Principles concerning physician information (CMA policy – approved June 2002)
In an environment in which the capacity to capture, link and transmit information is growing and the need for fuller accountability is being created, the demand for physician information, and the number of people and organizations seeking to collect it, is increasing.
Physician information, that is, information that includes personal health information about and information that relates or may relate to the professional activity of an identifiable physician or group of physicians, is valuable for a variety of purposes. The legitimacy and importance of these purposes varies a great deal, and therefore the rationale and rules related to the collection, use, access and disclosure of physician information also varies. The Canadian Medical Association (CMA) developed this policy to provide guiding principles to those who collect, use, have access to or disclose physician information. Such people are termed “custodians,” and they should be held publicly accountable. These principles complement and act in concert with the CMA Health Information Privacy Code (1), which holds patient health information sacrosanct.
Physicians have legitimate interests in what information about them is collected, on what authority, by whom and for what purposes it is collected, and what safeguards and controls are in place. These interests include privacy and the right to exercise some control over the information; protection from the possibility that information will cause unwarranted harm, either at the individual or the group level; and assurance that interpretation of the information is accurate and unbiased. These legitimate interests extend to information about physicians that has been rendered in non-identifiable or aggregate format (e.g., to protect against the possibility of individual physicians being identified or of physician groups being unjustly stigmatized). Information in these formats, however, may be less sensitive than information from which an individual physician can be readily identified and, therefore, may warrant less protection.
The purposes for the use of physician information may be more or less compelling. One compelling use is related to the fact that physicians, as members of a self-regulating profession, are professionally accountable to their patients, their profession and society. Physicians support this professional accountability purpose through the legislated mandate of their regulatory colleges. Physicians also recognize the importance of peer review in the context of professional development and maintenance of competence.
The CMA supports the collection, use, access and disclosure of physician information subject to the conditions outlined below.
Purpose(s): The purpose(s) for the collection of physician information, and any other purpose(s) for which physician information may be subsequently used, accessed or disclosed, should be precisely specified at or before the collection. There should be a reasonable expectation that the information will achieve the stated purpose(s). The policy does not prevent the use of information for purposes that were not intended and not reasonably anticipated if principles 3 and 4 of this policy are met.
Consent: As a rule, information should be collected directly from the physician. Subject to principle 4, consent should be sought from the physician for the collection, use, access or disclosure of physician information. The physician should be informed about all intended and anticipated uses, accesses or disclosures of the information.
Conditions for collection, use, access and disclosure: The information should:
be limited to the minimum necessary to carry out the stated purpose(s),
be in the least intrusive format required for the stated purpose(s), and its collection, use, access and disclosure should not infringe on the physician’s duty of confidentiality with respect to that information.
Use of information without consent: There may be justification for the collection, use, access or disclosure of physician information without the physician’s consent if, in addition to the conditions in principle 3 being met, the custodian publicly demonstrates with respect to the purpose(s), generically construed, that:
the stated purpose(s) could not be met or would be seriously compromised if consent were required,
the stated purpose(s) is(are) of sufficient importance that the public interest outweighs to a substantial degree the physician’s right to privacy and right of consent in a free and democratic society, and
that the collection, use, access or disclosure of physician information with respect to the stated purpose(s) always ensures justice and fairness to the physician by being consistent with principle 6 of this policy.
Physician’s access to his or her own information: Physicians have a right to view and ensure, in a timely manner, the accuracy of the information collected about them. This principle does not apply if there is reason to believe that the disclosure to the physician will cause substantial adverse effect to others. The onus is on the custodian to justify a denial of access.
6. Information quality and interpretation: Custodians must take reasonable steps to ensure that the information they collect, use, gain access to or disclose is accurate, complete and correct. Custodians must use valid and reliable collection methods and, as appropriate, involve physicians to interpret the information; these physicians must have practice characteristics and credentials similar to those of the physician whose information is being interpreted.
7. Security: Physical and human safeguards must exist to ensure the integrity and reliability of physician information and to protect against unauthorized collection, use, access or disclosure of physician information.
8. Retention and destruction: Physician information should be retained only for the length of time necessary to fulfill the specified purpose(s), after which time it should be destroyed.
9. Inquiries and complaints: Custodians must have in place a process whereby inquiries and complaints can be received, processed and adjudicated in a fair and timely way. The complaint process, including how to initiate a complaint, must be made known to physicians.
10. Openness and transparency: Custodians must have transparent and explicit record-keeping or database management policies, practices and systems that are open to public scrutiny, including the purpose(s) for the collection, use, access and disclosure of physician information. The existence of any physician information record-keeping systems or database systems must be made known and available upon request to physicians.
11. Accountability: Custodians of physician information must ensure that they have proper authority and mandate to collect, use, gain access to or disclose physician information. Custodians must have policies and procedures in place that give effect to the principles in this document. Custodians must have a designated person who is responsible for monitoring practices and ensuring compliance with the policies and procedures.
(1) Canadian Medical Association. Health Information Privacy Code. CMAJ 1998;159(8):997-1016.
SCOPES OF PRACTICE
This policy outlines the principles and criteria that are important for physicians to consider when they are involved in the determination of the scopes of practice of physicians and other health care providers, whether regulated or unregulated, in all settings.
The primary purposes of scopes of practice determinations are to meet the health care needs and to serve the interests of patients and the public safely, efficiently, and competently.
There are many factors impacting the scopes of practice of health providers: broadening definition of health, emerging use of alternative therapies, increasing patient consumerism, advances in technology and in treatment and diagnostic modalities, information technology, legislation, changing demographics, increasing health care costs, and the shortage of physicians, nurses and other providers. Scopes of practice must reflect these changes in societal needs (including the need of the public for access to services), societal expectations, and preferences of patients and the public for certain types of health care providers to fulfill particular roles and functions, while at the same time reflecting economic realities. These factors and related issues (e.g., access, availability and cost) are influencing
governments and other stakeholders to consider new roles and expanded scopes of practice for health care providers.
There is a need to define principles and criteria for understanding and articulating scopes of practice that ensure public safety and appropriate utilization of provider skills.
Principles for determining scopes of practice
Focus: Scopes of practice statements should promote safe, ethical, high-quality care that responds to the needs of patients and the public in a timely manner, is affordable and is provided by competent health care providers.
Flexibility: A flexible approach is required that enables providers to practise to the extent of their education, training, skills, knowledge, experience, competence and judgment while being responsive to the needs of patients and the public.
Collaboration and cooperation: In order to support interdisciplinary approaches to patient care and good health outcomes, physicians engage in collaborative and cooperative practice with other health care providers who are qualified and appropriately trained and who use, wherever possible, an evidence-based approach. Good communication is essential to collaboration and cooperation.
Coordination: A qualified health care provider should coordinate individual patient care.
Patient choice: Scopes of practice should take into account patients' choice of health care provider.
Criteria for determining scopes of practice
Accountability: Scopes of practice should reflect the degree of accountability, responsibility and authority that the health care provider assumes for the outcome of his or her practice.
Education: Scopes of practice should reflect the breadth, depth and relevance of the training and education of the health care provider. This includes consideration of the extent of the accredited or approved educational program(s), certification of the provider and maintenance of competency.
Competencies and practice standards: Scopes of practice should reflect the degree of knowledge, values, attitudes and skills (i.e., clinical expertise and judgment, critical thinking, analysis, problem solving, decision making, leadership) of the provider group.
Quality assurance and improvement: Scopes of practice should reflect measures of quality assurance and improvement that have been implemented for the protection of patients and the public.
Risk assessment: Scopes of practice should take into consideration risk to patients.
Evidence-based practices: Scopes of practice should reflect the degree to which the provider group practices are based on valid scientific evidence where available.
Setting and culture: Scopes of practice should be sensitive to the place, context and culture in which the practice occurs.
Legal liability and insurance: Scopes of practice should reflect case law and the legal liability assumed by the health care provider including mutual professional malpractice protection or liability insurance coverage.
Regulation: Scopes of practice should reflect the legislative and regulatory authority, where applicable, of the health care provider.
Principles and criteria to ensure safe, competent and ethical patient care should guide the development of scopes of practice of health care providers. To this end, the CMA has developed these principles and criteria to assist physicians and medical organizations when they are involved in the determination of scopes of practice.
The CMA welcomes opportunities to dialogue with others on how scopes of practice can be improved for the benefit of patients and society in general.