Skip header and navigation
CMA PolicyBase

Policies that advocate for the medical profession and Canadians


7 records – page 1 of 1.

Canada Health Infoway

https://policybase.cma.ca/en/permalink/policy8924
Last Reviewed
2014-03-01
Date
2007-08-22
Topics
Health systems, system funding and performance
Health human resources
Health information and e-health
Resolution
GC07-110
The Canadian Medical Association and its provincial/territorial medical associations and affiliates call on Canada Health Infoway to support physicians in developing electronic medical records and linkages to electronic health records by making funding directly available to physicians.
Policy Type
Policy resolution
Last Reviewed
2014-03-01
Date
2007-08-22
Topics
Health systems, system funding and performance
Health human resources
Health information and e-health
Resolution
GC07-110
The Canadian Medical Association and its provincial/territorial medical associations and affiliates call on Canada Health Infoway to support physicians in developing electronic medical records and linkages to electronic health records by making funding directly available to physicians.
Text
The Canadian Medical Association and its provincial/territorial medical associations and affiliates call on Canada Health Infoway to support physicians in developing electronic medical records and linkages to electronic health records by making funding directly available to physicians.
Less detail

Amendments to PIPEDA, Bill S-4

https://policybase.cma.ca/en/permalink/policy11194
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Parliamentary submission
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
Text
The Canadian Medical Association (CMA) is pleased to make submissions on Bill S-4. CMA has followed the history of PIPEDA and participated in the studies of various Standing Committees, most notably and recently in 2007 to the House of Commons Standing Committee on Access to Information, Privacy and Ethics. CMA is pleased that amendments to PIPEDA are once again being considered. The Canadian Medical Association represents over 80,000 physicians in Canada. Privacy is an important value to physicians and the patients to whom they serve. This is reflected in our Code of Ethics and policies, in particular, Principles for the Protection of Patients' Personal Health Information and Statement of Principles: The Sale and Use of Data on Individual Physicians' Prescribing. Physicians are also required to abide by privacy and confidentiality standards of practice. Thus, the CMA has a strong interest and valuable insights into the topic of personal information and privacy with respect to health information. We thank the Standing Committee for the opportunity to comment on the proposed amendments to PIPEDA. Our key comments are outlined below: Issue 1: CMA supports the existing legislative framework on the collection, use and disclosure of personal information produced by an individual in the course of their employment, business or profession ("work product") and suggests further amendments focus on strengthening it further. CMA supports the current standing of work products, that work products are considered to be personal information. That is, we support the framework defining personal information as information about an identifiable individual and that there is no carved out definition or exemption for "work product". CMA supports the position of the Office of Privacy Commissioner's following its 2007 investigation on work products, that they should not be exempted for two main reasons: * The exemption is not needed, and it would be inconsistent with the balanced approach in the current definition of personal information. The current definition of personal information and the approach to deciding issues based on that definition have worked well. They have promoted a level of privacy protection that balances the right of privacy in personal information with the needs of organizations for the reasonable and appropriate collection, use and disclosure of personal information. ...Because the concept of "work product" is ambiguous, excluding it from the definition of personal information could have unpredictable consequences that would diminish privacy unnecessarily. * (http://www.priv.gc.ca/parl/2007/sub_070222_03_e.asp) It is the CMA's position that work products should be considered personal information and given the section 7 amendments, work products should only be collected, used or disclosed without consent only if it is consistent with the purposes for which the information was produced. In the case of physicians, a prime example of a physician's work product is prescribing information. Prescribing information is a synthesis of assessing patients - by probing into their health, familial, social and sometimes financial background - infused with medical knowledge, skill and competencies resulting in a diagnosis and treatment plan, which often includes prescribing a medication or test. Not only is the physician's prescribing information a product of physicians' work but would not exist but for a trusting physician-patient relationship wherein the patient's private and personal information are shared under circumstances of vulnerability and trust. The outcome is that this is personal information. Prescribing information is about an individual: it includes the name of the patient, the name of the prescribing physician, and the drug name, dosage, amount and frequency; giving major clues as to what the patient's health issue(s) are. For further clarity, however, CMA recommends that physician information, and physician work products, should be specifically recognized within the legislation as personal information. To this end, we would propose that the following addition be made to the definition section under personal health information: Section 2.(1) "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; CMA supports the amendments to subsections 7(1)-(3) of the Act that any subsequent collection, use and disclosure of work products without consent must be related to the original purpose (of collection, use and disclosure). This relationship reflects the government's understanding and faithfulness to privacy principles. This is particularly critical when dealing with health information, and is even more critical in today's world given the ease of linking information through advancements in technology. In the absence of a causal relationship, personal information should not be used for system performance, commercial enterprise, data brokering, research, assessment or other purposes. CMA recommends that the legislation should go further and allow persons who believe that protection cannot be afforded under the legislation that they have the authority to refuse to communicate the information. This is the conceptual approach taken in Quebec's Act Respecting the Protection of Personal Information in the Private Sector wherein persons have an opportunity to refuse that professional information (as defined therein) be used for commercial purposes. Physicians are constantly writing prescriptions and such information should only be used for other purposes in the interests of patients and the health care system, and not to serve commercial interests or marketing strategies. If physicians do not feel that such protection is afforded patients, then they should be permitted to refuse that such information be collected, used or disclosed. Patient privacy should be primary. And finally, addressing work products in legislation clears up past differences of interpretation by Privacy Commissioners thus, providing certainty and clarity to the public. Recommendation 1: That Section 2. (1) "personal health information", be amended to read as follows: "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; Issue 2: CMA is pleased to see a section on breaches of security safeguards and recommends greater specificity. As noted above, physicians have responsibilities as data stewards and custodians of health information. As such, CMA supports breach notification measures that would enhance and protect patient privacy. In principle, we support the proposed amendments of breach disclosures to the Privacy Commissioner, to individuals and to organizations. However, CMA is concerned that meeting the requirements may be confusing. For example, in the health care context, it is easy to surmise that all health information is "sensitive". A far more difficult matter is determining whether the risk reaches the threshold of "significant harm" and the "probability" that the information "will be misused". The result being that incidental disclosures will be reported causing unnecessary concern and confusion in the patient population. Further specificity is recommended and we suggest something akin to Ontario's Personal Health Information Protection Act, 2004 (PHIPA). The PHIPA is an act specifically dealing with personal health information. One of its purposes is "to establish rules for the collection, use and disclosure of personal health information about individuals that protect the confidentiality of that information and the privacy of individuals with respect to that information, while facilitating the effective provision of health care" (section 1a ). The PHIPA notification provision states that the individual shall be notified "...at the first reasonable opportunity if the information is stolen, lost or accessed by unauthorized persons", [section 12(2)]. CMA is unaware of any concerns with this approach. The language of PIPIEDA is one of reasonable belief of real risk of significant harm to an individual. The issue is the test for required notification of patients for incidental inadvertent breaches and decreasing "notification fatigue". To illustrate the issue, if physicians were told today that patient data could be retrieved from the drums of discarded photocopiers and printers, it would be inappropriate for legislation to suggest that the entire patient population during the life of the photocopier or printer be notified. To this end, we recommend that there be acknowledgement that in some circumstances notification may not be required. The probability of misuse under PIPEDA is more ambiguous than the PHIPA test. Under PHIPA, the approach is more objective in that the data must be stolen, lost or accessed by unauthorized persons. To our knowledge, the Ontario model has been in place for almost a decade with no significant issues and thus we submit is one that works. In other jurisdictions (eg., Newfoundland and Labrador, Nova Scotia, New Brunswick) with health privacy legislation, there is acknowledgement of trying to balance notification and those breaches unlikely to result in harm by directly indicating when notification is not required. Recommendation 2: CMA recommends that the statute move towards a more objective test and acknowledge that there are situations when notice is not required. Issue 3: CMA supports disclosure without consent under limited circumstances, but finds the current list of disclosures overly inclusive. Health information is considered highly sensitive information and is initially collected for the purpose of individual patient health care. It should only be disclosed with consent and in only some exceptions without consent. The PIPEDA amendments for disclosure without consent have been broadened. Privacy, confidentiality and trust are the foundations of the patient-physician relationship. Without these fundamental values in play, open and honest communications cannot occur and patients would not receive the care they require. Both the patient and the physician have significant investment in the relationship. CMA respects the requirements to disclose information without consent under certain premises, such as required by court order or statute. However, any kind of activity requiring physicians to disclose patient's information without consent for the purposes of advancing a government or institution's goal could jeopardize the relationship. Both the patient's consent and the physician's consent should be required if there is potential to disturb this relationship. The physician is fiduciary of the relationship and is appropriately situated to assess and determine whether disclosure will disturb the relationship. While CMA acknowledges that certain situations may require that disclosure occur without consent (eg. purposes of investigating fraud, national security, abuse or as legally required), disclosure for less malicious activities (e.g., breaches of an agreement, insurance claims) ought to require a court order or warrant. For example, under the proposed section 7(3)(d.1) if a physician were in default of a contract with a technology company supplying electronic medical record software or app to his/her clinic, the company could disclose health information without consent for the "purposes of investigating a breach of an agreement". While we appreciate that there is a caveat that disclosure without advising the patient can only occur if there is a reasonable expectation that the disclosure would compromise the investigation, we submit that leaving the determination of what is "reasonable" to an interested party to the breach is unfair to all. Another example, if a physician is a witness to a dispute between an employer and union representing an employee for denial of long term disability by an insurance company, and has filed a witness statement which includes a medical report he/she wrote to the employer's insurance company, under the proposed section 7(3)(e.1) disclosure of health information without consent is permitted in order to assess, process or settle an insurance claim. CMA is concerned that the disclosure amendments are overly broad and do not differentiate sufficiently between highly time sensitive or grossly malicious situations, and those where it is merely expedient or an administrative encumbrance to seek consent. In addition, the disclosure requirements are framed in permissive (ie., may) and not mandatory language (ie., shall). This is very problematic when the "organization" is a physicians' clinic unless the physician's own consent is made as a pre-condition. CMA believes this suggestion is a progressive one in keeping with the broadened disclosure amendments. Physicians are in a relationship of trust and take seriously the protection of patient privacy and confidentiality, for which they are trained and are ethically and legally required to protect. To place physicians in a position which might entail breaching this trust may impact the confidence of the physician and the patient in the patient-physician relationship which is required to properly formulate appropriate treatment plans; thus, negatively impacting the health of Canadians. Recommendation 3: That disclosures of health information without consent require a warrant or subpoena or court order. Furthermore, disclosures of health information require the physician's consent that in his/her opinion the disclosure does not harm the patient-physician relationship. And, finally any broadened disclosure situations be restricted to criminal activity or that impacting national security. Conclusion Once again, CMA appreciates the opportunity to provide comment as part of the committee's study of Bill S-4. CMA is prepared to work with Parliament, governments, health professionals and the public in ensuring legislative frameworks for the collection, usage and disclosure of personal information for legitimate and reasonable purposes.
Documents
Less detail

Secure modes of electronic communication between patients and health care providers

https://policybase.cma.ca/en/permalink/policy11230
Date
2014-08-20
Topics
Health information and e-health
Ethics and medical professionalism
Resolution
GC14-41
The Canadian Medical Association supports the creation and use of secure modes of electronic communication between patients and health care providers.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Health information and e-health
Ethics and medical professionalism
Resolution
GC14-41
The Canadian Medical Association supports the creation and use of secure modes of electronic communication between patients and health care providers.
Text
The Canadian Medical Association supports the creation and use of secure modes of electronic communication between patients and health care providers.
Less detail

Big data and its negative impact on professionalism and the confidentiality of medical data

https://policybase.cma.ca/en/permalink/policy11263
Date
2014-08-20
Topics
Ethics and medical professionalism
Health information and e-health
Resolution
GC14-67
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Ethics and medical professionalism
Health information and e-health
Resolution
GC14-67
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Text
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Less detail

Insurance industry medical information requirements

https://policybase.cma.ca/en/permalink/policy11275
Date
2014-08-20
Topics
Health information and e-health
Health care and patient safety
Resolution
GC14-79
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Health information and e-health
Health care and patient safety
Resolution
GC14-79
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Text
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Less detail

Principles for the development, use and evaluation of health care databases

https://policybase.cma.ca/en/permalink/policy579
Last Reviewed
2017-03-04
Date
1997-08-20
Topics
Health information and e-health
Ethics and medical professionalism
Resolution
GC97-26
That physicians, through the Canadian Medical Association, its Divisions and affiliates, should be involved in delineating principles to guide the development, use and evaluation of databases that provide linkages between health care utilization, socioeconomic status and other determinants of health and health status.
Policy Type
Policy resolution
Last Reviewed
2017-03-04
Date
1997-08-20
Topics
Health information and e-health
Ethics and medical professionalism
Resolution
GC97-26
That physicians, through the Canadian Medical Association, its Divisions and affiliates, should be involved in delineating principles to guide the development, use and evaluation of databases that provide linkages between health care utilization, socioeconomic status and other determinants of health and health status.
Text
That physicians, through the Canadian Medical Association, its Divisions and affiliates, should be involved in delineating principles to guide the development, use and evaluation of databases that provide linkages between health care utilization, socioeconomic status and other determinants of health and health status.
Less detail

Principles concerning physician information

https://policybase.cma.ca/en/permalink/policy208
Last Reviewed
2019-03-03
Date
2002-06-02
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Policy document
Last Reviewed
2019-03-03
Date
2002-06-02
Topics
Health information and e-health
Ethics and medical professionalism
Text
Principles concerning physician information (CMA policy – approved June 2002) In an environment in which the capacity to capture, link and transmit information is growing and the need for fuller accountability is being created, the demand for physician information, and the number of people and organizations seeking to collect it, is increasing. Physician information, that is, information that includes personal health information about and information that relates or may relate to the professional activity of an identifiable physician or group of physicians, is valuable for a variety of purposes. The legitimacy and importance of these purposes varies a great deal, and therefore the rationale and rules related to the collection, use, access and disclosure of physician information also varies. The Canadian Medical Association (CMA) developed this policy to provide guiding principles to those who collect, use, have access to or disclose physician information. Such people are termed “custodians,” and they should be held publicly accountable. These principles complement and act in concert with the CMA Health Information Privacy Code (1), which holds patient health information sacrosanct. Physicians have legitimate interests in what information about them is collected, on what authority, by whom and for what purposes it is collected, and what safeguards and controls are in place. These interests include privacy and the right to exercise some control over the information; protection from the possibility that information will cause unwarranted harm, either at the individual or the group level; and assurance that interpretation of the information is accurate and unbiased. These legitimate interests extend to information about physicians that has been rendered in non-identifiable or aggregate format (e.g., to protect against the possibility of individual physicians being identified or of physician groups being unjustly stigmatized). Information in these formats, however, may be less sensitive than information from which an individual physician can be readily identified and, therefore, may warrant less protection. The purposes for the use of physician information may be more or less compelling. One compelling use is related to the fact that physicians, as members of a self-regulating profession, are professionally accountable to their patients, their profession and society. Physicians support this professional accountability purpose through the legislated mandate of their regulatory colleges. Physicians also recognize the importance of peer review in the context of professional development and maintenance of competence. The CMA supports the collection, use, access and disclosure of physician information subject to the conditions outlined below. Purpose(s): The purpose(s) for the collection of physician information, and any other purpose(s) for which physician information may be subsequently used, accessed or disclosed, should be precisely specified at or before the collection. There should be a reasonable expectation that the information will achieve the stated purpose(s). The policy does not prevent the use of information for purposes that were not intended and not reasonably anticipated if principles 3 and 4 of this policy are met. Consent: As a rule, information should be collected directly from the physician. Subject to principle 4, consent should be sought from the physician for the collection, use, access or disclosure of physician information. The physician should be informed about all intended and anticipated uses, accesses or disclosures of the information. Conditions for collection, use, access and disclosure: The information should: be limited to the minimum necessary to carry out the stated purpose(s), be in the least intrusive format required for the stated purpose(s), and its collection, use, access and disclosure should not infringe on the physician’s duty of confidentiality with respect to that information. Use of information without consent: There may be justification for the collection, use, access or disclosure of physician information without the physician’s consent if, in addition to the conditions in principle 3 being met, the custodian publicly demonstrates with respect to the purpose(s), generically construed, that: the stated purpose(s) could not be met or would be seriously compromised if consent were required, the stated purpose(s) is(are) of sufficient importance that the public interest outweighs to a substantial degree the physician’s right to privacy and right of consent in a free and democratic society, and that the collection, use, access or disclosure of physician information with respect to the stated purpose(s) always ensures justice and fairness to the physician by being consistent with principle 6 of this policy. Physician’s access to his or her own information: Physicians have a right to view and ensure, in a timely manner, the accuracy of the information collected about them. This principle does not apply if there is reason to believe that the disclosure to the physician will cause substantial adverse effect to others. The onus is on the custodian to justify a denial of access. 6. Information quality and interpretation: Custodians must take reasonable steps to ensure that the information they collect, use, gain access to or disclose is accurate, complete and correct. Custodians must use valid and reliable collection methods and, as appropriate, involve physicians to interpret the information; these physicians must have practice characteristics and credentials similar to those of the physician whose information is being interpreted. 7. Security: Physical and human safeguards must exist to ensure the integrity and reliability of physician information and to protect against unauthorized collection, use, access or disclosure of physician information. 8. Retention and destruction: Physician information should be retained only for the length of time necessary to fulfill the specified purpose(s), after which time it should be destroyed. 9. Inquiries and complaints: Custodians must have in place a process whereby inquiries and complaints can be received, processed and adjudicated in a fair and timely way. The complaint process, including how to initiate a complaint, must be made known to physicians. 10. Openness and transparency: Custodians must have transparent and explicit record-keeping or database management policies, practices and systems that are open to public scrutiny, including the purpose(s) for the collection, use, access and disclosure of physician information. The existence of any physician information record-keeping systems or database systems must be made known and available upon request to physicians. 11. Accountability: Custodians of physician information must ensure that they have proper authority and mandate to collect, use, gain access to or disclose physician information. Custodians must have policies and procedures in place that give effect to the principles in this document. Custodians must have a designated person who is responsible for monitoring practices and ensuring compliance with the policies and procedures. (1) Canadian Medical Association. Health Information Privacy Code. CMAJ 1998;159(8):997-1016.
Documents
Less detail

7 records – page 1 of 1.