Skip header and navigation
CMA PolicyBase

Policies that advocate for the medical profession and Canadians


4 records – page 1 of 1.

Amendments to PIPEDA, Bill S-4

https://policybase.cma.ca/en/permalink/policy11194
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
  1 document  
Policy Type
Parliamentary submission
Date
2014-06-09
Topics
Health information and e-health
Ethics and medical professionalism
Text
The Canadian Medical Association (CMA) is pleased to make submissions on Bill S-4. CMA has followed the history of PIPEDA and participated in the studies of various Standing Committees, most notably and recently in 2007 to the House of Commons Standing Committee on Access to Information, Privacy and Ethics. CMA is pleased that amendments to PIPEDA are once again being considered. The Canadian Medical Association represents over 80,000 physicians in Canada. Privacy is an important value to physicians and the patients to whom they serve. This is reflected in our Code of Ethics and policies, in particular, Principles for the Protection of Patients' Personal Health Information and Statement of Principles: The Sale and Use of Data on Individual Physicians' Prescribing. Physicians are also required to abide by privacy and confidentiality standards of practice. Thus, the CMA has a strong interest and valuable insights into the topic of personal information and privacy with respect to health information. We thank the Standing Committee for the opportunity to comment on the proposed amendments to PIPEDA. Our key comments are outlined below: Issue 1: CMA supports the existing legislative framework on the collection, use and disclosure of personal information produced by an individual in the course of their employment, business or profession ("work product") and suggests further amendments focus on strengthening it further. CMA supports the current standing of work products, that work products are considered to be personal information. That is, we support the framework defining personal information as information about an identifiable individual and that there is no carved out definition or exemption for "work product". CMA supports the position of the Office of Privacy Commissioner's following its 2007 investigation on work products, that they should not be exempted for two main reasons: * The exemption is not needed, and it would be inconsistent with the balanced approach in the current definition of personal information. The current definition of personal information and the approach to deciding issues based on that definition have worked well. They have promoted a level of privacy protection that balances the right of privacy in personal information with the needs of organizations for the reasonable and appropriate collection, use and disclosure of personal information. ...Because the concept of "work product" is ambiguous, excluding it from the definition of personal information could have unpredictable consequences that would diminish privacy unnecessarily. * (http://www.priv.gc.ca/parl/2007/sub_070222_03_e.asp) It is the CMA's position that work products should be considered personal information and given the section 7 amendments, work products should only be collected, used or disclosed without consent only if it is consistent with the purposes for which the information was produced. In the case of physicians, a prime example of a physician's work product is prescribing information. Prescribing information is a synthesis of assessing patients - by probing into their health, familial, social and sometimes financial background - infused with medical knowledge, skill and competencies resulting in a diagnosis and treatment plan, which often includes prescribing a medication or test. Not only is the physician's prescribing information a product of physicians' work but would not exist but for a trusting physician-patient relationship wherein the patient's private and personal information are shared under circumstances of vulnerability and trust. The outcome is that this is personal information. Prescribing information is about an individual: it includes the name of the patient, the name of the prescribing physician, and the drug name, dosage, amount and frequency; giving major clues as to what the patient's health issue(s) are. For further clarity, however, CMA recommends that physician information, and physician work products, should be specifically recognized within the legislation as personal information. To this end, we would propose that the following addition be made to the definition section under personal health information: Section 2.(1) "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; CMA supports the amendments to subsections 7(1)-(3) of the Act that any subsequent collection, use and disclosure of work products without consent must be related to the original purpose (of collection, use and disclosure). This relationship reflects the government's understanding and faithfulness to privacy principles. This is particularly critical when dealing with health information, and is even more critical in today's world given the ease of linking information through advancements in technology. In the absence of a causal relationship, personal information should not be used for system performance, commercial enterprise, data brokering, research, assessment or other purposes. CMA recommends that the legislation should go further and allow persons who believe that protection cannot be afforded under the legislation that they have the authority to refuse to communicate the information. This is the conceptual approach taken in Quebec's Act Respecting the Protection of Personal Information in the Private Sector wherein persons have an opportunity to refuse that professional information (as defined therein) be used for commercial purposes. Physicians are constantly writing prescriptions and such information should only be used for other purposes in the interests of patients and the health care system, and not to serve commercial interests or marketing strategies. If physicians do not feel that such protection is afforded patients, then they should be permitted to refuse that such information be collected, used or disclosed. Patient privacy should be primary. And finally, addressing work products in legislation clears up past differences of interpretation by Privacy Commissioners thus, providing certainty and clarity to the public. Recommendation 1: That Section 2. (1) "personal health information", be amended to read as follows: "personal health information", with respect to an individual, whether living or deceased, means .....(d) information that is collected or is the outcome of collecting information in the course of providing health services to the individual; Issue 2: CMA is pleased to see a section on breaches of security safeguards and recommends greater specificity. As noted above, physicians have responsibilities as data stewards and custodians of health information. As such, CMA supports breach notification measures that would enhance and protect patient privacy. In principle, we support the proposed amendments of breach disclosures to the Privacy Commissioner, to individuals and to organizations. However, CMA is concerned that meeting the requirements may be confusing. For example, in the health care context, it is easy to surmise that all health information is "sensitive". A far more difficult matter is determining whether the risk reaches the threshold of "significant harm" and the "probability" that the information "will be misused". The result being that incidental disclosures will be reported causing unnecessary concern and confusion in the patient population. Further specificity is recommended and we suggest something akin to Ontario's Personal Health Information Protection Act, 2004 (PHIPA). The PHIPA is an act specifically dealing with personal health information. One of its purposes is "to establish rules for the collection, use and disclosure of personal health information about individuals that protect the confidentiality of that information and the privacy of individuals with respect to that information, while facilitating the effective provision of health care" (section 1a ). The PHIPA notification provision states that the individual shall be notified "...at the first reasonable opportunity if the information is stolen, lost or accessed by unauthorized persons", [section 12(2)]. CMA is unaware of any concerns with this approach. The language of PIPIEDA is one of reasonable belief of real risk of significant harm to an individual. The issue is the test for required notification of patients for incidental inadvertent breaches and decreasing "notification fatigue". To illustrate the issue, if physicians were told today that patient data could be retrieved from the drums of discarded photocopiers and printers, it would be inappropriate for legislation to suggest that the entire patient population during the life of the photocopier or printer be notified. To this end, we recommend that there be acknowledgement that in some circumstances notification may not be required. The probability of misuse under PIPEDA is more ambiguous than the PHIPA test. Under PHIPA, the approach is more objective in that the data must be stolen, lost or accessed by unauthorized persons. To our knowledge, the Ontario model has been in place for almost a decade with no significant issues and thus we submit is one that works. In other jurisdictions (eg., Newfoundland and Labrador, Nova Scotia, New Brunswick) with health privacy legislation, there is acknowledgement of trying to balance notification and those breaches unlikely to result in harm by directly indicating when notification is not required. Recommendation 2: CMA recommends that the statute move towards a more objective test and acknowledge that there are situations when notice is not required. Issue 3: CMA supports disclosure without consent under limited circumstances, but finds the current list of disclosures overly inclusive. Health information is considered highly sensitive information and is initially collected for the purpose of individual patient health care. It should only be disclosed with consent and in only some exceptions without consent. The PIPEDA amendments for disclosure without consent have been broadened. Privacy, confidentiality and trust are the foundations of the patient-physician relationship. Without these fundamental values in play, open and honest communications cannot occur and patients would not receive the care they require. Both the patient and the physician have significant investment in the relationship. CMA respects the requirements to disclose information without consent under certain premises, such as required by court order or statute. However, any kind of activity requiring physicians to disclose patient's information without consent for the purposes of advancing a government or institution's goal could jeopardize the relationship. Both the patient's consent and the physician's consent should be required if there is potential to disturb this relationship. The physician is fiduciary of the relationship and is appropriately situated to assess and determine whether disclosure will disturb the relationship. While CMA acknowledges that certain situations may require that disclosure occur without consent (eg. purposes of investigating fraud, national security, abuse or as legally required), disclosure for less malicious activities (e.g., breaches of an agreement, insurance claims) ought to require a court order or warrant. For example, under the proposed section 7(3)(d.1) if a physician were in default of a contract with a technology company supplying electronic medical record software or app to his/her clinic, the company could disclose health information without consent for the "purposes of investigating a breach of an agreement". While we appreciate that there is a caveat that disclosure without advising the patient can only occur if there is a reasonable expectation that the disclosure would compromise the investigation, we submit that leaving the determination of what is "reasonable" to an interested party to the breach is unfair to all. Another example, if a physician is a witness to a dispute between an employer and union representing an employee for denial of long term disability by an insurance company, and has filed a witness statement which includes a medical report he/she wrote to the employer's insurance company, under the proposed section 7(3)(e.1) disclosure of health information without consent is permitted in order to assess, process or settle an insurance claim. CMA is concerned that the disclosure amendments are overly broad and do not differentiate sufficiently between highly time sensitive or grossly malicious situations, and those where it is merely expedient or an administrative encumbrance to seek consent. In addition, the disclosure requirements are framed in permissive (ie., may) and not mandatory language (ie., shall). This is very problematic when the "organization" is a physicians' clinic unless the physician's own consent is made as a pre-condition. CMA believes this suggestion is a progressive one in keeping with the broadened disclosure amendments. Physicians are in a relationship of trust and take seriously the protection of patient privacy and confidentiality, for which they are trained and are ethically and legally required to protect. To place physicians in a position which might entail breaching this trust may impact the confidence of the physician and the patient in the patient-physician relationship which is required to properly formulate appropriate treatment plans; thus, negatively impacting the health of Canadians. Recommendation 3: That disclosures of health information without consent require a warrant or subpoena or court order. Furthermore, disclosures of health information require the physician's consent that in his/her opinion the disclosure does not harm the patient-physician relationship. And, finally any broadened disclosure situations be restricted to criminal activity or that impacting national security. Conclusion Once again, CMA appreciates the opportunity to provide comment as part of the committee's study of Bill S-4. CMA is prepared to work with Parliament, governments, health professionals and the public in ensuring legislative frameworks for the collection, usage and disclosure of personal information for legitimate and reasonable purposes.
Documents
Less detail

Listening to our Patient's Concerns : Comments on Bill C 54 (Personal Information Protection and Electronic Document Act) : Submission to the House of Commons Standing Committee on Industry

https://policybase.cma.ca/en/permalink/policy1980
Last Reviewed
2019-03-03
Date
1999-03-18
Topics
Health care and patient safety
Health information and e-health
Ethics and medical professionalism
  2 documents  
Policy Type
Parliamentary submission
Last Reviewed
2019-03-03
Date
1999-03-18
Topics
Health care and patient safety
Health information and e-health
Ethics and medical professionalism
Text
Over the last year, CMA has become increasingly concerned that debate on the issues concerning health information have been framed in terms of access to information with an attendant erosion of privacy and confidentiality. This one-sided approach comes at a time of expansion in our capacity to collect, store, merge, transfer and access information, coupled with trends both in the health care sector and generally related to the use of information To address these concerns and to ensure that privacy and confidentiality in the medical context are valued, protected and preserved, CMA developed and adopted a Health Information Privacy Code. This Code should form the basis of all legislation governing the collection, use and disclosure of health information. Health information is special by its nature. Rules relating to health information must be developed in recognition of its special nature. Ensuring protection of privacy and confidentiality of the patient record must take precedence over other considerations. Bill C-54 fails to do this. Bill C-54 is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. CMA considers the world of health care to be very different from that of commerce and consequently requiring distinct rules. Health information use must, in all but exceptional and justifiable circumstances, occur only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Bill C-54 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The evident lack of protection accorded health information based on such ground, is unacceptable. The absence of protection undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. Moreover, distinctions must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Not all purposes for the collection and use of health information are equal. Collection and use beyond the therapeutic context should be subjected to rigorous scrutiny before they are permitted to occur. Bill C-54 fails to make such a distinction and treats all purposes that could be identified for information collection or use as equal. Moreover, the Bill has no mechanism to distinguish legitimate purposes, which should be permitted from illegitimate purposes, which should not. In light of the clear deficits in Bill C-54 and the inadequate protection of patient privacy and health information confidentiality, CMA makes the following recommendations: That Bill C-54 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Code provide the basis of such provisions; and That the proposed rules for health legislation be subject to the legislative test found in CMA’s Code and formulated in light of this process; and That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite form produced when information is linked to any information about a person from any other source; and That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. I. Introduction The Canadian Medical Association is the national voice of Canadian physicians. Our mission is to provide leadership for physicians and to promote the highest standard of health and health care for Canadians. The CMA is a voluntary professional organization representing the majority of Canada's physicians and comprising 12 provincial and territorial divisions and 43 affiliated medical organizations. On behalf of its 45,000 members and the Canadian public, CMA performs a wide variety of functions, including addressing the emerging issue of electronic health information and confidentiality and privacy. It is in this capacity that we present our position on Bill C 54, The Personal Information Protection and Electronic Documents Act. CMA commends the government for taking the first, important step of beginning the debate on the protection of personal information. The issues are complex and the interests at stake significant. CMA welcomes the opportunity to provide comments on Bill C-54. CMA hopes that its input will strengthen the Bill by ensuring that patient privacy and the confidentiality of medical records are adequately protected. In preparing this brief CMA has had the benefit of the final report of the federal Advisory Council on Health Infostructure, Canada Health Infoway: Paths to Better Health: Final Report. (“Advisory Council Report”) Where appropriate, CMA cites the findings contained in the report. CMA wishes to underscore the key themes of its brief: A. Health information is special by its nature. Rules relating to health information must be developed in recognition of its special nature. Ensuring protection of privacy and confidentiality of the patient record must take precedence over other considerations. Bill C-54 fails to do this. Bill C-54 is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. CMA considers the world of health care to be very different from that of commerce and consequently requiring distinct rules. B. Health information use must, in all but exceptional and justifiable circumstances, occur only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Bill C-54 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The evident lack of protection accorded health information based on such ground, is unacceptable. The absence of protection undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. Moreover, distinctions must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. C. Not all purposes for the collection and use of health information are equal. Collection and use beyond the therapeutic context should be subjected to rigorous scrutiny before they are permitted to occur. Bill C-54 fails to make such a distinction and treats all purposes that could be identified for information collection or use as equal. Moreover, the Bill has no mechanism to distinguish legitimate purposes, which should be permitted from illegitimate purposes, which should not. This brief will first look at the apparent rationale of Bill C-54 and its potential application to health information. The brief will next describe why CMA considers health information to be special in nature and worthy of special protection. Finally, the brief reviews the difference in approach between Bill C-54 and CMA’s Health Information Privacy Code to illustrate that Bill C-54 provides inadequate protection to patient privacy and health record confidentiality. II. Rationale and Scope of Bill C-54 A. Rational of Bill C-54 The driving force behind Bill C-54 is the support and promotion of electronic commerce. The second part of the Bill is devoted to permitting electronic versions of documents and signatures to be legitimate or ‘originals’ if the provisions of the Act are followed. Part two of the Bill is quite distinct from part one and both parts could stand alone as separate pieces of legislation. Part two simply allows electronic versions of documents and signatures to be recognized as legitimate. On its face, this has little to do with the protection of personal information except to the extent that storage of documents in electronic form provides greater ability to access, link and merge information. Certainly, the Bill appears to draw on this connection by including, in its statement of purpose, the provision of a right of privacy in an era in which technology increasingly facilitates the collection and free flow of information. Part one concerns all forms of information, electronic and otherwise. It gives some protection to personal information by requiring consent in some instances. In CMA’s view, a fundamental difficulty with part one and the Bill in general is that it’s goal is to promote commerce and thus all information is implicitly considered as falling within the ‘commercial’ realm. In the case of health information this is surely not the case or the only consideration. Moreover, this creates a clash of values when applied to a health care system that is a public system. The Advisory Council Report takes a hard line on this issue and states that legislation respecting the privacy protection of health information, “should also contain a clear prohibition against all secondary commercial use of personal health information.” Because all information is subjected to similar rules, there is no attempt within the Bill to distinguish some purposes for collecting information from other purposes. The Bill takes the approach that the purposes should be known and documented. While not stated explicitly, the assumption is that all purposes identified are legitimate and are permitted. CMA has quite a different view when it comes to health information and will expound its view throughout this brief. B. Scope - Application to Medical Records CMA is uncertain whether or to what extent Bill C-54 will apply to health records. The full name of the Act states, in part: An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances.... What are these circumstances? Section 4(1) states that Part 1 (the part protecting personal information) applies in respect of personal information that: (a) the organization collects, uses or discloses in the course of commercial activities; (b) the organization collects, uses or discloses interprovincially or internationally; or (c) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business. It should further be noted that three years after the Act is in force it will apply equally to activities that occur strictly within the province unless there is legislation in the province that is substantially similar to the Bill (see sections 27(2)(d) and section 30). The first issue is the provision of section 4(1)(a) - collection, use and disclosure in the course of commercial activities. There seems to be an assumption on the part of government that this automatically excludes health records, (although the Act fails to define what is meant by commercial activity). Is this accurate or does the assumption fail to recognize that there is not a clear, unambiguous distinction between what might constitute commercial activity or other activity? There are two points to be made here. The first concerns clarity around where commercial ends and health care begins. Which health care settings that operate for profit are excluded from the Act? This question speaks to the difficulty of delineating what activity is considered health care and what activity is considered commercial. Moreover it recognizes that the increased encouragement to public/private funding of endeavours within the health care sector may make it increasingly difficult to make this distinction; for example in the area of research. The second concerns the movement of health information from the health care setting (recognizing that this is not easily distinguished from the commercial setting) to the commercial setting; for example, health information provided to insurance companies. When health care information is collected in a health care setting and transferred to a commercial setting, which rules apply - Bill C-54 or no rules? In CMA’s view, there is no clear way of distinguishing commercial activity from health care activity in a way that ensures that the health care record is subject to different rules than those pertaining to other records. Moreover, the dilemma for government is that even if such distinction could occur, would it be desirable that health records be subject to no rules? Put in another way, will those organizations that currently collect health care information be entitled to claim that since the information forms part of the health record they are not subject to the provisions of C-54? Under such a regime health care records would be subject to an even lower standard than that provided for information collected in the commercial context. In terms of the provisions of 4(1)(b) - interprovincial and international transfer of information. This appears to apply to all information. In the existing environment and developments such as the “health information highway,” interprovincial transfers of information, the capacity for the central collection and storage of information, mechanisms such as telephone and cable to transfer information and general trends related to population health, it seems likely that interprovincial traffic will grow rather than diminish. The significance of this section, therefore, cannot be underestimated. Finally, the provisions of 4(1)(c) may well contain health information about the employee. In preparing this brief CMA has assumed that the Bill will provide a scheme that applies to some health information. No doubt the extent of the federal governments ability to legislate in this area generally will be the subject of extensive debate. However, CMA has no comment on this debate and provides its opinion in the interests of ensuring that the rules that relate to health information are compatible with preserving the integrity of the patient-physician relationship and the protection of patient privacy and health information confidentiality. CMA considers that the government has an opportunity to provide Canadians with strong privacy rights in health information. Indeed, CMA believes that it is incumbent upon the government to do so. C. Scope - Government Excluded Bill C-54 expressly excludes a large part of government activity from its ambit. While government activity is to some extent governed by the Privacy Act, R.S.C. 1985, P-21, the rules of this act provide less protection than those of Bill C-54. Government should subject itself to at least the same rules that it requires of the private sector in so far as it is a collector and user of information. Moreover, CMA is of the view that government’s practices relating to the collection, storage, merging, transfer and use of health information must be subject to more stringent rules than those found in either the Privacy Act or Bill C-54. The Advisory Council Report also calls for the same rules to apply to the public and private sectors, rules that are more stringent than those found in the Privacy Act or Bill C-54. Therefore, CMA recommends: That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. III. Considerations Regarding Patient Privacy and Confidentiality: Medical Context Versus Commercial Context A. CMA’s Opinion Over the last year, CMA has become increasingly concerned that debate on the issues concerning health information have been framed in terms of access to information with an attendant erosion of privacy and confidentiality. This one-sided approach comes at a time of expansion in our capacity to collect, store, merge, transfer and access information, coupled with trends both in the health care sector and generally related to the use of information To address these concerns and to ensure that privacy and confidentiality in the medical context are valued, protected and preserved, CMA developed and adopted a Health Information Privacy Code, which is appended to and forms part of this brief. In commenting on this Code the Advisory Council Report notes: The code represents an important contribution to the deliberations of Canadians and legislators on how to safeguard privacy across the health domain. There are a number of principles underpinning the Health Information Privacy Code: 1. The provision of health care to all Canadians irrespective of social circumstances or health status is a highly regarded value in Canadian society. The system is publicly funded and universally accessible. 2. The right of privacy is fundamental to a free and democratic society. 3. Rules relating to health information must recognize its special nature. Health information has a high level of sensitivity, it is confided or collected in circumstances of vulnerability and trust for the primary purpose of benefiting the patient. 4. Physicians now and historically promise that they will keep their patients’ information secret; this is a hallmark of the profession. 5. The patient-physician relationship is one of trust and a central feature of this trust is the belief in patients that information confided in or collected by physicians and other health care providers will be kept secret. 6. Patients believe that the information they disclose or that is gathered as a result of their seeking health care will be used to provide them with health care; uses beyond the provision of health care without knowledge or consent go beyond what a patient’s reasonable expectations were when information was disclosed or gathered and is a breach of the trust patients place in their physicians. 7. Except in very limited circumstances, consent is required for health information collection, use, disclosure or access for any purpose. 8. Information required to provide patients with the health care sought should be readily available to those who require it to provide an aspect of care. 9. Uses of health information for purposes other than the provision of health care to the person seeking care should be subject to rules that: - protect and promote privacy and confidentiality; - generally require express consent; - can be justified according to specific criteria. 10. Patients should know the uses to which their health information is put prior to their disclosure of it. 11. Patients may be reluctant to disclose information if they are concerned about the uses to which the information is put or the persons entitled to access it. B. Public Opinion To determine the public’s view on these issues, CMA commissioned Angus Reid to conduct research in two forms, quantative (survey) and qualitative (focus groups), and has found the following: 1. Patients believe that their health information will be kept confidential and consider this to be important. 2. Patients believe it important to know and control how their health information is shared with others. 3. Patients do not want their health information released to third parties (including governments and researchers) without their knowledge and consent. 4. Patients may have concerns about the release of delinked or anonymous information to third parties without their consent. 5. Patients may be reluctant to confide information as a result of concerns related to its use or disclosure. These findings are consistent with general findings relating to the public’s concerns about privacy and confidentiality. C. The Advisory Council Report The Advisory Council Report relates to the electronic health record. However, given the direction towards the greater use of technology and the underlying principles informing the Advisory Council, CMA believes that the recommendations are generalizable to all health information. A key principle of the Advisory Council is that access by health care professionals should be based on a need-to-know basis under the strict control of the patient. The Council, like CMA calls for scrutiny and justification of secondary uses of health information. The Council is opposed to the use of multipurpose identifiers on the grounds that it becomes too easy for government officials from one department to gain access to a person’s health record or combine a number of records to assemble a comprehensive profile. (Anecdotal evidence suggests that this concern may be justified and that there are insufficient safeguards preventing the flow of health information among government departments) The Council recommends that all governments ensure that they have legislation to address privacy protection specifically aimed at protecting personal health information through explicit and transparent mechanisms. Included in these mechanisms are: * The provision of a precise definition of free and informed consent, as well as a statement of principle that informed consent should be the basis for sharing personal health information; * Any exemption to the requirement of informed consent should be clearly set out in law. More specifically, legislative guidance should be provided on how to balance the right of privacy with the public good for research purposes to implement a coherent and harmonized pan-Canadian system for independent, ethical review. * There should be provisions regulating secondary uses of non-identifiable health information. These provisions should address privacy concern surrounding the degree to which data might be linked back to an identifiable individual. * Legislation should set clear limits on access to and use of health information by third parties outside the health care system. To prevent the serious invasions of privacy that can result from the unrestricted linking of personal health information with other kinds of information on the same individual, the legislation should contain provisions prohibiting the use for any other purpose of unique personal identifiers in health information systems. D. The Approach in Bill C-54 Bill C-54 is inadequate in its protection of health information. The Bill makes a meagre attempt at distinguishing among varying types of personal information and gives no additional protection to information that is highly sensitive (such as health information). The Bill permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purposes. In the context of health information, these grounds should be subject to intense scrutiny to determine their relevance and legitimacy. In CMA’s view and according to the tests established in the CMA’s Code, some of these grounds would not withstand such scrutiny. E. Conclusion CMA’s Code offers a template for the protection that should be accorded health information, a template that appears to have some public support and that strives to retain patient confidence in their physicians and the health care system. The Report of the Federal Advisory Council also recognizes that special rules are required for health information. The Council’s Report places strong emphasis on the protection of privacy, recognizes that as a general rule the flow of health information should be on a need-to-know basis and under the control of the patient through the exercise of free and informed consent and requires limits on the secondary use of health information. In CMA’s view, Bill C-54 should incorporate specific rules relating to health information and CMA’s Code should form the basis of these rules. CMA recommends: That Bill C-54 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Code provide the basis of such provisions. In addition, CMA’s Code provides a test that legislation addressing health information should be subjected to. This test (found in section 3.6 of the CMA Code) states: Any proposed or existing legislation or regulation made under legislative authority that permits or requires health information collection, use, disclosure or access shall be subjected to the following legislative test: (a) There must be demonstration that: (i) a patient privacy impact assessment has been conducted, the analysis has been made public and has been duly considered prior to the introduction of legislation [section 3.5 of the Code provides guidance with respect to the patient privacy impact assessment]; (ii) collection, use, disclosure and access will be limited to the greatest degree possible to ensure that * the collection of health information by persons external to the therapeutic context will neither trade on nor compromise the trust of the patient-physician relationship; * patients are not likely to be inhibited from confiding information for primary purposes; * the ability of physicians to discharge their fiduciary duties to patients will not be compromised; and, * patient vulnerability will not be exploited; (iii) collection, use, disclosure and access will be restricted to what is necessary for the identified purpose(s) and will not impede the confiding or collection of information for primary purposes; (iv) provisions exist for ensuring that patients are provided with knowledge about the purpose(s) and that, subject to 3.6(b), patient consent is clearly voluntary; (v) the means used are proportionate and the collection will be limited to purposes consented to or made known to the patient; (vi) the patient’s privacy will be intruded upon to the most limited degree possible in light of the purpose(s) consented to or made known to the patient; (vii) linkage of the health information will be limited; and (viii) unless clear and compelling reasons exist: * all reasonable steps will be taken to make health information anonymous; and * if it has been demonstrated that making health information anonymous would render it inadequate for legitimate uses, the information will be collected and stored in a deidentified-relinkable format. (b) When nonconsensual collection, use, disclosure or access is permitted or required by legislation or regulation that meets the requirements of the Code, the following conditions must also be met: (i) the right of privacy has to be violated because the purpose(s) could not be met adequately if patient consent is required; and (ii) the importance of the purpose(s) must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. (c) Any legislative provision or regulation that permits or requires health information collection, use, disclosure or access nonconsensually shall not, without compelling reasons, be applied retroactively to existing health information. In its current form, Bill C-54 would not pass the scrutiny of the test. Consequently, CMA recommends: That the proposed rules for health legislation be subject to the legislative test found in CMA’s Code and formulated in light of this process. IV. Specific Comments on Bill C-54 From the Perspective of CMA’s Health Information Privacy Code This section highlights some key distinctions between the approach taken by Bill C-54 and CMA’s Health Information Privacy Code. The purpose of this section is to illustrate through examples the divergence of approaches taken with the ultimate aim of demonstrating that Bill C-54 is inadequate in the protection it accords health information. A. General Bill C-54 and CMA’s Health Information Privacy Code are based on the Canadian Standards Association’s Model Code for the Protection of Personal Information (CSA Code). Bill C-54 and the CMA Code also augment the CSA Code’s provisions where considered necessary. The need to extend the provisions of the CSA Code demonstrates that the CSA Code, being general in nature, provides inadequate protection to information in many instances. Although Bill C-54 and the CMA Code are based on the CSA Code, each takes a different approach to the ultimate protection accorded information. This divergence demonstrates that there are many ways to resolve issues left unresolved by the CSA Code. In other words, it is not a foregone conclusion that basing provisions on the CSA Code will result in appropriate or adequate protection of information. Rather, resolution of issues requires thought and deliberation and will depend in some measure on the primacy given to certain values. Bill C-54 appears to have given access primacy in the pursuit of commerce, whereas CMA gives privacy protection primacy in the pursuit of the provision of health care in accordance with physicians fiduciary obligations to patients and the integrity of the patient-physical relationship. CMA did not develop its approach in a vacuum. It reviewed and was inspired by the report of the House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities, entitled Privacy: Where Do We Draw the Line? This report articulates and makes explicit many of the issues that should be informing the current debate on Bill C-54. In addition, the Report of the Advisory Council takes a very different approach to Bill C-54. The Report recognizes the need to pay more than lip service to protecting privacy and confidentiality and recommends specific measures aimed at doing this. B. Information Protected Bill C-54 The Bill covers “personal information” which is defined to mean “information about an identifiable individual that is recorded in any form.” This definition raises a host of questions: 1. Does the Bill cover or not information that has been delinked to an identifiable individual but that could be relinked to identify them? 2. Does the Bill only exclude anonymous information - that is, information that could never be relinked to an indentifiable individual? And if so, is there an unjustified assumption that information can, in all cases, be rendered truly anonymous? 3. In the case of delinked and anonymous information, who decides that information about an identifiable individual can be rendered delinked or anonymous? The holder of the information or the person to whom the information pertains? 4. Is it accurate or reasonable to assume that people have no interest in information emanating from them once it has been rendered delinked or anonymous? CMA Health Information Privacy Code The CMA Code provides a broad definition of health information: Health information means any information about a patient that is confided or collected in the therapeutic context, including information created or generated from this information and information that is not directly or indirectly linked to the provision of health care. It includes all information formats. In addition, the CMA Code covers identifiable information, delinked information, anonymous information and any composite form that is produced when health information is linked to other information about the patient. CMA’s research indicates that patients may have an interest in their information when it is in delinked and anonymous formats. Advisory Council Report The Advisory Council Report addresses this issue in a number of ways. In making recommendations concerning the definition of health information the Report calls for legislation that embodies: a clear definition of health information, broad enough to incorporate health information collected in public and private systems and to ensure that equal obligations and penalties apply to both public and private sectors. The report recognizes a spectrum of data formats: completely anonymous, linked to pseudo-identities, code linked and reidentifiable, completely identifiable. In terms of sensitivity, the Report notes that information that can be re-identified is somewhat more sensitive that completely anonymous data or anonymous data linked to pseudo-identities and that completely identifiable health information is the most sensitive type of health information. The Report also notes that there can be some degree of risk of re-identification of what was believed to be anonymous data through such processes as data matching and the results of analysis using small cells. In this light, the Report recommends: A definition of personal health information, which takes into account the spectrum of potential identifiability in the case of health information. Furthermore, in the case of secondary uses of health information, the Report notes that provisions regulating secondary uses of non-identifiable health information must form part of the legislation. Such provisions should address privacy concerns surrounding the degree to which data might be linked back to an identifiable individual. The Report raises further issues relating to the use of delinked and anonymous data. The Report notes that there may be group interests and concerns regarding data collected and states: Privacy can also be a concern for groups such as Aboriginal and immigrant communities. These communities worry that research on their members could be released to the media without notice and used in a negative way. This emerging issue is growing in importance and, in the Council’s view, should be a serious consideration in the context of ethical reviews of proposed research projects. It is important to note that in these instances it is not the fact that data is linked to an identifiable individual that is of concern. Rather, it is the ability to accumulate, process and dissect information that has ramifications for an individual because they are part of a group segregated and identified by the research. Finally, the Report considers the use of person-based data but not people’s names, for statistical purposes and notes that this too raises concerns about privacy. The Report notes that: “These concerns have traditionally been seen as a tradeoff against data access for research and analysis in the public interest.” The Report restates this to provide a more positive view of privacy and states: “the best way for analysts to maintain the public’s consent to use sensitive (but anonymous) health data is to show the public that privacy, confidentiality and security are being taken seriously.” Recommendation That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite form produced when information is linked to any information about a person from any other source. C. Knowledge of Purpose Prior to Collection Bill C-54 Bill C-54 is ambiguous in its provisions relating to whether or not a person should know the purposes for which information will be used prior to disclosure. This is due in part to the use of the term “knowledge and consent” as one concept rather than distinguishing the knowledge requirement from the consent requirement. What a person should know in relation to the purposes information might be used or disclosed for, prior to its being given is distinct conceptually from whether the person must consent before information can be used or disclosed for a particular purpose. Schedule 1 of the Bill contains a number of principles. For the purposes of this brief the schedule will be referred to in terms of the principles (and their subparagraphs). Principle 2 addresses the identification of purposes that information will be used or disclosed for. Provided a purpose is identified it becomes a legitimate purpose under the Bill. Subparagraph 3 states that the identified purposes should be specified at or before the time of collection. Section 5(2) of the Bill states that the use of ‘should’ in schedule 1 indicates a recommendation and does not impose an obligation. Therefore, according to subparagraph 3, it is recommended but is not obligatory that disclosure occur. On the other hand, principle 3 addresses consent and appears to impose an obligation by stating that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Similarly subparagraph 2 appears to create something of an obligation by stating, “organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used.” The relationship between these sections should be clarified and made consistent. CMA is pleased to note that principle 3 has been modified to define when, and only when, organizations may collect information without knowledge or consent. Section 7(1)(a) permits the collection of information without knowledge and consent when collection is clearly in the interests of the individual and consent cannot be obtained. The intent of this section could be made clearer, particularly in terms of who determines the “interests of the individual.” Otherwise this exception could give undesirable license to collect without knowledge or consent. The provision in section 7(1)(b) is more problematic. This section appears to favour withholding knowledge from an individual if such knowledge would compromise accuracy, defeat the purpose for collection or prejudice the use. In some instances it may well be that if an individual is provided with knowledge of the purposes for which information is collected and the uses to which it will be put, they may choose to withhold information rather than disclose it, and in doing so would clearly compromise accuracy, defeat the purpose for collection or prejudice the use the information will be put to. This is contrary to the principle found in principle 4.1 which recognizes that information should not be collected by misleading or deceiving individuals. The intent of this section should be far clearer and circumscribed in such a way as to make it clear that it is not permissible to withhold knowledge or not seek consent simply on the basis that if a person had knowledge they would not wish to disclose information. Section 7(1)(c) allows collection without knowledge or consent for journalistic, artistic or literary purposes. This provision is totally inappropriate in the case of health information. CMA Health Information Privacy Code The CMA Code is considerably more restrictive that Bill C-54. It recognizes that in the therapeutic context, health information is confided by or collected from patients under the patient presumption that it is necessary to meet his or her therapeutic needs. CMA also believes that the potential that health information may be subsequently collected, used, disclosed or accessed for other purposes without patient consent should be made known to patients before information is confided or collected for the primary therapeutic purpose. CMA further notes that it is not acceptable to withhold knowledge from patients deliberately out of concern that knowledge could inhibit them from confiding important information fully and truthfully. CMA limits the circumstances the nonconsensual collection of health information to those: 1. Permitted or required by legislation; 2. When ordered or decided by a court of law. Moreover, the CMA gives explicit direction to legislators with respect to the conditions under which legislation should permit or require health information collection (see section 3.6 of CMA Code). In the case of nonconsensual collection, the following conditions are stipulated: 1. The right of privacy has to be violated because the purposes could not be met adequately if patient consent is required; and 2. The importance of the purposes must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. While Bill C-54 is clearly enabling the collection of information, it does not, in CMA’s opinion put sufficient emphasis on or provide protections that preserve privacy and confidentiality, especially in the medical context. D. Use Without Knowledge Or Consent Bill C-54 Once information has been collected and despite the, albeit inadequate, limits placed on collection without knowledge or consent, it can be put to even greater use than the purposes it has been collected for with or without knowledge or consent. Section 7(2) opens up dramatically the uses to which collected information may be put without either knowledge or consent. At a minimum and without little additional administrative effort, the enumerated grounds of section 7(2) (and 7(3))should be made known to an individual prior to their disclosure of information, which would be in keeping with the principle of openness and explicitness. Section 7(2)(a) allows use in connection with the investigation of an offence. In the medical context this might be problematic particularly if it is interpreted to impose an obligation. Generally, there is no obligation to assist in the investigation of an offence and indeed the fiduciary duty between patient and physician and the duty of confidentiality owed to the patient by the physician would suggest that physicians not offer information despite its usefulness. Section 7(2)(b) recognizes emergency situations. However, as worded, section 7(2)(b) would allow access to anyone’s information if it is for the purpose of acting in respect of an emergency threatening the life, health or security of an individual. The implications of this section should be carefully thought through. Do we really intend to give such a broad licence to access anyone’s information on the basis of an emergency. In CMA’s view there should be some limiting principle that takes into account the prevailing view that people generally are not required to go to the assistance of others (emergency or otherwise) and that information about oneself is considered worthy of protection against use or disclosure despite its potential benefit to others for example, genetic information or HIV, Hepatitis C status. Section 7(2)(c) is very problematic as it permits the use of “identifiable” information for a host of purposes, including statistical and research, when it is impractical to seek consent. Even though the Commissioner must be informed of the use before the information is used the Commissioner has no power to approve or reject the use, and since the use is legitimate under the Bill provided the Commissioner has been notified there would be no grounds open to the Commissioner to cause an audit to occur. This section gives significant scope to use information that has been collected without knowledge or consent and certainly in the case of health information is problematic. CMA Health Information Privacy Code The CMA Code makes a clear distinction between the primary purpose for the collection and use of health information and secondary purposes for its use. The key distinction between these two categories is that primary purposes relates to the provision of the health care benefit sought whereas secondary purposes are ends or aims that are not directly related to the provision of care. The CMA Code divides secondary purposes into two categories: 1. Secondary legislated purposes, those purposes that have been subjected to the legislative test specified in the Code and have subsequently been written into law; 2. Secondary nonlegislated purposes are any other purposes, such as education or research not governed by legislation, that meet the provisions of the CMA Code and the secondary nonlegislative test provided by the Code. The tests that CMA requires both to go through relate to: 1. Impact on privacy. 2. Impact on the patient-physician relationship, especially confidentiality and trust. 3. Impact on the willingness of patients to disclose information. 4. Impact on patients’ ability to receive care. 5. Evidence of broad public support for the measure. 6. The use will not exploit or compromise the trust of the patient-physician relationship. 7. Patient vulnerability will not be exploited. 8. Under most circumstances patients will be fully informed of the purpose and patient consent will be clearly voluntary. 9. Patient privacy will be intruded upon to the most limited degree possible. 10. Linkage of health information will be restricted and consented to by patients. In other words, CMA is not satisfied that any and all secondary purposes for the use of health information should be permitted. Rather, CMA seeks justification for the secondary use and assurance that the secondary use will neither impede nor undermine the patient-physician relationship and the provision of health care to the patient. Moreover, the CMA Code only permits use without consent if it is permitted or required by legislation or when ordered or decided by a court of law. The Advisory Council Report Like CMA, the Advisory Council Report makes distinctions among various types of uses. The report calls for legislation to clearly prohibit all secondary commercial use of personal health information. In addition, the Report recommends that there be provisions regulating secondary uses of non-identifiable health information and that such provisions should address privacy concerns surrounding the degree to which such data might be linked back to an identifiable individual. In this context, the Report recommends that legislation set clear limits on access to and use of health information by third parties outside the health care system. In addition the Report reviews the uses of health information for statistical and research purposes. The Report’s findings with respect to statistical use have already been discussed. In connection with research, the Report calls for a number of safeguards and restrictions: 1. Where the data sets used have a higher level of potential identifiability, “the general rule should be informed consent and stringent assurances about privacy protection and security arrangements are necessary before a researcher can have access to personally identifiable information.” 2. The Report recognizes that in some instances it may be impractical to obtain consent from patients. Whether in anonymous or identifiable form the Report requires that notice be given about the use of the information in either form. In the case of the use of identifiable information, the Report states that the research should be subject to independent ethics review with the onus on the person seeking to use the information without consent to demonstrate that: (a) a tangible public good of significant benefit will result; (b) consent is impossible to secure at a reasonable cost; (c) less identifiable data will not serve the same purpose; and (d) no harm can occur to any person directly or indirectly [note the above discussion on group privacy] as a result of this use of his or her personal information. E. Disclosure Without Knowledge Or Consent Bill C-54 The comments found under C. and D. above apply equally here. Section 7(3) adds further instances when collected information can be disclosed to others without knowledge or consent. CMA Code In the case of health information CMA takes a far more restrictive approach. In the case of use, disclosure or access the CMA Code states: The potential that health information, in whole or in part, may be subsequently collected, used, disclosed or accessed for other purposes without their consent, and what those purposes might be, must be made know to the patient by reasonable means before it is confided or collected for primary purposes. Moreover, the CMA Code recognizes that information disclosed by one organization is collected by another. The Code defines collection to mean: the act of accessing, receiving, compiling, gathering, acquiring or obtaining health information from any source, including third parties, and by any means. It includes information collected from the patient, as well as secondary collection of this information in whole or in part by another provider or user. The collecting organization should be bound by the provisions of the CMA Code, which generally requires consent for use for any purpose and always requires knowledge of the potential purposes that information will or must be put to prior to the information being disclosed. CMA’s Code states: Health information custodians must ensure that third parties privy to health information have adopted this Code or are bound by equivalent provisions. Finally, the CMA Code explicitly recognizes that information can be retrieved from a variety of sources to formulate records. Any and all such practices and the composite form developed are given the same degree of protection as that accorded the original data collected by or through the patient. F. Information Flow Within Organizations Bill C-54 Bill C-54 defines use to include, “the transfer of personal information within an organization.” Therefore, to the extent that Bill C-54 restricts the free flow of information it restricts in within an organization. In the health care context this is not a reasonable or desirable outcome. CMA Code The CMA Code recognizes that the free flow of health information is desirable to the extent that it furthers the provision of the health care benefit sought and that it occurs with patient consent. The CMA Code defines the primary purpose to mean: (i) Primary therapeutic purpose is the initial reason for a patient seeking or receiving care in the therapeutic context, and pertains to the delivery of health care to a particular patient with respect to the presenting health need or problem. It encompasses consultation with and referral to other providers on a need-to-know basis. (ii) Primary longitudinal purpose concerns developing composite health information about a particular patient, such as a detailed medical history, beyond direct application to the presenting health need or problem, in order to enhance ongoing care to that person. The Code goes on to state that: Health information collection, use, disclosure or access for the primary therapeutic and longitudinal purposes may be as extensive as necessary to fulfil these purposes and reflect the high level of trustworthiness and accountability of health professionals in the therapeutic context. And further states that: Security safeguards shall impede as little as possible health information collection, use, access and disclosure for primary purposes. Finally, in addressing consent the Code states: Consent to health information collection, use, disclosure and access for the primary therapeutic purpose may be inferred. Consent to subsequent collection, use, disclosure and access on a need-to-know basis by or to other physicians or health providers for this purpose, and for this purpose alone, may be inferred, as long as there is no evidence that the patient would not give express consent to share the information. G. Individual Access Bill C-54 Bill C-54 restricts the right of individual access to personal information. The grounds for denying access to information are inappropriate in the health care context. CMA Code The CMA Code follows the prevailing case law as it relates to medical records. Primarily this gives the patients a right of access to their record in all but very limited circumstances. These circumstances are, if there is a significant likelihood of a substantial adverse effect on the physical, mental or emotional health of the patient or substantial harm to a third party. The onus lies on the provider to justify denial of access. H. Accuracy and Amendment Bill C-54 Bill C-54 requires that information be as accurate, complete and up-to-date as possible and that it shall not be routinely updated unless this is necessary to fulfil the purpose for its collection. In so far as amendment is concerned, Bill C-54 permits amendment to the record in specified circumstances. CMA Code The CMA Code takes a different approach in light of the nature and purpose of health information. The Code recognizes that the “recording of statements of fact, clinical judgements and determinations or assessments should reflect as nearly as possible what has been confided by the patient and what has been ascertained, hypothesized or determined to be true using professional judgement.” In terms of amending the record in light of a patient’s request, the CMA Code seeks to preserve the original record but also note the patient’s concerns. To accommodate both requirements the CMA Code states: Patients who have reviewed their information and believe it to be inaccurately recorded or false have the right to suggest amendments and to have their amendments appended to the health information. I. Sensitivity Bill C-54 In a number of instances Bill C-54 and in particular schedule 1 recognize that medical records have a high level of sensitivity attached. Which in turns warrants special attention concerning consent, reasonable expectations, individual access and implicity, the degree of security that is appropriate. CMA Code The CMA Code seeks to recognize that while all health information is sensitive (when considered against other forms of information about individuals) there are also variations in the level of sensitivity in various aspects of the health record. The CMA Code defines the “sensitivity of health information” to refer to: the patient’s interest in keeping the information secret. It varies according to the nature of the information, its form, and the potential negative repercussions of its collection, use or disclosure on the patient’s interests. Under the Code’s consent provisions it is stated that: Although all health information is sensitive and should be treated as such, the more sensitive the health information is likely to be, given what is known about the circumstances or preferences of the patient, the more important it is to ensure that consent is voluntary and informed. With respect to security the Code states: The development of security safeguards with respect to levels of access for various users shall recognize the differences in the sensitivity of health information and permit access accordingly. V. Conclusions The increased capacity to collect, store, transfer, merge and access information coupled with trends that support increased use of and access to information have the potential to erode our traditional understanding and protection of privacy and confidentiality. The issues are complex and the choices we must make are difficult. Nevertheless, these issues should be squarely on the table and the choices that we make must be clear, transparent and defensible. Of paramount importance is that the public is not mislead into believing that their information is being protected or kept confidential when in fact it is not. Therefore, even to refer to Bill C-54 as the “Personal Information Protection and Electronic Documents Act” should be the subject of debate. Is the Bill truly about information protection or is it actually about permitting access to information? Bill C-54 presents one approach, an approach that values commerce and access. In CMA’s view the approach is totally inadequate when applied to health information. CMA also believes that the public would also find Bill C-54 inadequate. CMA presents a different approach, an approach that values privacy and the preservation of the trust and integrity of the patient-physician relationship. CMA believes that its approach would receive broad public support. Moreover, CMA believes that to the extent the CMA Code presents tests rather than conclusions, these tests should be administered in good faith prior to legislative initiatives related to health information or in the case of secondary usage of health information in general. CMA believes that its approach draws support from the Federal Advisory Council Report, which also recognizes the importance of preserving patient privacy and the confidentiality of the health record in an era of increased use of technology. Implicitly, the Report recognizes that the benefits of such technology cannot be realized if public support, based on assurance of privacy protection, cannot be secured. CMA urges this committee to implement CMA’s recommendations and in doing so provide the type of protection that health information deserves and that Canadians desire. VI. Summary of Recommendations That Bill C-54 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Code provide the basis of such provisions; and That the proposed rules for health legislation be subject to the legislative test found in CMA’s Code and formulated in light of this process; and That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite form produced when information is linked to any information about a person from any other source; and That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors.
Documents
Less detail

Putting Patients First : Comments on Bill C 6 (Personal Information Protection and Electronic Documents Act) : Submission to the Senate Standing Committee on Social Affairs, Science and Technology

https://policybase.cma.ca/en/permalink/policy1979
Last Reviewed
2019-03-03
Date
1999-11-25
Topics
Ethics and medical professionalism
Health care and patient safety
Health information and e-health
  2 documents  
Policy Type
Parliamentary submission
Last Reviewed
2019-03-03
Date
1999-11-25
Topics
Ethics and medical professionalism
Health care and patient safety
Health information and e-health
Text
CMA commends the federal government for taking this important first step that begins the debate on privacy and the protection of personal information. The issues are complex and the interests at stake significant. CMA welcomes the opportunity to provide comments on Bill C-6 and hopes that its input will strengthen the Bill by ensuring that patient privacy and the confidentiality of medical records are adequately protected. CMA’s chief concern with Bill C-6 is the inadequacy of its provisions to protect the right of privacy of patients and the confidentiality of their health information. The right of privacy encompasses both the right to keep information about ourselves to ourselves if we so choose and to exercise control over what subsequently happens to information we confide in trust for the purpose of receiving health care. In recent years, this right, and the ability of physicians to guarantee meaningful confidentiality, have becoming increasingly threatened. Computerization of health information facilitates easy transfer, duplication, linkage and centralization of health information. Captured in electronic form, patient information is potentially more useful for the purpose of providing care. However, thus captured, it also becomes much more valuable and technically accessible to various third parties -- private and public, governmental and commercial -- wishing to use this information for other purposes unrelated to providing direct care. An additional concern is that the demand for health information, referred to by some commentators as ‘data lust’, is growing, partly as a consequence of ‘information hungry’ policy trends such as population health. There is also a disturbing tendency toward ‘function creep’, whereby information collected for one purpose is used for another, often without consent or even knowledge of the individual concerned and without public knowledge or scrutiny. Furthermore, initiatives concerning health information technology tend to be dominated by those who seek access to this information for secondary purposes. From this perspective, privacy may appear less as a fundamental right than as a hindrance or even roadblock. As we move further into the information age there is some danger that we will become so spell-bound by the promise of information centralization and database linkages that we lose sight of the patients who confided this information or reduce them to impersonal ‘data subjects’. To avoid this danger and the allure of the technology we need to ground the application of information technology and practices in well-tested, enduring principles. We need to put privacy first rather than treat it as a nuisance or impediment. Rules and regulatory regimes concerning health information should be based on the principle of patient privacy because ultimately health information technology is not about ‘bits and bytes’ or ‘data’ or even ‘data subjects’ but about patients, and patients deserve to be treated with respect and dignity and to have their wishes and choices valued and respected. If we are to put patients first the right of privacy must be given primacy in rules concerning health information. This does not mean that this right is absolute. What it does mean is that the burden of proof must rest with those whose purposes, however compelling they may be, encroach upon the right of privacy. It means that we value patient privacy at least enough to demand explicit justification of any proposal that would diminish privacy. Bill C-6 begins with the right premise: that “rules to govern information collection, use and disclosure” should recognize the “right of privacy”. However, it fails to recognize the special nature of health information and to tailor its provisions accordingly. In consequence there is confusion and uncertainty about Bill C-6's application to health care. Even more seriously, however, Bill C-6 fails to recognize that health information requires stronger or greater privacy protection than other types of information. The inadequacy of Bill C-6 for health care is not surprising because clearly it was not drafted with health information in mind. Rather, it is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. The world of health care is very different from that of commerce and consequently requires distinct rules that are more protective of privacy. Confiding information to your physician under the trust of the patient-physician relationship is not on par with giving your address to a salesclerk when you purchase a toaster or rent a movie. Health information is special by nature. Canadians know this. In a recent Angus Reid poll commissioned by CMA Canadians told us loudly and clearly that they regard their health information as especially sensitive. However, the obvious sensitivity of health information is not the only thing that makes it special and in virtue of which it warrants distinct rules to strengthen privacy protection. It is important to recognize that this information is typically collected under the trust patients vest in their physicians. Patients confide their information for the purpose of receiving care and in the expectation that it will be held in the strictest confidence. This purpose, and the preservation of this trust, should be given primacy in rules concerning health information. It is also important to recognize that the trust under which patients confide in their physicians is fundamental to the patient-physician relationship. If patients can not trust their physicians to protect their information and keep it secret they will not confide it as freely as they do. In consequence, the ability of physicians to provide the care needed would be severely diminished. Rules relating to health information must be developed in recognition of its special nature and the circumstances of trust and vulnerability in which it is initially collected or confided. Patients confide in their physicians for the purpose of receiving care. The potential that the information thus confided may subsequently be used for other purposes must not impede the therapeutic purpose or diminish the trust and integrity of the patient-physician relationship. In recent years the secondary use of information for purposes other than those for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. Putting patients first means ensuring that health information, in all but exceptional and justifiable circumstances, is used only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Moreover, a distinction must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Bill C-6 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The laxness and breadth of these exemptions as applied to health information is unacceptable. These uses, without the patient’s consent (or even knowledge), reduce the patient to a means to someone else’s end, however worthwhile that end may be. Moreover, the absence of consent (or even knowledge) undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. CMA has developed and adopted a Health Information Privacy Code (Appendix A) in recognition of the special nature of health information and to give primacy to patients and to the right of privacy. This Code begins from the same starting point as Bill C-6, the Canadian Standards Association (CSA) Code which the Bill includes as Schedule 1. However, unlike Bill C-6, the CMA Code tailors the CSA Code to the specific circumstances of health information. The CMA Health Information Privacy Code, therefore, is able to address issues specific to health information that Bill C-6 either fails to address or, even worse, exacerbates. In light of the clear deficits in Bill C-6 and the inadequate protection of patient privacy and health information confidentiality, CMA urges this committee to accept the recommendations put forward in this brief to strengthen the Bill’s provisions for protecting privacy and to accept the amendment (Appendix B) CMA has prepared to give effect to these recommendations. CMA believes that Canadians desire and deserve no less than this as concerns the right of privacy with respect to health information. I. Introduction The Canadian Medical Association is the national voice of Canadian physicians. Our mission is to provide leadership for physicians and to promote the highest standard of health and health care for Canadians. The CMA is a voluntary professional organization representing the majority of Canada's physicians and comprising 12 provincial and territorial divisions and 43 affiliated medical organizations. On behalf of its 46,000 members and the Canadian public, CMA performs a wide variety of functions, including addressing the emerging issue of electronic health information and confidentiality and privacy. It is in this capacity that we present our position on Bill C 6, The Personal Information Protection and Electronic Documents Act. CMA commends the federal government for taking this important first step of beginning the debate on privacy and the protection of personal information. The issues are complex and the interests at stake significant. CMA welcomes the opportunity to provide comments on Bill C-6 and hopes that its input will strengthen the Bill by ensuring that patient privacy and the confidentiality of medical records are adequately protected. In preparing this brief CMA has had the benefit of the final report of the federal Advisory Council on Health Infostructure, Canada Health Infoway: Paths to Better Health: Final Report. (“Advisory Council Report”) Where appropriate, CMA cites the findings contained in the Report. CMA wishes to underscore the key themes of its brief: A. Health information is special by its nature. Rules relating to health information must be developed in recognition of its special nature. Ensuring protection of privacy and confidentiality of the patient record must take precedence over other considerations. Bill C-6 fails to do this. Bill C-6 is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. The world of health care is very different from that of commerce and consequently requires distinct rules. B. Typically, health information is confided in the context of the therapeutic relationship and under the trust upon which this relationship is built. Rules concerning health information -- and in particular its collection, disclosure and use for purposes unrelated to the provision of direct care -- must be consistent with the expectations of patients about confidentiality and must not exploit the trust patients have in their physicians or compromise the ability of physicians to earn and maintain this trust. C. Health information must, in all but exceptional and justifiable circumstances, be used only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Moreover, a distinction must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Bill C-6 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The laxness and breadth of these exemptions as applied to health information is unacceptable. These uses, without the patient’s consent (or even knowledge), reduce the patient to a means to someone else’s end, however worthwhile that end may be. Moreover, the absence of consent (or even knowledge) undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. D. The root of most of the problems in applying Bill C-6 to health care information is its failure to distinguish among purposes for the collection, use and disclosure of health information. In particular, the Bill fails to distinguish between the primary purpose, which is to deliver care to and for the benefit of an individual patient, and secondary purposes, which are not for the direct benefit of the patient (and indeed may even use the patient’s information to his or her detriment). Provisions to protect privacy should give recognition to the difference between these purposes and should not hinder the ability of physicians and others to provide care consistent with the patient’s wishes. Moreover, the Bill has no effective mechanism to distinguish legitimate purposes, which should be permitted, from illegitimate purposes, which should not, notwithstanding the limitation to “purposes that a reasonable person would consider are appropriate in the circumstances” in Section 5(3). E. In recent years the secondary use of information for purposes other than the purpose for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. This Brief will first look at the apparent rationale of Bill C-6 and its potential application to health information. The brief will then describe why CMA considers health information to be special in nature and worthy of special protection. Finally, the brief reviews the difference in approach between Bill C-6 and CMA’s Health Information Privacy Code to illustrate that Bill C-6 provides inadequate protection to patient privacy and medical confidentiality. II. Rationale and Scope of Bill C-6 A. Rationale of Bill C-6 The driving force behind Bill C-6 is the support and promotion of electronic commerce. The second part of the Bill is devoted to permitting electronic versions of documents and signatures to be legitimate or ‘originals’ if the provisions of the Act are followed. Part 2 of the Bill is quite distinct from Part 2 and both parts could stand alone as separate pieces of legislation. Part 2 simply allows electronic versions of documents and signatures to be recognized as legitimate. On its face, this has little to do with the protection of personal information except to the extent that storage of documents in electronic form provides greater ability to access, link and merge information. Certainly, the Bill appears to draw on this connection by including, in its statement of purpose, the provision of a right of privacy in an era in which technology increasingly facilitates the collection and free flow of information. Part 1 concerns all forms of personal information, electronic and otherwise. It gives some protection to personal information by requiring consent in some instances. In CMA’s view, a fundamental difficulty with Part 1 and with the Bill in general is that its goal is to promote commerce and thus all information is implicitly considered as falling within the ‘commercial’ realm. In the case of health information this is surely not the case or the only consideration. Moreover, this creates a clash of values when applied to a health care system that is a public system. The Advisory Council Report takes a firm stand on this issue and states that legislation respecting the privacy protection of health information, “should also contain a clear prohibition against all secondary commercial use of personal health information.”Moreover, Bill C-6 fails to distinguish and priorize different purposes for collecting, using and disclosing information and in doing so treats all purposes as more or less equal and subject to the same rules. CMA takes a quite a different view when it comes to health information and will expound its view throughout this brief. B. Scope - Application to Health Records CMA has argued from the outset that C 6 (and its predecessor C 54) will apply to some health information. This view now appears to be widely accepted. Nevertheless, it is unclear as to what extent Bill C 6 will apply to health records. The full name of the Act states, in part: An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances . . . . What are these circumstances? Section 4(1) states that Part 1 (the part protecting personal information) applies in respect of personal information that: (a) the organization collects, uses or discloses in the course of commercial activities; or (b) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business. The definition of commercial activity given in 2(1) that commercial activity Ameans any particular transaction, act or conduct or any regular course of conduct that is of a commercial character@ is circular and does nothing to clarify uncertainties concerning the Bill’s scope. There are two points to be made here as concerns the application of this Bill to health information. The first concerns clarity around where commercial ends and health care begins. Which health care settings that operate for profit are excluded from the Act? This question speaks to the difficulty of delineating what activity is considered health care and what activity is considered commercial. Moreover the increase in public/private partnerships and joint funding of endeavours within the health care sector, which the government appears to be promoting, may make it increasingly difficult to make this distinction; for example in the area of research. The second concerns the specification of different regimes for information protection and privacy rights, depending on whether the information is deemed to come under commercial activity. This is clearly not desirable. However, the solution to this problem is not to reduce the privacy rules for all health information to the lowest common denominator but to raise them to a higher level of protection than is afforded commercially acquired information. Subjecting all health information to the regime laid out in the CMA Health Information Privacy Code would achieve this objective. In preparing this brief CMA has assumed that the Bill will provide a scheme that applies to at least some health information. Three years after it is in force it will apply equally to activities that occur strictly within the provinces, unless there is legislation in the province that is substantially similar to the Bill (see sections 27(2)(b) and 30). No doubt the extent of the federal government’s ability to legislate in this area generally will be the subject of extensive debate. However, CMA has no comment on this debate and provides its opinion in the interests of ensuring that the rules that relate to health information are compatible with preserving the integrity of the patient physician relationship and the protection of patient privacy and health information confidentiality. The federal government has an opportunity to provide Canadians with strong privacy rights in health information. It is incumbent upon the government to do so. C. Scope - Government Excluded Bill C-6 expressly excludes a large part of government activity from its ambit. Although government activity is to some extent governed by the Privacy Act, R.S.C. 1985, P-21, the rules of this Act provide less protection than those of Bill C-6. Government should subject itself to at least the same rules that it requires of the private sector in so far as it is a collector and user of information. Indeed, government’s practices relating to the collection, storage, merging, transfer and use of health information should be subject to more stringent rules than those found in either the Privacy Act or Bill C-6. The Advisory Council Report also calls for the same rules to apply to the public and private sectors, rules that are more stringent than those found in the Privacy Act or Bill C-6. Therefore, CMA recommends: That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. III. Considerations Regarding Patient Privacy and Confidentiality: Medical Context Versus Commercial Context A. CMA’s Position The world of health care is very different from that of commerce and consequently requires distinct rules that are more protective of privacy. Confiding information to your physician under the trust of the patient-physician relationship is not on par with giving your address to a salesclerk when you purchase a toaster or rent a movie. Health information is special by nature. Canadians know this. In a recent Angus Reid poll commissioned by CMA Canadians told us loudly and clearly that they regard their health information as especially sensitive. However, the obvious sensitivity of health information is not the only thing that makes it special and in virtue of which it warrants distinct rules to strengthen privacy protection. It is important to recognize that this information is typically collected under the trust patients vest in their physicians. Patients confide their information for the purpose of receiving care and in the expectation that it will be held in the strictest confidence. This purpose, and the preservation of this trust, should be given primacy in rules concerning health information It is also important to recognize that the trust under which patients confide in their physicians is fundamental to the patient-physician relationship. If patients could not trust their physicians to protect their information and keep it secret they would not confide it as freely as they do. In consequence, the ability of physicians to provide the care needed would be severely diminished. Rules relating to health information must be developed in recognition of its special nature and the circumstances of trust and vulnerability in which it is initially collected or confided. Patients confide in their physicians for the purpose of receiving care. The potential that the information thus confided may subsequently be used for other purposes must not impede the therapeutic purpose or diminish the trust and integrity of the patient-physician relationship. In recent years the secondary use of information for purposes other than those for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. Putting patients first means ensuring that health information, in all but exceptional and justifiable circumstances, is used only under the strict control of the patient. The patient must be able to exercise control through voluntary, informed consent. Moreover, a distinction must be made between a patient’s right to know what can or must happen to health information and the right to consent to such use. Bill C-6 permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purpose. The laxness and breadth of these exemptions as applied to health information is unacceptable. These uses, without the patient’s consent (or even knowledge), reduce the patient to a means to someone else’s end, however worthwhile that end may be. Moreover, the absence of consent (or even knowledge) undermines the integrity of the patient-physician relationship and has the potential to erode the trust patients have in their physicians - a trust that is essential to patients’ willingness to provide the complete information needed to provide them with care. CMA has developed and adopted a Health Information Privacy Code (Appendix A) in recognition of the special nature of health information and to give primacy to patients and to the right of privacy. In commenting on this Code the Advisory Council Report notes: The Code represents an important contribution to the deliberations of Canadians and legislators on how to safeguard privacy across the health domain. In his 1998-99 Annual Report, the Federal Privacy Commissioner writes in support of the Health Information Privacy Code: Legislators looking for guidance on health information privacy law need not re-invent the wheel; the Canadian Medical Association’s Health Information Privacy Code is a comprehensive benchmark for achieving a high national level of protection for personal information. The Code could be the basis for drafting legislation. Given the grumblings that the Code sets the bar too high, perhaps some Health Infoway funds should be used to study the impact of its implementation. The patients at the heart of this system deserve no less. There are several key principles that guided the development of the Health Information Privacy Code and upon which it is based: 1. The provision of health care to all Canadians irrespective of social circumstances or health status is a highly regarded value in Canadian society. The system is publicly funded and universally accessible. 2. The right of privacy is fundamental to a free and democratic society. 3. Rules relating to health information must recognize its special nature. Health information has a high level of sensitivity and is confided or collected in circumstances of vulnerability and trust for the primary purpose of benefiting the patient. 4. The hallmark of the medical profession since the time of Hippocrates has been the willingness and ability to hold information confided secret. 5. The patient-physician relationship is one of trust. A central feature of this trust is the belief of patients that information confided in or collected by physicians and other health care providers will be kept secret. 6. Patients believe that the information they disclose or that is gathered as a result of their seeking health care will be used to provide them with health care. Use beyond the provision of health care without knowledge or consent goes beyond what a patient’s reasonable expectations were when information was confided or collected and therefore is a breach of the trust patients place in their physicians. 7. Except in very limited circumstances, consent is required for health information collection, use, disclosure or access for any purpose. 8. Information required to provide patients with the health care sought should be readily available to those who require it to provide an aspect of care as consistent with the wishes of the patient. 9. Uses of health information for purposes other than the provision of health care to the person seeking care should be subject to rules that: - protect and promote privacy and confidentiality; - generally require express consent; - can be justified according to specific criteria. 10. Patients should know the uses to which their health information may be put prior to disclosing it. 11. Patients may be reluctant to disclose information if they are concerned about the uses to which the information is put or the persons entitled to access it. B. Public Opinion To determine the public’s views on issues concerning privacy and health information, CMA commissioned Angus Reid to conduct research in two forms, quantitative (survey) and qualitative (focus groups), and has found the following: 1. Canadians believe that health information is the most sensitive type of information, and indeed more sensitive than their financial information. 1. 2. Canadians believe that their health information will be kept confidential and consider this to be important. 3. Canadians believe it important to know and control how their health information is shared with others. 4. Canadians do not want their health information released to third parties (including governments and researchers) without their knowledge and consent. 5. Canadians have concerns about the release of delinked or anonymous information to third parties without their consent. 6. Some Canadians are reluctant to confide information to their physicians due to concerns about it subsequently being disclosed to others without their consent. 7. Patients believe that privacy rules should apply equally to the public and the private sector. These findings are consistent with the published literature and other findings relating to the public’s concerns about privacy and confidentiality. The CMA Health Information Privacy Code was developed in consideration of these views. Once developed, its principles were subsequently tested with the public in a series of cross-country focus groups and it was found that the Code appears to enjoy considerable public support. C. The Advisory Council Report The Advisory Council Report relates to the electronic health record. However, given the direction towards the greater use of technology and the underlying principles informing the Advisory Council, its recommendations are generalizable to all health information. A key principle of the Advisory Council Report is that access by health care professionals should be based on a need-to-know basis under the strict control of the patient. The Council, like CMA, calls for scrutiny and justification of secondary uses of health information. The Council is opposed to the use of multipurpose identifiers on the grounds that it becomes too easy for government officials from one department to gain access to a person’s health record or to combine a number of records to assemble a comprehensive profile. (Anecdotal evidence suggests that this concern may be justified and that there are insufficient safeguards preventing the flow of health information among government departments.) The Council recommends that all governments ensure that they have legislation to address privacy protection specifically aimed at protecting personal health information through explicit and transparent mechanisms. Included in these mechanisms are: * The provision of a precise definition of free and informed consent, as well as a statement of principle that informed consent should be the basis for sharing personal health information; * Any exemption to the requirement of informed consent should be clearly set out in law. More specifically, legislative guidance should be provided on how to balance the right of privacy with the public good for research purposes to implement a coherent and harmonized pan-Canadian system for independent, ethical review. * There should be provisions regulating secondary uses of non-identifiable health information. These provisions should address privacy concerns surrounding the degree to which data might be linked back to an identifiable individual. * Legislation should set clear limits on access to and use of health information by third parties outside the health care system. To prevent the serious invasions of privacy that can result from the unrestricted linking of personal health information with other kinds of information on the same individual, the legislation should contain provisions prohibiting the use for any other purpose of unique personal identifiers in health information systems. D. The Approach in Bill C-6 Bill C-6 begins with the right premise: that “rules to govern information collection, use and disclosure” should recognize the “right of privacy”. However, it fails to recognize the special nature of health information and to tailor its provisions accordingly. In consequence, there is confusion and uncertainty about Bill C-6's application to health care. Even more seriously, however, Bill C-6 fails to recognize that health information requires stronger or greater privacy protection than other types of information. The Bill makes a cursory attempt at distinguishing among varying types of personal information and gives inadequate additional protection to information that is highly sensitive (such as health information), notwithstanding the provisions in Paragraph 4.3.4 of Schedule 1 concerning consent which do provide some latitude for more stringent requirements in the case of sensitive information. The Bill permits the collection, use and disclosure of information without knowledge or consent on grounds such as expediency, practicality, public good, research, offence investigation, historic importance and artistic purposes. In the context of health information, these grounds should be subject to intense scrutiny to determine their relevance and legitimacy. Some of these grounds would not withstand scrutiny if subjected to the tests established in the CMA’s Health Information Privacy Code. E. Conclusion CMA believes that health information is special and deserves a higher level of privacy protection than other types of information. The Advisory Council Report also recognizes that distinct rules, more protective of privacy, are required for health information. The Council’s Report places strong emphasis on the protection of privacy, recognizes that, as a general rule, the flow of health information should be on a need-to-know basis and under the control of the patient through the exercise of free and informed consent, and requires limits on the secondary use of health information. The inadequacy of Bill C-6 for health care is not surprising because clearly it was not drafted with health information in mind. Rather, it is written from the perspective of encouraging commerce. It appears to have access to information as its dominant value. However, the world of health care is very different from that of commerce and distinct rules that are more protective of privacy. The CMA Health Information Privacy Code begins from the same starting point as Bill C-6, the Canadian Standards Association (CSA) Code which the Bill includes as Schedule 1. However, unlike Bill C-6, the CMA Code tailors the CSA Code to the specific circumstances of health information. The CMA Health Information Privacy Code, therefore, is able to address issues specific to health information that Bill C-6 either fails to address or, even worse, creates. It offers a template for the protection that should be specifically accorded to the right of privacy in health information, a template that appears to have considerable public support and is designed to uphold patient confidence in their physicians and the health care system. Amending Bill C-6 to incorporate the principles in the CMA Code would ensure adequate privacy protection. CMA recommends: That Bill C-6 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Health Information Privacy Code provide the basis of such provisions. CMA developed the Health Information Privacy Code in recognition of trends and developments that pose new threats to patient privacy and the trust of the therapeutic relationship. In recent years the secondary use of information for purposes other than the purposes for which it was collected has been increasing without adequate oversight or public knowledge. This ‘function creep’ undermines the trust of patient-physician relationship. Collection and use beyond the therapeutic context and for purposes unrelated to the provision of direct care should be subjected to rigorous scrutiny before they are permitted to occur. To the extent that they are permitted to occur without patient consent they should be explicitly authorized in legislation to ensure transparency and adequate oversight. CMA’s Health Information Privacy Code provides a test to which legislation addressing health information should be subjected. This test (found in section 3.6 of the CMA Code) states: Any proposed or existing legislation or regulation made under legislative authority that permits or requires health information collection, use, disclosure or access shall be subjected to the following legislative test: (a) There must be demonstration that: (i) a patient privacy impact assessment has been conducted, the analysis has been made public and has been duly considered prior to the introduction of legislation [section 3.5 of the Code provides guidance with respect to the patient privacy impact assessment]; (ii) collection, use, disclosure and access will be limited to the greatest degree possible to ensure that * the collection of health information by persons external to the therapeutic context will neither trade on nor compromise the trust of the patient-physician relationship; * patients are not likely to be inhibited from confiding information for primary purposes; * the ability of physicians to discharge their fiduciary duties to patients will not be compromised; and, * patient vulnerability will not be exploited; (iii) collection, use, disclosure and access will be restricted to what is necessary for the identified purpose(s) and will not impede the confiding or collection of information for primary purposes; (iv) provisions exist for ensuring that patients are provided with knowledge about the purpose(s) and that, subject to 3.6(b), patient consent is clearly voluntary; (v) the means used are proportionate and the collection will be limited to purposes consented to or made known to the patient; (vi) the patient’s privacy will be intruded upon to the most limited degree possible in light of the purpose(s) consented to or made known to the patient; (vii) linkage of the health information will be limited; and (viii) unless clear and compelling reasons exist: * all reasonable steps will be taken to make health information anonymous; and * if it has been demonstrated that making health information anonymous would render it inadequate for legitimate uses, the information will be collected and stored in a deidentified-relinkable format. (b) When nonconsensual collection, use, disclosure or access is permitted or required by legislation or regulation that meets the requirements of the Code, the following conditions must also be met: (i) the right of privacy has to be violated because the purpose(s) could not be met adequately if patient consent is required; and (ii) the importance of the purpose(s) must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. (c) Any legislative provision or regulation that permits or requires health information collection, use, disclosure or access nonconsensually shall not, without compelling reasons, be applied retroactively to existing health information. In its current form, Bill C-6 would not pass the scrutiny of the test. Consequently, CMA recommends: That the proposed rules for health legislation be subject to the legislative test found in CMA’s Health Information Privacy Code and formulated in light of this process. IV. Specific Comments on Bill C-6 From the Perspective of CMA’s Health Information Privacy Code This section highlights some key distinctions between the approach taken by Bill C-6 and CMA’s Health Information Privacy Code. It uses examples to illustrate divergent approaches taken for the purpose of demonstrating that Bill C-6 is inadequate in the protection it accords health information and to show how the CMA Health Information Privacy Code would address the issues adequately. A. General Bill C-6 and CMA’s Health Information Privacy Code are based on the Canadian Standards Association’s Model Code for the Protection of Personal Information (CSA Code). Bill C-6 and the CMA Code also augment the CSA Code’s provisions where considered necessary. The need to extend the provisions of the CSA Code demonstrates that the CSA Code, being general in nature, provides inadequate protection to information in many instances. The CSA recognized this at the time it developed its Code and specifically issued additional, specific guidance for health information in the form of an appendix to the Workbook for applying the Code. The Workbook begins: Information regarding one’s health and health records may be among the most sensitive of all personal data. Individuals are concerned that inappropriate disclosure of such information could unduly affect their employment status or their lives in general. . . Some health information is obtained directly from health care providers who have been given a patient’s private information with the expectation that this information will remain as a private communication. Health care providers . . . in turn, feel that such concerns could influence individuals to withhold vital information or avoid treatment to ensure their private information remains as such. Implementation of privacy procedures that adhere to the principles in the CSA Code and rigid applications of such procedures are essential steps for organizations that require access to health information, to maintain an individual’s trust that sensitive personal information remains confidential. In designing and implementing such procedures, organizations should recognize the sensitive nature of such information and also the fact that the primary reason that health care providers maintain records is to ensure that safe and efficacious care is provided. The Workbook goes on to list 7 interpretative points to augment the CSA Code, providing additional privacy protection as it applies to health information, including the following: requirements for the individual’s knowledge and consent be rigidly followed. Consent to acquire and disclose health information should be undertaken with the individual’s full knowledge of the scope of information to be requested. Bill C-6 does not include these additional interpretive points. It does not give due recognition that health information, because of its high sensitivity, deserves even stronger protection than is provided in the CSA Code as appended in Schedule 1 of the Bill (which even the Committee that drafted the CSA Code recognized). Although Bill C-6 and the CMA Code are based on the CSA Code, each takes a different approach to the ultimate protection accorded information and to the right of privacy. This divergence demonstrates that there are many ways to resolve issues left unresolved by the CSA Code. In other words, it is not a foregone conclusion that basing provisions on the CSA Code will result in appropriate or adequate protection of information. Rather, resolution of issues requires thought and deliberation and will depend in some measure on the primacy given to certain values. Bill C-6 appears to have given access primacy in the pursuit of commerce, whereas CMA gives privacy protection primacy in the pursuit of the provision of health care in accordance with physicians’ fiduciary obligations to patients and the integrity of the patient-physician relationship. CMA did not develop its approach in a vacuum. It reviewed, and was inspired by, the report of the House of Commons Standing Committee on Human Rights and the Status of Persons with Disabilities, entitled Privacy: Where Do We Draw the Line? This report articulates and makes explicit many of the issues that should be informing the current debate on Bill C-6. In addition, the Report of the Advisory Council takes a very different approach than Bill C-6. The Report recognizes the need to pay more than lip service to protecting privacy and confidentiality and recommends specific measures aimed at doing this. B. Primacy of the Therapeutic Purpose The root of most of the problems in applying Bill C-6 to health care is its failure to distinguish among purposes for the collection, use and disclosure of health information. In particular, the Bill fails to distinguish between the primary purpose, which is to deliver care to and for the benefit of an individual patient, and secondary purposes, which are not for the direct benefit of the patient and indeed may even involve using the patient’s information to his or her detriment. Under Bill C-6, the same rules apply equally to both the primary and to secondary purposes. In other sectors this failure to distinguish different purposes and to fashion rules in light of salient differences may not pose problems. In the health care sector, however, the consequences could be quite serious. As applied to secondary purposes, the provisions in Bill C-6 fail to limit access appropriately. Access to information may occur in ways that are inappropriate and violate the privacy of patients. As applied to the primary purpose -- the use of a person`s information to provide that person with care -- the rules in the Bill, if rigidly construed, may inhibit access that would otherwise be appropriate and consistent with the patient`s right of privacy. For example, the consent provisions in the Bill could create impediments to information flow where various members of a ‘health care team’ require information about the patient in order to be effective for the patient’s benefit; the provisions in the Bill that seek to limit the extent of information collection could inhibit physicians from being as extensive as they sometimes are and should be in collecting information from patients for the purpose of providing care; the provisions in the Bill requiring that the patient`s request to review his or her record be in writing could in fact be a barrier to patient access which might otherwise be facilitated informally and consistently with the patient`s wishes by a simple verbal request. Such consequences no doubt would be unintended by the drafters of the Bill; the drafters might even argue that for someone to interpret the provisions mentioned above as potentially leading to these consequences would be to misinterpret them. Regardless, the fact is that the Bill, on these matters and others, is somewhat strained when its provisions are applied to health care. The CMA Health Information Privacy Code, however, is not. It begins from the same starting point as Bill C-6, which is the CSA Code. However, the CMA, recognizing (as the drafters of the CSA Code apparently also did) that the CSA Code would need to be tailored to deal adequately with health information, did so in drafting its Health Information Privacy Code. This document was written from the ground up not just with privacy first and foremost as a value but also with specific reference to the health sector. And it is based on the fundamental premise that not all purposes for the use of health care are equal and that the therapeutic purpose must be given primacy. Thus the CMA Health Information Privacy Code avoids the kind of problems identified above that might arise as Bill C-6 is applied to health information. For example, it specifies that the collection of health information for the primary purpose of providing care “may be as extensive as necessary to fulfil these purposes and reflect the high level of trustworthiness and accountability of health professionals in the therapeutic context” (3.2) but that for any secondary purposes it should be “as minimal as necessary in recognition of the need to protect the patient’s right of privacy in the therapeutic context” (3.3.). As concerns consent, which CMA recognizes to be core to the protection of privacy, the CMA Code articulates rules for consent in recognition of the importance of timely information flow in the team context and as appropriate to meet the purpose for which the patient has confided the information in the first place, which is to receive care. It stipulates that consent for the primary purpose may therefore be implied, albeit with certain qualifications. Moreover, where consent is required, the provisions of the Code allow that “the conveyance of generic information is a reasonable means of providing knowledge” in most circumstances, which means that this requirement is unlikely to create unreasonable burdens that would diminish rather than strengthen the therapeutic relationship. Finally, the CMA Code limits itself to issues of principle concerning patient access to their records; Bill C-6, by specifying that requests must be in writing, could in fact be creating a barrier to patient access or an undue burden upon the patient-physician relationship as there may be instances when an informal request would be quite appropriate. C. Knowledge of Purpose Prior to Collection Bill C-6 Bill C-6 is ambiguous in its provisions relating to whether or not a person should know the purposes for which information will be used prior to disclosure. This is due in part to the use of the term “knowledge and consent” as one concept rather than distinguishing the knowledge requirement from the consent requirement. What a person should know in relation to the purposes for which information might be used or disclosed, prior to its being given, is distinct conceptually from whether the person must consent before information can be used or disclosed for a particular purpose. Schedule 1 of the Bill contains a number of principles. For the purposes of this Brief the schedule will be referred to in terms of the principles (and their subparagraphs). Principle 2 addresses the identification of purposes for which information will be used or disclosed. Provided a purpose is identified it becomes a legitimate purpose (this Brief recognizes that the addition of the “reasonable person” clause in 5(3) takes precedence and provides some grounds for distinguishing legitimate and illegitimate purposes). Subparagraph 3 states that the identified purposes should be specified at or before the time of collection. Section 5(2) of the Bill states that the use of ‘should’ in schedule 1 indicates a recommendation and does not impose an obligation. Therefore, according to subparagraph 3, it is recommended but is not obligatory that disclosure occur. On the other hand, principle 3 addresses consent and appears to impose an obligation by stating that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Similarly subparagraph 2 appears to create something of an obligation by stating, “organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used.” Section 7(1)(a) permits the collection of information without knowledge and consent when collection is clearly in the interests of the individual and consent cannot be obtained. The intent of this section could be made clearer, particularly in terms of who determines the “interests of the individual.” Otherwise this exception could give undesirable licence to collect without knowledge or consent. The provision in section 7(1)(b) is more problematic. This section appears to favour withholding knowledge from an individual if such knowledge would compromise accuracy, defeat the purpose for collection or prejudice the use. In some instances it may well be that, if an individual is provided with knowledge of the purposes for which information is collected and the uses to which it will be put, he or she may choose to withhold information rather than disclose it, and in doing so would clearly compromise accuracy, defeat the purpose for collection or prejudice the use to which the information will be put. This is contrary to principle 4.4.2, which recognizes that information should not be collected by misleading or deceiving individuals. The intent of this section should be far clearer and circumscribed in such a way as to make it clear that it is not permissible to withhold knowledge or not seek consent simply on the basis that if a person had knowledge they would not wish to disclose information. Section 7(1)(c) allows collection without knowledge or consent for journalistic, artistic or literary purposes. This provision is totally inappropriate in the case of health information. CMA Health Information Privacy Code The CMA Health Information Privacy Code is considerably more restrictive that Bill C-6. It recognizes that, in the therapeutic context, health information is confided or collected under the patient’s presumption that it is necessary to meet his or her therapeutic needs. The potential that health information may be subsequently collected, used, disclosed or accessed for other purposes without patient consent should be made known to patients before information is confided or collected for the primary therapeutic purpose. Moreover, it is not acceptable to withhold knowledge from patients deliberately out of concern that knowledge could inhibit them from confiding important information fully and truthfully. The CMA Health Information Privacy Code limits the nonconsensual collection of health information to circumstances where it is either permitted or required by legislation or ordered or decided by a court of law. In addition, the CMA Code gives explicit direction to legislators with respect to the conditions under which legislation should permit or require health information collection (see section 3.6 of CMA Code). In the case of nonconsensual collection, the following conditions are stipulated: 1. The right of privacy has to be violated because the purposes could not be met adequately if patient consent is required; and 2. The importance of the purposes must be demonstrated to justify the infringement of the patient’s right of privacy in a free and democratic society. D. Use Without Knowledge Or Consent Bill C-6 Once information has been collected and despite the limits, inadequate though they be, placed on collection without knowledge or consent, it can be put to even greater use than for the purposes for which it has been collected (with or without knowledge or consent). Section 7(2) opens up dramatically the uses to which collected information may be put without either knowledge or consent. At a minimum, and with little additional administrative effort, the enumerated grounds of section 7(2) (and 7(3) should be made known to an individual prior to their disclosure of information, which would be in keeping with the principle of openness and explicitness. Section 7(2)(a) allows use in connection with the investigation of an offence. In the medical context this could be problematic, particularly if it is interpreted to impose an obligation. Generally, there is no obligation to assist in the investigation of an offence, and indeed the fiduciary duty between patient and physician and the duty of confidentiality owed to the patient by the physician would suggest that physicians not offer information, despite its usefulness. Section 7(2)(b) recognizes emergency situations. However, as worded, section 7(2)(b) would allow access to anyone’s information if it is for the purpose of acting in an emergency threatening the life, health or security of an individual. The implications of this section should be carefully thought through. It is not desirable to give such a broad licence to access anyone’s information on the basis of an emergency. There should be some limiting principle that takes into account the prevailing view that people generally are not required to go to the assistance of others (emergency or otherwise) and that information about oneself is considered worthy of protection against use or disclosure, despite its potential benefit to others (for example, genetic information or HIV or Hepatitis C status). Section 7(2)(c) is very problematic as it permits the use of “identifiable” information for a host of purposes, including statistical and research, when it is impractical to seek consent. Even though the Commissioner must be informed of the use before the information is used the Commissioner has no power to approve or reject the use. If the use is legitimate under the Bill there would be no grounds open to the Commissioner to cause an audit to occur. This section gives significant scope for the secondary use of information that has been collected without knowledge or consent; in the case of health information it is very problematic. CMA Health Information Privacy Code The CMA Code makes a clear distinction between the primary purpose for the collection and use of health information and secondary purposes for its use. The key distinction between these two categories is that primary purposes relates to the provision of the health care benefit sought whereas secondary purposes are ends or aims that are not directly related to the provision of care. The CMA Code divides secondary purposes into two categories: 1. Secondary legislated purposes are those purposes that have been subjected to the legislative test specified in the Code and have subsequently been written into law; 2. Secondary nonlegislated purposes are any other purposes, such as education or research not governed by legislation, that meet the provisions of the CMA Code and the secondary nonlegislative test provided by the Code. The tests that the CMA Code requires of both relate to: 1. Impact on privacy. 2. Impact on the patient-physician relationship, especially confidentiality and trust. 3. Impact on the willingness of patients to disclose information. 4. Impact on patients’ ability to receive care. 5. Evidence of broad public support for the measure. 6. The use will not exploit or compromise the trust of the patient-physician relationship. 7. Patient vulnerability will not be exploited. 8. Under most circumstances patients will be fully informed of the purpose and patient consent will be clearly voluntary. 9. Patient privacy will be intruded upon to the most limited degree possible. 10. Linkage of health information will be restricted and consented to by patients. In other words, the CMA Code does not permit any and all secondary purposes for the use of health information. Rather, it requires justification for the secondary use and assurance that the secondary use will neither impede nor undermine the patient-physician relationship and the provision of health care to the patient. This test is much more privacy protective than the “reasonable person” test the Bill contains in Section 5(3). Moreover, the CMA Code only permits use without consent if it is permitted or required by legislation or when ordered or decided by a court of law. The Advisory Council Report Like the CMA, the Advisory Council Report makes distinctions among various types of uses. The Report calls for legislation to clearly prohibit all secondary commercial use of personal health information (in which respect the Advisory Council takes an even stronger position than the CMA). In addition, the Report recommends that there be provisions regulating secondary uses of non-identifiable health information and that such provisions should address privacy concerns surrounding the degree to which such data might be linked back to an identifiable individual. In this context, the Report recommends that legislation set clear limits on access to and use of health information by third parties outside the health care system. In addition the Report reviews the uses of health information for statistical and research purposes. In connection with research, the Report calls for a number of safeguards and restrictions: 1. Where the data sets used have a higher level of potential identifiability, “the general rule should be informed consent and stringent assurances about privacy protection and security arrangements are necessary before a researcher can have access to personally identifiable information.” 2. The Report recognizes that in some instances it may be impractical to obtain consent from patients. Whether in anonymous or identifiable form, the Report requires that notice be given about the use of the information. In the case of the use of identifiable information, the Report states that the research should be subject to independent ethics review with the onus on the person seeking to use the information without consent to demonstrate that: (a) a tangible public good of significant benefit will result; (b) consent is impossible to secure at a reasonable cost; (c) less identifiable data will not serve the same purpose; and (d) no harm can occur to any person directly or indirectly as a result of this use of his or her personal information. E. Disclosure Without Knowledge Or Consent Bill C-6 The comments found under C. and D. above apply equally here. Section 7(3) adds further instances when collected information can be disclosed to others without knowledge or consent. CMA Health Information Privacy Code In the case of secondary use of health information, the CMA Code takes a far more restrictive approach. As concerns use, disclosure or access, it states: The potential that health information, in whole or in part, may be subsequently collected, used, disclosed or accessed for other purposes without their consent, and what those purposes might be, must be made known to the patient by reasonable means before it is confided or collected for primary purposes. Moreover, the CMA Code recognizes that information disclosed by one organization is collected by another. The Code defines collection to mean: the act of accessing, receiving, compiling, gathering, acquiring or obtaining health information from any source, including third parties, and by any means. It includes information collected from the patient, as well as secondary collection of this information in whole or in part by another provider or user. The collecting organization should be bound by the provisions of the CMA Code, which generally requires consent for use for any purpose and always requires knowledge of the potential purposes that information will or must be put to prior to the information being disclosed. CMA’s Code states: Health information custodians must ensure that third parties privy to health information have adopted this Code or are bound by equivalent provisions. Finally, the CMA Code explicitly recognizes that information can be retrieved from a variety of sources to formulate records. Any and all such practices and the composite form developed are given the same degree of protection as that accorded information collected directly from the patient. F. Consent Bill C-6 In those cases where consent for collection, use or disclosure are required, the provisions in Bill C-6 are inadequate as applied to health care. Schedule 1 distinguishes between express and implied consent. Express consent is not adequately defined and it appears that this is not equivalent to what in health care is called ‘informed consent’. For example, Principle 4.3.2. says that “organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used”. In the health care context, the notion of ‘reasonableness’ with respect to the doctrine of informed consent applies not to the effort to advise or inform (that much is assumed or given) but rather to determinations regarding what information should be provided to the patient. In addition, the application of some of the means described in Principle 4.3.7 by which individuals can give consent, and in particular the ‘negative option’ checkoff box in (b), may be quite problematic in the health care context. The broad scope allowed to implied consent in the Bill is also worrisome as applied to the health care setting. Principle 4.3.6 says “implied consent would generally be appropriate when the information is less sensitive”. However, with implied consent the issue is not the sensitivity of the information but rather the wishes of the patient. It is appropriate to infer consent even when the information is very sensitive provided one has reason to believe this is grounded in the patients wishes; conversely, it is not appropriate to infer consent, even in the case of information deemed not to be sensitive, if there is reason to believe the patient would object if asked explicitly. CMA Health Information Privacy Code The CMA Code furnishes clear definitions for consent: “Consent” means a patient’s informed and voluntary agreement to confide or permit access to or the collection, use or disclosure of his or her health information for specific purposes. For purposes other than the provision of direct care, which is the purpose for which the patient presents in the first place, the consent must always be explicit or express since there is no logical connection between secondary purposes and the desire to achieve care. Therefore inferences cannot be made with any confidence. The Code defines express consent as follows: “Express consent” is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the provider seeking consent. The CMA Code defines implied consent to disallow the loose use of the term, which is increasing today, to justify access for purposes (secondary purposes in particular) that the patient may not wish to occur: Implied consent arises where agreement may reasonably be inferred from the action or inaction of the individual and there is good reason to believe that the patient has knowledge relevant to this agreement and would give express consent were it sought. The CMA Code also lays out clear rules for the use of the concept of consent and makes clear that consent can be inferred for primary purposes (i.e., the provision of health care to the patient) but not for secondary ones, which require express consent. The Code grounds the notion of implied consent not in the desire to subvert express consent and thereby gain access to information that might otherwise be denied but rather in the wishes of the patient and the importance of providing health care for therapeutic purposes as consistent with those wishes. Advisory Council Report In addition to being more stringent than Bill C-6 about exemptions to consent, the Advisory Council Report also gives greater importance to defining the term clearly and strictly. It says that any legislation concerning health information should: contain a precise definition of free and informed consent, as well as a statement of principle that informed consent should be the basis for sharing personal health information. Although not as precise and emphatic on the subject of consent as is the CMA Health Information Privacy Code, the Report is certainly more so than is Bill C-6. G. Information Flow Within Organizations Bill C-6 Bill C-54 defined use to include “the transfer of personal information within an organization.” Bill C-6 no longer defines use, which leaves it uncertain whether the definition of use quoted above from Bill C-54 would be a reasonable interpretation of Bill C-6. If so, this would create a problem. Interpreting use in this way could have the effect of inappropriately restricting the free flow of information within an organization. In the health care context this is not a reasonable or desirable outcome and would hinder, rather than promotes, the patient’s right of privacy. CMA Code The CMA Code recognizes that the free flow of health information is desirable to the extent that it furthers the provision of the health care benefit sought and that it occurs with patient consent. The Code defines the primary purpose to mean: (i) Primary therapeutic purpose is the initial reason for a patient seeking or receiving care in the therapeutic context, and pertains to the delivery of health care to a particular patient with respect to the presenting health need or problem. It encompasses consultation with and referral to other providers on a need-to-know basis. (ii) Primary longitudinal purpose concerns developing composite health information about a particular patient, such as a detailed medical history, beyond direct application to the presenting health need or problem, in order to enhance ongoing care to that person. The Code goes on to state that: Health information collection, use, disclosure or access for the primary therapeutic and longitudinal purposes may be as extensive as necessary to fulfil these purposes and reflect the high level of trustworthiness and accountability of health professionals in the therapeutic context. And further states that: Security safeguards shall impede as little as possible health information collection, use, access and disclosure for primary purposes. Finally, in addressing consent the Code states: Consent to health information collection, use, disclosure and access for the primary therapeutic purpose may be inferred. Consent to subsequent collection, use, disclosure and access on a need-to-know basis by or to other physicians or health providers for this purpose, and for this purpose alone, may be inferred, as long as there is no evidence that the patient would not give express consent to share the information. The principles in the CMA Code that give effect to the patient’s right to control what happens to his or her information are not incompatible with the free flow of information among members of a health team for the purpose of providing care to the patient. Indeed, they facilitate and enable this flow to the extent this is in keeping with the patient’s wishes. H. Information Protected Bill C-6 The Bill covers “personal information” which is defined to mean “information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an oganization.” This definition raises a host of questions: 1. Does the Bill cover information that has been delinked to an identifiable individual but that could be relinked to identify them? 2. Does the Bill only exclude anonymous information - that is, information that could never be relinked to an identifiable individual? And if so, is there an unjustified assumption that information can, in all cases, be rendered truly anonymous? 3. In the case of delinked and anonymous information, who decides that information about an identifiable individual can be rendered delinked or anonymous? The holder of the information or the person to whom the information pertains? 4. Is it accurate or reasonable to assume that people have no interest in information emanating from them once it has been rendered delinked or anonymous? 5. Given that anonymous information is generated from personal information, is the act or process rendering personal information into anonymous form considered a use under the terms of the Bill, and if so does this use require consent? In considering these questions, it is important to keep in mind that the concept of “anonymity” means different things to different people. Moreover, there are no generally used or accepted standards that address what is required to render identifiable information truly anonymous. As a consequence, different people use different standards (of varying degrees of rigour), if they use a standard at all. It is also important to note that, in virtue of sophisticated techniques for identifying individuals from supposedly anonymous information, there is debate about the extent to which true anonymity can ever be achieved or guaranteed. CMA Health Information Privacy Code In light of issues concerning the definition of ‘personal information’ and in the interest of ensuring a thorough scrutiny of information practices, the CMA Code provides a broad definition of health information: Health information means any information about a patient that is confided or collected in the therapeutic context, including information created or generated from this information and information that is not directly or indirectly linked to the provision of health care. It includes all information formats. The CMA Code covers identifiable information, delinked information, anonymous information and any composite form that is produced when health information is linked to other information about the patient. CMA’s research indicates that patients have an interest in their information even when it is in delinked and in anonymous formats. This view has recently received support from a decision of the High Court of Justice in England that is particularly relevant in the context of the commercial use of health information (Source Informatics Ltd. v. Department of Health). The issue arose because a prescription database company sought judicial review of a Department of Health policy document that advised National Health Service GPs and pharmacists not to sell “anonymous” prescribing or dispensing information. The document contained the following analysis: Anonymisation (with or without aggregation) does not, in our view, remove the duty of confidence towards the patients who are the subject of the data. Apart from the risk of identification of a patient despite anonymisation, the patient would not have entrusted the information to the GP or the pharmacist for it to be provided to the data company. The patient would not be aware of or have consented to the information being given to the data company, but would have given it to be used in connection with his care and treatment and wider NHS purposes. Anonymisation of the data (with or without aggregation) would not obviate a breach of confidence. . . .The duty of confidence may in some circumstances be outweighed by the public interest in disclosure. However we have severe reservations that disclosure by GPs or NHS pharmacists of dispensing information to X or other data companies would be argued to be in the public interest. Indeed it might well be contrary to the public interest if the data company is further selling the information on doctors prescribing habits to the pharmaceutical industry. High Court Justice Latham upheld the policy document, arguing that the information in question, though anonymous, was nonetheless confidential. He also argued that consent to its release was necessary and could not be implied, and that the breach of confidentiality involved in selling this information could not be justified as being in the public interest: In my view, it is impossible to escape the logic . . . that the proposal involves the unauthorised use by the pharmacist of confidential information. . . . In my judgement what is proposed will result in a clear breach of confidence unless the patient gives consent, which is not part of the proposal at present. Nor is it suggested that the patient can be said to have given implied consent. . . . I recognize that, for some, the sensitivity, as they see would see it, of the information may be such that they would feel that any use of the information without their consent, would be unconscionable. In other words it would be a breach of trust which they were reposing in the pharmacist. . . I have come to the conclusion that . . . this [is] a type of situation . . . in which there is a public interest in ensuring that confidences are kept. It is important that those who require medical assistance should not be inhibited in any way from seeking or obtaining. As I have indicated, I believe that there may be some patients who will feel very strongly that the pharmacist should not give any information obtained from the prescription without their consent. In view of the fact that there is a growing industry in so-called anonymous health information, it is important to ensure that this information is protected as consistent with the duties of health care providers and the expectation patients have that their providers will keep their information confidential. Advisory Council Report The Advisory Council Report addresses this issue in a number of ways. In making recommendations concerning the definition of health information, the Report calls for legislation that embodies: a clear definition of health information, broad enough to incorporate health information collected in public and private systems and to ensure that equal obligations and penalties apply to both public and private sectors. The Report recognizes a spectrum of data formats: completely anonymous, linked to pseudo-identities, code linked and reidentifiable, completely identifiable. In terms of sensitivity, the Report notes that information that can be re-identified is somewhat more sensitive than completely anonymous data or anonymous data linked to pseudo-identities and that completely identifiable health information is the most sensitive type of health information. The Report also notes that there can be some degree of risk of re-identification of what was believed to be anonymous data through such processes as data matching and the results of analysis using small cells. In this light, the Report recommends that legislation should recognize: A definition of personal health information, which takes into account the spectrum of potential identifiability in the case of health information. Furthermore, in the case of secondary uses of health information, the Report notes that provisions regulating secondary uses of non-identifiable health information must form part of any comprehensive legislation. Such provisions should address privacy concerns surrounding the degree to which data might be linked back to an identifiable individual. The Report raises further issues relating to the use of delinked and anonymous data. The Report notes that there may be group interests and concerns regarding data collected and states: Privacy can also be a concern for groups such as Aboriginal and immigrant communities. These communities worry that research on their members could be released to the media without notice and used in a negative way. This emerging issue is growing in importance and, in the Council’s view, should be a serious consideration in the context of ethical reviews of proposed research projects. It is important to note that, in these instances, it is not the fact that data is linked to an identifiable individual that is of concern. Rather, it is the ability to accumulate, process and dissect information that has ramifications for an individual because they are part of a group segregated and identified by the research. Finally, the Report considers the use of person-oriented data (data linked to individuals in a form where personal identifiers have been replaced by a code) for statistical purposes and notes that this too raises concerns about privacy. The Report notes that: “These concerns have traditionally been seen as a tradeoff against data access for research and analysis in the public interest.” The Report restates this to provide a more positive view of privacy and states: the best way for analysts to maintain the public’s consent to use sensitive (but anonymous) health data is to show the public that privacy, confidentiality and security are being taken seriously. In view of the issues concerning the definition of personal information and in the interest of ensuring maximum scrutiny of practices concerning health information and maximum protection of the right of privacy with respect to health information, CMA recommends: That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite information produced when health information is linked to any information about a person from any other source. I. Individual Access Bill C-6 Bill C-6 restricts the right of individual access to personal information. The grounds for denying access to information are inappropriate in the health care context. CMA Code The CMA Code follows the prevailing case law as it relates to medical records. Primarily this gives patients a right of access to their record in all but very limited circumstances. These circumstances are when there is a significant likelihood of a substantial adverse effect on the physical, mental or emotional health of the patient or substantial harm to a third party. The onus lies on the provider to justify denial of access on these grounds. J. Accuracy and Amendment Bill C-6 Bill C-6 requires that information be as accurate, complete and up-to-date as possible and that it shall not be routinely updated unless this is necessary to fulfil the purpose for its collection. In so far as amendment is concerned, Bill C-6 permits amendment to the record in specified circumstances. CMA Code The CMA Code takes a different approach in light of the nature and purpose of health information. The Code recognizes that the recording of statements of fact, clinical judgements and determinations or assessments should reflect as nearly as possible what has been confided by the patient and what has been ascertained, hypothesized or determined to be true using professional judgement. In terms of amending the record in light of a patient’s request, the CMA Code seeks to preserve the original record but also provide for noting the patient’s concerns. To accommodate both requirements the CMA Code states: Patients who have reviewed their information and believe it to be inaccurately recorded or false have the right to suggest amendments and to have their amendments appended to the health information. K. Sensitivity Bill C-6 Schedule 1 recognizes that medical records have a high level of sensitivity attached. For this reason this information may warrant special attention concerning consent, reasonable expectations, individual access and the degree of security that is appropriate. CMA Code The CMA Code recognizes that, even as all health information is sensitive (when considered against other forms of information about individuals), there are also variations in the level of sensitivity in various aspects of the health record. The CMA Code defines the “sensitivity of health information” to refer to: the patient’s interest in keeping the information secret. It varies according to the nature of the information, its form, and the potential negative repercussions of its collection, use or disclosure on the patient’s interests. Under the Code’s consent provisions it is stated that: Although all health information is sensitive and should be treated as such, the more sensitive the health information is likely to be, given what is known about the circumstances or preferences of the patient, the more important it is to ensure that consent is voluntary and informed. With respect to security the Code states: The development of security safeguards with respect to levels of access for various users shall recognize the differences in the sensitivity of health information and permit access accordingly. Moreover, the Code recognizes that health information is special and therefore requires distinct rules that afford stronger privacy protection not just due to its sensitivity but also to the circumstances of vulnerability and trust under which it is initially confided or collected. These special circumstnaces, which include much more than sensitivity, are outlined in Principle 2 of the Code. Bill C-6, by contrast, fails to consider these other features that make health information a special case. In consequence its provisions are not adquately tailored to the special nature of health information and do not accord it the strong privacy protection it warrants. V. Conclusions The increased capacity to collect, store, transfer, merge and access information, coupled with trends that support increased use of and access to information, have the potential to erode our traditional understanding and protection of privacy and confidentiality. The issues are complex and the choices we must make are difficult. Nevertheless, these issues should be squarely on the table and the choices that we make must be clear, transparent and defensible. Of paramount importance is that the public is not mislead into believing that their information is being protected or kept confidential when in fact it is not. Therefore, even to refer to Bill C-6 as the “Personal Information Protection and Electronic Documents Act” should be the subject of debate. Is the Bill truly about information protection or is it actually about permitting access to information? The approach to rules for information in Bill C-6 is directed toward commerce and appears to have access, and not privacy, as its dominant value, notwithstanding the Bill’s reference to a “right of privacy”. In CMA’s view, the Bill’s approach is inadequate when applied to health information. Based on the evidence, it seems highly likely that the public would also find Bill C-6 inadequate. Bill C-6 was not developed with health information in mind. In consequence there is confusion and uncertainty about its application to the health care context. Even more seriously, however, Bill C-6 fails to recognize that privacy with respect to health information requires stronger or greater protection than other types of information. CMA presents a different approach, an approach that recognizes the special nature of health information; an approach that puts patients first and values privacy and the preservation of the trust and integrity of the patient-physician relationship. This approach appears to be well-grounded in the values that Canadians hold about privacy and would likely enjoy broad public support. In addition, the CMA approach draws support from the Federal Advisory Council Report, which like CMA recognizes the importance of preserving patient privacy and the confidentiality of the health record in an era of increased use of technology. Implicitly, the Report recognizes that the benefits of such technology cannot be realized if public support, based on respect for privacy, cannot be secured. The CMA’s Health Information Privacy Code does what Bill C-6 fails to do. Amending Bill C-6 to incorporate the principles in the CMA Code would ensure adequate privacy protection. In light of the clear deficits in Bill C-6 and the inadequate protection of patient privacy and health information confidentiality, CMA urges this Committee to accept its recommendations and the amendment that incorporates them. Nothing less would give Canadians the high level of privacy protection they desire and deserve when it comes to their health information. VI. Summary of Recommendations That Bill C-6 be amended to incorporate specific provisions relating to health information and that the provisions of the CMA Health Information Privacy Code provide the basis of such provisions; and That any proposed rules for health legislation be subject to the legislative test found in CMA’s Health Information Privacy Code and formulated in light of this process; and That there be a clear definition of the information being accorded a right of privacy and that this definition, at least in the case of health information, include identifiable information, delinked information, anonymous information and any composite information produced when health information is linked to any other information about a person from any other source; and That, at least in connection with health information, the provisions of the Bill apply equally to the public and the private sectors. CMA has drafted an amendment to Bill C-6 (Appendix B) which, if accepted, would achieve all of these recommendations and adequately give Canadians the kind of privacy protection with respect to their health information that they deserve and desire.
Documents
Less detail

Statement to the Canadian panel on violence against women Ottawa -September, 1992

https://policybase.cma.ca/en/permalink/policy11956
Last Reviewed
2019-03-03
Date
1992-09-15
Topics
Health care and patient safety
Ethics and medical professionalism
  1 document  
Policy Type
Parliamentary submission
Last Reviewed
2019-03-03
Date
1992-09-15
Topics
Health care and patient safety
Ethics and medical professionalism
Text
The CMA is pleased to have this opportunity to address the Canadian Panel on Violence Against Women. As a professional organization with a leadership role in societal issues affecting health, it is both appropriate and important for the CMA to be actively involved in addressing the problems associated with violence. The extremely high incidence of abuse, the associated severe physical, mental and psychological health problems and the significant role played by physicians in recognizing and caring for victims make this a priority for organized medicine. The CMA has significant experience and expertise in this field. In 1984, the CMA General Council passed a resolution stating: "That Health and Welfare Canada and the Provincial Ministries of Health and Education alert the Canadian public to the existence of family violence, including wife assault, child abuse, and elder abuse, and to the services available which respond to these problems, and that organized medicine (through such vehicles as professional journals, newsletters, conferences and formal medical education) alert the physicians of Canada to the problem and that all physicians learn to recognize the signs of family violence in their daily contact with patients and undertake the care and management of victims using available community resources." (Resolution #84-47) The CMA calls the Panel's attention to four major areas of concern: Recognition and Treatment, Education and Training, Protocol Development and Research. 1. Recognition and Treatment: Recognition includes acknowledging the existence and prevalence of abuse and identifying victims of violence. Violence against women is clearly a health issue and one that should be given a very high priority. Statistics indicate that nearly one in eight Canadian women will be subject to spousal violence in her lifetime and that one in five will be a victim of sexual assault. Violence against women is a major determinant of both short -and long-term health problems including traumatic injury, physical and psychological illnesses, alcohol/drug addiction and death. Furthermore, although it is critically important to recognize that abuse crosses all racial and socio-economic boundaries, there are strong indications that certain groups are particularly vulnerable to abusive acts (e.g., pregnant, disabled and elderly women). Recognition includes acknowledging and understanding the social context within which violence occurs. Violence is not an isolated phenomenon, but is part of the much broader issue of societal abuse of women. Physicians are often the first point of contact for patients who have been abused physically, sexually, mentally and/or psychologically. They have a vital role to play in identifying victims and providing treatment and supportive intervention including appropriate referral. Abuse is not always readily apparent, however, and may go undetected for extended periods of time. Numerous studies have shown that both physicians and patients often fail to identify abuse as an underlying cause of symptoms. Such delays can result in devastating and sometimes fatal consequences for patients. Even in those cases where abuse is apparent, both physicians and patients often feel uncomfortable talking openly about the abuse and the circumstances surrounding it. It is the physician's role and responsibility to create a safe and supportive environment for the disclosure and discussion of abuse. Furthermore, the lack of resources for support services or the lack of awareness of what services are available to provide immediate and follow-up care to patients in need may discourage physicians from acknowledging the existence of abuse and identifying victims. It is clear that improvement in the ability and the degree to which victims of abuse are recognized and given appropriate assistance by physicians and other caring professionals in a non-threatening environment is urgently required. Individuals who are abused usually approach the health care system through primary contact with emergency departments or other primary care centres. The care available in such settings is acute, fragmented and episodic. Such settings are not appropriate for the victims of violence. The challenge that we, as physicians, recognize is to be able to provide access in a coordinated way to medical, social, legal and other support services that are essential for the victim of violence. This integration of services is essential at the point of initial recognition and contact. The CMA has been involved with eight other organizations in the Interdisciplinary Project on Domestic Violence (IPVD), the primary goal of which is to promote interdisciplinary co-operation in the recognition and management of domestic violence. 2. Education and Training: The spectrum of abuse is complex; the victims are diverse; expertise in the field is developing. The current system of medical education neither provides health care personnel with the knowledge or skills nor does it foster the attitude to deal adequately with this issue. Some of CMA's divisions have played an active role in this area. For instance, the Ontario Medical Association has developed curriculum guidelines and medical management of wife abuse for undergraduate medical students. It is ,important that there be more involvement by relevant medical groups in developing educational and training programs and more commitment from medical educators to integrate these programs and resources into the curriculum. Programs must be developed and instituted at all levels of medical education in order that physicians can gain the requisite knowledge and skills and be sensitive to the diversity of victims of violence. The CMA believes that the educational programs must result in: 1) understanding of the health consequences of violence; 2) development of effective communication skills; and, 3) understanding of the social context in which violence occurs. Understanding of the social context in which violence occurs will require an examination of the values and attitudes that persist in our society, including a close consideration of the concepts of gender role socialization, sexuality and power. This is required in order to dispel the pervasive societal misconceptions held by physicians and others which act as barriers to an effective and supportive medical response to patients suffering the effects of violence. 3. Development of Protocols: The CMA recognizes the need for more effective management and treatment of the spectrum of problems associated with violence against women. Health care facilities, professional organizations and other relevant groups are challenged to formulate educational and policy protocols for integrated and collaborative approaches to dealing with prevention of abuse and the management of victims of violence. The CMA and a number of its divisions have been active in this area:
In 1985, the CMA prepared and published Family Violence: Guidelines for Recognition and Management (Ghent, W.R., Da Sylva, N.P., Farren, M.E.), which dealt with the signs and symptoms, assessment and management, referral assistance and medical records with respect to wife battering, child abuse and abuse of the elderly;
The Ontario Medical Association published Repons on Wife Assault in January 1991. This document, endorsed by the CMA, examines the problem of wife assault from a medical perspective and outlines approaches to treatment of the male batterer and his family;
The Medical Society of Nova Scotia has developed a handbook entitled Wife Abuse: A Handbook for Physicians, advising on the identification and management of cases involving the battering of women;
The New Brunswick Medical Society has produced a series of discussion papers on violence and in conjunction with that province's Advisory Council on the Status of Women, has produced a graphic poster depicting physical assault on pregnant women as a way of urging physicians to be alert for signs of violence against women; The Medical Society of Prince Edward Island has worked cooperatively with the provincial Department of Health and Social Services and the Interministerial Committee on Family Violence to produce a document entitled Domestic Violence: A Handbook for Physicians. The CMA encourages continued involvement by the medical profession in the development of initiatives such as these and welcomes the opportunity to work in collaboration with other professionals involved in this area. 4. Research The CMA has identified violence against women as a priority health issue. Like rriany other areas in women's health, there is a need for research focusing on all aspects of violence and the associated problems. More specifically, the CMA maintains that there should be more research on the incidence of abuse (particularly as it relates to particular groups), on ways to facilitate the disclosure by victims of abuse and on the effectiveness of educational and prevention programs. The CMA recognizes that the medical profession must show a greater commitment to ending abuse of women and providing more appropriate care and support services to those who are victims of violence. The CMA possesses unique skills and expertise in this area and welcomes the opportunity to work with the Panel on this challenging social and health problem.
Documents
Less detail