Patients have a right to privacy and physicians have a duty of confidentiality arising from the patient-physician relationship to protect patient privacy. The right to privacy flows from the principle of respect for patient autonomy, based on the individual's right to conduct and control their lives as they choose.1 When approaching any ethical question around privacy, the principle of respect for patient autonomy must be balanced against other competing principles (e.g. beneficence, non-maleficence).
The protection of privacy and the concomitant duty of confidentiality are essential to foster trust in the patient-physician-relationship, the delivery of good patient care and a positive patient care experience. Privacy protection is an important issue for Canadians,2 and research suggests that patients may withhold critical health information from their health care providers because of privacy concerns.3 Patients will be more willing to share complete and accurate information if they have a relationship of trust with their physician and are confident that their information will be protected.4
In today's ever-evolving technological environment and due to the shift away from the traditional (paternalistic) physician-patient relationship, patients, physicians and other public and private stakeholders are using and sharing personal health information in new and innovative ways. This raises new challenges for clinical practice and, crucially, how to navigate expanded uses of data via the use of new technologies and the requirements of patient privacy.
Institutions, clinics, and physician-group practices may share responsibility with the physician for the protection of patient information. There is thus a tension between physician and institutional responsibilities to protect patient information, challenged by the rapidly changing use and adoption of new technologies. While this will continue to redefine expectations of privacy and confidentiality, there are several foundational principles that remain unchanged.
SCOPE OF POLICY
The Canadian Medical Association (CMA) Principles for the Protection of Patients' Personal Health Information aim to provide guidance on key ethical considerations pertinent to the protection of patient information in a way that takes into account a physician's (including medical learner) ethical, professional, and legal obligations. The Principles are not designed to serve as a tool for legislative compliance in a particular jurisdiction or to provide a standard of care. Physicians should be aware of privacy legislation in the jurisdiction in which they practice, the standards and expectations specified by their respective regulatory authorities (including Privacy Commissioners), publications and risk management education provided by the CMPA as well as policies and procedures of any given setting (e.g., a regional health authority or a hospital).
SUBSTANTIVE PRINCIPLES THAT GUIDE THE OBLIGATIONS OF THE PHYSICIAN TO PROTECT PATIENT PRIVACY
* Trust is the cornerstone of the patient-physician relationship and plays a central role in providing the highest standard of care.
* Physicians and their patients build relationships of trust that enable open and honest dialogue and foster patients' willingness to share deeply personal information (often) in conditions of vulnerability.
* Physicians can cultivate and maintain patient trust by, unless the consent of the patient has been obtained to do otherwise, collecting health information only to benefit the patient, by sharing information only for that purpose, and by keeping patient information confidential; patient trust has been found to be the most powerful determinant of the level of control patients want over their medical records.5
* To maintain trust, physicians must consider the duty to care and the duty not to harm the patient in evaluating privacy requirements.
* The extent to which a patient expects (and may tolerate a loss of) privacy and confidentiality is culturally and individually relative.6
* Physicians owe a duty of confidentiality to their patients; there is both an ethical (respect for autonomy) and a legal basis imposed by privacy legislation) for this duty.
* The duty to maintain patient confidentiality, like trust, is fundamental to the therapeutic nature of the patient-physician relationship; it creates conditions that allow patients to openly and confidently share complete health information, resulting in a stronger physician-patient relationship and better delivery of care.7
* The duty to maintain patient confidentiality means that physicians do not share the health information with anyone outside of the patient's circle of care, unless authorized to do so by the patient.1,8 There are varying interpretations of what constitutes the patient's circle of care; this depends on the facts of the situation and the jurisdiction.9
* Privacy requirements raise complex issues in learning environments and quality improvement initiatives. It is desirable that any of the patient's physicians who will have ongoing care interactions with the patient can remain included in information-sharing about the patient.
* Shared electronic health records present challenges to confidentiality. For example, patients may wish to limit some aspects of their record to only some providers within their circle of care.10
* In practice, respecting privacy and the duty of confidentiality govern the physician's role as data steward, responsible for controlling the extent to which information about the person is protected, used or disclosed.11 A central rule to balancing a patient's right to privacy and the duty of confidentiality is the "minimum necessary" use and disclosure of personal health information, whereby a data steward should use or disclose only the minimum amount of information necessary to fulfil the intended purpose. In some circumstances, de-identifying or aggregating personal health information before use or disclosure can minimize the amount of information disclosed.12
* The duty to maintain patient confidentiality is not absolute and is subject to exceptions in limited circumstances,13 i.e., when required or permitted by law to disclose information (see below in Data Stewardship: Collection, use and disclosure of personal health information).
* Patient consent is an important mechanism for respecting patient autonomy; obtaining voluntary and informed consent to share patient information is fundamental to the protection of privacy and the duty of confidentiality.
* Physicians are generally required to obtain informed consent from the patient before they can disclose the patient's personal health information. Consent is only informed if there is disclosure of matters that a reasonable person in the same circumstances would want to know, including 1) to whom the patient information will be disclosed, 2) whether it could be disclosed to other third parties, and 3) the purpose for which it could be used or disclosed.
* While informed consent is required as a general rule, physicians may infer that they have the patient's implied consent to collect, use, disclose and access personal health information 1) for the purpose of providing or assisting in providing care (i.e., share only the necessary information with those involved within the patient's circle of care); and 2) to store personal health information in a medical record (i.e., paper, electronic, or hospital-based). Physicians will want to consider if it is appropriate in the circumstances to advise the patient when a disclosure has been made.
* When the patient is a minor, the physician must consider whether it is the parent or the child who determines the use and disclosure of the minor's personal health information. A young person who is deemed to understand fully the implications of a decision regarding proposed collection, use or disclosure of personal health information is generally deemed to have control over their personal health information with respect to the decision.
* Where the patient is not capable to provide the required consent (e.g. is deemed to be incompetent), physicians must seek consent from the patient's substitute decision-maker.
4. Physician as data steward
* As data stewards, physicians have the responsibility to understand their role in protecting patient privacy and appropriate access to patient information.
* The information contained in the medical record belongs to the patient who has a general right of access to their personal health information, and the right to control the use and further disclosure and to the continued confidentiality of that information.
* A data steward (e.g., physician, institution or clinic) holds the physical medical record in trust for the care and benefit of the patient.14
* Physicians should provide their patients access to their medical record, if requested.15 (See below in Data Stewardship: Access to personal information).
* Physicians ought to have appropriate access to personal health information and have the ability to provide their patients with access to their medical record. Appropriate access should be interpreted to include access for patient follow up (as part of the duty to care) and review for the purpose of improving patient care.
* Physicians should consider consulting available resources to assist them in fulfilling their duties as data stewards.
PROCEDURAL PRINCIPLES THAT GUIDE THE APPLICATION OF PHYSICIAN OBLIGATIONS
Physicians must manage personal health information in compliance with relevant legislation that establishes rules governing the access, collection, use, disclosure, and retention of personal health information, provincial privacy laws, and professional expectations and regulations specified by their respective regulatory authorities.
1. Data Stewardship: Access to personal information
* Patients have a right of reasonable access to the personal health information in their medical record (i.e., paper, electronic, or hospital-based) under the control or in the custody of a physician, institution, or clinic.
* In exceptional situations, physicians can refuse to release the information in the patient's medical record.
2. Data Stewardship: Collection, use and disclosure of personal health information
* There are circumstances where there are required (e.g., monitoring of claims for payment, subpoenas) and permitted disclosures of personal health information without patient consent (e.g., where the maintenance of confidentiality would result in a significant risk of substantial harm to the patient or to others).
* Security safeguards must be in place to protect personal health information in order to ensure that only authorized collection, use, disclosure or access occurs.
* Physicians play an important role in educating patients about possible consensual and non-consensual uses and disclosures that may be made with their personal health information, including secondary uses of data for, e.g., epidemiological studies, research, education, and quality assurance, that may or may not be used with explicit consent.
3. Data Stewardship: Retention of personal health information
* Personal health information should be retained for the period required by any applicable legislation and as specified by their respective regulatory authorities. It may be necessary to maintain personal health information beyond the applicable period where there is a pending or anticipated legal proceeding related to the care provided to the patient.
* Likewise, physicians should transfer and dispose of personal health information in compliance with any applicable legislation and professional expectations outlined by their respective regulatory authorities.
* Physicians are encouraged to seek technical assistance and advice on the secure transfer, disposal, and/or selling of electronic records.15
4. Data Stewardship: Use of technology
* Physicians should obtain patient consent to use electronic means and/or devices for patient care (e.g., sending digital photographs) and for communicating patient information (e.g., the use of email). To obtain informed consent, physicians should explain to patients that there are necessary benefits and risks in using technologies in clinical contexts. The CMPA has provided a written consent form to that effect that can be included in the patient's medical record.
* As a general practice, physicians are encouraged to make use of technological innovations and must evaluate whether the technology is appropriate for patient care and has reasonable safeguards to protect patient privacy.
Approved by the CMA Board of Directors December 2017
See also Background to CMA Policy Principles for the Protection of Patient Privacy
1 Martin JF. Privacy and confidentiality. In: ten Have H, Gordijn B (Eds). Handbook of global bioethics. New York: Springer, Dordrecht; 2014. p.119-37.
2 Office of the Privacy Commissioner of Canada. Canadians and privacy final report. Gatineau: Office of the Privacy Commissioner of Canada; 2009. Available: https://www.priv.gc.ca/information/por-rop/2009/ekos_2009_01_e.asp (accessed 2017 Nov 17).
3 Canadian Medical Protective Association (CMPA). Privacy and a wired world - Protecting patient health information. Ottawa: CMPA; 2011 Dec. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2011/privacy-and-a-wired-world-protecting-patient-health-information (accessed 2017 Nov 17).
4 Royal College of Physicians and Surgeons of Canada (RCPSC). Duty of confidentiality. Ottawa: RCPSC; 2017. Available: http://www.royalcollege.ca/rcsite/bioethics/cases/section-3/duty-confidentiality-e (accessed 2017 Dec 15).
5 Damschroder LJ, Pritts JL, Neblo MA, Kalarickal RJ, Creswell JW, Hayward RA. Patients, privacy and trust: patients' willingness to allow researchers to access their medical records. Soc Sci Med 2007;64:223-35.
6 Campbell JI, Eyal N, Musiimenta A, Haberer JE. Ethical questions in medical electronic adherence monitoring. J Gen Intern Med 2016;31:338-42. Available: https://link.springer.com/content/pdf/10.1007%2Fs11606-015-3502-4.pdf (accessed 2017 Nov 17).
7 Crook MA. The risks of absolute medical confidentiality. Sci Eng Ethics 2013;19:107-22.
8 Cohen I, Hoffman A, Sage W (Eds). The Oxford Handbook of U.S. Health Law. New York: Oxford University Press; 2015.
9 Canadian Medical Protective Association (CMPA). The voice of professionalism within the system of care. Ottawa: CMPA; 2012 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2012/the-voice-of-professionalism-within-the-system-of-care (accessed 2017 Nov 17).
10 Canadian Medical Protective Association (CMPA). Did you know? Patients can restrict access to their health information. Ottawa: CMPA; 2017 Nov. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2017/did-you-know-patients-can-restrict-access-to-their-health-information (accessed 2017 Nov 17).
11 Francis JG, Francis LP. Privacy, confidentiality, and justice. J Soc Philos 2014;45:408-31.
12 Burkle CM, Cascino GD. Medicine and the media: balancing the public's right to know with the privacy of the patient. Mayo Clin Proc 2011;86:1192-6.
13 Canadian Medical Protective Association (CMPA). When to disclose confidential information. Ottawa: CMPA; 2015 Mar. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2015/when-to-disclose-confidential-information (accessed 2017 Nov 17).
14 Canadian Medical Protective Association (CMPA). Releasing a patient's personal health information: What are the obligations of the physician? Ottawa: CMPA; 2012 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2012/releasing-a-patient-s-personal-health-information-what-are-the-obligations-of-the-physician (accessed 2017 Nov 17).
15 Canadian Medical Protective Association (CMPA). Protecting patient health information in electronic records. Ottawa: CMPA; 2013 Oct. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2013/protecting-patient-health-information-in-electronic-records (accessed 2017 Nov 17).
(c) 2017 Canadian Medical Association. You may, for your non-commercial use, reproduce, in whole or in part and in any form or manner, unlimited copies of CMA Policy Statements provided that credit is given to Canadian Medical Association.
BACKGROUND TO CMA POLICY
PRINCIPLES FOR THE PROTECTION OF PATIENT PRIVACY
See also CMA Policy on Principles for the Protection of Patient Privacy
The advent of Electronic Medical Records, the rapid spread of mobile health apps, and the increasing use of social media within the health care community, have each created new challenges to maintaining a duty of confidentiality within the physician-patient relationship. These technologies present both opportunities and challenges with respect to medical professionalism.1 The permeation of these types of interactions into everyday life now places physicians in new situations that some find difficult to navigate.2 These challenges will only increase in the coming years, as the use of online technologies in health care is continuously growing.3 Canada is only in the early stages of managing the emerging issues of technology-induced errors that compromise privacy in the health care setting.4 Therefore, this paper will briefly discuss the importance of protecting privacy, followed by an overview of the main challenges to maintaining privacy as the physician-patient relationship evolves at the backdrop of emerging technologies.
Privacy and Confidentiality
The overlapping, but not identical, principles of the protection of privacy and the duty of confidentiality are essential to the physician-patient relationship. These principles not only foster trust, but also the delivery of effective and lasting care. Rooted in the Hippocratic Oath, the modern-day right to privacy flows from the principle of autonomy, which attributes to individuals the right to conduct and control their lives as they choose.5 Privacy protection is an important issue to Canadians,6 with research suggesting that patients may even withhold critical health information because of privacy concerns.7 Health care professionals are bound by legal and ethical standards to maintain privacy and confidentiality of patient information.8 Physicians must therefore be aware of the implications of privacy legislation specific to their jurisdiction.7 The duty to protect patient privacy is important to uphold, as health information can potentially be identifiable and sensitive; the confidentiality of this information must therefore be protected to ensure that patient privacy is not breached. 9 While the traditional, and largely obsolete, models of the physician-patient relationship involve a unidirectional flow of information, the ease at which patients can now access medical information through the Internet, and the use of social media within the health care community, have reinterpreted how information is communicated from physician to patient, and vice versa.10 We must therefore re-define expectations of privacy and confidentiality, first by distinguishing one from the other.
The terms "privacy" and "confidentiality" are often used interchangeably by both researchers and clinicians. Several bioethics discussions on the distinction between these terms places confidentiality under the umbrella of privacy.11 While confidentiality involves the information itself, which is disclosed or not, privacy is about the impact of that disclosure on the person.9 Privacy seems to be more intimately linked to the individual, focusing on the circumstances under which the information is used.12-13 Confidentiality, on the other hand, is a duty that health professionals have towards their patients to not share the information exchanged during their encounter, unless authorized by the patient.5,12 In practice, the duty of confidentiality governs the physician's role as data stewards, responsible for controlling the extent to which information about the person is protected, used or disclosed.14 As one paper describes, "privacy is invaded, confidentiality is breached."13
From a patient perspective, it is important to respect and protect privacy because it allows individuals time and space to share their concerns without feeling judged or misunderstood,11 resulting in a stronger physician-patient relationship and better delivery of care. However, from a research perspective, a fine balance must be struck between using accurate information while still upholding the privacy rights of individuals.11 As such, the argument for absolute confidentiality puts a near impossible burden on research clinicians.11 Moreover, from a public safety perspective, a physician may be morally and legally required to break confidentiality in order to protect both the patient and others who may be involved. The challenge is to balance the traditional goal of confidentiality - to protect patient privacy and interest - with that of third parties and public health.5 Therefore, a central rule to balancing confidentiality with a patients' right to privacy is the "minimum necessary" use and disclosure of personal health information, whereby a data steward should use or disclose only the minimum amount of information necessary to fulfil the intended purpose.8 It is equally important to recognize that the extent to which a patient may tolerate a loss of privacy is culturally and individually relative.15 Health care providers have a legal and ethical obligation to keep patient health information private, sharing it only with the authorization of the patient.16 Informed consent, therefore, appears to be a fundamental requirement to upholding confidentiality and patient privacy rights.
While emerging privacy issues touch many areas of practice, this section will emphasize three of the most prominent issues in recent literature: access and use of information, electronic medical and health records and, online communication and social media.
1. Technological change and institutional data stewardship
In today's ever-evolving technological environment, including the emergence of shared electronic health records, online communication, social media, mobile applications, and big data, physicians, patients and other public and private stakeholders are using and sharing personal health information in new and innovative ways. The traditional (paternalistic) model of the physician-patient relationship involved a bidirectional flow of information. However, the ease at which patients can now access medical information from alternative sources via the Internet, and the use of social media within the health care community, has redefined how information is communicated from physician to patient, and vice versa.10 This raises new challenges for clinical practice, specifically how to navigate expanded access of data via the use of new technologies and the requirements of patient privacy by effectively managing security concerns.
In many situations, the physician may not be the sole or primary custodian of (i.e., control access to) the patient's records once the health information is collected. Institutions, clinics, and physician-group practices may also have responsibility for patient information and therefore play an important role in ensuring it is protected. There is thus a grey area between physician and institutional responsibilities to protect patient information, challenged by the rapidly changing use and adoption of new technologies, such as electronic health and medical records. While this will continue to redefine expectations of privacy and confidentiality, there are several foundational principles that remain unchanged.
2. Electronic medical and health records
Medical records are compiled primarily to assist physicians and other health care providers in treating patients.16 Yet, they are particularly vulnerable to privacy breaches when this information is exposed to secondary uses, including epidemiological studies, research, education and quality assurance. As contemporary information management and stewardship have had to evolve in response to emerging technology, the parameters of the "medical record" have grown increasingly ambiguous.17 With the proliferation of a wide variety of new health information technology (including electronic health and medical records), concerns about quality and safety have been raised.4 There is evidence that if such technology is not designed, implemented and maintained effectively, it may result in unintended consequences, including technology-induced errors and breaches of patient privacy.4 Reports involving Canada Health Infoway have even pointed to health information technology as a tool that may sometimes reduce rather than enhance patient safety, most often due to human factors. 4 As a result, recommendations have been made to develop a reporting system that would allow health professionals to anonymously report human errors resulting from the use of health information technology - a challenge in itself, as the distinction between human and technological error is often blurred.4 In Canada, a number of efforts have been undertaken by several organizations, including Health Canada and Canada's Health Informatics Organization.4 Yet, services aimed at improving health information technology safety, from a national level, remain poor.4 As a result, organizations like Canada Health Infoway have promoted the need for collaborative efforts to improve health information technology safety standards in Canada, 4 so to ensure that the current and future uses of "medical record" data are accurate and respectful of patient privacy.
3. Access and use of personal health information for research
The courts have long established that health information belongs to the patient.18 As a result, privacy ownership refers to the belief that patients own their private information as well as the right to control access to this information.19 As in other jurisdictions, the overarching challenge in Canada is to strike a balance between enabling access to health and health-related data for research while still respecting Canadians' right to privacy and control over the confidentiality of their information.20 The integrity of healthcare information is fundamental, given that it is the basis on which treatment decisions are made both in research and in clinic. 9 There are three principles upon which information security is based: 9 1) only authorized people have access to confidential information; 2) information must be accurate and consistent, may only be modified by authorized people in ways that are appropriate; 3) information must be accessible by authorized users when needed. Canadian research ethics have demonstrated that beneficial work can be done while maintaining confidentiality to sensitive personal health information.21 Yet, the challenge remains to create a uniform system for accessing data and performing data-based research due to 1) the lack of consistency and clarity in Canada's ethical and legal framework and, 2) varied interpretations of key terms and issues across the country.21 For example, the term "non-identifiable data" remains ambiguous across provinces and is subject to interpretation by data custodians, who may consider their legal duty to protect privacy as precluding access to data.21 This lack of legal clarity has contributed to varied cautious and conservative interpretations of data access legislation.21 National uniform guidelines on the appropriate access, disclosure and use of personal health data would allow data stewards to advance their research while respecting their patients' right to privacy.
4. Online communication with patients and social media
Social media and online communication is pervasive in Canadian society; from Facebook to Twitter, social media has changed the way people interact and disseminate information.21 There is currently widespread discussion among health care professionals and academics regarding the role that social media and online communication should play in the physician-patient relationship.22 A growing number of physicians have embraced the opportunities of interconnectivity that social media affords, implementing their own privacy procedures to reflect this new type of data collection, use and storage.7 While evidence has been lacking on whether the use of social media does improve patient outcomes,22 there is no denying that patients are seeking health care information from online platforms, including social media.22 This type of communication poses a unique set of opportunities and challenges for physicians: while the use of social media could increase physician reach and patient engagement, it can also blur boundaries between one's personal and professional life.22 Although patient-physician online communication is currently limited, physicians still feel that they are encountering an ethical dilemma, especially when they find themselves in boundary crossing situations, like a friend request from a patient.2 Physicians are particularly concerned that, through online communication, they may be exposed to medico-legal and disciplinary issues, especially with respect to patient privacy.2 Given different studies have suggested that unprofessional uses of social media are not uncommon,23 physicians who choose to communicate with patients online or through social media must remember that they are still governed by the same ethical and professional standards that remain paramount.22
As technology continues to evolve, so too will the traditional parameters of the patient-physician relationship. The physician's ethical and professional obligation to protect patient privacy, however, must remain paramount at the backdrop of technology use. Simply banning social media and online communication would neither eliminate risk, nor benefit patient care outcomes. 24 Instead, institutions should establish stringent policies that outline how to prevent or minimize the effects of privacy breaches associated with social media and online communication.25 This should also include a tracking mechanism to help balance the obligation to privacy with evolving technology.25
See also CMA Policy on Principles for the Protection of Patient Privacy
1 Farnan JM, Snyder Sulmasy L, Worster BK, Chaudhry HJ, Rhyne JA, Arora VM. Online medical professionalism: patient and public relationships: policy statement from the American College of Physicians and the Federation of State Medical Boards. Ann Intern Med 2013;158(8):620-627.
2 Brown J, Ryan C. How doctors view and use social media: a national survey. J Med Internet Res 2014;16:e267. Available: https://doi.org/10.2196/jmir.3589 (accessed 2017 Nov 17).
3 Lambert KM, Barry P, Stokes G. Risk management and legal issues with the use of social media in the healthcare setting. J Healthc Risk Manag 2012;31(4):41-47.
4 Kushniruk AW, Bates DW, Bainbridge M, Househ MS, Borycki EM. National efforts to improve health information system safety in Canada, the United States of America and England. Int J Med Inform 2013;82(5):e149-160.
5 Martin JF. Privacy and confidentiality. In: ten Have H, Gordijn B (Eds). Handbook of global bioethics. New York: Springer, Dordrecht; 2014. p.120-1.
6 Office of the Privacy Commissioner of Canada. Canadians and privacy final report. Gatineau: Office of the Privacy Commissioner of Canada; 2009. Available: https://www.priv.gc.ca/information/por-rop/2009/ekos_2009_01_e.asp (accessed 2017 Nov 17).
7 Canadian Medical Protective Association (CMPA). Privacy and a wired world - Protecting patient health information. Ottawa: CMPA; 2011 Dec. Available: https://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2011/privacy-and-a-wired-world-protecting-patient-health-information (accessed 2017 Nov 17).
8 Burkle CM, Cascino GD. Medicine and the media: balancing the public's right to know with the privacy of the patient. Mayo Clin Proc 2011;86:1192-6.
9 Williams PA. Information security governance: a risk assessment approach to health information systems protection. Stud Health Techol Inform 2013;193:186-206.
10 Borza LR, Gavrilovici C, Stockman R. Ethical models of physician-patient relationship revisited with regard to patient autonomy, values and patient education. Rev Med Chir Soc Med Nat Iasi 2015;119(2):496-501.
11 Crook MA. The risks of absolute medical confidentiality. Sci Eng Ethics 2013;19(1):107-122.
12 Cohen I, Hoffman A, Sage W (Eds). The Oxford handbook of U.S. health law. New York: Oxford University Press; 2015.
13 Francis L. Privacy and confidentiality: the importance of context. The Monist; 91(1);2008:52-67.
14 Francis JG, Francis LP. Privacy, confidentiality, and justice. J Soc Philos 2014;45:408-31.
15 Campbell JI, Eyal N, Musiimenta A, Haberer JE. Ethical questions in medical electronic adherence monitoring. J Gen Intern Med 2016;31:338-42. Available: https://link.springer.com/content/pdf/10.1007%2Fs11606-015-3502-4.pdf (accessed 2017 Nov 17).
16 Canadian Medical Association (CMA). Medical record confidentiality, access and disclosure. Ottawa: CMA; 2000. Available: https://www.cma.ca/Assets/assets-library/document/en/advocacy/policy-research/CMA_Policy_The_medical_record_confidentiality_access_and_disclosure_Update_2000_PD00-06-e.pdf (accessed 2017 Oct 30).
17 Fenton SH, Manion F, Hsieh K, Harris M. Informed Consent: Does anyone really understand what is contained in the medical record? Appl Clin Inform 2015;6(3):466-477.
18 Canada. Supreme Court. McInerney v MacDonald. Dom Law Rep. 1992 Jun 11;93:415-31.
19 Petronio S, Dicorcia MJ, Duggan A. Navigating ethics of physician-patient confidentiality: a communication privacy management analysis. Perm J 2012;16(4):41-45.
20 Council of Canadian Academies (CCA). Accessing health and health-related data in Canada. Ottawa: The Expert Panel on Timely Access to Health and Social Data for Health Research and Health System Innovation, Council of Canadian Academies; 2015. Available: http://www.scienceadvice.ca/uploads/eng/assessments%20and%20publications%20and%20news%20releases/Health-data/HealthDataFullReportEn.pdf (accessed 2017 Nov 17).
21 Canadian Medical Association (CMA). Social media and Canadian physician: Issues and rules of engagement. Ottawa: CMA; 2011. Available: https://www.cma.ca/Assets/assets-library/document/en/advocacy/CMA_Policy_Social_Media_Canadian_Physicians_Rules_Engagement_PD12-03-e.pdf (accessed 2017 Oct 30).
22 Eysenbach G. Medicine 2.0: Social networking, collaboration, participation, apomediation, and openness
J Med Internet Res 2008;10(3):e22.
23 Mayer MA, Leis A, Mayer A, Rodriguez-Gonzalez A. How medical doctors and students should use social media: A review of the main guidelines for proposing practical recommendations. Stud Health Technol Info 2012;180:853-857.
24 Moses RE, McNeese LG, Feld LD, Feld AD. Social media in the health-care setting: Benefits but also a minefield of compliance and other legal issues. Am J Gastroenterol 2014;109(8):1128-1132.
25 Yang YT, Silverman RD. Mobile health applications: The patchwork of legal and liability issues suggests strategies to improve oversight. Health Aff (Millwood) 2014;33(2):222-227.