Electronic tools are now being used more widely in medicine than ever before. A majority of physicians in Canada have adopted electronic medical records (EMRs)-75% of physicians use EMRs to enter or retrieve clinical patient notes, and 80% use electronic tools to access laboratory/diagnostic test results. The increased use of point-of-care tools and information repositories has resulted in the mass digitization and storage of clinical information, which provides opportunities for the use of big data analytics.
Big data analytics may come to be understood as the process of examining clinical data in EMRs cross-referenced with other administrative, demographic and behavioural data sources to reveal determinants of patient health and patterns in clinical practice. Its increased use may provide opportunities to develop and enhance clinical practice tools and to improve health outcomes at both point-of-care and population levels. However, given the nature of EMR use in Canada, these opportunities may be restricted to primary care practice at this time.
Physicians play a central role in finding the right balance between leveraging the advantages of big data analytics and protecting patient privacy. Guiding Principles for the Optimal Use of Data Analytics by Physicians at the Point of Care outlines basic considerations for the use of big data analytics services and highlights key considerations when responding to requests for access to EMR data, including the following:
* Why will data analytics be used? Will the safety and effectiveness of patient care be enhanced? Will the results be used to inform public health measures?
* What are the responsibilities of physicians to respect and protect patient and physician information, provide appropriate information during consent conversations, and review data sharing agreements and consult with EMR vendors to understand how data will be used?
As physicians will encounter big data analytics in a number of ways, this document also outlines the characteristics one should be looking for when assessing the safety and effectiveness of big data analytics services:
* protection of privacy
* clear and detailed data sharing agreement
* physician-owned and -led data collaboratives
* endorsement by a professional or recognized association, medical society or health care organization
* scope of services and functionality/appropriateness of data
While this guidance is not a standalone document-it should be used as a supplemental reference to provincial privacy legislation-it is hoped that it can aid physicians to identify suitable big data analytics services and derive benefits from them.
This document outlines basic considerations for the use of big data analytics services at the point of care or for research approved by a research ethics board. This includes considerations when responding to requests for access to data in electronic medical records (EMRs).
These guiding principles build on the policies of the Canadian Medical Association (CMA) on Data Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records,1 Principles Concerning Physician Information2 and Principles for the Protection of Patients' Personal Health Information,3 the 2011 clinical vignettes Disclosing Personal Health Information to Third Parties4 and Need to Know and Circle of Care,5 and the Canadian Medical Protective Association's The Impact of Big Data on Healthcare and Medical Practice.6
These guiding principles are for information and reference only and should not be construed as legal or financial advice, nor is this document a substitute for legal or other professional advice. Physicians must always comply with all legislation that applies to big data analytics, including privacy legislation. Big data analytics in the clinical context involves the collection, use and potential disclosure of patient and physician information, both of which could be considered sensitive personal information under privacy legislation.
Big data analytics has the potential to improve health outcomes, both at the point of care and at a population level. Doctors have a key role to play in finding the right balance between leveraging the advantages of big data (enhanced care, service delivery and resource management) and protecting patient privacy.7
A majority of physicians in Canada have adopted EMRs in their practice. The percentage of physicians using EMRs to enter or retrieve clinical patient notes increased from 26% in 2007 to 75% in 2014. Eighty percent of physicians used electronic tools to access laboratory/diagnostic test results in 2014, up from 38% in 2010.8 The increasingly broad collection of information by physicians at the point of care, combined with the growth of information repositories developed by various governmental and intergovernmental bodies, has resulted in the mass digitization and storage of clinical information.
Big data is the term for data sets so large and complex that it is difficult to process them using traditional relational database management systems, desktop statistics and visualization software. What is considered "big" depends on the infrastructure and capabilities of the organization managing the data.9
Analytics is the discovery and communication of meaningful patterns in data. Analytics relies on the simultaneous application of statistics, computer programming and operations research. Analytics often favours data visualization to communicate insight, and insights from data are used to guide decision-making.10
For physicians, big data analytics may come to be understood as the process of examining the clinical data in EMRs cross-referenced with other administrative, demographic and behavioural data sources to reveal determinants of patient health and patterns in clinical practice. This information can be used to assist clinical decision-making or for research approved by a research ethics board.
There are four types of big data analytics physicians may encounter in the provision of patient care. They are generally performed in the following sequence, in a continuous cycle11,12,13,14:
1. Population health analytics: Health trends are identified in the aggregate within a community, a region or a national population. The data can be derived from biomedical and/or administrative data.
2. Risk-based cost analysis: Populations are segmented into groups according to the level of risk to the patient's health and/or cost to the health system.
3. Care management: Clinicians are enabled to manage patient care according to defined care pathways and clinical protocols informed by population health analytics and risk-based cost analysis. Care management includes the following:
o Clinical decision support: Outcomes are predicted and/or alternative treatments are recommended to clinicians and patients at the point of care.
o Personalized/precision care: Personalized data sets, such as genomic DNA sequences for at-risk patients, are leveraged to highlight best practice treatments for patients and practitioners. These solutions may offer early detection and diagnosis before a patient develops disease symptoms.
o Clinical operations: Workflow management is performed, such as wait-times management, mining historical and unstructured data for patterns to predict events that may affect care.
o Continuing education and professional development: Longitudinal performance data are combined across institutions, classes, cohorts or programs with correlating patient outcomes to assess models of education and/or develop new programs.
4. Performance analytics: Metrics for quality and efficiency of patient care are cross-referenced with clinical decision-making and performance data to assess clinical performance.
This cycle is also sometimes understood as a component of "meaningful" or "enhanced" use of EMRs.
How might physicians encounter big data analytics?
Many EMRs run analytics both visibly (e.g., as a function that can be activated at appropriate junctures in the care pathway) and invisibly (e.g., as tools that run seamlessly in the background of an EMR). Physicians may or may not be aware when data are being collected, analyzed, tailored or presented by big data analytics services. However, many jurisdictions are strengthening their laws and standards, and best practices are gradually emerging.15
Physicians may have entered into a data sharing agreement with their EMR vendor when they procured an EMR for their practice. Such agreements may include provisions to share de-identified (i.e., anonymized) and/or aggregate data with the EMR vendor for specified or unspecified purposes.
Physicians may also receive requests from third parties to share their EMR data. These requests may come from various sources:
* provincial governments
* intergovernmental agencies
* national and provincial associations, including medical associations
* non-profit organizations
* independent researchers
* EMR vendors, service providers and other private corporations
National Physician Survey results indicate that in 2014, 10% of physicians had shared data from their EMRs for the purposes of research, 10% for chronic disease surveillance and 8% for care improvement. Family physicians were more likely than other specialists to share with public health agencies (22% v. 11%) and electronic record vendors (13% v. 2%). Specialists were more likely than family physicians to share with researchers (59% v. 37%), hospital departments (47% v. 20%) and university departments (28% v. 15%).
There is significant variability across the provinces with regard to what proportion of physicians are sharing information from their EMRs, which is affected by the presence of research initiatives, research objectives defined by the approval of a research ethics board, the adoption rates of EMRs among physicians in the province and the functionality of those EMRs.16
For example, there are family practitioners across Canada who provide data to the Canadian Primary Care Sentinel Surveillance Network (CPCSSN). The CPCSSN is a multi-disease EMR surveillance and research system that allows family physicians, epidemiologists and researchers to understand and manage chronic care conditions for patients. Health information is collected from EMRs in the offices of participating family physicians, specifically information about Canadians suffering from chronic and mental health conditions and three neurologic conditions, including Alzheimer's and related dementias.17
In another example, the Canadian Partnership Against Cancer's Surgical Synoptic Reporting Initiative captures standardized information about surgery at the point of care and transmits the surgical report to other health care personnel. Surgeons can use the captured information, which gives them the ability to assess adherence to the clinical evidence and safety procedures embedded in the reporting templates, to track their own practices and those of their community.18 The concept of synoptic reporting-whereby a physician provides anonymized data about their practice in return for an aggregate report summarizing the practice of others -can be expanded to any area in which an appropriate number of physicians are willing to participate.
Guiding principles for the use of big data analytics
These guiding principles are designed to give physicians a starting point as they consider the use of big data analytics in their practices:
* The objective of using big data analytics must be to enhance the safety and/or effectiveness of patient care or for the purpose of health promotion.
* Should a physician use big data analytics, it is the responsibility of the physician to do so in a way that adheres to their legislative, regulatory and/or professional obligations.
* Physicians are responsible for the privacy of their individual patients. Physicians may wish to refer to the CMA's policy on Principles for the Protection of Patients' Personal Health Information.19
* Physicians are responsible for respecting and protecting the privacy of other physicians' information. Physicians may wish to refer to the CMA's policy on Principles Concerning Physician Information.20
* When physicians enter into and document a broad consent discussion with their patient, which can include the electronic management of health information, this agreement should convey information to cover the elements common to big data analytics services.
* Physicians may also wish to consider the potential for big data analytics to inform public health measures and enhance health system efficiency and take this into account when responding to requests for access to data in an EMR.
* Many EMR vendors provide cloud-based storage to their clients, so information entered into an EMR may be available to the EMR vendor in a de-identified and/or aggregate state. Physicians should carefully read their data sharing agreement with their EMR vendor to understand how and why the data that is entered into an EMR is used, and/or they should refer to the CMA's policy on the matter, Data Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records.21
* Given the dynamic nature of this emerging tool, physicians are encouraged to share information about their experiences with big data analytics and its applications with colleagues.
Characteristics of safe and effective big data analytics services
1. Protection of privacy
Privacy and security concerns present a challenge in linking big data in EMRs. As data are linked, it becomes increasingly difficult to de-identify individual patients.22
As care is increasingly provided in interconnected, digital environments, physicians are having to take on the role of data stewardship. To that end, physicians may wish to employ conservative risk assessment practices-"should we" as opposed to "can we" when linking data sources-and obtain express patient consent, employing a "permission-based" approach to the collection and stewardship of data.
2. A clear and detailed data sharing agreement
Physicians entering into a contract with an EMR vendor or other third party for provision of services should understand how and when they are contributing to the collection of data for the purposes of big data analytics services. There are template data sharing agreements available, which include the basic components of safe and effective data sharing, such as the model provided by the Information and Privacy Commissioner of Ontario.23
Data sharing agreements may include general use and project-specific use, both of which physicians should assess before entering into the agreement. When EMR access is being provided to a ministry of health and/or regional health authority, the data sharing agreement should distinguish between access to administrative data and access to clinical data.
Physicians may wish to refer to the CMA's policy on Data Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records.24
3. Physician-owned and -led data collaboratives
In some provinces there may exist opportunities to share clinical data in physician-owned and -led networks to reflect on and improve patient care. One example is the Physicians Data Collaborative in British Columbia, a not-for-profit organization open to divisions of family practice.25 Collaboratives such as this one are governed by physicians and driven by a desire to protect the privacy and safety of patients while producing meaningful results for physicians in daily practice.
Participation in physician-owned data collaboratives may ensure that patient data continue to be managed by physicians, which may lead to an appropriate prioritization of physicians' obligations to balance patient-centred care and patient privacy.
4. Endorsement by a professional or other recognized association or medical society or health care organization
When considering use of big data analytics services, it is best to select services created or endorsed by a professional or other recognized association or medical society. Some health care organizations, such as hospitals, may also develop or endorse services for use in their clinical environments. Without such endorsement, physicians are advised to proceed with additional caution.
5. Scope of services and functionality/appropriateness of data
Physicians may wish to seek out information from EMR vendors and service providers about how big data analytics services complement the process of diagnosis and about the range of data sources from which these services draw. While big data analytics promises insight into population health and practice trends, if it is not drawing from an appropriate level of cross-referenced sources it may present a skewed picture of both.26 Ultimately, the physician must decide if the sources are appropriately diverse.
Physicians should expect EMR vendors and service providers to make clear how and why they draw the information they do in the provision of analytics services. Ideally, analytics services should integrate population health analytics, risk-based cost analysis, care management services (such as point-of-care decision support tools) and performance analytics.
Physicians should expect EMR vendors to allocate sufficient health informatics resources to information management, technical infrastructure, data protection and response to breaches in privacy, and data extraction and analysis.27,28
Physicians may also wish to consider the appropriateness of data analytics services in the context of their practices. Not all data will be useful for some medical specialties, such as those treating conditions that are relatively rare in the overall population. The potential for new or enhanced clinical practice tools informed by big data analytics may be restricted to primary care practice at this time.29
Finally, predictive analytics often make treatment recommendations that are designed to improve the health outcomes in a population, and these recommendations may conflict with physicians' ethical obligations to act in the best interests of individual patients and respect patients' autonomous decision-making).30
1 Canadian Medical Association. Data sharing agreements: principles for electronic medical records/electronic health records [CMA policy]. Ottawa: The Association; 2009. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD09-01.pdf
2 Canadian Medical Association. Principles concerning physician information [CMA policy]. CMAJ 2002 167(4):393-4. Available: http://policybase.cma.ca/dbtw-wpd/PolicyPDF/PD02-09.pdf
3 Canadian Medical Association. Principles for the protection of patients' personal health information [CMA policy]. Ottawa: The Association; 2010. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD11-03.pdf
4 Canadian Medical Association. Disclosing personal health information to third parties. Ottawa: The Association; 2011. Available: www.cma.ca/Assets/assets-library/document/en/advocacy/CMA_Disclosure_third_parties-e.pdf
5 Canadian Medical Association. Need to know and circle of care. Ottawa: The Association; 2011. Available: www.cma.ca/Assets/assets-library/document/en/advocacy/CMA_Need_to_know_circle_care-e.pdf
6 Canadian Medical Protective Association. The impact of big data on healthcare and medical practice. Ottawa: The Association; no date. Available: https://oplfrpd5.cmpa-acpm.ca/documents/10179/301372750/com_14_big_data_design-e.pdf
7 Kayyali B, Knott D, Van Kuiken S. The 'big data' revolution in US health care: accelerating value and innovation. New York: McKinsey & Company; 2013. p. 1.
8 College of Family Physicians of Canada, Canadian Medical Association, Royal College of Physicians and Surgeons of Canada. National physician survey, 2014. National results by FP/GP or other specialist, sex, age and all physicians. Q7. Ottawa: The Colleges and Association; 2014. Available: http://nationalphysiciansurvey.ca/wp-content/uploads/2014/08/2014-National-EN-Q7.pdf
9 Anonymous. Data, data everywhere. The Economist 2010 Feb 27. Available: www.economist.com/node/15557443
10 Anonymous. Data, data everywhere. The Economist 2010 Feb 27. Available: www.economist.com/node/15557443
11 Canada Health Infoway. Big data analytics in health. Toronto: Canada Health Infoway; 2013. Available: www.infoway-inforoute.ca/index.php/resources/technical-documents/emerging-technology/doc_download/1419-big-data-analytics-in-health-white-paper-full-report (accessed 2014 May 16).
12 Ellaway RH, Pusic MV, Galbraith RM, Cameron T. 2014 Developing the role of big data and analytics in health professional education. Med Teach 2014;36(3):216-222.
13 Marino DJ. Using business intelligence to reduce the cost of care. Healthc Financ Manage 2014;68(3):42-44, 46.
14 Porter ME, Lee TH. The strategy that will fix health care. Harv Bus Rev 2013;91(10):50-70.
15 Baggaley C. Data protection in a world of big data: Canadian Medical Protective Association information session [presentation]. 2014 Aug 20. Available: https://oplfrpd5.cmpa-acpm.ca/documents/10179/301372750/com_2014_carmen_baggaley-e.pdf
16 College of Family Physicians of Canada, Canadian Medical Association, Royal College of Physicians and Surgeons of Canada. National physician survey, 2014. National results by FP/GP or other specialist, sex, age and all physicians. Q10. Ottawa: The Colleges and Association; 2014. Available: http://nationalphysiciansurvey.ca/wp-content/uploads/2014/08/2014-National-EN-Q10.pdf
17 Canadian Primary Care Sentinel Surveillance Network. Available: http://cpcssn.ca/ (accessed 2014 Nov 15).
18 Canadian Partnership Against Cancer. Sustaining action toward a shared vision: 2012-2017 strategic plan. Toronto: The Partnership; no date. Available: www.partnershipagainstcancer.ca/wp-content/uploads/sites/5/2015/03/Sustaining-Action-Toward-a-Shared-Vision_accessible.pdf
19 Canadian Medical Association. Principles for the protection of patients' personal health information [CMA policy]. Ottawa: The Association; 2011. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD11-03.pdf
20 Canadian Medical Association. Principles for the protection of patients' personal health information [CMA policy]. Ottawa: The Association; 2011. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD11-03.pdf
21 Canadian Medical Association. Data sharing agreements: principles for electronic medical records/electronic health records [CMA policy]. Ottawa: The Association; 2009. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD09-01.pdf
22 Weber G, Mandl KD, Kohane IS. Finding the missing link for big biomedical data . JAMA 2014;311(24):2479-2480. doi:10.1001/jama.2014.4228.
23 Information and Privacy Commissioner of Ontario. Model data sharing agreement. Toronto: The Commissioner; 1995. Available: www.ipc.on.ca/images/Resources/model-data-ag.pdf
24 Canadian Medical Association. Data sharing agreements: principles for electronic medical records/electronic health records [CMA policy]. Ottawa: The Association; 2009. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD09-01.pdf
25 Physicians Data Collaborative. Overview. Available: www.divisionsbc.ca/datacollaborative/home
26 Cohen IG, Amarasingham R, Shah A, Xie B, Lo B. The legal and ethical concerns that arise from using complex predictive analytics in health care. Health Aff 2014;33(7):1139-1147.
27 Rhoads J, Ferrara L. Transforming healthcare through better use of data. Electron Healthc 2012;11(1):e27.
28 Canadian Medical Protective Association. The impact of big data and healthcare and medical practice. Ottawa: The Association; no date. Available: https://oplfrpd5.cmpa-acpm.ca/documents/10179/301372750/com_14_big_data_design-e.pdf
29 Genta RM, Sonnenberg A. Big data in gastroenterology research. Nat Rev Gastroenterol Hepatol 2014;11(6):386-390.
30 Cohen IG, Amarasingham R, Shah A, Xie B, Lo B. The legal and ethical concerns that arise from using complex predictive analytics in health care. Health Aff 2014;33(7):1139-1147.
Vision for e-Prescribing: a joint statement by the Canadian Medical Association and the Canadian Pharmacists Association
By 2015, e-prescribing will be the means by which prescriptions are generated for Canadians.
e-Prescribing is the secure electronic creation and transmission of a prescription between an authorized prescriber and a patient's pharmacy of choice, using clinical Electronic Medical Record (EMR) and pharmacy management software.
Health Information Technology (HIT) is an enabler to support clinicians in the delivery of health care services to patients. The Canadian Medical Association (CMA) and the Canadian Pharmacists Association (CPhA) each have identified e-prescribing as a key tool to deliver better value to patients. The integration of HIT into clinics and health care facilities where physicians and pharmacists provide care is a priority for both associations1.
As part of its Health Care Transformation initiative, the CMA highlighted the need to accelerate the introduction of e-prescribing in Canada to make it the main method of prescribing. In its policy on optimal prescribing the CMA noted that one of the key elements was the introduction of electronic prescribing. The CPhA, as part of its Blueprint for Pharmacy Implementation Plan, highlights information and communication technology, which includes e-prescribing, as one of five priority areas.
We applaud the ongoing efforts of Canada Health Infoway, provinces and territories to establish Drug Information Systems (DIS) and the supporting infrastructure to enable e-prescribing. We urge governments to maintain e-prescribing as a priority and take additional measures to accelerate their investments in this area.
It is our joint position that e-prescribing will improve patient care and safety. e-Prescribing, when integrated with DIS, supports enhanced clinical decision-making, prescribing and medication management, and integrates additional information available at the point of care into the clinical workflow.
The following principles should guide our collective efforts to build e-prescribing capability in all jurisdictions:
* Patient confidentiality and security must be maintained
* Patient choice must be protected
* Clinicians must have access to best practice information and drug cost and formulary data
* Work processes must be streamlined and e-prescribing systems must be able to integrate with clinical and practice management software and DIS
* Guidelines must be in place for data sharing among health professionals and for any other use or disclosure of data
* The authenticity and accuracy of the prescription must be verifiable
* The process must prevent prescription forgeries and diversion
* Pan-Canadian standards must be set for electronic signatures
Benefits of e-Prescribing
A number of these benefits will be realized when e-prescribing is integrated with jurisdictional Drug Information Systems (DIS).
o Improves patient safety and overall quality of care
o Increases convenience for dispensing of new and refill prescriptions
o Supports collaborative, team-based care
o Supports a safer and more efficient method of prescribing and authorizing refills by replacing outdated phone, fax and paper-based prescriptions
o Eliminates re-transcription and decreases risk of errors and liability, as a prescription is written only once at the point-of-care
o Supports electronic communications between providers and reduces phone calls and call-backs to/from pharmacies for clarification
o Provides Warning and Alert systems at the point of prescribing, supporting clinician response to potential contraindications, drug interactions and allergies
o Facilitates informed decision-making by making medication history, drug, therapeutic, formulary and cost information available at the point of prescribing
* Health Care System:
o Improves efficiency and safety of prescribing, dispensing and monitoring of medication therapy
o Supports access to a common, comprehensive medication profile, enhancing clinical decision-making and patient adherence
o Increases cost-effective medication use, through improved evidence-based prescribing, formulary adherence, awareness of drug costs and medication management
o Improves reporting and drug use evaluation
While evidence of the value of e-prescribing is established in the literature, its existence has not fostered broad implementation and adoption. In Canada, there are a number of common and inter-related challenges to e-prescribing's implementation and adoption. These include:
* Improving access to relevant and complete information to support decision-making
* Increasing the level of the adoption of technology at the point of care
* Focusing on systems-based planning to ensure continuum-wide value
* Integrating e-prescribing into work processes to gain support from physicians, pharmacists and other prescribers
* Increasing leadership commitment to communicate the need for change, remove barriers and ensure progress
* Updating legislation and regulation to support e-prescribing
Enabling e-Prescribing in Canada
CMA and CPhA believe that we can achieve the vision that is set out in this document and address the aforementioned challenges by working collectively on five fronts:
* Health care leadership in all jurisdictions and clinical organizations must commit to make e-prescribing a reality by 2015
* Provinces and territories, with Canada Health Infoway, must complete the building blocks to support e-prescribing by increasing Electronic Medical Record (EMR) adoption at the point of care, finishing the work on the Drug Information Systems (DIS) in all jurisdictions and building the connectivity among the points of care and the DIS systems
* Pharmacist and medical organizations in conjunction with provinces, territories and Canada Health Infoway must identify clear benefits for clinicians (enhancing the effectiveness of care delivery and in efficiencies in changing workflows) to adopt e-prescribing and focus their efforts on achieving these benefits in the next three years
* Provinces, territories and regulatory organizations must create a policy/regulatory environment that supports e-prescribing which facilitates the role of clinicians in providing health care to their patients
* Provinces and territories must harmonize the business rules and e-health standards to simplify implementation and conformance by software vendors and allow more investment in innovation.
1 Health Care Transformation in Canada, Canadian Medical Association, June 2010; Blueprint for Pharmacy Implementation Plan, Canadian Pharmacists Association, September 2009
Principles concerning physician information (CMA policy – approved June 2002)
In an environment in which the capacity to capture, link and transmit information is growing and the need for fuller accountability is being created, the demand for physician information, and the number of people and organizations seeking to collect it, is increasing.
Physician information, that is, information that includes personal health information about and information that relates or may relate to the professional activity of an identifiable physician or group of physicians, is valuable for a variety of purposes. The legitimacy and importance of these purposes varies a great deal, and therefore the rationale and rules related to the collection, use, access and disclosure of physician information also varies. The Canadian Medical Association (CMA) developed this policy to provide guiding principles to those who collect, use, have access to or disclose physician information. Such people are termed “custodians,” and they should be held publicly accountable. These principles complement and act in concert with the CMA Health Information Privacy Code (1), which holds patient health information sacrosanct.
Physicians have legitimate interests in what information about them is collected, on what authority, by whom and for what purposes it is collected, and what safeguards and controls are in place. These interests include privacy and the right to exercise some control over the information; protection from the possibility that information will cause unwarranted harm, either at the individual or the group level; and assurance that interpretation of the information is accurate and unbiased. These legitimate interests extend to information about physicians that has been rendered in non-identifiable or aggregate format (e.g., to protect against the possibility of individual physicians being identified or of physician groups being unjustly stigmatized). Information in these formats, however, may be less sensitive than information from which an individual physician can be readily identified and, therefore, may warrant less protection.
The purposes for the use of physician information may be more or less compelling. One compelling use is related to the fact that physicians, as members of a self-regulating profession, are professionally accountable to their patients, their profession and society. Physicians support this professional accountability purpose through the legislated mandate of their regulatory colleges. Physicians also recognize the importance of peer review in the context of professional development and maintenance of competence.
The CMA supports the collection, use, access and disclosure of physician information subject to the conditions outlined below.
Purpose(s): The purpose(s) for the collection of physician information, and any other purpose(s) for which physician information may be subsequently used, accessed or disclosed, should be precisely specified at or before the collection. There should be a reasonable expectation that the information will achieve the stated purpose(s). The policy does not prevent the use of information for purposes that were not intended and not reasonably anticipated if principles 3 and 4 of this policy are met.
Consent: As a rule, information should be collected directly from the physician. Subject to principle 4, consent should be sought from the physician for the collection, use, access or disclosure of physician information. The physician should be informed about all intended and anticipated uses, accesses or disclosures of the information.
Conditions for collection, use, access and disclosure: The information should:
be limited to the minimum necessary to carry out the stated purpose(s),
be in the least intrusive format required for the stated purpose(s), and its collection, use, access and disclosure should not infringe on the physician’s duty of confidentiality with respect to that information.
Use of information without consent: There may be justification for the collection, use, access or disclosure of physician information without the physician’s consent if, in addition to the conditions in principle 3 being met, the custodian publicly demonstrates with respect to the purpose(s), generically construed, that:
the stated purpose(s) could not be met or would be seriously compromised if consent were required,
the stated purpose(s) is(are) of sufficient importance that the public interest outweighs to a substantial degree the physician’s right to privacy and right of consent in a free and democratic society, and
that the collection, use, access or disclosure of physician information with respect to the stated purpose(s) always ensures justice and fairness to the physician by being consistent with principle 6 of this policy.
Physician’s access to his or her own information: Physicians have a right to view and ensure, in a timely manner, the accuracy of the information collected about them. This principle does not apply if there is reason to believe that the disclosure to the physician will cause substantial adverse effect to others. The onus is on the custodian to justify a denial of access.
6. Information quality and interpretation: Custodians must take reasonable steps to ensure that the information they collect, use, gain access to or disclose is accurate, complete and correct. Custodians must use valid and reliable collection methods and, as appropriate, involve physicians to interpret the information; these physicians must have practice characteristics and credentials similar to those of the physician whose information is being interpreted.
7. Security: Physical and human safeguards must exist to ensure the integrity and reliability of physician information and to protect against unauthorized collection, use, access or disclosure of physician information.
8. Retention and destruction: Physician information should be retained only for the length of time necessary to fulfill the specified purpose(s), after which time it should be destroyed.
9. Inquiries and complaints: Custodians must have in place a process whereby inquiries and complaints can be received, processed and adjudicated in a fair and timely way. The complaint process, including how to initiate a complaint, must be made known to physicians.
10. Openness and transparency: Custodians must have transparent and explicit record-keeping or database management policies, practices and systems that are open to public scrutiny, including the purpose(s) for the collection, use, access and disclosure of physician information. The existence of any physician information record-keeping systems or database systems must be made known and available upon request to physicians.
11. Accountability: Custodians of physician information must ensure that they have proper authority and mandate to collect, use, gain access to or disclose physician information. Custodians must have policies and procedures in place that give effect to the principles in this document. Custodians must have a designated person who is responsible for monitoring practices and ensuring compliance with the policies and procedures.
(1) Canadian Medical Association. Health Information Privacy Code. CMAJ 1998;159(8):997-1016.
GUIDING PRINCIPLES FOR PHYSICIAN ELECTRONIC MEDICAL RECORDS (EMR) ADOPTION IN AMBULATORY CLINICAL PRACTICE
The following principles outline what is important to physicians and why as they make the decision to adopt electronic medical record systems (EMRs) in ambulatory clinical practice.
Physician adoption of the EMR has the potential to transform patient care and the quality of health statistics and health research in Canada, as long as the right conditions are met and the guiding principles outlined here are adhered to. Adoption of EMRs in clinical ambulatory practices will lead to significant improvements in data comprehensiveness, clinical relevance and quality — and this, in turn, will lead to improved clinical decision support, core data sets and health statistics that meet the primary goal of enhancing health care delivery, treatment and outcomes.
Privacy. A physician’s ethical and legal responsibility as data steward of the patient’s medical information must be protected and enhanced.1
Choice. There must be appropriate independence of choice that respects physicians’ professional and business autonomy. Physicians must be free to choose the EMR product that best meets the needs of their practice model, type and size.
Voluntary. Physician adoption of EMRs must be voluntary, not mandated or coerced.
Non-discriminatory. Programs designed to offset physicians’ costs or encourage them to adopt EMRs must be non-discriminatory (i.e., not tied to a single EMR product or health care practice model). While such restrictions may be attractive to some payors and administrators, they discriminate against physicians who do not meet their criteria and risk creating two “classes” of physicians and patients.
Outcome-related incentives. Incentives for EMR adoption should be tied to clinical benefits and outcomes, not driven by cost containment. Financial incentives or bonuses that are tied to clinical outcomes may encourage EMR utilization and optimize the use of these systems in ambulatory clinical practices.
1 For more detail on the physician’s ethical responsibilities as data steward of patient information please refer to the CMA Code of Ethics and Professionalism, Guiding Principles for the Optimal Use of Data Analytics by Physicians at the Point of Care, and Guiding Principles for Physicians Recommending Mobile Health Applications to Patients.
Unrestricted. Funding for EMRs in physician offices must be equally available to all physicians, and not restricted to a single EMR product or physician practice model.
Funding. Cost analyses have determined that the majority of the benefits from EMRs accrue to the health care system (i.e., payors and patients) and not to individual physicians. It is only reasonable that those who benefit most should assume the costs.
Comprehensive. The cost of implementing an EMR system goes beyond acquisition of hardware and software. Funding for physician adoption of EMRs must be comprehensive and include costs associated with the initial purchase, as well as implementation, change management, ongoing operation, and evergreening of the system.
Save harmless. Early adoptors who need to update or replace their existing systems, as well as physicians whose EMR vendor goes out of business, must not be disadvantaged. These physicians must not be penalized or excluded from funding programs, and should be provided with the necessary transition support.
Vendor sustainability. Vendor stability is critical to EMR adoption by physicians. This can be achieved through vendor compliance with technical and business requirements that address fiscal sustainability as well as EMR product quality, technical standards and capabilities.
Due diligence. Because physician practices vary in type, size and needs, there is no “one-size-fits-all” EMR solution. Physicians must assess the needs of their individual practice to determine the best product.
Workflow re-engineering. Implementation of EMRs in ambulatory clinical practice may require workflow adjustment or re-engineering. Assessments of workflow and practice needs must be part of EMR change management programs.
HR impact. Adoption of EMRs in ambulatory clinical practices will have an impact on human resources. Provision should be made for physician and office staff retraining, retention and turnover.
Support and service agreements. Physician use of EMRs in ambulatory clinical practice requires appropriate support and service agreements not only to provide the necessary infrastructure and connectivity, but also to guarantee ongoing, accessible and reliable technical support. Physicians must be able to access patient records in their EMR system at all times, regardless of where the records are physically stored (e.g., off-site with an alternate service provider, or onsite in a local client server).
Risk management strategies (liability and insurance) tied to EMR adoption must address the privacy, security, business continuity and professional liability requirements of physician practice in an electronic environment.
Change management and transition
Critical to success. To fully realize the benefits from EMR adoption, the move from paper to electronic records requires change management support and services geared specifically to physician EMR adoption.
Ongoing. Change management is a key success factor in driving both uptake and optimal utilization of EMRs in ambulatory clinical practice. To realize the full benefits of EMR adoption on health care outcomes, physician change management programs must be ongoing, not one-time.
Comprehensive. Comprehensive change management for physicians who adopt EMRs must include the tools and services to assist with system needs assessment, EMR selection, implementation, workflow adjustment, and training for physicians and staff, as well as suggestions to maximize use of the EMR.
Physician driven and designed. Change management must meet the real and individual needs of physicians as they move to an EMR-based practice. This requires flexibility (not one-size-fits-all), “just in time” capacity and delivery, and a mechanism for evaluating the program.
Payor funded and delivered. Delivery and costs of these programs should be borne by payors as part of any physician EMR funding programs or agreements.
Usability and human factors
User interface and usability. User interface and usability of EMR systems are critical success factors for physician acceptance and optimal utilization of EMRs in clinical practice.
Workflow. EMR adoption requires changes to physician workflow, such as history-taking and charting. Done properly, workflow changes related to EMRs should result in administrative efficiencies and improved clinical outcomes.
Core principles of practice must be respected. The EMR must allow the physician to practice comprehensive care, efficiently manage patients with multiple problems and respect the doctor-patient relationship where the patient’s values, wishes, advance directives and physical and social function are integral to medical care.
Training and education. Training in the use, benefits, shortcomings and opportunities of an EMR must become part of the medical education curricula in all stages of physician practice: undergraduate, postgraduate and continuing medical education.
Standardized data. Large data sets that record every observation are unworkable in practice. The EMR must allow the physician to record and access data in a standardized way.
Data quality. Data quality is critical to patient care. Physicians require access to accurate, clinically relevant data. Inaccurately recorded and unfiltered data does not benefit patient care.
Clinical patient care
Management of patient records. EMR systems allow physicians to quickly access and manage patient data in an organized fashion (e.g., search, sort and retrieve data, spot trends, or flag charts). This leads to more efficient practices and enhances care delivery.
Referrals and patient summaries. The ability to transmit referral requests and reports electronically using an EMR greatly facilitates the consultation process. Core clinical data sets generated from the EMR can be used to share or hand off patient care among providers, facilitating both continuity of care and emergency access to relevant data.
Drugs and lab reports. Physician use of an EMR permits drug and lab data to be recorded and shared more accurately and efficiently. Benefits to patient care include automated prescription renewals, quick identification of patients affected by drug alerts, and collation of lab data to show trends.
Decision support. EMR adoption in ambulatory clinical practice makes clinical decision support (i.e., access to timely, appropriate, evidence-based information) possible at the point of care. This has the potential to enhance patient safety, care delivery and health outcomes.
Patient values and autonomy. Patient values and autonomy cannot become secondary to the "data management" requirements of the EMR. An EMR must provide the same (or better) standards of patient confidentiality as traditional paper-based records.
Accessibility. Patient data must always be collected and stored in an EMR with the primary goal of improving individual patient care. Data accessibility for clinical care is more important than compiling a large common data set.
Standardized data. Primary care is driven by symptoms, not diagnoses, and both must be recorded in the EMR in a standardized way.
Clinical coding. Primary care disorders are low-prevalence and will require a high degree of precision when data are coded.
Evidence-based care models. The episode-of-care data model demonstrates how symptoms and symptom clusters evolve over time. It is possible to derive the sensitivity and specificity of symptoms and symptom clusters to improve pre-test likelihood and avoid unproductive testing.
Core and aggregate data. Standardized data means that core data sets can be combined, and their aggregation allows identification and analysis of rarer conditions.
Clinical photography is a valuable tool for physicians. Smartphones, as well as other devices supporting network connectivity, offer a convenient, efficient method to take and share images. However, due to the private nature of the information contained in clinical photographs there are concerns as to the appropriate storage, dissemination, and documentation of clinical images. Confidentiality of image data must be considered and the dissemination of these images onto servers must respect the privacy and rights of the patient. Importantly, patient information should be considered as any information deriving from a patient, and the concepts outlined therefore apply to any media that can be collected on, or transmitted with, a smart-device.
Clinical photography can aid in documenting form and function, in tracking conditions and wound healing, in planning surgical operations, and in clinical decision-making. Additionally, clinical photographs can provide physicians with a valuable tool for patient communication and education. Due to the convenience of this type of technology it is not appropriate to expect physicians to forego their use in providing their patients with the best care available.
The technology and software required for secure transfer, communication, and storage of clinical media is presently available, but many devices have non-secure storage/dissemination options enabled and lack user-control for permanently deleting digital files. In addition, data uploaded onto server systems commonly cross legal jurisdictions. Many physicians are not comfortable with the practice, citing security, privacy, and confidentiality concerns as well as uncertainty in regards to regional regulations governing this practice.1 Due to concern for patient privacy and confidentiality it is therefore incredibly important to limit the unsecure or undocumented acquisition or dissemination of clinical photographs.
To assess the current state of this topic, Heyns et al. have reviewed the accessibility and completeness of provincial and territorial medical regulatory college guidelines.2 Categories identified as vital and explored in this review included: Consent; Storage; Retention; Audit; Transmission; and Breach. While each regulatory body has addressed limited aspects of the overall issue, the authors found a general lack of available information and call for a unified document outlining pertinent instructions for conducting clinical photography using a smartphone and the electronic transmission of patient information.2
The discussion of this topic will need to be ongoing and it is important that physicians are aware of applicable regulations, both at the federal and provincial levels, and how these regulations may impact the use of personal devices. The best practices supported here aim to provide physicians and healthcare providers with an understanding of the scope and gravity of the current environment, as well as the information needed to ensure patient privacy and confidentiality is assessed and protected while physicians utilize accessible clinical photography to advance patient care. Importantly, this document only focusses on medical use (clinical, academic, and educational) of clinical photography and, while discussing many core concepts of patient privacy and confidentiality of information, should not be perceived as a complete or binding framework. Additionally, it is recommended that physicians understand the core competencies of clinical photography, which are not described here.
The Canadian Medical Association (CMA) suggests that the following recommendations be implemented, as thoroughly as possible, to best align with the CMA policy on the Principles for the Protection of Patient Privacy (CMA Policy PD2018-02). These key recommendations represent a non-exhaustive set of best practices - physicians should seek additional information as needed to gain a thorough understanding and to stay current in this rapidly changing field.
* Informed consent must be obtained, preferably prior, to photography with a mobile device. This applies for each and any such encounter and the purpose made clear (i.e. clinical, research, education, publication, etc.). Patients should also be made aware that they may request a copy of a picture or for a picture to be deleted.
* A patient's consent to use electronic transmission does not relieve a physician of their duty to protect the confidentiality of patient information. Also, a patient's consent cannot override other jurisdictionally mandated security requirements.
* All patient consents (including verbal) should be documented. The acquisition and recording of patient consent for medical photography/dissemination may be held to a high standard of accountability due to the patient privacy and confidentiality issues inherent in the use of this technology. Written and signed consent is encouraged.
* Consent should be considered as necessary for any and all photography involving a patient, whether or not that patient can be directly recognized, due to the possibility of linked information and the potential for breach of privacy. The definition of non-identifiable photos must be carefully considered. Current technologies such as face recognition and pattern matching (e.g. skin markers, physical structure, etc.), especially in combination with identifying information, have the potential to create a privacy breach.
* Unsecure text and email messaging requires explicit patient consent and should not be used unless the current gold standards of security are not accessible. For a patient-initiated unsecure transmission, consent should be clarified and not assumed.
* Transmission of photos and patient information should be encrypted as per current-day gold standards (presently, end-to-end encryption (E2EE)) and use only secure servers that are subject to Canadian laws. Explicit, informed consent is required otherwise due to privacy concerns or standards for servers in other jurisdictions. Generally, free internet-based communication services and public internet access are unsecure technologies and often operate on servers outside of Canadian jurisdiction.
* Efforts should be made to use the most secure transmission method possible. For data security purposes, identifying information should never be included in the image, any frame of a video, the file name, or linked messages.
* The sender should always ensure that each recipient is intended and appropriate and, if possible, receipt of transmission should be confirmed by the recipient.
* Storing images and data on a smart-device should be limited as much as possible for data protection purposes.
* Clinical photos, as well as messages or other patient-related information, should be completely segregated from the device's personal storage. This can be accomplished by using an app that creates a secure, password-protected folder on the device.
* All information stored (on internal memory or cloud) must be strongly encrypted and password protected. The security measures must be more substantial than the general password unlock feature on mobile devices.
* Efforts should be made to dissociate identifying information from images when images are exported from a secure server. Media should not be uploaded to platforms without an option for securely deleting information without consent from the patient, and only if there are no better options. Automatic back-up of photos to unsecure cloud servers should be deactivated. Further, other back-up or syncing options that could lead to unsecure server involvement should be ascertained and the risks mitigated.
4. Cloud storage should be on a Canadian and SOCII certified server. Explicit, informed consent is required otherwise due to privacy concerns for servers in other jurisdictions.
5. AUDIT & RETENTION
* It is important to create an audit trail for the purposes of transparency and medical best practice. Key information includes patient and health information, consent type and details, pertinent information regarding the photography (date, circumstance, photographer), and any other important facts such as access granted/deletion requests.
* Access to the stored information must be by the authorized physician or health care provider and for the intended purpose, as per the consent given. Records should be stored such that it is possible to print/transfer as necessary.
* Original photos should be retained and not overwritten.
* All photos and associated messages may be considered part of the patient's clinical records and should be maintained for at least 10 years or 10 years after the age of majority, whichever is longer. When possible, patient information (including photos and message histories between health professionals) should be retained and amalgamated with a patient's medical record. Provincial regulations regarding retention of clinical records may vary and other regulations may apply to other entities - e.g. 90 years from date of birth applies to records at the federal level.
* It may not be allowable to erase a picture if it is integral to a clinical decision or provincial, federal, or other applicable regulations require their retention.
* Any breach should be taken seriously and should be reviewed. All reasonable efforts must be made to prevent a breach before one occurs. A breach occurs when personal information, communication, or photos of patients are stolen, lost, or mistakenly disclosed. This includes loss or theft of one's mobile device, texting to the wrong number or emailing/messaging to the wrong person(s), or accidentally showing a clinical photo that exists in the phone's personal photo album.
* It should be noted that non-identifying information, when combined with other available information (e.g. a text message with identifiers or another image with identifiers), can lead to highly accurate re-identification.
* At present, apps downloaded to a smart-device for personal use may be capable of collecting and sharing information - the rapidly changing nature of this technology and the inherent privacy concerns requires regular attention. Use of specialized apps designed for health-information sharing that help safeguard patient information in this context is worth careful consideration.
* Having remote wipe (i.e. device reformatting) capabilities is an asset and can help contain a breach. However, inappropriate access may take place before reformatting occurs.
* If a smartphone is strongly encrypted and has no clinical photos stored locally then its loss may not be considered a breach.
* In the event of a breach any patient potentially involved must be notified as soon as possible. The CMPA, the organization/hospital, and the Provincial licensing College should also be contacted immediately. Provincial regulations regarding notification of breach may vary.
Approved by the CMA Board of Directors March 2018
i Heyns M†, Steve A‡, Dumestre DO‡, Fraulin FO‡, Yeung JK‡
† University of Calgary, Canada
‡ Section of Plastic Surgery, Department of Surgery, University of Calgary, Canada
1 Chan N, Charette J, Dumestre DO, Fraulin FO. Should 'smart phones' be used for patient photography? Plast Surg (Oakv). 2016;24(1):32-4.
2 Unpublished - Heyns M, Steve A, Dumestre DO, Fraulin FO, Yeung J. Canadian Guidelines on Smartphone Clinical Photography.
Patients have a right to privacy and physicians have a duty of confidentiality arising from the patient-physician relationship to protect patient privacy. The right to privacy flows from the principle of respect for patient autonomy, based on the individual's right to conduct and control their lives as they choose.1 When approaching any ethical question around privacy, the principle of respect for patient autonomy must be balanced against other competing principles (e.g. beneficence, non-maleficence).
The protection of privacy and the concomitant duty of confidentiality are essential to foster trust in the patient-physician-relationship, the delivery of good patient care and a positive patient care experience. Privacy protection is an important issue for Canadians,2 and research suggests that patients may withhold critical health information from their health care providers because of privacy concerns.3 Patients will be more willing to share complete and accurate information if they have a relationship of trust with their physician and are confident that their information will be protected.4
In today's ever-evolving technological environment and due to the shift away from the traditional (paternalistic) physician-patient relationship, patients, physicians and other public and private stakeholders are using and sharing personal health information in new and innovative ways. This raises new challenges for clinical practice and, crucially, how to navigate expanded uses of data via the use of new technologies and the requirements of patient privacy.
Institutions, clinics, and physician-group practices may share responsibility with the physician for the protection of patient information. There is thus a tension between physician and institutional responsibilities to protect patient information, challenged by the rapidly changing use and adoption of new technologies. While this will continue to redefine expectations of privacy and confidentiality, there are several foundational principles that remain unchanged.
SCOPE OF POLICY
The Canadian Medical Association (CMA) Principles for the Protection of Patients' Personal Health Information aim to provide guidance on key ethical considerations pertinent to the protection of patient information in a way that takes into account a physician's (including medical learner) ethical, professional, and legal obligations. The Principles are not designed to serve as a tool for legislative compliance in a particular jurisdiction or to provide a standard of care. Physicians should be aware of privacy legislation in the jurisdiction in which they practice, the standards and expectations specified by their respective regulatory authorities (including Privacy Commissioners), publications and risk management education provided by the CMPA as well as policies and procedures of any given setting (e.g., a regional health authority or a hospital).
SUBSTANTIVE PRINCIPLES THAT GUIDE THE OBLIGATIONS OF THE PHYSICIAN TO PROTECT PATIENT PRIVACY
* Trust is the cornerstone of the patient-physician relationship and plays a central role in providing the highest standard of care.
* Physicians and their patients build relationships of trust that enable open and honest dialogue and foster patients' willingness to share deeply personal information (often) in conditions of vulnerability.
* Physicians can cultivate and maintain patient trust by, unless the consent of the patient has been obtained to do otherwise, collecting health information only to benefit the patient, by sharing information only for that purpose, and by keeping patient information confidential; patient trust has been found to be the most powerful determinant of the level of control patients want over their medical records.5
* To maintain trust, physicians must consider the duty to care and the duty not to harm the patient in evaluating privacy requirements.
* The extent to which a patient expects (and may tolerate a loss of) privacy and confidentiality is culturally and individually relative.6
* Physicians owe a duty of confidentiality to their patients; there is both an ethical (respect for autonomy) and a legal basis imposed by privacy legislation) for this duty.
* The duty to maintain patient confidentiality, like trust, is fundamental to the therapeutic nature of the patient-physician relationship; it creates conditions that allow patients to openly and confidently share complete health information, resulting in a stronger physician-patient relationship and better delivery of care.7
* The duty to maintain patient confidentiality means that physicians do not share the health information with anyone outside of the patient's circle of care, unless authorized to do so by the patient.1,8 There are varying interpretations of what constitutes the patient's circle of care; this depends on the facts of the situation and the jurisdiction.9
* Privacy requirements raise complex issues in learning environments and quality improvement initiatives. It is desirable that any of the patient's physicians who will have ongoing care interactions with the patient can remain included in information-sharing about the patient.
* Shared electronic health records present challenges to confidentiality. For example, patients may wish to limit some aspects of their record to only some providers within their circle of care.10
* In practice, respecting privacy and the duty of confidentiality govern the physician's role as data steward, responsible for controlling the extent to which information about the person is protected, used or disclosed.11 A central rule to balancing a patient's right to privacy and the duty of confidentiality is the "minimum necessary" use and disclosure of personal health information, whereby a data steward should use or disclose only the minimum amount of information necessary to fulfil the intended purpose. In some circumstances, de-identifying or aggregating personal health information before use or disclosure can minimize the amount of information disclosed.12
* The duty to maintain patient confidentiality is not absolute and is subject to exceptions in limited circumstances,13 i.e., when required or permitted by law to disclose information (see below in Data Stewardship: Collection, use and disclosure of personal health information).
* Patient consent is an important mechanism for respecting patient autonomy; obtaining voluntary and informed consent to share patient information is fundamental to the protection of privacy and the duty of confidentiality.
* Physicians are generally required to obtain informed consent from the patient before they can disclose the patient's personal health information. Consent is only informed if there is disclosure of matters that a reasonable person in the same circumstances would want to know, including 1) to whom the patient information will be disclosed, 2) whether it could be disclosed to other third parties, and 3) the purpose for which it could be used or disclosed.
* While informed consent is required as a general rule, physicians may infer that they have the patient's implied consent to collect, use, disclose and access personal health information 1) for the purpose of providing or assisting in providing care (i.e., share only the necessary information with those involved within the patient's circle of care); and 2) to store personal health information in a medical record (i.e., paper, electronic, or hospital-based). Physicians will want to consider if it is appropriate in the circumstances to advise the patient when a disclosure has been made.
* When the patient is a minor, the physician must consider whether it is the parent or the child who determines the use and disclosure of the minor's personal health information. A young person who is deemed to understand fully the implications of a decision regarding proposed collection, use or disclosure of personal health information is generally deemed to have control over their personal health information with respect to the decision.
* Where the patient is not capable to provide the required consent (e.g. is deemed to be incompetent), physicians must seek consent from the patient's substitute decision-maker.
4. Physician as data steward
* As data stewards, physicians have the responsibility to understand their role in protecting patient privacy and appropriate access to patient information.
* The information contained in the medical record belongs to the patient who has a general right of access to their personal health information, and the right to control the use and further disclosure and to the continued confidentiality of that information.
* A data steward (e.g., physician, institution or clinic) holds the physical medical record in trust for the care and benefit of the patient.14
* Physicians should provide their patients access to their medical record, if requested.15 (See below in Data Stewardship: Access to personal information).
* Physicians ought to have appropriate access to personal health information and have the ability to provide their patients with access to their medical record. Appropriate access should be interpreted to include access for patient follow up (as part of the duty to care) and review for the purpose of improving patient care.
* Physicians should consider consulting available resources to assist them in fulfilling their duties as data stewards.
PROCEDURAL PRINCIPLES THAT GUIDE THE APPLICATION OF PHYSICIAN OBLIGATIONS
Physicians must manage personal health information in compliance with relevant legislation that establishes rules governing the access, collection, use, disclosure, and retention of personal health information, provincial privacy laws, and professional expectations and regulations specified by their respective regulatory authorities.
1. Data Stewardship: Access to personal information
* Patients have a right of reasonable access to the personal health information in their medical record (i.e., paper, electronic, or hospital-based) under the control or in the custody of a physician, institution, or clinic.
* In exceptional situations, physicians can refuse to release the information in the patient's medical record.
2. Data Stewardship: Collection, use and disclosure of personal health information
* There are circumstances where there are required (e.g., monitoring of claims for payment, subpoenas) and permitted disclosures of personal health information without patient consent (e.g., where the maintenance of confidentiality would result in a significant risk of substantial harm to the patient or to others).
* Security safeguards must be in place to protect personal health information in order to ensure that only authorized collection, use, disclosure or access occurs.
* Physicians play an important role in educating patients about possible consensual and non-consensual uses and disclosures that may be made with their personal health information, including secondary uses of data for, e.g., epidemiological studies, research, education, and quality assurance, that may or may not be used with explicit consent.
3. Data Stewardship: Retention of personal health information
* Personal health information should be retained for the period required by any applicable legislation and as specified by their respective regulatory authorities. It may be necessary to maintain personal health information beyond the applicable period where there is a pending or anticipated legal proceeding related to the care provided to the patient.
* Likewise, physicians should transfer and dispose of personal health information in compliance with any applicable legislation and professional expectations outlined by their respective regulatory authorities.
* Physicians are encouraged to seek technical assistance and advice on the secure transfer, disposal, and/or selling of electronic records.15
4. Data Stewardship: Use of technology
* Physicians should obtain patient consent to use electronic means and/or devices for patient care (e.g., sending digital photographs) and for communicating patient information (e.g., the use of email). To obtain informed consent, physicians should explain to patients that there are necessary benefits and risks in using technologies in clinical contexts. The CMPA has provided a written consent form to that effect that can be included in the patient's medical record.
* As a general practice, physicians are encouraged to make use of technological innovations and must evaluate whether the technology is appropriate for patient care and has reasonable safeguards to protect patient privacy.
Approved by the CMA Board of Directors December 2017
See also Background to CMA Policy Principles for the Protection of Patient Privacy
1 Martin JF. Privacy and confidentiality. In: ten Have H, Gordijn B (Eds). Handbook of global bioethics. New York: Springer, Dordrecht; 2014. p.119-37.
2 Office of the Privacy Commissioner of Canada. Canadians and privacy final report. Gatineau: Office of the Privacy Commissioner of Canada; 2009. Available: https://www.priv.gc.ca/information/por-rop/2009/ekos_2009_01_e.asp (accessed 2017 Nov 17).
3 Canadian Medical Protective Association (CMPA). Privacy and a wired world - Protecting patient health information. Ottawa: CMPA; 2011 Dec. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2011/privacy-and-a-wired-world-protecting-patient-health-information (accessed 2017 Nov 17).
4 Royal College of Physicians and Surgeons of Canada (RCPSC). Duty of confidentiality. Ottawa: RCPSC; 2017. Available: http://www.royalcollege.ca/rcsite/bioethics/cases/section-3/duty-confidentiality-e (accessed 2017 Dec 15).
5 Damschroder LJ, Pritts JL, Neblo MA, Kalarickal RJ, Creswell JW, Hayward RA. Patients, privacy and trust: patients' willingness to allow researchers to access their medical records. Soc Sci Med 2007;64:223-35.
6 Campbell JI, Eyal N, Musiimenta A, Haberer JE. Ethical questions in medical electronic adherence monitoring. J Gen Intern Med 2016;31:338-42. Available: https://link.springer.com/content/pdf/10.1007%2Fs11606-015-3502-4.pdf (accessed 2017 Nov 17).
7 Crook MA. The risks of absolute medical confidentiality. Sci Eng Ethics 2013;19:107-22.
8 Cohen I, Hoffman A, Sage W (Eds). The Oxford Handbook of U.S. Health Law. New York: Oxford University Press; 2015.
9 Canadian Medical Protective Association (CMPA). The voice of professionalism within the system of care. Ottawa: CMPA; 2012 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2012/the-voice-of-professionalism-within-the-system-of-care (accessed 2017 Nov 17).
10 Canadian Medical Protective Association (CMPA). Did you know? Patients can restrict access to their health information. Ottawa: CMPA; 2017 Nov. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2017/did-you-know-patients-can-restrict-access-to-their-health-information (accessed 2017 Nov 17).
11 Francis JG, Francis LP. Privacy, confidentiality, and justice. J Soc Philos 2014;45:408-31.
12 Burkle CM, Cascino GD. Medicine and the media: balancing the public's right to know with the privacy of the patient. Mayo Clin Proc 2011;86:1192-6.
13 Canadian Medical Protective Association (CMPA). When to disclose confidential information. Ottawa: CMPA; 2015 Mar. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2015/when-to-disclose-confidential-information (accessed 2017 Nov 17).
14 Canadian Medical Protective Association (CMPA). Releasing a patient's personal health information: What are the obligations of the physician? Ottawa: CMPA; 2012 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2012/releasing-a-patient-s-personal-health-information-what-are-the-obligations-of-the-physician (accessed 2017 Nov 17).
15 Canadian Medical Protective Association (CMPA). Protecting patient health information in electronic records. Ottawa: CMPA; 2013 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2013/protecting-patient-health-information-in-electronic-records (accessed 2017 Nov 17).
(c) 2017 Canadian Medical Association. You may, for your non-commercial use, reproduce, in whole or in part and in any form or manner, unlimited copies of CMA Policy Statements provided that credit is given to Canadian Medical Association.
BACKGROUND TO CMA POLICY
PRINCIPLES FOR THE PROTECTION OF PATIENT PRIVACY
See also CMA Policy on Principles for the Protection of Patient Privacy
The advent of Electronic Medical Records, the rapid spread of mobile health apps, and the increasing use of social media within the health care community, have each created new challenges to maintaining a duty of confidentiality within the physician-patient relationship. These technologies present both opportunities and challenges with respect to medical professionalism.1 The permeation of these types of interactions into everyday life now places physicians in new situations that some find difficult to navigate.2 These challenges will only increase in the coming years, as the use of online technologies in health care is continuously growing.3 Canada is only in the early stages of managing the emerging issues of technology-induced errors that compromise privacy in the health care setting.4 Therefore, this paper will briefly discuss the importance of protecting privacy, followed by an overview of the main challenges to maintaining privacy as the physician-patient relationship evolves at the backdrop of emerging technologies.
Privacy and Confidentiality
The overlapping, but not identical, principles of the protection of privacy and the duty of confidentiality are essential to the physician-patient relationship. These principles not only foster trust, but also the delivery of effective and lasting care. Rooted in the Hippocratic Oath, the modern-day right to privacy flows from the principle of autonomy, which attributes to individuals the right to conduct and control their lives as they choose.5 Privacy protection is an important issue to Canadians,6 with research suggesting that patients may even withhold critical health information because of privacy concerns.7 Health care professionals are bound by legal and ethical standards to maintain privacy and confidentiality of patient information.8 Physicians must therefore be aware of the implications of privacy legislation specific to their jurisdiction.7 The duty to protect patient privacy is important to uphold, as health information can potentially be identifiable and sensitive; the confidentiality of this information must therefore be protected to ensure that patient privacy is not breached. 9 While the traditional, and largely obsolete, models of the physician-patient relationship involve a unidirectional flow of information, the ease at which patients can now access medical information through the Internet, and the use of social media within the health care community, have reinterpreted how information is communicated from physician to patient, and vice versa.10 We must therefore re-define expectations of privacy and confidentiality, first by distinguishing one from the other.
The terms "privacy" and "confidentiality" are often used interchangeably by both researchers and clinicians. Several bioethics discussions on the distinction between these terms places confidentiality under the umbrella of privacy.11 While confidentiality involves the information itself, which is disclosed or not, privacy is about the impact of that disclosure on the person.9 Privacy seems to be more intimately linked to the individual, focusing on the circumstances under which the information is used.12-13 Confidentiality, on the other hand, is a duty that health professionals have towards their patients to not share the information exchanged during their encounter, unless authorized by the patient.5,12 In practice, the duty of confidentiality governs the physician's role as data stewards, responsible for controlling the extent to which information about the person is protected, used or disclosed.14 As one paper describes, "privacy is invaded, confidentiality is breached."13
From a patient perspective, it is important to respect and protect privacy because it allows individuals time and space to share their concerns without feeling judged or misunderstood,11 resulting in a stronger physician-patient relationship and better delivery of care. However, from a research perspective, a fine balance must be struck between using accurate information while still upholding the privacy rights of individuals.11 As such, the argument for absolute confidentiality puts a near impossible burden on research clinicians.11 Moreover, from a public safety perspective, a physician may be morally and legally required to break confidentiality in order to protect both the patient and others who may be involved. The challenge is to balance the traditional goal of confidentiality - to protect patient privacy and interest - with that of third parties and public health.5 Therefore, a central rule to balancing confidentiality with a patients' right to privacy is the "minimum necessary" use and disclosure of personal health information, whereby a data steward should use or disclose only the minimum amount of information necessary to fulfil the intended purpose.8 It is equally important to recognize that the extent to which a patient may tolerate a loss of privacy is culturally and individually relative.15 Health care providers have a legal and ethical obligation to keep patient health information private, sharing it only with the authorization of the patient.16 Informed consent, therefore, appears to be a fundamental requirement to upholding confidentiality and patient privacy rights.
While emerging privacy issues touch many areas of practice, this section will emphasize three of the most prominent issues in recent literature: access and use of information, electronic medical and health records and, online communication and social media.
1. Technological change and institutional data stewardship
In today's ever-evolving technological environment, including the emergence of shared electronic health records, online communication, social media, mobile applications, and big data, physicians, patients and other public and private stakeholders are using and sharing personal health information in new and innovative ways. The traditional (paternalistic) model of the physician-patient relationship involved a bidirectional flow of information. However, the ease at which patients can now access medical information from alternative sources via the Internet, and the use of social media within the health care community, has redefined how information is communicated from physician to patient, and vice versa.10 This raises new challenges for clinical practice, specifically how to navigate expanded access of data via the use of new technologies and the requirements of patient privacy by effectively managing security concerns.
In many situations, the physician may not be the sole or primary custodian of (i.e., control access to) the patient's records once the health information is collected. Institutions, clinics, and physician-group practices may also have responsibility for patient information and therefore play an important role in ensuring it is protected. There is thus a grey area between physician and institutional responsibilities to protect patient information, challenged by the rapidly changing use and adoption of new technologies, such as electronic health and medical records. While this will continue to redefine expectations of privacy and confidentiality, there are several foundational principles that remain unchanged.
2. Electronic medical and health records
Medical records are compiled primarily to assist physicians and other health care providers in treating patients.16 Yet, they are particularly vulnerable to privacy breaches when this information is exposed to secondary uses, including epidemiological studies, research, education and quality assurance. As contemporary information management and stewardship have had to evolve in response to emerging technology, the parameters of the "medical record" have grown increasingly ambiguous.17 With the proliferation of a wide variety of new health information technology (including electronic health and medical records), concerns about quality and safety have been raised.4 There is evidence that if such technology is not designed, implemented and maintained effectively, it may result in unintended consequences, including technology-induced errors and breaches of patient privacy.4 Reports involving Canada Health Infoway have even pointed to health information technology as a tool that may sometimes reduce rather than enhance patient safety, most often due to human factors. 4 As a result, recommendations have been made to develop a reporting system that would allow health professionals to anonymously report human errors resulting from the use of health information technology - a challenge in itself, as the distinction between human and technological error is often blurred.4 In Canada, a number of efforts have been undertaken by several organizations, including Health Canada and Canada's Health Informatics Organization.4 Yet, services aimed at improving health information technology safety, from a national level, remain poor.4 As a result, organizations like Canada Health Infoway have promoted the need for collaborative efforts to improve health information technology safety standards in Canada, 4 so to ensure that the current and future uses of "medical record" data are accurate and respectful of patient privacy.
3. Access and use of personal health information for research
The courts have long established that health information belongs to the patient.18 As a result, privacy ownership refers to the belief that patients own their private information as well as the right to control access to this information.19 As in other jurisdictions, the overarching challenge in Canada is to strike a balance between enabling access to health and health-related data for research while still respecting Canadians' right to privacy and control over the confidentiality of their information.20 The integrity of healthcare information is fundamental, given that it is the basis on which treatment decisions are made both in research and in clinic. 9 There are three principles upon which information security is based: 9 1) only authorized people have access to confidential information; 2) information must be accurate and consistent, may only be modified by authorized people in ways that are appropriate; 3) information must be accessible by authorized users when needed. Canadian research ethics have demonstrated that beneficial work can be done while maintaining confidentiality to sensitive personal health information.21 Yet, the challenge remains to create a uniform system for accessing data and performing data-based research due to 1) the lack of consistency and clarity in Canada's ethical and legal framework and, 2) varied interpretations of key terms and issues across the country.21 For example, the term "non-identifiable data" remains ambiguous across provinces and is subject to interpretation by data custodians, who may consider their legal duty to protect privacy as precluding access to data.21 This lack of legal clarity has contributed to varied cautious and conservative interpretations of data access legislation.21 National uniform guidelines on the appropriate access, disclosure and use of personal health data would allow data stewards to advance their research while respecting their patients' right to privacy.
4. Online communication with patients and social media
Social media and online communication is pervasive in Canadian society; from Facebook to Twitter, social media has changed the way people interact and disseminate information.21 There is currently widespread discussion among health care professionals and academics regarding the role that social media and online communication should play in the physician-patient relationship.22 A growing number of physicians have embraced the opportunities of interconnectivity that social media affords, implementing their own privacy procedures to reflect this new type of data collection, use and storage.7 While evidence has been lacking on whether the use of social media does improve patient outcomes,22 there is no denying that patients are seeking health care information from online platforms, including social media.22 This type of communication poses a unique set of opportunities and challenges for physicians: while the use of social media could increase physician reach and patient engagement, it can also blur boundaries between one's personal and professional life.22 Although patient-physician online communication is currently limited, physicians still feel that they are encountering an ethical dilemma, especially when they find themselves in boundary crossing situations, like a friend request from a patient.2 Physicians are particularly concerned that, through online communication, they may be exposed to medico-legal and disciplinary issues, especially with respect to patient privacy.2 Given different studies have suggested that unprofessional uses of social media are not uncommon,23 physicians who choose to communicate with patients online or through social media must remember that they are still governed by the same ethical and professional standards that remain paramount.22
As technology continues to evolve, so too will the traditional parameters of the patient-physician relationship. The physician's ethical and professional obligation to protect patient privacy, however, must remain paramount at the backdrop of technology use. Simply banning social media and online communication would neither eliminate risk, nor benefit patient care outcomes. 24 Instead, institutions should establish stringent policies that outline how to prevent or minimize the effects of privacy breaches associated with social media and online communication.25 This should also include a tracking mechanism to help balance the obligation to privacy with evolving technology.25
See also CMA Policy on Principles for the Protection of Patient Privacy
1 Farnan JM, Snyder Sulmasy L, Worster BK, Chaudhry HJ, Rhyne JA, Arora VM. Online medical professionalism: patient and public relationships: policy statement from the American College of Physicians and the Federation of State Medical Boards. Ann Intern Med 2013;158(8):620-627.
2 Brown J, Ryan C. How doctors view and use social media: a national survey. J Med Internet Res 2014;16:e267. Available: https://doi.org/10.2196/jmir.3589 (accessed 2017 Nov 17).
3 Lambert KM, Barry P, Stokes G. Risk management and legal issues with the use of social media in the healthcare setting. J Healthc Risk Manag 2012;31(4):41-47.
4 Kushniruk AW, Bates DW, Bainbridge M, Househ MS, Borycki EM. National efforts to improve health information system safety in Canada, the United States of America and England. Int J Med Inform 2013;82(5):e149-160.
5 Martin JF. Privacy and confidentiality. In: ten Have H, Gordijn B (Eds). Handbook of global bioethics. New York: Springer, Dordrecht; 2014. p.120-1.
6 Office of the Privacy Commissioner of Canada. Canadians and privacy final report. Gatineau: Office of the Privacy Commissioner of Canada; 2009. Available: https://www.priv.gc.ca/information/por-rop/2009/ekos_2009_01_e.asp (accessed 2017 Nov 17).
7 Canadian Medical Protective Association (CMPA). Privacy and a wired world - Protecting patient health information. Ottawa: CMPA; 2011 Dec. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2011/privacy-and-a-wired-world-protecting-patient-health-information (accessed 2017 Nov 17).
8 Burkle CM, Cascino GD. Medicine and the media: balancing the public's right to know with the privacy of the patient. Mayo Clin Proc 2011;86:1192-6.
9 Williams PA. Information security governance: a risk assessment approach to health information systems protection. Stud Health Techol Inform 2013;193:186-206.
10 Borza LR, Gavrilovici C, Stockman R. Ethical models of physician-patient relationship revisited with regard to patient autonomy, values and patient education. Rev Med Chir Soc Med Nat Iasi 2015;119(2):496-501.
11 Crook MA. The risks of absolute medical confidentiality. Sci Eng Ethics 2013;19(1):107-122.
12 Cohen I, Hoffman A, Sage W (Eds). The Oxford handbook of U.S. health law. New York: Oxford University Press; 2015.
13 Francis L. Privacy and confidentiality: the importance of context. The Monist; 91(1);2008:52-67.
14 Francis JG, Francis LP. Privacy, confidentiality, and justice. J Soc Philos 2014;45:408-31.
15 Campbell JI, Eyal N, Musiimenta A, Haberer JE. Ethical questions in medical electronic adherence monitoring. J Gen Intern Med 2016;31:338-42. Available: https://link.springer.com/content/pdf/10.1007%2Fs11606-015-3502-4.pdf (accessed 2017 Nov 17).
16 Canadian Medical Association (CMA). Medical record confidentiality, access and disclosure. Ottawa: CMA; 2000. Available: https://www.cma.ca/Assets/assets-library/document/en/advocacy/policy-research/CMA_Policy_The_medical_record_confidentiality_access_and_disclosure_Update_2000_PD00-06-e.pdf (accessed 2017 Oct 30).
17 Fenton SH, Manion F, Hsieh K, Harris M. Informed Consent: Does anyone really understand what is contained in the medical record? Appl Clin Inform 2015;6(3):466-477.
18 Canada. Supreme Court. McInerney v MacDonald. Dom Law Rep. 1992 Jun 11;93:415-31.
19 Petronio S, Dicorcia MJ, Duggan A. Navigating ethics of physician-patient confidentiality: a communication privacy management analysis. Perm J 2012;16(4):41-45.
20 Council of Canadian Academies (CCA). Accessing health and health-related data in Canada. Ottawa: The Expert Panel on Timely Access to Health and Social Data for Health Research and Health System Innovation, Council of Canadian Academies; 2015. Available: http://www.scienceadvice.ca/uploads/eng/assessments%20and%20publications%20and%20news%20releases/Health-data/HealthDataFullReportEn.pdf (accessed 2017 Nov 17).
21 Canadian Medical Association (CMA). Social media and Canadian physician: Issues and rules of engagement. Ottawa: CMA; 2011. Available: https://www.cma.ca/Assets/assets-library/document/en/advocacy/CMA_Policy_Social_Media_Canadian_Physicians_Rules_Engagement_PD12-03-e.pdf (accessed 2017 Oct 30).
22 Eysenbach G. Medicine 2.0: Social networking, collaboration, participation, apomediation, and openness
J Med Internet Res 2008;10(3):e22.
23 Mayer MA, Leis A, Mayer A, Rodriguez-Gonzalez A. How medical doctors and students should use social media: A review of the main guidelines for proposing practical recommendations. Stud Health Technol Info 2012;180:853-857.
24 Moses RE, McNeese LG, Feld LD, Feld AD. Social media in the health-care setting: Benefits but also a minefield of compliance and other legal issues. Am J Gastroenterol 2014;109(8):1128-1132.
25 Yang YT, Silverman RD. Mobile health applications: The patchwork of legal and liability issues suggests strategies to improve oversight. Health Aff (Millwood) 2014;33(2):222-227.
GUIDING PRINCIPLES FOR PHYSICIANS RECOMMENDING MOBILE HEALTH APPLICATIONS TO PATIENTS
This document is designed to provide basic information for physicians about how to assess a mobile health application for recommendation to a patient in the management of that patient's health, health care, and health care information.
These guiding principles build on the Canadian Medical Association's (CMA) Physician Guidelines for Online Communication with Patients.1
* Mobile health applications, distinct from regulated medical devices, may be defined as an application on a mobile device that is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. The functions of these applications may include:
o The ability to store and track information about an individual or group's health or the social determinants thereof;
o Periodic educational information, reminders, or motivational guidance;
o GPS location information to direct or alert patients;
o Standardized checklists or questionnaires.2
* Mobile health applications can enhance health outcomes while mitigating health care costs because of their potential to improve a patient's access to information and care providers.3
* Mobile health applications are most commonly used on a smart phone and/or tablet. Some may also interface with medical devices.
* The use of mobile health applications reflects an emerging trend towards personalized medicine and patient involvement in the management of their health information. By 2016, 142 million health apps will have been downloaded.4 According to some industry estimates, by 2018, 50 percent of the more than 3.4 billion smartphone and tablet users worldwide will have downloaded at least one mobile health application.5
* While mobile health application downloads are increasing, there is little information about usage and adherence by patients. It is believed that many patients cease to use a mobile health application soon after downloading it.
* Distributers of mobile health applications do not currently assess content provided by mobile health applications for accuracy, comprehensiveness, reliability, timeliness, or conformity to clinical practice guidelines.6 However, mobile applications may be subjected to certain standards to ensure critical technical requirements such as accessibility, reachability, adaptability, operational reliability, and universality.
* Increasingly there are independent websites providing reviews of medical apps and checklists for health care professionals. However, the quality criteria used by these sites, potential conflicts of interest, and the scope and number of mobile apps assessed are not always declared by these groups.
To date, randomized controlled trials are not usually employed to assess the effectiveness of mobile health applications. Some believe that the rigorousness of this type of assessment may impede the timeliness of a mobile health application's availability.7
* Some examples of the uses of mobile health applications include tracking fitness activities to supplement a healthy lifestyle; supported self-management of health and health information; post-procedure follow up; viewing of test results; and the virtualization of interaction between patients and providers, such as remote patient monitoring for chronic disease management. Some mobile health applications may be linked to a patient profile or patient portal associated with a professional or recognized association or medical society or health care organization.
* Some mobile health applications may be an extension of an electronic medical records (EMR) platform.
* The objective of recommending a mobile health application to a patient must be to enhance the safety and/or effectiveness of patient care or otherwise for the purpose of health promotion.
* A mobile health application is one approach in health service delivery. Mobile health applications should complement, rather than replace, the relationship between a physician and patient.
* No one mobile health application is appropriate for every patient. Physicians may wish to understand a patient's abilities, comfort level, access to technology, and the context of the application of care before recommending a mobile health application.
* Should a physician recommend a mobile health application to a patient, it is the responsibility of the physician to do so in a way that adheres to legislation and regulation (if existing) and/or professional obligations.
* If the mobile health application will be used to monitor the patient's condition in an ongoing manner, the physician may wish to discuss with the patient what they should watch for and the steps they should take in response to information provided.
* Physicians are encouraged to share information about applications they have found effective with colleagues.
* Physicians who require additional information about the competencies associated with eHealth and the use of health information technologies may wish to consult The Royal College of Physicians and Surgeons of Canada's (RCPSC) framework of medical competencies, CanMEDS.8
* Physicians may wish to enter into and document a consent discussion with their patient, which can include the electronic management of health information or information printed out from electronic management platforms like mobile health applications. This agreement may include a one-time conveyance of information and recommendations to cover the elements common to many mobile health applications, such as the general risk to privacy associated with storing health information on a mobile device.
Characteristics of a safe and effective mobile health application
A mobile health application does not need to have all of the following characteristics to be safe and effective. However, the more of the following characteristics a mobile health application has, the likelier it will be appropriate for recommendation to a patient:
1. Endorsement by a professional or recognized association or medical society or health care organization
As recommended by the Canadian Medical Protective Association (CMPA), it is best to select mobile health applications that have been created or endorsed by a professional or recognized association or medical society.9 Some health care organizations, such as hospitals, may also develop or endorse applications for use in their clinical environments. There may also be mobile health applications associated with an EMR platform used by an organization or practice. Finally, some mobile health applications may have been subject to a peer review process distinct from endorsement by an association or organization.
There are a number of usability factors than can complicate the use of mobile applications, including interface and design deficiencies, technological restrictions, and device and infrastructure malfunction.
Many developers will release periodic updates and software patches to enhance the stability and usability of their applications. Therefore, it would be prudent for the physician recommending the mobile health application to also recommend to the patient that they determine if the application has been updated within the last year.
Physicians considering recommending a mobile health application to a patient may wish to ask about the patient's level of comfort with mobile health technologies, their degree of computer literacy, whether or not the patient owns a mobile device capable of running the application, and whether or not the patient is able to bear potential one-time or ongoing costs associated with use of the application.
Physicians may consider testing the application themselves beforehand to understand whether its functionality and interface make it easy to use.
3. Reliability of information
Physicians considering recommending a mobile health application may wish to understand how the patient intends to use the information, and/or review the information with the patient to understand whether it is current and appropriate.
Information presented by the mobile health application should be appropriately referenced and time-stamped with the last update by the application developer.
4. Privacy and security
In 2014, the Officer of the Information and Privacy Commissioner of Alberta assessed approximately 1200 mobile applications and found nearly one-third of them required access to personal information beyond what should be required relative to their functionality and purpose, and that basic privacy information was not always made available.10
Physicians entering into and documenting a consent discussion with their patients may wish to include the electronic management of health information in the scope of these discussions, and make a notation of the discussion in the patient's health record.
Some mobile health applications may feature additional levels of authentication for use, such as an additional password or encryption protocols. If all other factors between applications are equal, physicians may wish to recommend that patients use mobile health applications adhering to this higher standard of security.
5. Avoids conflict-of-interest
Physicians may wish to recommend that patients learn more about the company or organization responsible for the development of the application and their mandate. There is a risk of secondary gains by mobile health application developers and providers where information about patients and/or usage is gathered and sold to third parties.
A standardized conflict of interest statement may be made available through the mobile health application or on the developer's website. If so, physicians may wish to refer the patient to this resource.
Physicians who develop mobile applications for commercial gain or have a stake in those who develop applications for commercial gain may risk a complaint being made to the College on the basis that the physician engaged in unprofessional conduct if they recommend mobile health applications to their patients in the course of patient care.
6. Does not contribute to fragmentation of health information
Some mobile health applications may link directly to an EMR, patient portal, or government data repository. These data resources may be standardized, linked, and cross-referenced.
However, health information entered into an application may also be stored on a mobile device and/or the patient's home computer, or developers of mobile health applications may store information collected by their application separately. While there may be short-term benefits to using a particular mobile health application, the range of applications and developers may contribute to the overall fragmentation of health information.
If all other factors between applications are considered equal, physicians may wish to recommend mobile health applications which contribute to robust existing data repositories, especially an existing EMR.
7. Demonstrates its impact on patient health outcomes
While not all mobile health applications will have an appropriate scale of use and not all developers will have the capacity to collect and analyze data, physicians may wish to recommend mobile health applications that have undergone validation testing to demonstrate impact of use on patient health outcomes. If mobile health applications are claiming a direct therapeutic impact on patient populations, physicians may wish to recommend that their patients seek out or request resources to validate this claim.
1 Canadian Medical Association. Physician guidelines for online communication with patients. Ottawa: The Association; 2005. Available: http://policybase.cma.ca/dbtw-wpd/PolicyPDF/PD05-03.pdf?_ga=1.32127742.1313872127.1393248073
2 US Food and Drug Administration, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research. Mobile medical applications: guidance for industry and Food and Drug Administration staff. Rockville (MD): The Administration; 2015. Available:
3 Canada Health Infoway. Mobile health computing between clinicians and patients. White paper. Toronto: The Infoway; 2014 Apr. Available: www.infoway-inforoute.ca/index.php/resources/video-gallery/doc_download/2081-mobile-health-computing-between-clinicians-and-patients-white-paper-full-report
4 iHealthBeat. 44M mobile health apps will be downloaded in 2012, report predicts. Available: www.ihealthbeat.org/articles/2011/12/1/44m-mobile-health-apps-will-be-downloaded-in-2012-report-predicts
5 Jahns R-G. 500m people will be using healthcare mobile applications in 2015. Research2guidance. Available: www.research2guidance.com/500m-people-will -be-using-healthcare-mobile-applications-in-2015/
6 Lyver, M. Standards: a call to action. Future Practice. 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf
7 Rich P. Medical apps: current status. Future Practice 2013 Nov. Available: www.cma.ca/Assets/assets-library/document/en/about-us/FP-November2013-e.pdf
8 Royal College of Physicians and Surgeons of Canada. The CanMEDS 2015 eHealth Expert Working Group report. Ottawa: The College; 2014. Available: www.royalcollege.ca/portal/page/portal/rc/common/documents/canmeds/framework/ehealth_ewg_report_e.pdf
9 Canadian Medical Protective Association. Managing information to delivery safer care. Ottawa: The Association; 2013. Available: https://oplfrpd5.cmpa-acpm.ca/en/duties-and-responsibilities/-/asset_publisher/bFaUiyQG069N/content/managing-information-to-deliver-safer-care
10 Office of the Information and Privacy Commissioner of Alberta. Global privacy sweep rasies concerns about mobile apps [news release]. Available: www.oipc.ab.ca/downloads/documentloader.ashx?id=3482