes for its use. The key distinction between these two categories is that primary purposes relates to the provision of the health care benefit sought whereas secondary purposes are ends or aims that are not directly related to the provision of care. The CMA Code divides secondary purposes into two categories: 1. Secondary legislated purposes, those purposes that have been subjected to the legislative test specified in the Code and have subsequently been written into law; 2. Secondary nonlegislated purposes are any other purposes, such as education or research not governed by legislation, that meet the provisions of the CMA Code and the secondary nonlegislative test provided by the Code. The tests that CMA requires both to go through relate to: 1. Impact on privacy. 2. Impact on the patient-physician relationship, especially confidentiality and trust. 3. Impact on the willingness of patients to disclose information. 4. Impact on patients’ ability to receive care. 5. Evidence of broad public support for the measure. 6. The use will not exploit or compromise the trust of the patient-physician relationship. 7. Patient vulnerability will not be exploited. 8. Under most circumstances patients will be fully informed of the purpose and patient consent will be clearly voluntary. 9. Patient privacy will be intruded upon to the most limited degree possible. 10. Linkage of health information will be restricted and consented to by patients. In other words, CMA is not satisfied that any and all secondary purposes for the use of health information should be permitted. Rather, CMA seeks justification for the secondary use and assurance that the secondary use will neither impede nor undermine the patient-physician relationship and the provision of health care to the patient. Moreover, the CMA Code only permits use without consent if it is permitted or required by legislation or when ordered or decided by a court of law. The Advisory Council Report Like CMA, the Advisory Council Report makes distinctions among various types of uses. The report calls for legislation to clearly prohibit all secondary commercial use of personal health information. In addition, the Report recommends that there be provisions regulating secondary uses of non-identifiable health information and that such provisions should address privacy concerns surrounding the degree to which such data might be linked back to an identifiable individual. In this context, the Report recommends that legislation set clear limits on access to and use of health information by third parties outside the health care system. In addition the Report reviews the uses of health information for statistical and research purposes. The Report’s findings with respect to statistical use have already been discussed. In connection with research, the Report calls for a number of safeguards and restrictions: 1. Where the data sets used have a higher level of potential identifiability, “the general rule should be informed consent and stringent assurances about privacy protection and security arrangements are necessary before a researcher can have access to personally identifiable information.” 2. The Report recognizes that in some instances it may be impractical to obtain consent from patients. Whether in anonymous or identifiable form the Report requires that notice be given about the use of the information in either form. In the case of the use of identifiable information, the Report states that the research should be subject to independent ethics review with the onus on the person seeking to use the information without consent to demonstrate that: (a) a tangible public good of significant benefit will result; (b) consent is impossible to secure at a reasonable cost; (c) less identifiable data will not serve the same purpose; and (d) no harm can occur to any person directly or indirectly [note the above discussion on group privacy] as a result of this use of his or her personal information. E. Disclosure Without Knowledge Or Consent Bill C-54 The comments found under C. and D. above apply equally here. Section 7(3) adds further instances when collected information can be disclosed to others without knowledge or consent. CMA Code In the case of health information CMA takes a far more restrictive approach. In the case of use, disclosure or access the CMA Code states: The potential that health information, in whole or in part, may be subsequently collected, used, disclosed or accessed for other purposes without their consent, and what those purposes might be, must be made know to the patient by reasonable means before it is confided or collected for primary purposes. Moreover, the CMA Code recognizes that information disclosed by one organization is collected by another. The Code defines collection to mean: the act of accessing, receiving, compiling, gathering, acquiring or obtaining health information from any source, including third parties, and by any means. It includes information collected from the patient, as well as secondary collection of this information in whole or in part by another provider or user. The collecting organization should be bound by the provisions of the CMA Code, which generally requires consent for use for any purpose and always requires knowledge of the potential purposes that information will or must be put to prior to the information being disclosed. CMA’s Code states: Health information custodians must ensure that third parties privy to health information have adopted this Code or are bound by equivalent provisions. Finally, the CMA Code explicitly recognizes that information can be retrieved from a variety of sources to formulate records. Any and all such practices and the composite form developed are given the same degree of protection as that accorded the original data collected by or through the patient. F. Information Flow Within Organizations Bill C-54 Bill C-54 defines use to include, “the transfer of personal information within an organization.” Therefore, to the extent that Bill C-54 restricts the free flow of information it restricts in within an organization. In the health care context this is not a reasonable or desirable outcome. CMA Code The CMA Code recognizes that the free flow of health information is desirable to the extent that it furthers the provision of the health care benefit sought and that it occurs with patient consent. The CMA Code defines the primary purpose to mean: (i) Primary therapeutic purpose is the initial reason for a patient seeking or receiving care in the therapeutic context, and pertains to the delivery of health care to a particular patient with respect to the presenting health need or problem. It encompasses consultation with and referral to other providers on a need-to-know basis. (ii) Primary longitudinal purpose concerns developing composite health information about a particular patient, such as a detailed medical history, beyond direct application to the presenting health need or problem, in order to enhance ongoing care to that person. The Code goes on to state that: Health information collection, use, disclosure or access for the primary therapeutic and longitudinal purposes may be as extensive as necessary to fulfil these purposes and reflect the high level of trustworthiness and accountability of health professionals in the therapeutic context. And further states that: Security safeguards shall impede as little as possible health information collection, use, access and disclosure for primary purposes. Finally, in addressing consent the Code states: Consent to health information collection, use, disclosure and access for the primary therapeutic purpose may be inferred. Consent to subsequent collection, use, disclosure and access on a need-to-know basis by or to other physicians or health providers for this purpose, and for this purpose alone, may be inferred, as long as there is no evidence that the patient would not give express consent to share the information. G. Individual Access Bill C-54 Bill C-54 restricts the right of individual access to personal information. The grounds for denying access to information are inappropriate in the health care context. CMA Code The CMA Code follows the prevailing case law as it relates to medical records. Primarily this gives the patients a right of access to their record in all but very limited circumstances. These circumstances are, if there is a significant likelihood of a substantial adverse effect on the physical, mental or emotional health of the patient or substantial harm to a third party. The onus lies on the provider to justify denial of access. H. Accuracy and Amendment Bill C-54 Bill C-54 requires that information be as accurate, complete and up-to-date as possible and that it shall not be routinely updated unless this is necessary to fulfil the purpose for its collection. In so far as amendment is concerned, Bill C-54 permits amendment to the record in specified circumstances. CMA Code The CMA Code takes a different approach in light of the nature and purpose of health information. The Code recognizes that the “recording of statements of fact, clinical judgements and determinations or assessments should reflect as nearly as possible what has been confided by the patient and what has been ascertained, hypothesized or determined to be true using professional judgement.” In terms of amending the record in light of a patient’s request, the CMA Code seeks to preserve the original record but also note the patient’s concerns. To accommodate both requirements the CMA Code states: Patients who have reviewed their information and believe it to be inaccurately recorded or false have the right to suggest amendments and to have their amendments appended to the health information. I. Sensitivity Bill C-54 In a number of instances Bill C-54 and in particular schedule 1 recognize that medical records have a high level of sensitivity attached. Which in turns warrants special attention concerning consent, reasonable expectations, individual access and implicity, the degree of security that is appropriate. CMA Code The CMA Code seeks to recognize that while all health information is sensitive (when considered against other forms of information about individuals) there are also variations in the level of sensitivity in various aspects of the health record. The CMA Code defines the “sensitivity of health information” to refer to: the patient’s interest in keeping the information secret. It varies according to the nature of the information, its form, and the potential negative repercussions of its collection, use or disclosure on the patient’s interests. Under the Code’s consent provisions it is stated that: Although all health information is sensitive and should be treated as such, the more sensitive the health information is likely to be, given what is known about the circumstances or preferences of the patient, the more important it is to ensure that consent is voluntary and informed. With respect to security the Code states: The development of security safeguards with respect to levels of access for various users shall recognize the differences in the sensitivity of health information and permit access accordingly. V. Conclusions The increased capacity to collect, store, transfer, merge and access information coupled with trends that support increased use of and access to information have the potential to erode our traditional understanding and protection of privacy and confidentiality. The issues are complex and the choices we must make are difficult. Nevertheless, these issues should be squarely on the table and the choices that we make must be clear, transparent and defensible. Of paramount importance is that the public is not mislead into believing that their information is being protected or kept confidential when in fact it is not. Therefore, even to refer to Bill C-54 as the “Personal Information Protection and Electronic Documents Act” should be the subject of debate. Is the Bill truly about information protection or is it actually about permitting access to information? Bill C-54 presents one approach, an approach that values commerce and access. In CMA’s view the approach is totally inadequate when applied to health information. CMA also believes that the public would also find Bill C-54 inadequate. CMA presents a different approach, an approach that values privacy and the preservation of the trust and integrity of the patient-physician relationship. CMA believes that its approach would receive broad public support. Moreover, CMA believes that to the extent the CMA Code presents tests rather than conclusions, these tests should be administered in good faith prior to legislative initiatives related to health information or in the case of secondary usage of health information in general. CMA believes that its approach draws support from the Federal Advisory Council Report, which also recognizes the importance of preserving patient privacy and the confidentiality of the health record in an era of increased use of technology. Implicitly, the Report recognizes that the benefits of such technology cannot be realized if public support, based on assurance of privacy protection, cannot be secured. CMA urges this committee to implement CMA’s recommendations and in doing so provide the type of protection that health information deserves and that Canadians desire. VI. Summary of Recommendations That Bill C-54 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Code provide the basis of such provisions; and That the proposed rules for health legislation be subject to the legislative test found in CMA’s Code and formulated in light of this process; and That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite form produced when information is linked to any information about a person from any other source; and That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors.
Documents
Less detail

Maintaining Ontario’s leadership on prohibiting the use of sick notes for short medical leaves

https://policybase.cma.ca/en/permalink/policy13934
Date
2018-11-15
Topics
Physician practice/ compensation/ forms
Health systems, system funding and performance
  1 document  
Policy Type
Parliamentary submission
Date
2018-11-15
Topics
Physician practice/ compensation/ forms
Health systems, system funding and performance
Text
The Canadian Medical Association (CMA) submits this brief to the Standing Committee on Finance and Economic Affairs for consideration as part of its study on Bill 47, Making Ontario Open for Business Act, 2018. The CMA unites physicians on national, pan-Canadian health and medical matters. As the national advocacy organization representing physicians and the medical profession, the CMA engages with provincial/territorial governments on pan-Canadian health and health care priorities. As outlined in this submission, the CMA supports the position of the Ontario Medical Association (OMA) in recommending that Schedule 1 of Bill 47 be amended to strike down the proposed new Section 50(6) of the Employment Standards Act, 2000. This section proposes to reinstate an employer’s ability to require an employee to provide a sick note for short leaves of absence because of personal illness, injury or medical emergency. Ontario is currently a national leader on sick notes In 2018, Ontario became the first jurisdiction in Canada to withdraw the ability of employers to require employees to provide sick notes for short medical leaves because of illnesses such as a cold or flu. This legislative change aligned with the CMA’s policy position1 and was strongly supported by the medical and health policy community. An emerging pan-Canadian concern about the use of sick notes As health systems across Canada continue to grapple with the need to be more efficient, the use of sick notes for short leaves as a human resources tool to manage employee absenteeism has drawn increasing criticism in recent years. In addition to Ontario’s leadership, here are a few recent cases that demonstrate the emerging concern about the use of sick notes for short leaves:
In 2016, proposed legislation to end the practice was tabled in the Manitoba legislature.2
The Newfoundland and Labrador Medical Association and Doctors Nova Scotia have been vocal opponents of sick notes for short leaves, characterizing them as a strain on the health care system.3,4
The University of Alberta and Queen’s University have both formally adopted “no sick note” policies for exams.5,6
The report of Ontario’s Changing Workplaces Review summarized stakeholder comments about sick notes, describing them as “costly, very often result from a telephone consultation and repeat what the physician is told by the patient, and which are of very little value to the employer.”7 Ontario’s action in 2018 to remove the ability of employers to require sick notes, in response to the real challenges posed by this practice, was meaningful and demonstrated leadership in the national context. The requirement to obtain sick notes negatively affects patients and the public By walking back this advancement, Ontario risks reintroducing a needless inefficiency and strain on the health system, health care providers, their patients and families. For patients, having to produce a sick note for an 4 employer following a short illness-related leave could represent an unfair economic impact. Individuals who do not receive paid sick days may face the added burden of covering the cost of obtaining a sick note as well as related transportation fees in addition to losing their daily wage. This scenario illustrates an unfair socioeconomic impact of the proposal to reinstate employers’ ability to require sick notes. In representing the voice of Canada’s doctors, the CMA would be remiss not to mention the need for individuals who are ill to stay home, rest and recover. In addition to adding a physical strain on patients who are ill, the requirement for employees who are ill to get a sick note, may also contribute to the spread of viruses and infection. Allowing employers to require sick notes may also contribute to the spread of illness as employees may choose to forego the personal financial impact, and difficulty to secure an appointment, and simply go to work sick. Reinstating sick notes contradicts the government’s commitment to end hallway medicine It is important to consider these potential negative consequences in the context of the government’s commitment to “end hallway medicine.” If the proposal to reintroduce the ability of employers to require sick notes for short medical leaves is adopted, the government will be introducing an impediment to meeting its core health care commitment. Reinstating sick notes would increase the administrative burden on physicians Finally, as the national organization representing the medical profession in Canada, the CMA is concerned about how this proposal, if implemented, may negatively affect physician health and wellness. The CMA recently released a new baseline survey, CMA National Physician Health Survey: A National Snapshot, that reveals physician health is a growing concern.8 While the survey found that 82% of physicians and residents reported high resilience, a concerning one in four respondents reported experiencing high levels of burnout. How are these findings relevant to the proposed new Section 50(6) of the Employment Standards Act, 2000? Paperwork and administrative burden are routinely found to rank as a key contributor to physician burnout.9 While a certain level of paperwork and administrative responsibility is to be expected, health system and policy decision-makers must avoid introducing an unnecessary burden in our health care system. Conclusion: Remove Section 50(6) from Schedule 1 of Bill 47 The CMA appreciates the opportunity to provide this submission for consideration by the committee in its study of Bill 47. The committee has an important opportunity to respond to the real challenges associated with sick notes for short medical leaves by ensuring that Section 50(6) in Schedule 1 is not implemented as part of Bill 47. 5 1 Canadian Medical Association (CMA). Third-Party Forms (Update 2017). Ottawa: The Association; 2017. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD17-02.pdf (accessed 2019 Nov 13). 2 Bill 202. The Employment Standards Code Amendment Act (Sick Notes). Winnipeg: Queen’s Printer for the Province of Manitoba; 2016. Available: https://web2.gov.mb.ca/bills/40-5/pdf/b202.pdf (accessed 2019 Nov 13). 3 CBC News. Sick notes required by employers a strain on system, says NLMA. 2018 May 30. Available: www.cbc.ca/news/canada/newfoundland-labrador/employer-required-sick-notes-unnecessary-says-nlma-1.4682899 4 CBC News. No more sick notes from workers, pleads Doctors Nova Scotia. 2014 Jan 10. Available: www.cbc.ca/news/canada/nova-scotia/no-more-sick-notes-from-workers-pleads-doctors-nova-scotia-1.2491526 (accessed 2019 Nov 13). 5 University of Alberta University Health Centre. Exam deferrals. Edmonton: University of Alberta; 2018. Available: www.ualberta.ca/services/health-centre/exam-deferrals (accessed 2019 Nov 13). 6 Queen’s University Student Wellness Services. Sick notes. Kingston: Queen’s University; 2018. Available: www.queensu.ca/studentwellness/health-services/services-offered/sick-notes (accessed 2019 Nov 13). 7 Ministry of Labour. The Changing Workplaces Review: An Agenda for Workplace Rights. Final Report. Toronto: Ministry of Labour; 2017 May. Available: https://files.ontario.ca/books/mol_changing_workplace_report_eng_2_0.pdf (accessed 2019 Nov 13). 8 Canadian Medical Association (CMA). One in four Canadian physicians report burnout [media release]. Ottawa: The Association; 2018 Oct 10. Available: www.cma.ca/En/Pages/One-in-four-Canadian-physicians-report-burnout-.aspx (accessed 2019 Nov 13). 9 Leslie C. The burden of paperwork. Med Post 2018 Apr.
Documents
Less detail

Best practices for smartphone and smart-device clinical photo taking and sharing

https://policybase.cma.ca/en/permalink/policy13860
Date
2018-03-03
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Policy document
Date
2018-03-03
Topics
Health information and e-health
Ethics and medical professionalism
Text
Clinical photography is a valuable tool for physicians. Smartphones, as well as other devices supporting network connectivity, offer a convenient, efficient method to take and share images. However, due to the private nature of the information contained in clinical photographs there are concerns as to the appropriate storage, dissemination, and documentation of clinical images. Confidentiality of image data must be considered and the dissemination of these images onto servers must respect the privacy and rights of the patient. Importantly, patient information should be considered as any information deriving from a patient, and the concepts outlined therefore apply to any media that can be collected on, or transmitted with, a smart-device. Clinical photography can aid in documenting form and function, in tracking conditions and wound healing, in planning surgical operations, and in clinical decision-making. Additionally, clinical photographs can provide physicians with a valuable tool for patient communication and education. Due to the convenience of this type of technology it is not appropriate to expect physicians to forego their use in providing their patients with the best care available. The technology and software required for secure transfer, communication, and storage of clinical media is presently available, but many devices have non-secure storage/dissemination options enabled and lack user-control for permanently deleting digital files. In addition, data uploaded onto server systems commonly cross legal jurisdictions. Many physicians are not comfortable with the practice, citing security, privacy, and confidentiality concerns as well as uncertainty in regards to regional regulations governing this practice.1 Due to concern for patient privacy and confidentiality it is therefore incredibly important to limit the unsecure or undocumented acquisition or dissemination of clinical photographs. To assess the current state of this topic, Heyns et al. have reviewed the accessibility and completeness of provincial and territorial medical regulatory college guidelines.2 Categories identified as vital and explored in this review included: Consent; Storage; Retention; Audit; Transmission; and Breach. While each regulatory body has addressed limited aspects of the overall issue, the authors found a general lack of available information and call for a unified document outlining pertinent instructions for conducting clinical photography using a smartphone and the electronic transmission of patient information.2 The discussion of this topic will need to be ongoing and it is important that physicians are aware of applicable regulations, both at the federal and provincial levels, and how these regulations may impact the use of personal devices. The best practices supported here aim to provide physicians and healthcare providers with an understanding of the scope and gravity of the current environment, as well as the information needed to ensure patient privacy and confidentiality is assessed and protected while physicians utilize accessible clinical photography to advance patient care. Importantly, this document only focusses on medical use (clinical, academic, and educational) of clinical photography and, while discussing many core concepts of patient privacy and confidentiality of information, should not be perceived as a complete or binding framework. Additionally, it is recommended that physicians understand the core competencies of clinical photography, which are not described here. The Canadian Medical Association (CMA) suggests that the following recommendations be implemented, as thoroughly as possible, to best align with the CMA policy on the Principles for the Protection of Patient Privacy (CMA Policy PD2018-02). These key recommendations represent a non-exhaustive set of best practices - physicians should seek additional information as needed to gain a thorough understanding and to stay current in this rapidly changing field. KEY RECOMMENDATIONS 1. CONSENT * Informed consent must be obtained, preferably prior, to photography with a mobile device. This applies for each and any such encounter and the purpose made clear (i.e. clinical, research, education, publication, etc.). Patients should also be made aware that they may request a copy of a picture or for a picture to be deleted. * A patient's consent to use electronic transmission does not relieve a physician of their duty to protect the confidentiality of patient information. Also, a patient's consent cannot override other jurisdictionally mandated security requirements. * All patient consents (including verbal) should be documented. The acquisition and recording of patient consent for medical photography/dissemination may be held to a high standard of accountability due to the patient privacy and confidentiality issues inherent in the use of this technology. Written and signed consent is encouraged. * Consent should be considered as necessary for any and all photography involving a patient, whether or not that patient can be directly recognized, due to the possibility of linked information and the potential for breach of privacy. The definition of non-identifiable photos must be carefully considered. Current technologies such as face recognition and pattern matching (e.g. skin markers, physical structure, etc.), especially in combination with identifying information, have the potential to create a privacy breach. * Unsecure text and email messaging requires explicit patient consent and should not be used unless the current gold standards of security are not accessible. For a patient-initiated unsecure transmission, consent should be clarified and not assumed. 2. TRANSMISSION * Transmission of photos and patient information should be encrypted as per current-day gold standards (presently, end-to-end encryption (E2EE)) and use only secure servers that are subject to Canadian laws. Explicit, informed consent is required otherwise due to privacy concerns or standards for servers in other jurisdictions. Generally, free internet-based communication services and public internet access are unsecure technologies and often operate on servers outside of Canadian jurisdiction. * Efforts should be made to use the most secure transmission method possible. For data security purposes, identifying information should never be included in the image, any frame of a video, the file name, or linked messages. * The sender should always ensure that each recipient is intended and appropriate and, if possible, receipt of transmission should be confirmed by the recipient. 3. STORAGE * Storing images and data on a smart-device should be limited as much as possible for data protection purposes. * Clinical photos, as well as messages or other patient-related information, should be completely segregated from the device's personal storage. This can be accomplished by using an app that creates a secure, password-protected folder on the device. * All information stored (on internal memory or cloud) must be strongly encrypted and password protected. The security measures must be more substantial than the general password unlock feature on mobile devices. * Efforts should be made to dissociate identifying information from images when images are exported from a secure server. Media should not be uploaded to platforms without an option for securely deleting information without consent from the patient, and only if there are no better options. Automatic back-up of photos to unsecure cloud servers should be deactivated. Further, other back-up or syncing options that could lead to unsecure server involvement should be ascertained and the risks mitigated. 4. Cloud storage should be on a Canadian and SOCII certified server. Explicit, informed consent is required otherwise due to privacy concerns for servers in other jurisdictions. 5. AUDIT & RETENTION * It is important to create an audit trail for the purposes of transparency and medical best practice. Key information includes patient and health information, consent type and details, pertinent information regarding the photography (date, circumstance, photographer), and any other important facts such as access granted/deletion requests. * Access to the stored information must be by the authorized physician or health care provider and for the intended purpose, as per the consent given. Records should be stored such that it is possible to print/transfer as necessary. * Original photos should be retained and not overwritten. * All photos and associated messages may be considered part of the patient's clinical records and should be maintained for at least 10 years or 10 years after the age of majority, whichever is longer. When possible, patient information (including photos and message histories between health professionals) should be retained and amalgamated with a patient's medical record. Provincial regulations regarding retention of clinical records may vary and other regulations may apply to other entities - e.g. 90 years from date of birth applies to records at the federal level. * It may not be allowable to erase a picture if it is integral to a clinical decision or provincial, federal, or other applicable regulations require their retention. 6. BREACH * Any breach should be taken seriously and should be reviewed. All reasonable efforts must be made to prevent a breach before one occurs. A breach occurs when personal information, communication, or photos of patients are stolen, lost, or mistakenly disclosed. This includes loss or theft of one's mobile device, texting to the wrong number or emailing/messaging to the wrong person(s), or accidentally showing a clinical photo that exists in the phone's personal photo album. * It should be noted that non-identifying information, when combined with other available information (e.g. a text message with identifiers or another image with identifiers), can lead to highly accurate re-identification. * At present, apps downloaded to a smart-device for personal use may be capable of collecting and sharing information - the rapidly changing nature of this technology and the inherent privacy concerns requires regular attention. Use of specialized apps designed for health-information sharing that help safeguard patient information in this context is worth careful consideration. * Having remote wipe (i.e. device reformatting) capabilities is an asset and can help contain a breach. However, inappropriate access may take place before reformatting occurs. * If a smartphone is strongly encrypted and has no clinical photos stored locally then its loss may not be considered a breach. * In the event of a breach any patient potentially involved must be notified as soon as possible. The CMPA, the organization/hospital, and the Provincial licensing College should also be contacted immediately. Provincial regulations regarding notification of breach may vary. Approved by the CMA Board of Directors March 2018 References i Heyns M†, Steve A‡, Dumestre DO‡, Fraulin FO‡, Yeung JK‡ † University of Calgary, Canada ‡ Section of Plastic Surgery, Department of Surgery, University of Calgary, Canada 1 Chan N, Charette J, Dumestre DO, Fraulin FO. Should 'smart phones' be used for patient photography? Plast Surg (Oakv). 2016;24(1):32-4. 2 Unpublished - Heyns M, Steve A, Dumestre DO, Fraulin FO, Yeung J. Canadian Guidelines on Smartphone Clinical Photography.
Documents
Less detail

Principles for the protection of patient privacy

https://policybase.cma.ca/en/permalink/policy13833
Date
2017-12-09
Topics
Health information and e-health
Ethics and medical professionalism
  2 documents  
Policy Type
Policy document
Date
2017-12-09
Replaces
PD11-03 Principles for the Protection of Patients' Personal Health Information
Topics
Health information and e-health
Ethics and medical professionalism
Text
Patients have a right to privacy and physicians have a duty of confidentiality arising from the patient-physician relationship to protect patient privacy. The right to privacy flows from the principle of respect for patient autonomy, based on the individual's right to conduct and control their lives as they choose.1 When approaching any ethical question around privacy, the principle of respect for patient autonomy must be balanced against other competing principles (e.g. beneficence, non-maleficence). The protection of privacy and the concomitant duty of confidentiality are essential to foster trust in the patient-physician-relationship, the delivery of good patient care and a positive patient care experience. Privacy protection is an important issue for Canadians,2 and research suggests that patients may withhold critical health information from their health care providers because of privacy concerns.3 Patients will be more willing to share complete and accurate information if they have a relationship of trust with their physician and are confident that their information will be protected.4 In today's ever-evolving technological environment and due to the shift away from the traditional (paternalistic) physician-patient relationship, patients, physicians and other public and private stakeholders are using and sharing personal health information in new and innovative ways. This raises new challenges for clinical practice and, crucially, how to navigate expanded uses of data via the use of new technologies and the requirements of patient privacy. Institutions, clinics, and physician-group practices may share responsibility with the physician for the protection of patient information. There is thus a tension between physician and institutional responsibilities to protect patient information, challenged by the rapidly changing use and adoption of new technologies. While this will continue to redefine expectations of privacy and confidentiality, there are several foundational principles that remain unchanged. SCOPE OF POLICY The Canadian Medical Association (CMA) Principles for the Protection of Patients' Personal Health Information aim to provide guidance on key ethical considerations pertinent to the protection of patient information in a way that takes into account a physician's (including medical learner) ethical, professional, and legal obligations. The Principles are not designed to serve as a tool for legislative compliance in a particular jurisdiction or to provide a standard of care. Physicians should be aware of privacy legislation in the jurisdiction in which they practice, the standards and expectations specified by their respective regulatory authorities (including Privacy Commissioners), publications and risk management education provided by the CMPA as well as policies and procedures of any given setting (e.g., a regional health authority or a hospital). SUBSTANTIVE PRINCIPLES THAT GUIDE THE OBLIGATIONS OF THE PHYSICIAN TO PROTECT PATIENT PRIVACY 1. Trust * Trust is the cornerstone of the patient-physician relationship and plays a central role in providing the highest standard of care. * Physicians and their patients build relationships of trust that enable open and honest dialogue and foster patients' willingness to share deeply personal information (often) in conditions of vulnerability. * Physicians can cultivate and maintain patient trust by, unless the consent of the patient has been obtained to do otherwise, collecting health information only to benefit the patient, by sharing information only for that purpose, and by keeping patient information confidential; patient trust has been found to be the most powerful determinant of the level of control patients want over their medical records.5 * To maintain trust, physicians must consider the duty to care and the duty not to harm the patient in evaluating privacy requirements. * The extent to which a patient expects (and may tolerate a loss of) privacy and confidentiality is culturally and individually relative.6 2. Confidentiality * Physicians owe a duty of confidentiality to their patients; there is both an ethical (respect for autonomy) and a legal basis imposed by privacy legislation) for this duty. * The duty to maintain patient confidentiality, like trust, is fundamental to the therapeutic nature of the patient-physician relationship; it creates conditions that allow patients to openly and confidently share complete health information, resulting in a stronger physician-patient relationship and better delivery of care.7 * The duty to maintain patient confidentiality means that physicians do not share the health information with anyone outside of the patient's circle of care, unless authorized to do so by the patient.1,8 There are varying interpretations of what constitutes the patient's circle of care; this depends on the facts of the situation and the jurisdiction.9 * Privacy requirements raise complex issues in learning environments and quality improvement initiatives. It is desirable that any of the patient's physicians who will have ongoing care interactions with the patient can remain included in information-sharing about the patient. * Shared electronic health records present challenges to confidentiality. For example, patients may wish to limit some aspects of their record to only some providers within their circle of care.10 * In practice, respecting privacy and the duty of confidentiality govern the physician's role as data steward, responsible for controlling the extent to which information about the person is protected, used or disclosed.11 A central rule to balancing a patient's right to privacy and the duty of confidentiality is the "minimum necessary" use and disclosure of personal health information, whereby a data steward should use or disclose only the minimum amount of information necessary to fulfil the intended purpose. In some circumstances, de-identifying or aggregating personal health information before use or disclosure can minimize the amount of information disclosed.12 * The duty to maintain patient confidentiality is not absolute and is subject to exceptions in limited circumstances,13 i.e., when required or permitted by law to disclose information (see below in Data Stewardship: Collection, use and disclosure of personal health information). 3. Consent * Patient consent is an important mechanism for respecting patient autonomy; obtaining voluntary and informed consent to share patient information is fundamental to the protection of privacy and the duty of confidentiality. * Physicians are generally required to obtain informed consent from the patient before they can disclose the patient's personal health information. Consent is only informed if there is disclosure of matters that a reasonable person in the same circumstances would want to know, including 1) to whom the patient information will be disclosed, 2) whether it could be disclosed to other third parties, and 3) the purpose for which it could be used or disclosed. * While informed consent is required as a general rule, physicians may infer that they have the patient's implied consent to collect, use, disclose and access personal health information 1) for the purpose of providing or assisting in providing care (i.e., share only the necessary information with those involved within the patient's circle of care); and 2) to store personal health information in a medical record (i.e., paper, electronic, or hospital-based). Physicians will want to consider if it is appropriate in the circumstances to advise the patient when a disclosure has been made. * When the patient is a minor, the physician must consider whether it is the parent or the child who determines the use and disclosure of the minor's personal health information. A young person who is deemed to understand fully the implications of a decision regarding proposed collection, use or disclosure of personal health information is generally deemed to have control over their personal health information with respect to the decision. * Where the patient is not capable to provide the required consent (e.g. is deemed to be incompetent), physicians must seek consent from the patient's substitute decision-maker. 4. Physician as data steward * As data stewards, physicians have the responsibility to understand their role in protecting patient privacy and appropriate access to patient information. * The information contained in the medical record belongs to the patient who has a general right of access to their personal health information, and the right to control the use and further disclosure and to the continued confidentiality of that information. * A data steward (e.g., physician, institution or clinic) holds the physical medical record in trust for the care and benefit of the patient.14 * Physicians should provide their patients access to their medical record, if requested.15 (See below in Data Stewardship: Access to personal information). * Physicians ought to have appropriate access to personal health information and have the ability to provide their patients with access to their medical record. Appropriate access should be interpreted to include access for patient follow up (as part of the duty to care) and review for the purpose of improving patient care. * Physicians should consider consulting available resources to assist them in fulfilling their duties as data stewards. PROCEDURAL PRINCIPLES THAT GUIDE THE APPLICATION OF PHYSICIAN OBLIGATIONS Physicians must manage personal health information in compliance with relevant legislation that establishes rules governing the access, collection, use, disclosure, and retention of personal health information, provincial privacy laws, and professional expectations and regulations specified by their respective regulatory authorities. 1. Data Stewardship: Access to personal information * Patients have a right of reasonable access to the personal health information in their medical record (i.e., paper, electronic, or hospital-based) under the control or in the custody of a physician, institution, or clinic. * In exceptional situations, physicians can refuse to release the information in the patient's medical record. 2. Data Stewardship: Collection, use and disclosure of personal health information * There are circumstances where there are required (e.g., monitoring of claims for payment, subpoenas) and permitted disclosures of personal health information without patient consent (e.g., where the maintenance of confidentiality would result in a significant risk of substantial harm to the patient or to others). * Security safeguards must be in place to protect personal health information in order to ensure that only authorized collection, use, disclosure or access occurs. * Physicians play an important role in educating patients about possible consensual and non-consensual uses and disclosures that may be made with their personal health information, including secondary uses of data for, e.g., epidemiological studies, research, education, and quality assurance, that may or may not be used with explicit consent. 3. Data Stewardship: Retention of personal health information * Personal health information should be retained for the period required by any applicable legislation and as specified by their respective regulatory authorities. It may be necessary to maintain personal health information beyond the applicable period where there is a pending or anticipated legal proceeding related to the care provided to the patient. * Likewise, physicians should transfer and dispose of personal health information in compliance with any applicable legislation and professional expectations outlined by their respective regulatory authorities. * Physicians are encouraged to seek technical assistance and advice on the secure transfer, disposal, and/or selling of electronic records.15 4. Data Stewardship: Use of technology * Physicians should obtain patient consent to use electronic means and/or devices for patient care (e.g., sending digital photographs) and for communicating patient information (e.g., the use of email). To obtain informed consent, physicians should explain to patients that there are necessary benefits and risks in using technologies in clinical contexts. The CMPA has provided a written consent form to that effect that can be included in the patient's medical record. * As a general practice, physicians are encouraged to make use of technological innovations and must evaluate whether the technology is appropriate for patient care and has reasonable safeguards to protect patient privacy. Approved by the CMA Board of Directors December 2017 See also Background to CMA Policy Principles for the Protection of Patient Privacy REFERENCES 1 Martin JF. Privacy and confidentiality. In: ten Have H, Gordijn B (Eds). Handbook of global bioethics. New York: Springer, Dordrecht; 2014. p.119-37. 2 Office of the Privacy Commissioner of Canada. Canadians and privacy final report. Gatineau: Office of the Privacy Commissioner of Canada; 2009. Available: https://www.priv.gc.ca/information/por-rop/2009/ekos_2009_01_e.asp (accessed 2017 Nov 17). 3 Canadian Medical Protective Association (CMPA). Privacy and a wired world - Protecting patient health information. Ottawa: CMPA; 2011 Dec. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2011/privacy-and-a-wired-world-protecting-patient-health-information (accessed 2017 Nov 17). 4 Royal College of Physicians and Surgeons of Canada (RCPSC). Duty of confidentiality. Ottawa: RCPSC; 2017. Available: http://www.royalcollege.ca/rcsite/bioethics/cases/section-3/duty-confidentiality-e (accessed 2017 Dec 15). 5 Damschroder LJ, Pritts JL, Neblo MA, Kalarickal RJ, Creswell JW, Hayward RA. Patients, privacy and trust: patients' willingness to allow researchers to access their medical records. Soc Sci Med 2007;64:223-35. 6 Campbell JI, Eyal N, Musiimenta A, Haberer JE. Ethical questions in medical electronic adherence monitoring. J Gen Intern Med 2016;31:338-42. Available: https://link.springer.com/content/pdf/10.1007%2Fs11606-015-3502-4.pdf (accessed 2017 Nov 17). 7 Crook MA. The risks of absolute medical confidentiality. Sci Eng Ethics 2013;19:107-22. 8 Cohen I, Hoffman A, Sage W (Eds). The Oxford Handbook of U.S. Health Law. New York: Oxford University Press; 2015. 9 Canadian Medical Protective Association (CMPA). The voice of professionalism within the system of care. Ottawa: CMPA; 2012 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2012/the-voice-of-professionalism-within-the-system-of-care (accessed 2017 Nov 17). 10 Canadian Medical Protective Association (CMPA). Did you know? Patients can restrict access to their health information. Ottawa: CMPA; 2017 Nov. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2017/did-you-know-patients-can-restrict-access-to-their-health-information (accessed 2017 Nov 17). 11 Francis JG, Francis LP. Privacy, confidentiality, and justice. J Soc Philos 2014;45:408-31. 12 Burkle CM, Cascino GD. Medicine and the media: balancing the public's right to know with the privacy of the patient. Mayo Clin Proc 2011;86:1192-6. 13 Canadian Medical Protective Association (CMPA). When to disclose confidential information. Ottawa: CMPA; 2015 Mar. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2015/when-to-disclose-confidential-information (accessed 2017 Nov 17). 14 Canadian Medical Protective Association (CMPA). Releasing a patient's personal health information: What are the obligations of the physician? Ottawa: CMPA; 2012 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2012/releasing-a-patient-s-personal-health-information-what-are-the-obligations-of-the-physician (accessed 2017 Nov 17). 15 Canadian Medical Protective Association (CMPA). Protecting patient health information in electronic records. Ottawa: CMPA; 2013 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2013/protecting-patient-health-information-in-electronic-records (accessed 2017 Nov 17). (c) 2017 Canadian Medical Association. You may, for your non-commercial use, reproduce, in whole or in part and in any form or manner, unlimited copies of CMA Policy Statements provided that credit is given to Canadian Medical Association. BACKGROUND TO CMA POLICY PRINCIPLES FOR THE PROTECTION OF PATIENT PRIVACY See also CMA Policy on Principles for the Protection of Patient Privacy Context The advent of Electronic Medical Records, the rapid spread of mobile health apps, and the increasing use of social media within the health care community, have each created new challenges to maintaining a duty of confidentiality within the physician-patient relationship. These technologies present both opportunities and challenges with respect to medical professionalism.1 The permeation of these types of interactions into everyday life now places physicians in new situations that some find difficult to navigate.2 These challenges will only increase in the coming years, as the use of online technologies in health care is continuously growing.3 Canada is only in the early stages of managing the emerging issues of technology-induced errors that compromise privacy in the health care setting.4 Therefore, this paper will briefly discuss the importance of protecting privacy, followed by an overview of the main challenges to maintaining privacy as the physician-patient relationship evolves at the backdrop of emerging technologies. Privacy and Confidentiality The overlapping, but not identical, principles of the protection of privacy and the duty of confidentiality are essential to the physician-patient relationship. These principles not only foster trust, but also the delivery of effective and lasting care. Rooted in the Hippocratic Oath, the modern-day right to privacy flows from the principle of autonomy, which attributes to individuals the right to conduct and control their lives as they choose.5 Privacy protection is an important issue to Canadians,6 with research suggesting that patients may even withhold critical health information because of privacy concerns.7 Health care professionals are bound by legal and ethical standards to maintain privacy and confidentiality of patient information.8 Physicians must therefore be aware of the implications of privacy legislation specific to their jurisdiction.7 The duty to protect patient privacy is important to uphold, as health information can potentially be identifiable and sensitive; the confidentiality of this information must therefore be protected to ensure that patient privacy is not breached. 9 While the traditional, and largely obsolete, models of the physician-patient relationship involve a unidirectional flow of information, the ease at which patients can now access medical information through the Internet, and the use of social media within the health care community, have reinterpreted how information is communicated from physician to patient, and vice versa.10 We must therefore re-define expectations of privacy and confidentiality, first by distinguishing one from the other. The terms "privacy" and "confidentiality" are often used interchangeably by both researchers and clinicians. Several bioethics discussions on the distinction between these terms places confidentiality under the umbrella of privacy.11 While confidentiality involves the information itself, which is disclosed or not, privacy is about the impact of that disclosure on the person.9 Privacy seems to be more intimately linked to the individual, focusing on the circumstances under which the information is used.12-13 Confidentiality, on the other hand, is a duty that health professionals have towards their patients to not share the information exchanged during their encounter, unless authorized by the patient.5,12 In practice, the duty of confidentiality governs the physician's role as data stewards, responsible for controlling the extent to which information about the person is protected, used or disclosed.14 As one paper describes, "privacy is invaded, confidentiality is breached."13 From a patient perspective, it is important to respect and protect privacy because it allows individuals time and space to share their concerns without feeling judged or misunderstood,11 resulting in a stronger physician-patient relationship and better delivery of care. However, from a research perspective, a fine balance must be struck between using accurate information while still upholding the privacy rights of individuals.11 As such, the argument for absolute confidentiality puts a near impossible burden on research clinicians.11 Moreover, from a public safety perspective, a physician may be morally and legally required to break confidentiality in order to protect both the patient and others who may be involved. The challenge is to balance the traditional goal of confidentiality - to protect patient privacy and interest - with that of third parties and public health.5 Therefore, a central rule to balancing confidentiality with a patients' right to privacy is the "minimum necessary" use and disclosure of personal health information, whereby a data steward should use or disclose only the minimum amount of information necessary to fulfil the intended purpose.8 It is equally important to recognize that the extent to which a patient may tolerate a loss of privacy is culturally and individually relative.15 Health care providers have a legal and ethical obligation to keep patient health information private, sharing it only with the authorization of the patient.16 Informed consent, therefore, appears to be a fundamental requirement to upholding confidentiality and patient privacy rights. Issues While emerging privacy issues touch many areas of practice, this section will emphasize three of the most prominent issues in recent literature: access and use of information, electronic medical and health records and, online communication and social media. 1. Technological change and institutional data stewardship In today's ever-evolving technological environment, including the emergence of shared electronic health records, online communication, social media, mobile applications, and big data, physicians, patients and other public and private stakeholders are using and sharing personal health information in new and innovative ways. The traditional (paternalistic) model of the physician-patient relationship involved a bidirectional flow of information. However, the ease at which patients can now access medical information from alternative sources via the Internet, and the use of social media within the health care community, has redefined how information is communicated from physician to patient, and vice versa.10 This raises new challenges for clinical practice, specifically how to navigate expanded access of data via the use of new technologies and the requirements of patient privacy by effectively managing security concerns. In many situations, the physician may not be the sole or primary custodian of (i.e., control access to) the patient's records once the health information is collected. Institutions, clinics, and physician-group practices may also have responsibility for patient information and therefore play an important role in ensuring it is protected. There is thus a grey area between physician and institutional responsibilities to protect patient information, challenged by the rapidly changing use and adoption of new technologies, such as electronic health and medical records. While this will continue to redefine expectations of privacy and confidentiality, there are several foundational principles that remain unchanged. 2. Electronic medical and health records Medical records are compiled primarily to assist physicians and other health care providers in treating patients.16 Yet, they are particularly vulnerable to privacy breaches when this information is exposed to secondary uses, including epidemiological studies, research, education and quality assurance. As contemporary information management and stewardship have had to evolve in response to emerging technology, the parameters of the "medical record" have grown increasingly ambiguous.17 With the proliferation of a wide variety of new health information technology (including electronic health and medical records), concerns about quality and safety have been raised.4 There is evidence that if such technology is not designed, implemented and maintained effectively, it may result in unintended consequences, including technology-induced errors and breaches of patient privacy.4 Reports involving Canada Health Infoway have even pointed to health information technology as a tool that may sometimes reduce rather than enhance patient safety, most often due to human factors. 4 As a result, recommendations have been made to develop a reporting system that would allow health professionals to anonymously report human errors resulting from the use of health information technology - a challenge in itself, as the distinction between human and technological error is often blurred.4 In Canada, a number of efforts have been undertaken by several organizations, including Health Canada and Canada's Health Informatics Organization.4 Yet, services aimed at improving health information technology safety, from a national level, remain poor.4 As a result, organizations like Canada Health Infoway have promoted the need for collaborative efforts to improve health information technology safety standards in Canada, 4 so to ensure that the current and future uses of "medical record" data are accurate and respectful of patient privacy. 3. Access and use of personal health information for research The courts have long established that health information belongs to the patient.18 As a result, privacy ownership refers to the belief that patients own their private information as well as the right to control access to this information.19 As in other jurisdictions, the overarching challenge in Canada is to strike a balance between enabling access to health and health-related data for research while still respecting Canadians' right to privacy and control over the confidentiality of their information.20 The integrity of healthcare information is fundamental, given that it is the basis on which treatment decisions are made both in research and in clinic. 9 There are three principles upon which information security is based: 9 1) only authorized people have access to confidential information; 2) information must be accurate and consistent, may only be modified by authorized people in ways that are appropriate; 3) information must be accessible by authorized users when needed. Canadian research ethics have demonstrated that beneficial work can be done while maintaining confidentiality to sensitive personal health information.21 Yet, the challenge remains to create a uniform system for accessing data and performing data-based research due to 1) the lack of consistency and clarity in Canada's ethical and legal framework and, 2) varied interpretations of key terms and issues across the country.21 For example, the term "non-identifiable data" remains ambiguous across provinces and is subject to interpretation by data custodians, who may consider their legal duty to protect privacy as precluding access to data.21 This lack of legal clarity has contributed to varied cautious and conservative interpretations of data access legislation.21 National uniform guidelines on the appropriate access, disclosure and use of personal health data would allow data stewards to advance their research while respecting their patients' right to privacy. 4. Online communication with patients and social media Social media and online communication is pervasive in Canadian society; from Facebook to Twitter, social media has changed the way people interact and disseminate information.21 There is currently widespread discussion among health care professionals and academics regarding the role that social media and online communication should play in the physician-patient relationship.22 A growing number of physicians have embraced the opportunities of interconnectivity that social media affords, implementing their own privacy procedures to reflect this new type of data collection, use and storage.7 While evidence has been lacking on whether the use of social media does improve patient outcomes,22 there is no denying that patients are seeking health care information from online platforms, including social media.22 This type of communication poses a unique set of opportunities and challenges for physicians: while the use of social media could increase physician reach and patient engagement, it can also blur boundaries between one's personal and professional life.22 Although patient-physician online communication is currently limited, physicians still feel that they are encountering an ethical dilemma, especially when they find themselves in boundary crossing situations, like a friend request from a patient.2 Physicians are particularly concerned that, through online communication, they may be exposed to medico-legal and disciplinary issues, especially with respect to patient privacy.2 Given different studies have suggested that unprofessional uses of social media are not uncommon,23 physicians who choose to communicate with patients online or through social media must remember that they are still governed by the same ethical and professional standards that remain paramount.22 As technology continues to evolve, so too will the traditional parameters of the patient-physician relationship. The physician's ethical and professional obligation to protect patient privacy, however, must remain paramount at the backdrop of technology use. Simply banning social media and online communication would neither eliminate risk, nor benefit patient care outcomes. 24 Instead, institutions should establish stringent policies that outline how to prevent or minimize the effects of privacy breaches associated with social media and online communication.25 This should also include a tracking mechanism to help balance the obligation to privacy with evolving technology.25 December 2017 See also CMA Policy on Principles for the Protection of Patient Privacy REFERENCES 1 Farnan JM, Snyder Sulmasy L, Worster BK, Chaudhry HJ, Rhyne JA, Arora VM. Online medical professionalism: patient and public relationships: policy statement from the American College of Physicians and the Federation of State Medical Boards. Ann Intern Med 2013;158(8):620-627. 2 Brown J, Ryan C. How doctors view and use social media: a national survey. J Med Internet Res 2014;16:e267. Available: https://doi.org/10.2196/jmir.3589 (accessed 2017 Nov 17). 3 Lambert KM, Barry P, Stokes G. Risk management and legal issues with the use of social media in the healthcare setting. J Healthc Risk Manag 2012;31(4):41-47. 4 Kushniruk AW, Bates DW, Bainbridge M, Househ MS, Borycki EM. National efforts to improve health information system safety in Canada, the United States of America and England. Int J Med Inform 2013;82(5):e149-160. 5 Martin JF. Privacy and confidentiality. In: ten Have H, Gordijn B (Eds). Handbook of global bioethics. New York: Springer, Dordrecht; 2014. p.120-1. 6 Office of the Privacy Commissioner of Canada. Canadians and privacy final report. Gatineau: Office of the Privacy Commissioner of Canada; 2009. Available: https://www.priv.gc.ca/information/por-rop/2009/ekos_2009_01_e.asp (accessed 2017 Nov 17). 7 Canadian Medical Protective Association (CMPA). Privacy and a wired world - Protecting patient health information. Ottawa: CMPA; 2011 Dec. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2011/privacy-and-a-wired-world-protecting-patient-health-information (accessed 2017 Nov 17). 8 Burkle CM, Cascino GD. Medicine and the media: balancing the public's right to know with the privacy of the patient. Mayo Clin Proc 2011;86:1192-6. 9 Williams PA. Information security governance: a risk assessment approach to health information systems protection. Stud Health Techol Inform 2013;193:186-206. 10 Borza LR, Gavrilovici C, Stockman R. Ethical models of physician-patient relationship revisited with regard to patient autonomy, values and patient education. Rev Med Chir Soc Med Nat Iasi 2015;119(2):496-501. 11 Crook MA. The risks of absolute medical confidentiality. Sci Eng Ethics 2013;19(1):107-122. 12 Cohen I, Hoffman A, Sage W (Eds). The Oxford handbook of U.S. health law. New York: Oxford University Press; 2015. 13 Francis L. Privacy and confidentiality: the importance of context. The Monist; 91(1);2008:52-67. 14 Francis JG, Francis LP. Privacy, confidentiality, and justice. J Soc Philos 2014;45:408-31. 15 Campbell JI, Eyal N, Musiimenta A, Haberer JE. Ethical questions in medical electronic adherence monitoring. J Gen Intern Med 2016;31:338-42. Available: https://link.springer.com/content/pdf/10.1007%2Fs11606-015-3502-4.pdf (accessed 2017 Nov 17). 16 Canadian Medical Association (CMA). Medical record confidentiality, access and disclosure. Ottawa: CMA; 2000. Available: https://www.cma.ca/Assets/assets-library/document/en/advocacy/policy-research/CMA_Policy_The_medical_record_confidentiality_access_and_disclosure_Update_2000_PD00-06-e.pdf (accessed 2017 Oct 30). 17 Fenton SH, Manion F, Hsieh K, Harris M. Informed Consent: Does anyone really understand what is contained in the medical record? Appl Clin Inform 2015;6(3):466-477. 18 Canada. Supreme Court. McInerney v MacDonald. Dom Law Rep. 1992 Jun 11;93:415-31. 19 Petronio S, Dicorcia MJ, Duggan A. Navigating ethics of physician-patient confidentiality: a communication privacy management analysis. Perm J 2012;16(4):41-45. 20 Council of Canadian Academies (CCA). Accessing health and health-related data in Canada. Ottawa: The Expert Panel on Timely Access to Health and Social Data for Health Research and Health System Innovation, Council of Canadian Academies; 2015. Available: http://www.scienceadvice.ca/uploads/eng/assessments%20and%20publications%20and%20news%20releases/Health-data/HealthDataFullReportEn.pdf (accessed 2017 Nov 17). 21 Canadian Medical Association (CMA). Social media and Canadian physician: Issues and rules of engagement. Ottawa: CMA; 2011. Available: https://www.cma.ca/Assets/assets-library/document/en/advocacy/CMA_Policy_Social_Media_Canadian_Physicians_Rules_Engagement_PD12-03-e.pdf (accessed 2017 Oct 30). 22 Eysenbach G. Medicine 2.0: Social networking, collaboration, participation, apomediation, and openness J Med Internet Res 2008;10(3):e22. 23 Mayer MA, Leis A, Mayer A, Rodriguez-Gonzalez A. How medical doctors and students should use social media: A review of the main guidelines for proposing practical recommendations. Stud Health Technol Info 2012;180:853-857. 24 Moses RE, McNeese LG, Feld LD, Feld AD. Social media in the health-care setting: Benefits but also a minefield of compliance and other legal issues. Am J Gastroenterol 2014;109(8):1128-1132. 25 Yang YT, Silverman RD. Mobile health applications: The patchwork of legal and liability issues suggests strategies to improve oversight. Health Aff (Millwood) 2014;33(2):222-227.
Documents
Less detail

A medical industry perspective – supporting small business, the economic engine of Canada

https://policybase.cma.ca/en/permalink/policy13731
Date
2017-10-02
Topics
Physician practice/ compensation/ forms
  1 document  
Policy Type
Parliamentary submission
Date
2017-10-02
Topics
Physician practice/ compensation/ forms
Text
The changes announced on July 18, 2017, are the most significant change to the private corporation tax structure in 45 years and will have a negative impact on doctors and also convenience store operators, electrical contractors and family farmers. In short, these proposals will negatively affect all small business owners, most of whom are squarely in the middle class and are the engine of the Canadian economy. We believe a 75-day consultation is inadequate to assess the scope of these changes and the ramifications for not only our members but also the 1.1 million other small business operators as well as the impacts of the proposals on Canada's prospects for future economic growth. The Canadian Medical Association (CMA) strongly urges the federal government to: 1) suspend the current proposals; 2) conduct a comprehensive review of these proposals to ensure that legislation can meet policy objectives without significant unintended consequences; and 3) engage all Canadians in a comprehensive review of the tax system considering unique aspects of all sectors, including safety net provisions. Economic considerations of the tax proposals: Small business in Canada Most Canadian businesses are small. As of December 2015, there were 1.17 million employer businesses in the Canadian economy. Of these, 1.14 million (97.9%) were small-sized businesses, 21,415 (1.8%) were medium-sized businesses and 2,933 (0.3%) were large-sized businesses. Small- and medium-sized enterprise s (SMEs) are critical contributors to the Canadian economy. They generate the majority of Canadian jobs. Across the country, an estimated 10.6 million people (66.8% of the labour force) work in small-sized businesses and another 3.3 million (20.4%) are employed in medium-sized businesses. Only 2.0 million (12.8%) work in large-sized businesses. In addition to generating jobs, SMEs make a significant contribution to gross domestic product (GDP). Notably, small businesses with fewer than 50 employees will contribute on average 30% to national GDP. SMEs also make sizable contributions to research and development. Between 2011 and 2013, SMEs accounted for 27% of the research and development expenditures in this country. Medical industry Physicians' offices are an important component of the Canadian economy, employing people and supporting suppliers in their communities. The majority of physicians (66% or 54,000) own and operate a private corporation. The direct GDP contribution produced by physicians' offices in Canada in 2016 was $22.3 billion. They paid $6.2 billion in wages and salaries, employed 137,000 people and contributed $643 million in tax revenues to governments. Including the supply chain and induced effects of this economic activity, the total GDP supported by the economic footprint of physicians' offices was $33.4 billion and the total number of jobs supported was 250,000. Physicians' medical practices, in addition to providing essential health care services to Canadians, also provide a noticeable contribution to Canada's economy. The total economic footprint of physicians' practices in 2016 - directly, through their supply chain and through induced effects - accounted for 1.6% of Canada's total GDP in 2016. Making Canada an attractive place to practise medicine Physicians and small business owners across the country believe that the proposals are complex and will ultimately lead to unintended consequences that will affect all Canadians. With so many underserviced regions of Canada and 5.3 million orphan patients, it behooves government to establish conditions that facilitate recruitment and retention of highly skilled professionals, such as physicians. Physicians are more mobile than many other small business owners. Between 2014 and 2015, for instance, approximately 740 physicians (about 1% of all physicians) moved from one province or territory to another. In the CMA's recent member survey, 22% of practising physicians stated they would consider relocating their practice to another country as a result of the proposed federal tax changes. Of the medical residents who participated in the survey, 39% would consider moving their practice to another country if the proposed federal tax changes are implemented. The experience of the 1990s provides evidence that this is a real possibility. In 1992, health ministers agreed to reduce medical school enrolment, and shortly afterward provincial governments began to put restrictions in place, such as a two-year moratorium on new billing numbers in Ontario for physicians who had not completed their undergraduate or postgraduate training there. These measures sent a clear message that doctors were not welcome in Canada and it was no surprise that they left in large numbers. From 1995 to 1997 Canada experienced an annual average net loss of 454 physicians to migration, the equivalent of four medical school classes. The United States continues to face a shortage of physicians, and it may be an attractive alternative for Canadian physicians to practise. Projections released earlier this year for the American Association of Medical Colleges indicate that the United States will have a shortage of between 40,800 and 104,900 physicians by 2030. The path to becoming a physician is a long one, which includes 10 or more years of postsecondary education. As a result, physicians start their careers later than other workers. Average student debt ranges from $160,000 to $180,000. This represents a large personal investment of time and money. We want to ensure that Canada establishes the public policy conditions necessary to retain and attract the next generation of physicians. Thriving medical practices are the best medicine for patients Public policy should strive to promote economic growth, innovation and quality of life for all Canadians. Thriving medical practices are a key ingredient in ensuring that Canadians have access to medical care when and where they need it. Any changes to the existing tax regimen can have the unintended consequences of forcing owners of medical practices to curtail their operations, reduce availability of care and stifle expansions of much-needed medical services. The CMA asked physicians whether they would consider reducing the number of hours they worked if the government eliminated any or all of the benefits of incorporation. Over half of the practising physicians who responded to the survey (54%) indicated they would consider reducing their number of hours worked, and 24% indicated they would consider retirement. In addition, 31% of the respondents stated they would consider closing their practice and moving to another practice setting (such as a hospital-based or salaried position). Of particular note, 64% of the medical residents who responded to the survey indicated that they would avoid independent practice. If fewer physicians opt to stay in or enter into independent practice there could be important implications for physician supply and patient accessibility. This may be particularly important in rural and remote regions, where independent practice is the most common means for delivery of physician services. In some rural and remote communities across Canada, there is already a shortage of physicians. According to Statistics Canada, about 19% of the Canadian population lives in rural and remote communities, but only about 14% of family physicians and 2% of specialists practise in such communities. The ratio of physicians to patients is also much lower in rural than in urban Canada (0.8 versus 2.1 per 1,000 in 2013). Some of the challenges in recruiting and retaining physicians to rural and especially to remote communities include the reality that physicians in these regions often have to work long hours, have a high level of on-call responsibilities and need additional competencies to meet their community's needs. Unlike most physicians working in urban environments, they may also experience insufficient backup or a total absence of backup from other physicians, nurses and complementary services. There are typically fewer professional education opportunities in rural and remote communities. Finally, physicians sometimes find it difficult to travel long distances to visit their families in urban regions or to convince their spouses and children to relocate from urban to rural and remote communities because of limited job prospects and educational opportunities for their families. Promoting gender equality in small- and medium-sized businesses and in medical practices The current federal government has advanced a feminist agenda with a view to ensuring that all public policy aligns with and supports gender equality. It is therefore perplexing to see the tax proposals being considered, as these may further deter women from entering the medical profession. It is worth noting that female physicians now account for 40% of all Canadian physicians and they represent 60% of physicians under the age of 35. This statistic represents a significant achievement in promoting gender equality in the profession. While the potential indirect effects of the federal tax proposals apply to all physicians regardless of gender, female physicians will likely see an incrementally larger decrease in income at all career stages and particularly as they start a family. This is coupled with the fact that there are already fewer female physicians over the age of 50. Many female physicians may choose to stay at home if the current financial and entrepreneurial incentives are no longer available. In addition to the direct impact of the proposed tax measures on female physicians, any practice consolidations or closures resulting from these measures will also impact women currently employed in physician practices, including nurses and administrative support staff. This is significant for occupations such as medical administrative assistants and other health services support staff; 98% and 80% of total employees in these occupations are women, respectively. Inspiring innovation as the cornerstone of Canada's future A significant portion of medical research in Canada is funded by physician donations of cash and unpaid physician labour. This is especially true for physicians working in academic health science centres (AHSCs). AHSCs are vital to ensuring that leading-edge medical research continues in Canada. Since most AHSCs are structured as partnerships of incorporated physicians, they will also be affected by the federal tax proposals, and donations to fund medical research will be compromised as physicians make financial decisions to reduce their spending to make up for their increased tax burden. This is significant, as the CMA estimates that physicians provide $340 million from their gross earnings to fund medical research and teaching in AHSCs. Furthermore, if physicians are facing a reduction in after-tax income from their practices, they will likely favour paid labour over unpaid labour to offset the reduction, which would result in fewer physician hours spent on medical research. There would be little financial incentive for physicians to continue with medical research, which would significantly impede medical innovation in Canada. Technical considerations of the proposals: In reviewing the specifics of the proposals, the CMA wishes to provide its perspective on several of the elements being considered, including fairness, complexity, passive income of a small business corporation, anti-avoidance rules and income splitting. Fairness The tax rules for private corporations are available to everyone should they wish to start and run their own business. They have been supported and even promoted by various governments to encourage entrepreneurship and those who are willing to take the risk of starting up a small business, entering independent practice or taking over the family business. Seeking to compare a salaried employee to someone who works through a private corporation where the corporation earns an equivalent amount of income fails to take into account all the factors necessary to operate a successful business through a corporate structure. For example, private corporations reinvest in the business and save funds to weather adverse economic events and to offset the lack of employment provisions and benefits. Physicians start their medical practice with significant debt and enter their career in their 30s. Private corporations in different sectors face their own unique set of challenges and the existing policies provide certainty that enables them to make plans. The CMA is aware that in 2011 an Employment Insurance (EI) program was established for self-employed individuals whereby they could register and pay for benefits including maternity and parental leave. We understand that there has been low uptake; we suspect that is because many self-employed people cannot take a full year off for maternity/parental leave and therefore do not receive the full value of what they put into the program. Other considerations include the fact that the program is not topped up by an employer, the program does not factor in expenses related to replacement costs, and there is loss of flexibility to cover lifestyle costs. Although well-intentioned, it seems that the enhancements to the EI program may not address the realities of running a business (regardless of incorporation) and that is why we need a more comprehensive review of the tax system that considers unique sector conditions and safety net provisions. Corporations are legitimate business vehicles that facilitate compliance and administration, and they have been sanctioned and encouraged by successive governments for decades. Changing the rules now will be highly destabilizing for small business owners who have chosen to organize their affairs in this way, many of whom also do not have the resources to adjust to these changes. In some cases, provisions for physician incorporation have been part of a negotiated settlement with provincial governments. The proposed changes will drive up medical costs, increase pressure on provincial and territorial governments and worsen fee-schedule negotiations between physicians and their provincial and territorial governments, causing yet more unnecessary disruption. The use of corporations has to a certain extent kept the underground economy at bay because of mandatory reporting requirements and registration both for income tax and GST/HST purposes and for corporate governance. Complexity The Canadian tax system and in particular the rules governing both big and small corporations are complex, and successive governments have strived to simplify them over time. The proposed tax changes have a level of complexity that is counter to what the present government has been promoting by eliminating boutique tax provisions. The proposals create a bigger disparity between small business corporations eligible for the small business deduction and small public corporations that provide many of the same benefits to family shareholders. Passive investments Passive income is already taxed at higher levels than active business income. Working capital is just as necessary in a small business corporation as it is in a public corporation. Investing passively in a private corporation has been a legitimate practice for many generations of Canadian business owners. The method of taxing passive income has been in effect since 1972. Investing passively within a corporation accommodates business owners who assume risk and responsibility not otherwise assumed by employees. A few important accommodations are noted below: * Investing passively provides a business owner with efficient access to capital so that opportunities can be seized, creating growth and employment for our economy. * Business owners are more likely to accept the risk associated with making investments if they have access to more capital. * Investing passively allows a business owner to manage risks assumed when one goes into business for oneself. These risks are not otherwise assumed by employees. * Investing passively allows a business owner to diversify risk by investing in assets that are very different than private corporation shares. * Investing passively allows a business owner to provide for retirement and unforeseen circumstances that may need to be self-funded. Physicians, like other small business owners, retain capital in their corporations to weather the financial ups and downs that are inherent in self-employment. Because physicians do not have employer-sponsored pension plans or health, disability or maternity benefits or statutory vacation leave, they rely on retained earnings and make passive investments to build up the capital to fund these eventualities. Similar to other businesses, medical practices have to respond to the ups and downs of the business cycle - in the medical practice context, provincial and territorial governments will implement expenditure caps and cuts that will affect the medical practice's bottom line. Fair, simple and efficient tax system As noted by CPA Canada, fairness in our tax system is an essential principle and it is doubtful that the recent proposals will improve this. Investing passively in a private corporation has in some cases been a mechanism available to business owners of all sizes since 1972. It will be important to consider the fact that many small business owners have legitimately organized their affairs by investing passively in their corporation and have not contributed to registered retirement savings plans (RRSPs), tax free savings accounts (TFSAs) and registered education savings plans (RESPs). Fundamentally changing the tax system will in some cases require physicians to: * work for more years to save for retirement with after tax dollars; * evaluate whether Canada's tax system is competitive with that of other economies; and * alter practice decisions, such as opting to retire completely versus easing into retirement or reducing hours of work in favour of other career pursuits. Applying a 50% permanent income tax rate in the corporation to passive income assumes that all small business owners are high-rate taxpayers. This is not the case, and this assumption would inadvertently punish many small business owners who are not subject to the highest rates of income tax. In some cases, applying a high rate of personal income tax to corporate income that has already been subject to tax at 50% will result in a combined income tax rate of approximately 71%. Canada's tax system is already complex and the proposed methods of accounting for passive income will in all cases add further complexity, reducing taxpayer compliance. Tracking and pooling sources of income to account for investments will be both time consuming and costly. There will need to be simple mechanisms for both grandfathered investments and those impacted by the new rules. Lastly, making significant changes to legitimate tax structures that have been in use for 45 years requires careful consideration, material stakeholder involvement, carefully considered grandfathering provisions and the appropriate amount of time to plan and implement. The proposals concerning passive income in a private corporation represent a significant change in tax policy. If implemented as proposed by the government, the changes could act as a disincentive for those looking to invest in small business, decreasing job creation. Furthermore, the tax policy changes as proposed could make it difficult for Canada to attract, recruit and retain highly skilled professionals, which will significantly impact the quality and availability of health care in the short and long term. For consideration - prescribed allowable assets for passive investment A fair tax system accommodates taxpayers who assume different levels of risk and is flexible enough to allow taxpayers to manage various circumstances. From a policy perspective, there are many examples of accommodation or incentive, such as the lifetime capital gains exemption (LCGE) and the small business deduction (SBD), which accommodate a self-employed individual's realities when compared with an employee. In the CMA's view, passive income is already taxed at rates of almost 50% to discourage investing passively in a corporation, and when passive income is distributed to individual shareholders, investment income is appropriately taxed. Existing passive assets and any income or related capital gain thereon should not be impacted by any new system that is implemented. Regarding a transition, a taxpayer should have the ability to elect to have existing or substituted assets and the related income or capital gains taxed under the current regime resulting in no change. On a prospective basis, passive assets accumulated over and above a prescribed threshold could be subject to new investment income rules. The prescribed threshold would allow business owners to accumulate passive assets commensurate with the amount of risk they accept or assume. Alternatively, the prescribed threshold would allow a taxpayer to opt out of the onerous and costly rules that are not conducive to small business. Business owners have raised the concern that they need to retain capital in their corporations for valid business purposes. These include saving for economic downturns, future growth and contingencies such as an illness of the principal business owner. Allowing a prescribed amount of passive investments to be held by private corporations will permit them to save for these valid business reasons without facing excessive tax rates, while still meeting the government's policy objective of preventing individuals from using corporations to save beyond government tolerance. A prescribed threshold provides greater certainty for planning and ease of administration. These ideas are worth exploring but require time and the engagement of small businesses to ensure that the changes do not produce unintended consequences while meeting public policy objectives. Converting income to capital Anti-tax avoidance rules We are in support of targeted measures to curtail abuse. Non-arm's length manipulations of cost base to reduce or eliminate capital gains are not appropriate, and such abuses should be curtailed. Use of mechanisms to avoid double taxation such as the so-called pipeline strategy that has been accepted by the Canada Revenue Agency (CRA) to avoid double taxation should be encouraged, not legislated against. Estate planning CRA has issued numerous favourable advanced income tax rulings with respect to pipeline planning. The proposed changes in ITA section 84.1 are especially troublesome for those nearing retirement and those who have planned for their final estate tax liability under the current income tax regime. For example, assume an owner of a private corporation dies in Ontario and the shares are not inherited by a spouse. If the private company shares have a fair market value of $2,000,000 with minimal adjusted cost base, the estate's final income tax liability will increase by approximately $360,000 if the fair market value of the private corporation must be realized as a dividend rather than as a capital gain, as contemplated by proposed subsection 84.1(2). In addition, there would be limited opportunities for retired or near-retirement business owners to acquire life insurance or otherwise reorganize their affairs. Lastly, the proposed changes would effectively require each estate to wind up the affairs of a private corporation within a very short period of time (12 months) to avoid double taxation. For consideration Subsection 164(6) of the Act should be extended to coincide with the graduated rate estate rules that were recently introduced. On this basis, an estate would have three years to properly wind up the affairs of a private company, realize a capital loss and carry it back to the terminal return of the shareholder to avoid paying income tax twice. Income sprinkling The practice of income sprinkling within the use of a professional corporation has been supported by judgments issued by the Supreme Court of Canada. It is also true that in some cases provincial governments have amended legislation governing professionals to allow a professional to introduce family members as shareholders of their professional corporations. Such amendments were made in the context of negotiating contracts for service deliverables and remuneration and in recognition of the family involvement in running a small business, such as a medical office in the case of physicians. Upon incorporation the entity that has been created in support of a specific business activity has nominal value. The corporation builds and expands through bank borrowing, expenditures and the sweat capital of spouses/partners. The value of that sweat capital is difficult to quantify but in many respects is no different than the sweat capital provided by unrelated entrepreneurs in developing a high technology idea into a working venture. The proposed changes could result in more stringent requirements for a family shareholder to demonstrate their contribution of capital or value to an entity than would be required of a non-family member shareholder. Spouses/partners are integral to the risk and development of a business enterprise that, as a family, they have an interest in: pension income splitting recognizes the family unit and similar considerations apply here. Tax policy reflected in the ITA has always permitted a certain level of income based on the personal amount and the dividend tax credit to be received without tax cost. In 2017 the amount was approximately $32,000.00. There is no abuse in using those provisions just as there is no abuse in pension income splitting to share the tax obligation within a family. Subjectivity of reasonability criteria Regarding the application of tax on split income (TOSI) and the "reasonableness test," the CMA is concerned that in practice, the proposed rules will result in inconsistent application, as the reasonableness test requires a subjective self-assessment after considering labour and capital contributions. Consider the practical difficulties that will arise in the following situations: * Both spouses are involved in the business on a regular and continuous basis. However, at different points during their life, their involvement is limited because of health or maternity reasons. * All family members (adult children and parents) are involved on a regular and continuous basis in the business. Similar to the example above, each family member has differing levels of involvement at different times and each family member makes unique contributions. * In some cases, a household will be required to decide on the division of labour. The division of labour would consider both inside and outside duties, resulting in one family member being less active in the business for a period of time or permanently because he/she is directly supporting inside duties so that the other spouse's involvement can exceed what would normally be required of an employee. . When assessing the reasonability of a dividend paid, both the taxpayer and CRA are required to evaluate a proper rate of return and assess the risk assumed. Independent data or proxies are not readily available when assessing risk assumed with respect to a private company investment. In the case where a spouse and/or all family members are involved with the business on a regular and continuous basis, practical difficulty will constantly arise when attempting to ascertain with any degree of precision or certainty reasonable compensation in the circumstances. In some cases, a physician's spouse will deliberately choose not to enter the workforce as a second income earner because it is not economically viable to do so given the day-to-day realities of managing a business, raising a family and planning for the future. Constraining income splitting will in some cases cause hardship for families who have organized their division of labour so that the family can fully support the professional's activities. This translates into physicians being more available to grow their practice and to care for patients. If the economics concerning the division of labour within and outside of the household are seriously altered, many small business owners could be motivated to work less and refocus their division of labour. For consideration - prescribed threshold on income sprinkling Dividends are paid to shareholders as a return on their investment in the corporation. Since the distribution of the dividend is not determined by the quantum of a shareholder's contribution to the corporation, it is illogical to use contribution or labour as the criterion that determines when dividend income will be subject to TOSI. A small business is dynamic, and contributions to a family business are required at different times by different people and entail different amounts of effort. Documenting and measuring the many different contributions will undoubtedly create problems because a business owner and their spouse are often inextricably linked when it comes to valuing their contributions to a business. Because of the complexity that the proposed changes would cause, the TOSI income rules should not consider a small business owner's spouse or common-law partner. In the alternative, a threshold should be contemplated that would recognize various contributions and eliminate the uncertainty and judgment required when applying the proposed rules. The implementation of a prescribed threshold of allowable dividends to be paid to family members would alleviate many of the issues with the current reasonableness test. The primary concern with the current wording of the reasonableness tests is the inherent uncertainty because of the difficulty in determining the value of contributions made by family members. A threshold of allowable dividends would inherently acknowledge that family members contribute value and assume risk with respect to a family business. This would eliminate the uncertainty about these amounts paid to family members, allowing small businesses to recognize the contributions of family members without fear of future reassessments at the top marginal rate of tax. This would also shift the focus of the proposals to higher income earners. Dividends above the prescribed threshold would still be subject to the proposed reasonableness test, preventing excessive amounts from being paid to family members where their contributions do not warrant these distributions. These ideas are worthy of consideration but require the engagement of the small business community to ensure that the changes do not produce unintended consequences while achieving their public policy objectives. Conclusion Canada's doctors are fully committed to improving health and health care by helping families, youth and women, growing the economy and ensuring we have thriving communities from coast to coast to coast. We know that these values are shared by governments. As health care providers and as owners of small businesses, Canada's doctors have been committed to these goals for decades. While the full impact of the proposed taxation changes is currently being assessed, every indication points to significant negative ramifications for frontline health care workers and the Canadian economy. Physician medical practices contribute significantly to the local and national economy by directly employing 137,000 Canadians and providing needed medical infrastructure. These entrepreneurs are also responsible for providing a self-funded safety net. These factors have, to a significant degree, been taken into account in settling fee structures for the medical professional on an overall after-tax basis. If those provisions cannot be relied on in the future, fairness would dictate that time be given for those in the relevant provinces to renegotiate their fee structures so that new factors can be taken into account. Fairness would also dictate that other self-funded safety net provisions, such as retirement savings vehicles, be adjusted or created to cover planned and unplanned events. The July 18, 2017, proposals represent the most significant tax changes since 1972. The CMA is concerned that the government may not be aware of the potential for far-reaching unintended consequences of the proposals and therefore strongly urges the government to: 1. suspend the current proposals; 2. conduct a comprehensive review of these proposals to ensure that legislation can meet policy objectives without significant unintended consequences; and 3. engage all Canadians in a comprehensive review of the tax system considering unique aspects of all sectors, including safety net provisions. Appendix A: Unintended consequences There are several potential mitigating measures physicians may apply to offset reductions in net revenue, including the following: * Physicians may decide to operate their practices on a leaner basis, offsetting their loss in net income by reducing practice spending. They may reduce their individual spending on staff and other costs, or they may elect to consolidate several practices into one. * Physicians may decide to reduce their hours worked, or change their practice setting in response to the reduction in net income. Scenario 1 provides an example. Scenario 1: Private practice Background Dr. Johns operates a private practice in rural Ontario. Understanding that there is a significant shortage of physicians in rural communities across Canada, Dr. Johns and her husband moved to their current rural community 10 years ago. Dr. Johns' husband, a teacher by trade, has been unable to secure full-time employment because of the limited number of jobs available in their community. Instead, he helps Dr. Johns by dealing with all operational matters for her clinics. This includes negotiating leases, buying equipment and hiring staff so that Dr. Johns can focus on delivering medical services. The children are involved too; they developed and maintain the clinic website. Over the last 10 years, he has also handled all matters related to the household, including raising their two children. Dr. Johns' children are now 18 and 19 years old and are both starting university in 2018. Dr. Johns, Mr. Johns and their children are shareholders of the medical professional corporation. Outcome Because of the new changes, Dr. Johns worries that she will not be able to help her children pay for university. Dr. and Mr. Johns are now trying to decide if they should close the rural practice and move back to the city, where Mr. Johns could find employment to help pay for their children's education. Scenario 2 illustrates how the proposed tax changes would affect a female pediatrician operating her practice through a corporation. Scenario 2: Retirement Background Dr. Grey is a 55-year-old pediatrician who operates her practice through a corporation. She is married and has two adult children. Her husband is a shareholder in the corporation. Her children are not. After finishing medical school and her residency, she started practising when she was 30. She spent the next three years making minimum payments on her student loans so that she could save enough to finance her maternity leave. Between ages 33 and 35, she had two children and was unable to work. When she returned to work, her husband stopped working to raise the children and manage the household. By age 40 she had finally paid off her medical school debt, but she spent the next 15 years saving to pay for her children's education and supporting the family. As a result, Dr. Grey has not been able to save any money for retirement before now. Outcome Dr. Grey has heard that her plans may be significantly impacted by the changes to both income splitting and passive investments. She has heard that existing portfolios of passive investments will be grandfathered, but she does not see how that will help her because she is only starting to save for retirement now. As Dr. Grey's fees are set by the province she cannot increase the fees she charges to her patients and will therefore have to reduce costs, including staffing costs. Otherwise, she may never be able to retire comfortably. Scenario 3: Married physician at an academic health science centre Background Dr. Ritchie is an incorporated cardiologist working in an academic health science centre. Because of her sporadic schedule her husband is not able to work a traditional job. Instead, he manages the household, and when needed he helps with any administrative activities required for managing Dr. Ritchie's corporation. As Dr. Ritchie understands that medical research is not well funded in Canada, she donates $25,000 per year to her local research institute. Dr. Ritchie currently takes an annual dividend of $135,000 out of her corporation and pays a dividend of $35,000 to her husband. Outcome Under the proposed changes to income splitting, it is unclear what would be considered a "reasonable amount" that can be paid to Dr. Ritchie's husband for his contributions; therefore, Dr. Ritchie will have to take out all funds herself. If the $35,000 typically paid to Dr. Ritchie's husband is now paid to her, the family tax liability will increase by $13,016/year. This means that if the family wants to have the same after-tax cash under the new rules, they will have to draw an additional $23,400 out of the corporation as dividends, increasing total dividends to $193,400. To fund this additional outflow while still saving for retirement, Dr. Ritchie will have to reduce her practice's expenditures by an amount roughly equal to her annual medical research donation. She is strongly considering not making donations to medical research so that she can support her family.
Documents
Less detail

National recognition of physician administrators/executives

https://policybase.cma.ca/en/permalink/policy13700
Date
2017-08-23
Topics
Physician practice/ compensation/ forms
Resolution
GC17-14
The Canadian Medical Association supports national recognition of physician administrators/executives with initiatives designed to recognize and support their contributions.
Policy Type
Policy resolution
Date
2017-08-23
Topics
Physician practice/ compensation/ forms
Resolution
GC17-14
The Canadian Medical Association supports national recognition of physician administrators/executives with initiatives designed to recognize and support their contributions.
Text
The Canadian Medical Association supports national recognition of physician administrators/executives with initiatives designed to recognize and support their contributions.
Less detail

17 records – page 1 of 2.