Skip header and navigation
CMA PolicyBase

Policies that advocate for the medical profession and Canadians


12 records – page 1 of 2.

Amendments to PIPEDA, Bill S-4

https://policybase.cma.ca/en/permalink/policy11194
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Parliamentary submission
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
Text
The Canadian Medical Association (CMA) is pleased to make submissions on Bill S-4. CMA has followed the history of PIPEDA and participated in the studies of various Standing Committees, most notably and recently in 2007 to the House of Commons Standing Committee on Access to Information, Privacy and Ethics. CMA is pleased that amendments to PIPEDA are once again being considered. The Canadian Medical Association represents over 80,000 physicians in Canada. Privacy is an important value to physicians and the patients to whom they serve. This is reflected in our Code of Ethics and policies, in particular, Principles for the Protection of Patients' Personal Health Information and Statement of Principles: The Sale and Use of Data on Individual Physicians' Prescribing. Physicians are also required to abide by privacy and confidentiality standards of practice. Thus, the CMA has a strong interest and valuable insights into the topic of personal information and privacy with respect to health information. We thank the Standing Committee for the opportunity to comment on the proposed amendments to PIPEDA. Our key comments are outlined below: Issue 1: CMA supports the existing legislative framework on the collection, use and disclosure of personal information produced by an individual in the course of their employment, business or profession ("work product") and suggests further amendments focus on strengthening it further. CMA supports the current standing of work products, that work products are considered to be personal information. That is, we support the framework defining personal information as information about an identifiable individual and that there is no carved out definition or exemption for "work product". CMA supports the position of the Office of Privacy Commissioner's following its 2007 investigation on work products, that they should not be exempted for two main reasons: * The exemption is not needed, and it would be inconsistent with the balanced approach in the current definition of personal information. The current definition of personal information and the approach to deciding issues based on that definition have worked well. They have promoted a level of privacy protection that balances the right of privacy in personal information with the needs of organizations for the reasonable and appropriate collection, use and disclosure of personal information. ...Because the concept of "work product" is ambiguous, excluding it from the definition of personal information could have unpredictable consequences that would diminish privacy unnecessarily. * (http://www.priv.gc.ca/parl/2007/sub_070222_03_e.asp) It is the CMA's position that work products should be considered personal information and given the section 7 amendments, work products should only be collected, used or disclosed without consent only if it is consistent with the purposes for which the information was produced. In the case of physicians, a prime example of a physician's work product is prescribing information. Prescribing information is a synthesis of assessing patients - by probing into their health, familial, social and sometimes financial background - infused with medical knowledge, skill and competencies resulting in a diagnosis and treatment plan, which often includes prescribing a medication or test. Not only is the physician's prescribing information a product of physicians' work but would not exist but for a trusting physician-patient relationship wherein the patient's private and personal information are shared under circumstances of vulnerability and trust. The outcome is that this is personal information. Prescribing information is about an individual: it includes the name of the patient, the name of the prescribing physician, and the drug name, dosage, amount and frequency; giving major clues as to what the patient's health issue(s) are. For further clarity, however, CMA recommends that physician information, and physician work products, should be specifically recognized within the legislation as personal information. To this end, we would propose that the following addition be made to the definition section under personal health information: Section 2.(1) "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; CMA supports the amendments to subsections 7(1)-(3) of the Act that any subsequent collection, use and disclosure of work products without consent must be related to the original purpose (of collection, use and disclosure). This relationship reflects the government's understanding and faithfulness to privacy principles. This is particularly critical when dealing with health information, and is even more critical in today's world given the ease of linking information through advancements in technology. In the absence of a causal relationship, personal information should not be used for system performance, commercial enterprise, data brokering, research, assessment or other purposes. CMA recommends that the legislation should go further and allow persons who believe that protection cannot be afforded under the legislation that they have the authority to refuse to communicate the information. This is the conceptual approach taken in Quebec's Act Respecting the Protection of Personal Information in the Private Sector wherein persons have an opportunity to refuse that professional information (as defined therein) be used for commercial purposes. Physicians are constantly writing prescriptions and such information should only be used for other purposes in the interests of patients and the health care system, and not to serve commercial interests or marketing strategies. If physicians do not feel that such protection is afforded patients, then they should be permitted to refuse that such information be collected, used or disclosed. Patient privacy should be primary. And finally, addressing work products in legislation clears up past differences of interpretation by Privacy Commissioners thus, providing certainty and clarity to the public. Recommendation 1: That Section 2. (1) "personal health information", be amended to read as follows: "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; Issue 2: CMA is pleased to see a section on breaches of security safeguards and recommends greater specificity. As noted above, physicians have responsibilities as data stewards and custodians of health information. As such, CMA supports breach notification measures that would enhance and protect patient privacy. In principle, we support the proposed amendments of breach disclosures to the Privacy Commissioner, to individuals and to organizations. However, CMA is concerned that meeting the requirements may be confusing. For example, in the health care context, it is easy to surmise that all health information is "sensitive". A far more difficult matter is determining whether the risk reaches the threshold of "significant harm" and the "probability" that the information "will be misused". The result being that incidental disclosures will be reported causing unnecessary concern and confusion in the patient population. Further specificity is recommended and we suggest something akin to Ontario's Personal Health Information Protection Act, 2004 (PHIPA). The PHIPA is an act specifically dealing with personal health information. One of its purposes is "to establish rules for the collection, use and disclosure of personal health information about individuals that protect the confidentiality of that information and the privacy of individuals with respect to that information, while facilitating the effective provision of health care" (section 1a ). The PHIPA notification provision states that the individual shall be notified "...at the first reasonable opportunity if the information is stolen, lost or accessed by unauthorized persons", [section 12(2)]. CMA is unaware of any concerns with this approach. The language of PIPIEDA is one of reasonable belief of real risk of significant harm to an individual. The issue is the test for required notification of patients for incidental inadvertent breaches and decreasing "notification fatigue". To illustrate the issue, if physicians were told today that patient data could be retrieved from the drums of discarded photocopiers and printers, it would be inappropriate for legislation to suggest that the entire patient population during the life of the photocopier or printer be notified. To this end, we recommend that there be acknowledgement that in some circumstances notification may not be required. The probability of misuse under PIPEDA is more ambiguous than the PHIPA test. Under PHIPA, the approach is more objective in that the data must be stolen, lost or accessed by unauthorized persons. To our knowledge, the Ontario model has been in place for almost a decade with no significant issues and thus we submit is one that works. In other jurisdictions (eg., Newfoundland and Labrador, Nova Scotia, New Brunswick) with health privacy legislation, there is acknowledgement of trying to balance notification and those breaches unlikely to result in harm by directly indicating when notification is not required. Recommendation 2: CMA recommends that the statute move towards a more objective test and acknowledge that there are situations when notice is not required. Issue 3: CMA supports disclosure without consent under limited circumstances, but finds the current list of disclosures overly inclusive. Health information is considered highly sensitive information and is initially collected for the purpose of individual patient health care. It should only be disclosed with consent and in only some exceptions without consent. The PIPEDA amendments for disclosure without consent have been broadened. Privacy, confidentiality and trust are the foundations of the patient-physician relationship. Without these fundamental values in play, open and honest communications cannot occur and patients would not receive the care they require. Both the patient and the physician have significant investment in the relationship. CMA respects the requirements to disclose information without consent under certain premises, such as required by court order or statute. However, any kind of activity requiring physicians to disclose patient's information without consent for the purposes of advancing a government or institution's goal could jeopardize the relationship. Both the patient's consent and the physician's consent should be required if there is potential to disturb this relationship. The physician is fiduciary of the relationship and is appropriately situated to assess and determine whether disclosure will disturb the relationship. While CMA acknowledges that certain situations may require that disclosure occur without consent (eg. purposes of investigating fraud, national security, abuse or as legally required), disclosure for less malicious activities (e.g., breaches of an agreement, insurance claims) ought to require a court order or warrant. For example, under the proposed section 7(3)(d.1) if a physician were in default of a contract with a technology company supplying electronic medical record software or app to his/her clinic, the company could disclose health information without consent for the "purposes of investigating a breach of an agreement". While we appreciate that there is a caveat that disclosure without advising the patient can only occur if there is a reasonable expectation that the disclosure would compromise the investigation, we submit that leaving the determination of what is "reasonable" to an interested party to the breach is unfair to all. Another example, if a physician is a witness to a dispute between an employer and union representing an employee for denial of long term disability by an insurance company, and has filed a witness statement which includes a medical report he/she wrote to the employer's insurance company, under the proposed section 7(3)(e.1) disclosure of health information without consent is permitted in order to assess, process or settle an insurance claim. CMA is concerned that the disclosure amendments are overly broad and do not differentiate sufficiently between highly time sensitive or grossly malicious situations, and those where it is merely expedient or an administrative encumbrance to seek consent. In addition, the disclosure requirements are framed in permissive (ie., may) and not mandatory language (ie., shall). This is very problematic when the "organization" is a physicians' clinic unless the physician's own consent is made as a pre-condition. CMA believes this suggestion is a progressive one in keeping with the broadened disclosure amendments. Physicians are in a relationship of trust and take seriously the protection of patient privacy and confidentiality, for which they are trained and are ethically and legally required to protect. To place physicians in a position which might entail breaching this trust may impact the confidence of the physician and the patient in the patient-physician relationship which is required to properly formulate appropriate treatment plans; thus, negatively impacting the health of Canadians. Recommendation 3: That disclosures of health information without consent require a warrant or subpoena or court order. Furthermore, disclosures of health information require the physician's consent that in his/her opinion the disclosure does not harm the patient-physician relationship. And, finally any broadened disclosure situations be restricted to criminal activity or that impacting national security. Conclusion Once again, CMA appreciates the opportunity to provide comment as part of the committee's study of Bill S-4. CMA is prepared to work with Parliament, governments, health professionals and the public in ensuring legislative frameworks for the collection, usage and disclosure of personal information for legitimate and reasonable purposes.
Documents
Less detail

Best practices for smartphone and smart-device clinical photo taking and sharing

https://policybase.cma.ca/en/permalink/policy13860
Date
2018-03-03
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Policy document
Date
2018-03-03
Topics
Health information and e-health
Ethics and medical professionalism
Text
Clinical photography is a valuable tool for physicians. Smartphones, as well as other devices supporting network connectivity, offer a convenient, efficient method to take and share images. However, due to the private nature of the information contained in clinical photographs there are concerns as to the appropriate storage, dissemination, and documentation of clinical images. Confidentiality of image data must be considered and the dissemination of these images onto servers must respect the privacy and rights of the patient. Importantly, patient information should be considered as any information deriving from a patient, and the concepts outlined therefore apply to any media that can be collected on, or transmitted with, a smart-device. Clinical photography can aid in documenting form and function, in tracking conditions and wound healing, in planning surgical operations, and in clinical decision-making. Additionally, clinical photographs can provide physicians with a valuable tool for patient communication and education. Due to the convenience of this type of technology it is not appropriate to expect physicians to forego their use in providing their patients with the best care available. The technology and software required for secure transfer, communication, and storage of clinical media is presently available, but many devices have non-secure storage/dissemination options enabled and lack user-control for permanently deleting digital files. In addition, data uploaded onto server systems commonly cross legal jurisdictions. Many physicians are not comfortable with the practice, citing security, privacy, and confidentiality concerns as well as uncertainty in regards to regional regulations governing this practice.1 Due to concern for patient privacy and confidentiality it is therefore incredibly important to limit the unsecure or undocumented acquisition or dissemination of clinical photographs. To assess the current state of this topic, Heyns et al. have reviewed the accessibility and completeness of provincial and territorial medical regulatory college guidelines.2 Categories identified as vital and explored in this review included: Consent; Storage; Retention; Audit; Transmission; and Breach. While each regulatory body has addressed limited aspects of the overall issue, the authors found a general lack of available information and call for a unified document outlining pertinent instructions for conducting clinical photography using a smartphone and the electronic transmission of patient information.2 The discussion of this topic will need to be ongoing and it is important that physicians are aware of applicable regulations, both at the federal and provincial levels, and how these regulations may impact the use of personal devices. The best practices supported here aim to provide physicians and healthcare providers with an understanding of the scope and gravity of the current environment, as well as the information needed to ensure patient privacy and confidentiality is assessed and protected while physicians utilize accessible clinical photography to advance patient care. Importantly, this document only focusses on medical use (clinical, academic, and educational) of clinical photography and, while discussing many core concepts of patient privacy and confidentiality of information, should not be perceived as a complete or binding framework. Additionally, it is recommended that physicians understand the core competencies of clinical photography, which are not described here. The Canadian Medical Association (CMA) suggests that the following recommendations be implemented, as thoroughly as possible, to best align with the CMA policy on the Principles for the Protection of Patient Privacy (CMA Policy PD2018-02). These key recommendations represent a non-exhaustive set of best practices - physicians should seek additional information as needed to gain a thorough understanding and to stay current in this rapidly changing field. KEY RECOMMENDATIONS 1. CONSENT * Informed consent must be obtained, preferably prior, to photography with a mobile device. This applies for each and any such encounter and the purpose made clear (i.e. clinical, research, education, publication, etc.). Patients should also be made aware that they may request a copy of a picture or for a picture to be deleted. * A patient's consent to use electronic transmission does not relieve a physician of their duty to protect the confidentiality of patient information. Also, a patient's consent cannot override other jurisdictionally mandated security requirements. * All patient consents (including verbal) should be documented. The acquisition and recording of patient consent for medical photography/dissemination may be held to a high standard of accountability due to the patient privacy and confidentiality issues inherent in the use of this technology. Written and signed consent is encouraged. * Consent should be considered as necessary for any and all photography involving a patient, whether or not that patient can be directly recognized, due to the possibility of linked information and the potential for breach of privacy. The definition of non-identifiable photos must be carefully considered. Current technologies such as face recognition and pattern matching (e.g. skin markers, physical structure, etc.), especially in combination with identifying information, have the potential to create a privacy breach. * Unsecure text and email messaging requires explicit patient consent and should not be used unless the current gold standards of security are not accessible. For a patient-initiated unsecure transmission, consent should be clarified and not assumed. 2. TRANSMISSION * Transmission of photos and patient information should be encrypted as per current-day gold standards (presently, end-to-end encryption (E2EE)) and use only secure servers that are subject to Canadian laws. Explicit, informed consent is required otherwise due to privacy concerns or standards for servers in other jurisdictions. Generally, free internet-based communication services and public internet access are unsecure technologies and often operate on servers outside of Canadian jurisdiction. * Efforts should be made to use the most secure transmission method possible. For data security purposes, identifying information should never be included in the image, any frame of a video, the file name, or linked messages. * The sender should always ensure that each recipient is intended and appropriate and, if possible, receipt of transmission should be confirmed by the recipient. 3. STORAGE * Storing images and data on a smart-device should be limited as much as possible for data protection purposes. * Clinical photos, as well as messages or other patient-related information, should be completely segregated from the device's personal storage. This can be accomplished by using an app that creates a secure, password-protected folder on the device. * All information stored (on internal memory or cloud) must be strongly encrypted and password protected. The security measures must be more substantial than the general password unlock feature on mobile devices. * Efforts should be made to dissociate identifying information from images when images are exported from a secure server. Media should not be uploaded to platforms without an option for securely deleting information without consent from the patient, and only if there are no better options. Automatic back-up of photos to unsecure cloud servers should be deactivated. Further, other back-up or syncing options that could lead to unsecure server involvement should be ascertained and the risks mitigated. 4. Cloud storage should be on a Canadian and SOCII certified server. Explicit, informed consent is required otherwise due to privacy concerns for servers in other jurisdictions. 5. AUDIT & RETENTION * It is important to create an audit trail for the purposes of transparency and medical best practice. Key information includes patient and health information, consent type and details, pertinent information regarding the photography (date, circumstance, photographer), and any other important facts such as access granted/deletion requests. * Access to the stored information must be by the authorized physician or health care provider and for the intended purpose, as per the consent given. Records should be stored such that it is possible to print/transfer as necessary. * Original photos should be retained and not overwritten. * All photos and associated messages may be considered part of the patient's clinical records and should be maintained for at least 10 years or 10 years after the age of majority, whichever is longer. When possible, patient information (including photos and message histories between health professionals) should be retained and amalgamated with a patient's medical record. Provincial regulations regarding retention of clinical records may vary and other regulations may apply to other entities - e.g. 90 years from date of birth applies to records at the federal level. * It may not be allowable to erase a picture if it is integral to a clinical decision or provincial, federal, or other applicable regulations require their retention. 6. BREACH * Any breach should be taken seriously and should be reviewed. All reasonable efforts must be made to prevent a breach before one occurs. A breach occurs when personal information, communication, or photos of patients are stolen, lost, or mistakenly disclosed. This includes loss or theft of one's mobile device, texting to the wrong number or emailing/messaging to the wrong person(s), or accidentally showing a clinical photo that exists in the phone's personal photo album. * It should be noted that non-identifying information, when combined with other available information (e.g. a text message with identifiers or another image with identifiers), can lead to highly accurate re-identification. * At present, apps downloaded to a smart-device for personal use may be capable of collecting and sharing information - the rapidly changing nature of this technology and the inherent privacy concerns requires regular attention. Use of specialized apps designed for health-information sharing that help safeguard patient information in this context is worth careful consideration. * Having remote wipe (i.e. device reformatting) capabilities is an asset and can help contain a breach. However, inappropriate access may take place before reformatting occurs. * If a smartphone is strongly encrypted and has no clinical photos stored locally then its loss may not be considered a breach. * In the event of a breach any patient potentially involved must be notified as soon as possible. The CMPA, the organization/hospital, and the Provincial licensing College should also be contacted immediately. Provincial regulations regarding notification of breach may vary. Approved by the CMA Board of Directors March 2018 References i Heyns M†, Steve A‡, Dumestre DO‡, Fraulin FO‡, Yeung JK‡ † University of Calgary, Canada ‡ Section of Plastic Surgery, Department of Surgery, University of Calgary, Canada 1 Chan N, Charette J, Dumestre DO, Fraulin FO. Should 'smart phones' be used for patient photography? Plast Surg (Oakv). 2016;24(1):32-4. 2 Unpublished - Heyns M, Steve A, Dumestre DO, Fraulin FO, Yeung J. Canadian Guidelines on Smartphone Clinical Photography.
Documents
Less detail

Big data and its negative impact on professionalism and the confidentiality of medical data

https://policybase.cma.ca/en/permalink/policy11263
Date
2014-08-20
Topics
Ethics and medical professionalism
Health information and e-health
Resolution
GC14-67
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Ethics and medical professionalism
Health information and e-health
Resolution
GC14-67
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Text
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Less detail

Cradle-to-grave health records for patients living in Canada

https://policybase.cma.ca/en/permalink/policy11653
Date
2015-08-26
Topics
Health care and patient safety
Health information and e-health
Population health/ health equity/ public health
Resolution
GC15-73
The Canadian Medical Association supports the organization, centralization and management of cradle-to-grave health records for patients living in Canada.
Policy Type
Policy resolution
Date
2015-08-26
Topics
Health care and patient safety
Health information and e-health
Population health/ health equity/ public health
Resolution
GC15-73
The Canadian Medical Association supports the organization, centralization and management of cradle-to-grave health records for patients living in Canada.
Text
The Canadian Medical Association supports the organization, centralization and management of cradle-to-grave health records for patients living in Canada.
Less detail

Guidelines and standards for the use of telemonitoring technology

https://policybase.cma.ca/en/permalink/policy11606
Date
2015-08-26
Topics
Population health/ health equity/ public health
Health information and e-health
Resolution
GC15-26
The Canadian Medical Association supports the development of guidelines and standards for the use of telemonitoring technology.
Policy Type
Policy resolution
Date
2015-08-26
Topics
Population health/ health equity/ public health
Health information and e-health
Resolution
GC15-26
The Canadian Medical Association supports the development of guidelines and standards for the use of telemonitoring technology.
Text
The Canadian Medical Association supports the development of guidelines and standards for the use of telemonitoring technology.
Less detail

Guiding principles for physicians recommending mobile health applications to patients

https://policybase.cma.ca/en/permalink/policy11521
Date
2015-05-30
Topics
Health information and e-health
Physician practice/ compensation/ forms
  1 document  
Policy Type
Policy document
Date
2015-05-30
Topics
Health information and e-health
Physician practice/ compensation/ forms
Text
GUIDING PRINCIPLES FOR PHYSICIANS RECOMMENDING MOBILE HEALTH APPLICATIONS TO PATIENTS This document is designed to provide basic information for physicians about how to assess a mobile health application for recommendation to a patient in the management of that patient's health, health care, and health care information. These guiding principles build on the Canadian Medical Association's (CMA) Physician Guidelines for Online Communication with Patients.1 Background * Mobile health applications, distinct from regulated medical devices, may be defined as an application on a mobile device that is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. The functions of these applications may include: o The ability to store and track information about an individual or group's health or the social determinants thereof; o Periodic educational information, reminders, or motivational guidance; o GPS location information to direct or alert patients; o Standardized checklists or questionnaires.2 * Mobile health applications can enhance health outcomes while mitigating health care costs because of their potential to improve a patient's access to information and care providers.3 * Mobile health applications are most commonly used on a smart phone and/or tablet. Some may also interface with medical devices. * The use of mobile health applications reflects an emerging trend towards personalized medicine and patient involvement in the management of their health information. By 2016, 142 million health apps will have been downloaded.4 According to some industry estimates, by 2018, 50 percent of the more than 3.4 billion smartphone and tablet users worldwide will have downloaded at least one mobile health application.5 * While mobile health application downloads are increasing, there is little information about usage and adherence by patients. It is believed that many patients cease to use a mobile health application soon after downloading it. * Distributers of mobile health applications do not currently assess content provided by mobile health applications for accuracy, comprehensiveness, reliability, timeliness, or conformity to clinical practice guidelines.6 However, mobile applications may be subjected to certain standards to ensure critical technical requirements such as accessibility, reachability, adaptability, operational reliability, and universality. * Increasingly there are independent websites providing reviews of medical apps and checklists for health care professionals. However, the quality criteria used by these sites, potential conflicts of interest, and the scope and number of mobile apps assessed are not always declared by these groups. To date, randomized controlled trials are not usually employed to assess the effectiveness of mobile health applications. Some believe that the rigorousness of this type of assessment may impede the timeliness of a mobile health application's availability.7 * Some examples of the uses of mobile health applications include tracking fitness activities to supplement a healthy lifestyle; supported self-management of health and health information; post-procedure follow up; viewing of test results; and the virtualization of interaction between patients and providers, such as remote patient monitoring for chronic disease management. Some mobile health applications may be linked to a patient profile or patient portal associated with a professional or recognized association or medical society or health care organization. * Some mobile health applications may be an extension of an electronic medical records (EMR) platform. Guiding principles * The objective of recommending a mobile health application to a patient must be to enhance the safety and/or effectiveness of patient care or otherwise for the purpose of health promotion. * A mobile health application is one approach in health service delivery. Mobile health applications should complement, rather than replace, the relationship between a physician and patient. * No one mobile health application is appropriate for every patient. Physicians may wish to understand a patient's abilities, comfort level, access to technology, and the context of the application of care before recommending a mobile health application. * Should a physician recommend a mobile health application to a patient, it is the responsibility of the physician to do so in a way that adheres to legislation and regulation (if existing) and/or professional obligations. * If the mobile health application will be used to monitor the patient's condition in an ongoing manner, the physician may wish to discuss with the patient what they should watch for and the steps they should take in response to information provided. * Physicians are encouraged to share information about applications they have found effective with colleagues. * Physicians who require additional information about the competencies associated with eHealth and the use of health information technologies may wish to consult The Royal College of Physicians and Surgeons of Canada's (RCPSC) framework of medical competencies, CanMEDS.8 * Physicians may wish to enter into and document a consent discussion with their patient, which can include the electronic management of health information or information printed out from electronic management platforms like mobile health applications. This agreement may include a one-time conveyance of information and recommendations to cover the elements common to many mobile health applications, such as the general risk to privacy associated with storing health information on a mobile device. Characteristics of a safe and effective mobile health application A mobile health application does not need to have all of the following characteristics to be safe and effective. However, the more of the following characteristics a mobile health application has, the likelier it will be appropriate for recommendation to a patient: 1. Endorsement by a professional or recognized association or medical society or health care organization As recommended by the Canadian Medical Protective Association (CMPA), it is best to select mobile health applications that have been created or endorsed by a professional or recognized association or medical society.9 Some health care organizations, such as hospitals, may also develop or endorse applications for use in their clinical environments. There may also be mobile health applications associated with an EMR platform used by an organization or practice. Finally, some mobile health applications may have been subject to a peer review process distinct from endorsement by an association or organization. 2. Usability There are a number of usability factors than can complicate the use of mobile applications, including interface and design deficiencies, technological restrictions, and device and infrastructure malfunction. Many developers will release periodic updates and software patches to enhance the stability and usability of their applications. Therefore, it would be prudent for the physician recommending the mobile health application to also recommend to the patient that they determine if the application has been updated within the last year. Physicians considering recommending a mobile health application to a patient may wish to ask about the patient's level of comfort with mobile health technologies, their degree of computer literacy, whether or not the patient owns a mobile device capable of running the application, and whether or not the patient is able to bear potential one-time or ongoing costs associated with use of the application. Physicians may consider testing the application themselves beforehand to understand whether its functionality and interface make it easy to use. 3. Reliability of information Physicians considering recommending a mobile health application may wish to understand how the patient intends to use the information, and/or review the information with the patient to understand whether it is current and appropriate. Information presented by the mobile health application should be appropriately referenced and time-stamped with the last update by the application developer. 4. Privacy and security There are inherent security risks when a patient uses mobile health applications or enters sensitive information into their mobile device. Mobile devices can be stolen, and the terms of use for mobile health applications may include provisions for the sharing of information with the application developer and other third-parties, identified or un-identified, for commercial purposes. In 2014, the Officer of the Information and Privacy Commissioner of Alberta assessed approximately 1200 mobile applications and found nearly one-third of them required access to personal information beyond what should be required relative to their functionality and purpose, and that basic privacy information was not always made available.10 Physicians entering into and documenting a consent discussion with their patients may wish to include the electronic management of health information in the scope of these discussions, and make a notation of the discussion in the patient's health record. If physicians have not entered into and documented a general consent discussion, they may wish to indicate to the patient that there are security risks associated with mobile health applications, and recommend that the patient avail themselves of existing security features on their device. Physicians may wish to recommend to the patient that they determine whether a privacy policy has been made available which discloses how data is collected by the application and used by the developer, or a privacy impact assessment, which demonstrates the risks associated with the use of the application. Some mobile health applications may feature additional levels of authentication for use, such as an additional password or encryption protocols. If all other factors between applications are equal, physicians may wish to recommend that patients use mobile health applications adhering to this higher standard of security. 5. Avoids conflict-of-interest Physicians may wish to recommend that patients learn more about the company or organization responsible for the development of the application and their mandate. There is a risk of secondary gains by mobile health application developers and providers where information about patients and/or usage is gathered and sold to third parties. A standardized conflict of interest statement may be made available through the mobile health application or on the developer's website. If so, physicians may wish to refer the patient to this resource. Physicians who develop mobile applications for commercial gain or have a stake in those who develop applications for commercial gain may risk a complaint being made to the College on the basis that the physician engaged in unprofessional conduct if they recommend mobile health applications to their patients in the course of patient care. 6. Does not contribute to fragmentation of health information Some mobile health applications may link directly to an EMR, patient portal, or government data repository. These data resources may be standardized, linked, and cross-referenced. However, health information entered into an application may also be stored on a mobile device and/or the patient's home computer, or developers of mobile health applications may store information collected by their application separately. While there may be short-term benefits to using a particular mobile health application, the range of applications and developers may contribute to the overall fragmentation of health information. If all other factors between applications are considered equal, physicians may wish to recommend mobile health applications which contribute to robust existing data repositories, especially an existing EMR. 7. Demonstrates its impact on patient health outcomes While not all mobile health applications will have an appropriate scale of use and not all developers will have the capacity to collect and analyze data, physicians may wish to recommend mobile health applications that have undergone validation testing to demonstrate impact of use on patient health outcomes. If mobile health applications are claiming a direct therapeutic impact on patient populations, physicians may wish to recommend that their patients seek out or request resources to validate this claim. References 1 Canadian Medical Association. Physician guidelines for online communication with patients. Ottawa: The Association; 2005. Available: http://policybase.cma.ca/dbtw-wpd/PolicyPDF/PD05-03.pdf?_ga=1.32127742.1313872127.1393248073 2 US Food and Drug Administration, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research. Mobile medical applications: guidance for industry and Food and Drug Administration staff. Rockville (MD): The Administration; 2015. Available: www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf 3 Canada Health Infoway. Mobile health computing between clinicians and patients. White paper. Toronto: The Infoway; 2014 Apr. Available: www.infoway-inforoute.ca/index.php/resources/video-gallery/doc_download/2081-mobile-health-computing-between-clinicians-and-patients-white-paper-full-report 4 iHealthBeat. 44M mobile health apps will be downloaded in 2012, report predicts. Available: www.ihealthbeat.org/articles/2011/12/1/44m-mobile-health-apps-will-be-downloaded-in-2012-report-predicts 5 Jahns R-G. 500m people will be using healthcare mobile applications in 2015. Research2guidance. Available: www.research2guidance.com/500m-people-will -be-using-healthcare-mobile-applications-in-2015/ 6 Lyver, M. Standards: a call to action. Future Practice. 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf 7 Rich P. Medical apps: current status. Future Practice 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf 8 Royal College of Physicians and Surgeons of Canada. The CanMEDS 2015 eHealth Expert Working Group report. Ottawa: The College; 2014. Available: www.royalcollege.ca/portal/page/portal/rc/common/documents/canmeds/framework/ehealth_ewg_report_e.pdf 9 Canadian Medical Protective Association. Managing information to delivery safer care. Ottawa: The Association; 2013. Available: https://oplfrpd5.cmpa-acpm.ca/en/duties-and-responsibilities/-/asset_publisher/bFaUiyQG069N/content/managing-information-to-deliver-safer-care 10 Office of the Information and Privacy Commissioner of Alberta. Global privacy sweep rasies concerns about mobile apps [news release]. Available: www.oipc.ab.ca/downloads/documentloader.ashx?id=3482
Documents
Less detail

Immunization registries

https://policybase.cma.ca/en/permalink/policy11666
Date
2015-08-26
Topics
Health systems, system funding and performance
Health information and e-health
Resolution
GC15-87
The Canadian Medical Association calls for immunization registries that can accept information directly from the electronic medical records of health care providers.
Policy Type
Policy resolution
Date
2015-08-26
Topics
Health systems, system funding and performance
Health information and e-health
Resolution
GC15-87
The Canadian Medical Association calls for immunization registries that can accept information directly from the electronic medical records of health care providers.
Text
The Canadian Medical Association calls for immunization registries that can accept information directly from the electronic medical records of health care providers.
Less detail

Insurance industry medical information requirements

https://policybase.cma.ca/en/permalink/policy11275
Date
2014-08-20
Topics
Health information and e-health
Health care and patient safety
Resolution
GC14-79
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Health information and e-health
Health care and patient safety
Resolution
GC14-79
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Text
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Less detail

Integration of clinical practice guidelines with electronic medical records

https://policybase.cma.ca/en/permalink/policy10458
Last Reviewed
2019-03-03
Date
2012-08-15
Topics
Health care and patient safety
Health information and e-health
Resolution
GC12-22
The Canadian Medical Association supports the integration of clinical practice guidelines with electronic medical records.
Policy Type
Policy resolution
Last Reviewed
2019-03-03
Date
2012-08-15
Topics
Health care and patient safety
Health information and e-health
Resolution
GC12-22
The Canadian Medical Association supports the integration of clinical practice guidelines with electronic medical records.
Text
The Canadian Medical Association supports the integration of clinical practice guidelines with electronic medical records.
Less detail

Primary care telemedicine investments, policies and regulations

https://policybase.cma.ca/en/permalink/policy11665
Date
2015-08-26
Topics
Health systems, system funding and performance
Health information and e-health
Resolution
GC15-86
The Canadian Medical Association recommends that primary care telemedicine investments, policies and regulations support comprehensive and continuous patient-centred care.
Policy Type
Policy resolution
Date
2015-08-26
Topics
Health systems, system funding and performance
Health information and e-health
Resolution
GC15-86
The Canadian Medical Association recommends that primary care telemedicine investments, policies and regulations support comprehensive and continuous patient-centred care.
Text
The Canadian Medical Association recommends that primary care telemedicine investments, policies and regulations support comprehensive and continuous patient-centred care.
Less detail

12 records – page 1 of 2.