Skip header and navigation
CMA PolicyBase

Policies that advocate for the medical profession and Canadians


11 records – page 1 of 1.

Guiding principles for the optimal use of data analytics by physicians at the point of care

https://policybase.cma.ca/en/permalink/policy11812
Last Reviewed
2020-02-29
Date
2016-02-27
Topics
Health information and e-health
  1 document  
Policy Type
Policy document
Last Reviewed
2020-02-29
Date
2016-02-27
Topics
Health information and e-health
Text
Electronic tools are now being used more widely in medicine than ever before. A majority of physicians in Canada have adopted electronic medical records (EMRs)-75% of physicians use EMRs to enter or retrieve clinical patient notes, and 80% use electronic tools to access laboratory/diagnostic test results. The increased use of point-of-care tools and information repositories has resulted in the mass digitization and storage of clinical information, which provides opportunities for the use of big data analytics. Big data analytics may come to be understood as the process of examining clinical data in EMRs cross-referenced with other administrative, demographic and behavioural data sources to reveal determinants of patient health and patterns in clinical practice. Its increased use may provide opportunities to develop and enhance clinical practice tools and to improve health outcomes at both point-of-care and population levels. However, given the nature of EMR use in Canada, these opportunities may be restricted to primary care practice at this time. Physicians play a central role in finding the right balance between leveraging the advantages of big data analytics and protecting patient privacy. Guiding Principles for the Optimal Use of Data Analytics by Physicians at the Point of Care outlines basic considerations for the use of big data analytics services and highlights key considerations when responding to requests for access to EMR data, including the following: * Why will data analytics be used? Will the safety and effectiveness of patient care be enhanced? Will the results be used to inform public health measures? * What are the responsibilities of physicians to respect and protect patient and physician information, provide appropriate information during consent conversations, and review data sharing agreements and consult with EMR vendors to understand how data will be used? As physicians will encounter big data analytics in a number of ways, this document also outlines the characteristics one should be looking for when assessing the safety and effectiveness of big data analytics services: * protection of privacy * clear and detailed data sharing agreement * physician-owned and -led data collaboratives * endorsement by a professional or recognized association, medical society or health care organization * scope of services and functionality/appropriateness of data While this guidance is not a standalone document-it should be used as a supplemental reference to provincial privacy legislation-it is hoped that it can aid physicians to identify suitable big data analytics services and derive benefits from them. Introduction This document outlines basic considerations for the use of big data analytics services at the point of care or for research approved by a research ethics board. This includes considerations when responding to requests for access to data in electronic medical records (EMRs). These guiding principles build on the policies of the Canadian Medical Association (CMA) on Data Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records,1 Principles Concerning Physician Information2 and Principles for the Protection of Patients' Personal Health Information,3 the 2011 clinical vignettes Disclosing Personal Health Information to Third Parties4 and Need to Know and Circle of Care,5 and the Canadian Medical Protective Association's The Impact of Big Data on Healthcare and Medical Practice.6 These guiding principles are for information and reference only and should not be construed as legal or financial advice, nor is this document a substitute for legal or other professional advice. Physicians must always comply with all legislation that applies to big data analytics, including privacy legislation. Big data analytics in the clinical context involves the collection, use and potential disclosure of patient and physician information, both of which could be considered sensitive personal information under privacy legislation. Big data analytics has the potential to improve health outcomes, both at the point of care and at a population level. Doctors have a key role to play in finding the right balance between leveraging the advantages of big data (enhanced care, service delivery and resource management) and protecting patient privacy.7 Background A majority of physicians in Canada have adopted EMRs in their practice. The percentage of physicians using EMRs to enter or retrieve clinical patient notes increased from 26% in 2007 to 75% in 2014. Eighty percent of physicians used electronic tools to access laboratory/diagnostic test results in 2014, up from 38% in 2010.8 The increasingly broad collection of information by physicians at the point of care, combined with the growth of information repositories developed by various governmental and intergovernmental bodies, has resulted in the mass digitization and storage of clinical information. Big data is the term for data sets so large and complex that it is difficult to process them using traditional relational database management systems, desktop statistics and visualization software. What is considered "big" depends on the infrastructure and capabilities of the organization managing the data.9 Analytics is the discovery and communication of meaningful patterns in data. Analytics relies on the simultaneous application of statistics, computer programming and operations research. Analytics often favours data visualization to communicate insight, and insights from data are used to guide decision-making.10 For physicians, big data analytics may come to be understood as the process of examining the clinical data in EMRs cross-referenced with other administrative, demographic and behavioural data sources to reveal determinants of patient health and patterns in clinical practice. This information can be used to assist clinical decision-making or for research approved by a research ethics board. There are four types of big data analytics physicians may encounter in the provision of patient care. They are generally performed in the following sequence, in a continuous cycle11,12,13,14: 1. Population health analytics: Health trends are identified in the aggregate within a community, a region or a national population. The data can be derived from biomedical and/or administrative data. 2. Risk-based cost analysis: Populations are segmented into groups according to the level of risk to the patient's health and/or cost to the health system. 3. Care management: Clinicians are enabled to manage patient care according to defined care pathways and clinical protocols informed by population health analytics and risk-based cost analysis. Care management includes the following: o Clinical decision support: Outcomes are predicted and/or alternative treatments are recommended to clinicians and patients at the point of care. o Personalized/precision care: Personalized data sets, such as genomic DNA sequences for at-risk patients, are leveraged to highlight best practice treatments for patients and practitioners. These solutions may offer early detection and diagnosis before a patient develops disease symptoms. o Clinical operations: Workflow management is performed, such as wait-times management, mining historical and unstructured data for patterns to predict events that may affect care. o Continuing education and professional development: Longitudinal performance data are combined across institutions, classes, cohorts or programs with correlating patient outcomes to assess models of education and/or develop new programs. 4. Performance analytics: Metrics for quality and efficiency of patient care are cross-referenced with clinical decision-making and performance data to assess clinical performance. This cycle is also sometimes understood as a component of "meaningful" or "enhanced" use of EMRs. How might physicians encounter big data analytics? Many EMRs run analytics both visibly (e.g., as a function that can be activated at appropriate junctures in the care pathway) and invisibly (e.g., as tools that run seamlessly in the background of an EMR). Physicians may or may not be aware when data are being collected, analyzed, tailored or presented by big data analytics services. However, many jurisdictions are strengthening their laws and standards, and best practices are gradually emerging.15 Physicians may have entered into a data sharing agreement with their EMR vendor when they procured an EMR for their practice. Such agreements may include provisions to share de-identified (i.e., anonymized) and/or aggregate data with the EMR vendor for specified or unspecified purposes. Physicians may also receive requests from third parties to share their EMR data. These requests may come from various sources: * provincial governments * intergovernmental agencies * national and provincial associations, including medical associations * non-profit organizations * independent researchers * EMR vendors, service providers and other private corporations National Physician Survey results indicate that in 2014, 10% of physicians had shared data from their EMRs for the purposes of research, 10% for chronic disease surveillance and 8% for care improvement. Family physicians were more likely than other specialists to share with public health agencies (22% v. 11%) and electronic record vendors (13% v. 2%). Specialists were more likely than family physicians to share with researchers (59% v. 37%), hospital departments (47% v. 20%) and university departments (28% v. 15%). There is significant variability across the provinces with regard to what proportion of physicians are sharing information from their EMRs, which is affected by the presence of research initiatives, research objectives defined by the approval of a research ethics board, the adoption rates of EMRs among physicians in the province and the functionality of those EMRs.16 For example, there are family practitioners across Canada who provide data to the Canadian Primary Care Sentinel Surveillance Network (CPCSSN). The CPCSSN is a multi-disease EMR surveillance and research system that allows family physicians, epidemiologists and researchers to understand and manage chronic care conditions for patients. Health information is collected from EMRs in the offices of participating family physicians, specifically information about Canadians suffering from chronic and mental health conditions and three neurologic conditions, including Alzheimer's and related dementias.17 In another example, the Canadian Partnership Against Cancer's Surgical Synoptic Reporting Initiative captures standardized information about surgery at the point of care and transmits the surgical report to other health care personnel. Surgeons can use the captured information, which gives them the ability to assess adherence to the clinical evidence and safety procedures embedded in the reporting templates, to track their own practices and those of their community.18 The concept of synoptic reporting-whereby a physician provides anonymized data about their practice in return for an aggregate report summarizing the practice of others -can be expanded to any area in which an appropriate number of physicians are willing to participate. Guiding principles for the use of big data analytics These guiding principles are designed to give physicians a starting point as they consider the use of big data analytics in their practices: * The objective of using big data analytics must be to enhance the safety and/or effectiveness of patient care or for the purpose of health promotion. * Should a physician use big data analytics, it is the responsibility of the physician to do so in a way that adheres to their legislative, regulatory and/or professional obligations. * Physicians are responsible for the privacy of their individual patients. Physicians may wish to refer to the CMA's policy on Principles for the Protection of Patients' Personal Health Information.19 * Physicians are responsible for respecting and protecting the privacy of other physicians' information. Physicians may wish to refer to the CMA's policy on Principles Concerning Physician Information.20 * When physicians enter into and document a broad consent discussion with their patient, which can include the electronic management of health information, this agreement should convey information to cover the elements common to big data analytics services. * Physicians may also wish to consider the potential for big data analytics to inform public health measures and enhance health system efficiency and take this into account when responding to requests for access to data in an EMR. * Many EMR vendors provide cloud-based storage to their clients, so information entered into an EMR may be available to the EMR vendor in a de-identified and/or aggregate state. Physicians should carefully read their data sharing agreement with their EMR vendor to understand how and why the data that is entered into an EMR is used, and/or they should refer to the CMA's policy on the matter, Data Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records.21 * Given the dynamic nature of this emerging tool, physicians are encouraged to share information about their experiences with big data analytics and its applications with colleagues. Characteristics of safe and effective big data analytics services 1. Protection of privacy Privacy and security concerns present a challenge in linking big data in EMRs. As data are linked, it becomes increasingly difficult to de-identify individual patients.22 As care is increasingly provided in interconnected, digital environments, physicians are having to take on the role of data stewardship. To that end, physicians may wish to employ conservative risk assessment practices-"should we" as opposed to "can we" when linking data sources-and obtain express patient consent, employing a "permission-based" approach to the collection and stewardship of data. 2. A clear and detailed data sharing agreement Physicians entering into a contract with an EMR vendor or other third party for provision of services should understand how and when they are contributing to the collection of data for the purposes of big data analytics services. There are template data sharing agreements available, which include the basic components of safe and effective data sharing, such as the model provided by the Information and Privacy Commissioner of Ontario.23 Data sharing agreements may include general use and project-specific use, both of which physicians should assess before entering into the agreement. When EMR access is being provided to a ministry of health and/or regional health authority, the data sharing agreement should distinguish between access to administrative data and access to clinical data. Physicians may wish to refer to the CMA's policy on Data Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records.24 3. Physician-owned and -led data collaboratives In some provinces there may exist opportunities to share clinical data in physician-owned and -led networks to reflect on and improve patient care. One example is the Physicians Data Collaborative in British Columbia, a not-for-profit organization open to divisions of family practice.25 Collaboratives such as this one are governed by physicians and driven by a desire to protect the privacy and safety of patients while producing meaningful results for physicians in daily practice. Participation in physician-owned data collaboratives may ensure that patient data continue to be managed by physicians, which may lead to an appropriate prioritization of physicians' obligations to balance patient-centred care and patient privacy. 4. Endorsement by a professional or other recognized association or medical society or health care organization When considering use of big data analytics services, it is best to select services created or endorsed by a professional or other recognized association or medical society. Some health care organizations, such as hospitals, may also develop or endorse services for use in their clinical environments. Without such endorsement, physicians are advised to proceed with additional caution. 5. Scope of services and functionality/appropriateness of data Physicians may wish to seek out information from EMR vendors and service providers about how big data analytics services complement the process of diagnosis and about the range of data sources from which these services draw. While big data analytics promises insight into population health and practice trends, if it is not drawing from an appropriate level of cross-referenced sources it may present a skewed picture of both.26 Ultimately, the physician must decide if the sources are appropriately diverse. Physicians should expect EMR vendors and service providers to make clear how and why they draw the information they do in the provision of analytics services. Ideally, analytics services should integrate population health analytics, risk-based cost analysis, care management services (such as point-of-care decision support tools) and performance analytics. Physicians should expect EMR vendors to allocate sufficient health informatics resources to information management, technical infrastructure, data protection and response to breaches in privacy, and data extraction and analysis.27,28 Physicians may also wish to consider the appropriateness of data analytics services in the context of their practices. Not all data will be useful for some medical specialties, such as those treating conditions that are relatively rare in the overall population. The potential for new or enhanced clinical practice tools informed by big data analytics may be restricted to primary care practice at this time.29 Finally, predictive analytics often make treatment recommendations that are designed to improve the health outcomes in a population, and these recommendations may conflict with physicians' ethical obligations to act in the best interests of individual patients and respect patients' autonomous decision-making).30 References 1 Canadian Medical Association. Data sharing agreements: principles for electronic medical records/electronic health records [CMA policy]. Ottawa: The Association; 2009. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD09-01.pdf 2 Canadian Medical Association. Principles concerning physician information [CMA policy]. CMAJ 2002 167(4):393-4. Available: http://policybase.cma.ca/dbtw-wpd/PolicyPDF/PD02-09.pdf 3 Canadian Medical Association. Principles for the protection of patients' personal health information [CMA policy]. Ottawa: The Association; 2010. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD11-03.pdf 4 Canadian Medical Association. Disclosing personal health information to third parties. Ottawa: The Association; 2011. Available: www.cma.ca/Assets/assets-library/document/en/advocacy/CMA_Disclosure_third_parties-e.pdf 5 Canadian Medical Association. Need to know and circle of care. Ottawa: The Association; 2011. Available: www.cma.ca/Assets/assets-library/document/en/advocacy/CMA_Need_to_know_circle_care-e.pdf 6 Canadian Medical Protective Association. The impact of big data on healthcare and medical practice. Ottawa: The Association; no date. Available: https://oplfrpd5.cmpa-acpm.ca/documents/10179/301372750/com_14_big_data_design-e.pdf 7 Kayyali B, Knott D, Van Kuiken S. The 'big data' revolution in US health care: accelerating value and innovation. New York: McKinsey & Company; 2013. p. 1. 8 College of Family Physicians of Canada, Canadian Medical Association, Royal College of Physicians and Surgeons of Canada. National physician survey, 2014. National results by FP/GP or other specialist, sex, age and all physicians. Q7. Ottawa: The Colleges and Association; 2014. Available: http://nationalphysiciansurvey.ca/wp-content/uploads/2014/08/2014-National-EN-Q7.pdf 9 Anonymous. Data, data everywhere. The Economist 2010 Feb 27. Available: www.economist.com/node/15557443 10 Anonymous. Data, data everywhere. The Economist 2010 Feb 27. Available: www.economist.com/node/15557443 11 Canada Health Infoway. Big data analytics in health. Toronto: Canada Health Infoway; 2013. Available: www.infoway-inforoute.ca/index.php/resources/technical-documents/emerging-technology/doc_download/1419-big-data-analytics-in-health-white-paper-full-report (accessed 2014 May 16). 12 Ellaway RH, Pusic MV, Galbraith RM, Cameron T. 2014 Developing the role of big data and analytics in health professional education. Med Teach 2014;36(3):216-222. 13 Marino DJ. Using business intelligence to reduce the cost of care. Healthc Financ Manage 2014;68(3):42-44, 46. 14 Porter ME, Lee TH. The strategy that will fix health care. Harv Bus Rev 2013;91(10):50-70. 15 Baggaley C. Data protection in a world of big data: Canadian Medical Protective Association information session [presentation]. 2014 Aug 20. Available: https://oplfrpd5.cmpa-acpm.ca/documents/10179/301372750/com_2014_carmen_baggaley-e.pdf 16 College of Family Physicians of Canada, Canadian Medical Association, Royal College of Physicians and Surgeons of Canada. National physician survey, 2014. National results by FP/GP or other specialist, sex, age and all physicians. Q10. Ottawa: The Colleges and Association; 2014. Available: http://nationalphysiciansurvey.ca/wp-content/uploads/2014/08/2014-National-EN-Q10.pdf 17 Canadian Primary Care Sentinel Surveillance Network. Available: http://cpcssn.ca/ (accessed 2014 Nov 15). 18 Canadian Partnership Against Cancer. Sustaining action toward a shared vision: 2012-2017 strategic plan. Toronto: The Partnership; no date. Available: www.partnershipagainstcancer.ca/wp-content/uploads/sites/5/2015/03/Sustaining-Action-Toward-a-Shared-Vision_accessible.pdf 19 Canadian Medical Association. Principles for the protection of patients' personal health information [CMA policy]. Ottawa: The Association; 2011. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD11-03.pdf 20 Canadian Medical Association. Principles for the protection of patients' personal health information [CMA policy]. Ottawa: The Association; 2011. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD11-03.pdf 21 Canadian Medical Association. Data sharing agreements: principles for electronic medical records/electronic health records [CMA policy]. Ottawa: The Association; 2009. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD09-01.pdf 22 Weber G, Mandl KD, Kohane IS. Finding the missing link for big biomedical data . JAMA 2014;311(24):2479-2480. doi:10.1001/jama.2014.4228. 23 Information and Privacy Commissioner of Ontario. Model data sharing agreement. Toronto: The Commissioner; 1995. Available: www.ipc.on.ca/images/Resources/model-data-ag.pdf 24 Canadian Medical Association. Data sharing agreements: principles for electronic medical records/electronic health records [CMA policy]. Ottawa: The Association; 2009. Available: http://policybase.cma.ca/dbtw-wpd/Policypdf/PD09-01.pdf 25 Physicians Data Collaborative. Overview. Available: www.divisionsbc.ca/datacollaborative/home 26 Cohen IG, Amarasingham R, Shah A, Xie B, Lo B. The legal and ethical concerns that arise from using complex predictive analytics in health care. Health Aff 2014;33(7):1139-1147. 27 Rhoads J, Ferrara L. Transforming healthcare through better use of data. Electron Healthc 2012;11(1):e27. 28 Canadian Medical Protective Association. The impact of big data and healthcare and medical practice. Ottawa: The Association; no date. Available: https://oplfrpd5.cmpa-acpm.ca/documents/10179/301372750/com_14_big_data_design-e.pdf 29 Genta RM, Sonnenberg A. Big data in gastroenterology research. Nat Rev Gastroenterol Hepatol 2014;11(6):386-390. 30 Cohen IG, Amarasingham R, Shah A, Xie B, Lo B. The legal and ethical concerns that arise from using complex predictive analytics in health care. Health Aff 2014;33(7):1139-1147.
Documents
Less detail

Patients access to their electronic medical record

https://policybase.cma.ca/en/permalink/policy11924
Date
2016-08-24
Topics
Health information and e-health
Resolution
GC16-49
The Canadian Medical Association recommends that patients be able to access their electronic medical record and contribute information to it.
Policy Type
Policy resolution
Date
2016-08-24
Topics
Health information and e-health
Resolution
GC16-49
The Canadian Medical Association recommends that patients be able to access their electronic medical record and contribute information to it.
Text
The Canadian Medical Association recommends that patients be able to access their electronic medical record and contribute information to it.
Less detail

Funding criteria for any new electronic medical record initiative

https://policybase.cma.ca/en/permalink/policy11925
Date
2016-08-24
Topics
Health systems, system funding and performance
Health information and e-health
Resolution
GC16-50
The Canadian Medical Association recommends that funding criteria for any new electronic medical record initiative include the ability for patients to access and contribute to their record.
Policy Type
Policy resolution
Date
2016-08-24
Topics
Health systems, system funding and performance
Health information and e-health
Resolution
GC16-50
The Canadian Medical Association recommends that funding criteria for any new electronic medical record initiative include the ability for patients to access and contribute to their record.
Text
The Canadian Medical Association recommends that funding criteria for any new electronic medical record initiative include the ability for patients to access and contribute to their record.
Less detail

Amendments to PIPEDA, Bill S-4

https://policybase.cma.ca/en/permalink/policy11194
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Parliamentary submission
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
Text
The Canadian Medical Association (CMA) is pleased to make submissions on Bill S-4. CMA has followed the history of PIPEDA and participated in the studies of various Standing Committees, most notably and recently in 2007 to the House of Commons Standing Committee on Access to Information, Privacy and Ethics. CMA is pleased that amendments to PIPEDA are once again being considered. The Canadian Medical Association represents over 80,000 physicians in Canada. Privacy is an important value to physicians and the patients to whom they serve. This is reflected in our Code of Ethics and policies, in particular, Principles for the Protection of Patients' Personal Health Information and Statement of Principles: The Sale and Use of Data on Individual Physicians' Prescribing. Physicians are also required to abide by privacy and confidentiality standards of practice. Thus, the CMA has a strong interest and valuable insights into the topic of personal information and privacy with respect to health information. We thank the Standing Committee for the opportunity to comment on the proposed amendments to PIPEDA. Our key comments are outlined below: Issue 1: CMA supports the existing legislative framework on the collection, use and disclosure of personal information produced by an individual in the course of their employment, business or profession ("work product") and suggests further amendments focus on strengthening it further. CMA supports the current standing of work products, that work products are considered to be personal information. That is, we support the framework defining personal information as information about an identifiable individual and that there is no carved out definition or exemption for "work product". CMA supports the position of the Office of Privacy Commissioner's following its 2007 investigation on work products, that they should not be exempted for two main reasons: * The exemption is not needed, and it would be inconsistent with the balanced approach in the current definition of personal information. The current definition of personal information and the approach to deciding issues based on that definition have worked well. They have promoted a level of privacy protection that balances the right of privacy in personal information with the needs of organizations for the reasonable and appropriate collection, use and disclosure of personal information. ...Because the concept of "work product" is ambiguous, excluding it from the definition of personal information could have unpredictable consequences that would diminish privacy unnecessarily. * (http://www.priv.gc.ca/parl/2007/sub_070222_03_e.asp) It is the CMA's position that work products should be considered personal information and given the section 7 amendments, work products should only be collected, used or disclosed without consent only if it is consistent with the purposes for which the information was produced. In the case of physicians, a prime example of a physician's work product is prescribing information. Prescribing information is a synthesis of assessing patients - by probing into their health, familial, social and sometimes financial background - infused with medical knowledge, skill and competencies resulting in a diagnosis and treatment plan, which often includes prescribing a medication or test. Not only is the physician's prescribing information a product of physicians' work but would not exist but for a trusting physician-patient relationship wherein the patient's private and personal information are shared under circumstances of vulnerability and trust. The outcome is that this is personal information. Prescribing information is about an individual: it includes the name of the patient, the name of the prescribing physician, and the drug name, dosage, amount and frequency; giving major clues as to what the patient's health issue(s) are. For further clarity, however, CMA recommends that physician information, and physician work products, should be specifically recognized within the legislation as personal information. To this end, we would propose that the following addition be made to the definition section under personal health information: Section 2.(1) "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; CMA supports the amendments to subsections 7(1)-(3) of the Act that any subsequent collection, use and disclosure of work products without consent must be related to the original purpose (of collection, use and disclosure). This relationship reflects the government's understanding and faithfulness to privacy principles. This is particularly critical when dealing with health information, and is even more critical in today's world given the ease of linking information through advancements in technology. In the absence of a causal relationship, personal information should not be used for system performance, commercial enterprise, data brokering, research, assessment or other purposes. CMA recommends that the legislation should go further and allow persons who believe that protection cannot be afforded under the legislation that they have the authority to refuse to communicate the information. This is the conceptual approach taken in Quebec's Act Respecting the Protection of Personal Information in the Private Sector wherein persons have an opportunity to refuse that professional information (as defined therein) be used for commercial purposes. Physicians are constantly writing prescriptions and such information should only be used for other purposes in the interests of patients and the health care system, and not to serve commercial interests or marketing strategies. If physicians do not feel that such protection is afforded patients, then they should be permitted to refuse that such information be collected, used or disclosed. Patient privacy should be primary. And finally, addressing work products in legislation clears up past differences of interpretation by Privacy Commissioners thus, providing certainty and clarity to the public. Recommendation 1: That Section 2. (1) "personal health information", be amended to read as follows: "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; Issue 2: CMA is pleased to see a section on breaches of security safeguards and recommends greater specificity. As noted above, physicians have responsibilities as data stewards and custodians of health information. As such, CMA supports breach notification measures that would enhance and protect patient privacy. In principle, we support the proposed amendments of breach disclosures to the Privacy Commissioner, to individuals and to organizations. However, CMA is concerned that meeting the requirements may be confusing. For example, in the health care context, it is easy to surmise that all health information is "sensitive". A far more difficult matter is determining whether the risk reaches the threshold of "significant harm" and the "probability" that the information "will be misused". The result being that incidental disclosures will be reported causing unnecessary concern and confusion in the patient population. Further specificity is recommended and we suggest something akin to Ontario's Personal Health Information Protection Act, 2004 (PHIPA). The PHIPA is an act specifically dealing with personal health information. One of its purposes is "to establish rules for the collection, use and disclosure of personal health information about individuals that protect the confidentiality of that information and the privacy of individuals with respect to that information, while facilitating the effective provision of health care" (section 1a ). The PHIPA notification provision states that the individual shall be notified "...at the first reasonable opportunity if the information is stolen, lost or accessed by unauthorized persons", [section 12(2)]. CMA is unaware of any concerns with this approach. The language of PIPIEDA is one of reasonable belief of real risk of significant harm to an individual. The issue is the test for required notification of patients for incidental inadvertent breaches and decreasing "notification fatigue". To illustrate the issue, if physicians were told today that patient data could be retrieved from the drums of discarded photocopiers and printers, it would be inappropriate for legislation to suggest that the entire patient population during the life of the photocopier or printer be notified. To this end, we recommend that there be acknowledgement that in some circumstances notification may not be required. The probability of misuse under PIPEDA is more ambiguous than the PHIPA test. Under PHIPA, the approach is more objective in that the data must be stolen, lost or accessed by unauthorized persons. To our knowledge, the Ontario model has been in place for almost a decade with no significant issues and thus we submit is one that works. In other jurisdictions (eg., Newfoundland and Labrador, Nova Scotia, New Brunswick) with health privacy legislation, there is acknowledgement of trying to balance notification and those breaches unlikely to result in harm by directly indicating when notification is not required. Recommendation 2: CMA recommends that the statute move towards a more objective test and acknowledge that there are situations when notice is not required. Issue 3: CMA supports disclosure without consent under limited circumstances, but finds the current list of disclosures overly inclusive. Health information is considered highly sensitive information and is initially collected for the purpose of individual patient health care. It should only be disclosed with consent and in only some exceptions without consent. The PIPEDA amendments for disclosure without consent have been broadened. Privacy, confidentiality and trust are the foundations of the patient-physician relationship. Without these fundamental values in play, open and honest communications cannot occur and patients would not receive the care they require. Both the patient and the physician have significant investment in the relationship. CMA respects the requirements to disclose information without consent under certain premises, such as required by court order or statute. However, any kind of activity requiring physicians to disclose patient's information without consent for the purposes of advancing a government or institution's goal could jeopardize the relationship. Both the patient's consent and the physician's consent should be required if there is potential to disturb this relationship. The physician is fiduciary of the relationship and is appropriately situated to assess and determine whether disclosure will disturb the relationship. While CMA acknowledges that certain situations may require that disclosure occur without consent (eg. purposes of investigating fraud, national security, abuse or as legally required), disclosure for less malicious activities (e.g., breaches of an agreement, insurance claims) ought to require a court order or warrant. For example, under the proposed section 7(3)(d.1) if a physician were in default of a contract with a technology company supplying electronic medical record software or app to his/her clinic, the company could disclose health information without consent for the "purposes of investigating a breach of an agreement". While we appreciate that there is a caveat that disclosure without advising the patient can only occur if there is a reasonable expectation that the disclosure would compromise the investigation, we submit that leaving the determination of what is "reasonable" to an interested party to the breach is unfair to all. Another example, if a physician is a witness to a dispute between an employer and union representing an employee for denial of long term disability by an insurance company, and has filed a witness statement which includes a medical report he/she wrote to the employer's insurance company, under the proposed section 7(3)(e.1) disclosure of health information without consent is permitted in order to assess, process or settle an insurance claim. CMA is concerned that the disclosure amendments are overly broad and do not differentiate sufficiently between highly time sensitive or grossly malicious situations, and those where it is merely expedient or an administrative encumbrance to seek consent. In addition, the disclosure requirements are framed in permissive (ie., may) and not mandatory language (ie., shall). This is very problematic when the "organization" is a physicians' clinic unless the physician's own consent is made as a pre-condition. CMA believes this suggestion is a progressive one in keeping with the broadened disclosure amendments. Physicians are in a relationship of trust and take seriously the protection of patient privacy and confidentiality, for which they are trained and are ethically and legally required to protect. To place physicians in a position which might entail breaching this trust may impact the confidence of the physician and the patient in the patient-physician relationship which is required to properly formulate appropriate treatment plans; thus, negatively impacting the health of Canadians. Recommendation 3: That disclosures of health information without consent require a warrant or subpoena or court order. Furthermore, disclosures of health information require the physician's consent that in his/her opinion the disclosure does not harm the patient-physician relationship. And, finally any broadened disclosure situations be restricted to criminal activity or that impacting national security. Conclusion Once again, CMA appreciates the opportunity to provide comment as part of the committee's study of Bill S-4. CMA is prepared to work with Parliament, governments, health professionals and the public in ensuring legislative frameworks for the collection, usage and disclosure of personal information for legitimate and reasonable purposes.
Documents
Less detail

Secure modes of electronic communication between patients and health care providers

https://policybase.cma.ca/en/permalink/policy11230
Date
2014-08-20
Topics
Health information and e-health
Ethics and medical professionalism
Resolution
GC14-41
The Canadian Medical Association supports the creation and use of secure modes of electronic communication between patients and health care providers.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Health information and e-health
Ethics and medical professionalism
Resolution
GC14-41
The Canadian Medical Association supports the creation and use of secure modes of electronic communication between patients and health care providers.
Text
The Canadian Medical Association supports the creation and use of secure modes of electronic communication between patients and health care providers.
Less detail

Big data and its negative impact on professionalism and the confidentiality of medical data

https://policybase.cma.ca/en/permalink/policy11263
Date
2014-08-20
Topics
Ethics and medical professionalism
Health information and e-health
Resolution
GC14-67
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Ethics and medical professionalism
Health information and e-health
Resolution
GC14-67
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Text
The Canadian Medical Association will propose guidelines to ensure optimal use of big data while limiting its negative impact on professionalism and the confidentiality of medical data.
Less detail

Insurance industry medical information requirements

https://policybase.cma.ca/en/permalink/policy11275
Date
2014-08-20
Topics
Health information and e-health
Health care and patient safety
Resolution
GC14-79
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Policy Type
Policy resolution
Date
2014-08-20
Topics
Health information and e-health
Health care and patient safety
Resolution
GC14-79
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Text
The Canadian Medical Association will work with the Canadian Life and Health Insurance Association to review insurance industry medical information requirements and ensure that the disclosure of personal health information is restricted to that which is reasonably necessary.
Less detail

Online continuing medical education

https://policybase.cma.ca/en/permalink/policy9892
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Population health/ health equity/ public health
Ethics and medical professionalism
Health information and e-health
Resolution
GC10-69
The Canadian Medical Association, in collaboration with provincial/territorial medical associations, calls on governments to ensure that the necessary technology is in place to guarantee that physicians in rural and remote locations have access to accredited online continuing medical education/continuing professional development.
Policy Type
Policy resolution
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Population health/ health equity/ public health
Ethics and medical professionalism
Health information and e-health
Resolution
GC10-69
The Canadian Medical Association, in collaboration with provincial/territorial medical associations, calls on governments to ensure that the necessary technology is in place to guarantee that physicians in rural and remote locations have access to accredited online continuing medical education/continuing professional development.
Text
The Canadian Medical Association, in collaboration with provincial/territorial medical associations, calls on governments to ensure that the necessary technology is in place to guarantee that physicians in rural and remote locations have access to accredited online continuing medical education/continuing professional development.
Less detail

E-health strategies

https://policybase.cma.ca/en/permalink/policy9908
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Health information and e-health
Health systems, system funding and performance
Resolution
GC10-90
The Canadian Medical Association will work with provincial/territorial medical associations to ensure investments made by the Canada Health Infoway are aligned with, and respect e-health strategies that are currently being implemented or developed within various jurisdictions.
Policy Type
Policy resolution
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Health information and e-health
Health systems, system funding and performance
Resolution
GC10-90
The Canadian Medical Association will work with provincial/territorial medical associations to ensure investments made by the Canada Health Infoway are aligned with, and respect e-health strategies that are currently being implemented or developed within various jurisdictions.
Text
The Canadian Medical Association will work with provincial/territorial medical associations to ensure investments made by the Canada Health Infoway are aligned with, and respect e-health strategies that are currently being implemented or developed within various jurisdictions.
Less detail
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Health information and e-health
Population health/ health equity/ public health
Physician practice/ compensation/ forms
Resolution
GC10-93
The Canadian Medical Association supports and will expedite research into the expansion of telemedicine and the utilization of emerging technologies, to directly link health care providers and patients.
Policy Type
Policy resolution
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Health information and e-health
Population health/ health equity/ public health
Physician practice/ compensation/ forms
Resolution
GC10-93
The Canadian Medical Association supports and will expedite research into the expansion of telemedicine and the utilization of emerging technologies, to directly link health care providers and patients.
Text
The Canadian Medical Association supports and will expedite research into the expansion of telemedicine and the utilization of emerging technologies, to directly link health care providers and patients.
Less detail

Medical records

https://policybase.cma.ca/en/permalink/policy9923
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Ethics and medical professionalism
Health care and patient safety
Health information and e-health
Resolution
GC10-106
The Canadian Medical Association will work with provincial/territorial medical associations and other stakeholders including patients to develop a national strategy for the long-term retention, retrieval and disposal of medical records.
Policy Type
Policy resolution
Last Reviewed
2017-03-04
Date
2010-08-25
Topics
Ethics and medical professionalism
Health care and patient safety
Health information and e-health
Resolution
GC10-106
The Canadian Medical Association will work with provincial/territorial medical associations and other stakeholders including patients to develop a national strategy for the long-term retention, retrieval and disposal of medical records.
Text
The Canadian Medical Association will work with provincial/territorial medical associations and other stakeholders including patients to develop a national strategy for the long-term retention, retrieval and disposal of medical records.
Less detail

11 records – page 1 of 1.