The Advent of Electronic Health Records (EHRs) in the Current Legal and Policy Context

Electronic Health Information & Privacy Conference
Ottawa Centre for Research and Innovation

November 30, 2005
Ottawa, Ontario

Address by Patricia Kosseim
General Counsel, Office of the Privacy Commissioner of Canada*

---

Introduction

The promise of pan-Canadian, interoperable electronic health record (EHR) systems offers tremendous opportunity to deal with the modern challenges of our health system. The potential advantages include improved quality, timeliness, accessibility and efficiency of health care provided to individual patients and across the system as a whole. These potential advantages are especially tantalizing in light of current debates about governments' sustained ability to adequately discharge their responsibilities through public sector resources. However, the privacy challenges, though not necessarily insurmountable, have yet to be fully and broadly understood and coordinated across jurisdictional boundaries.  The application of fundamental privacy principles, such as "accountability," "openness," “identifying purposes” and "consent," need to be adapted not only to the treatment purposes of EHRs, but also, more importantly, to the broader vision of a pan-Canadian health infostructure, of which EHRs are but one piece, critical though they may be.  Far from constituting technical, legal roadblocks, these concepts – and how they are mutually understood and applied to the broader reality — will help pave the road towards enhanced public trust.

The Vision for a Pan-Canadian Health Infostructure

Any discussion of EHRs would be remiss without reference to the original vision of a pan-Canadian health infostructure, of which interoperable electronic health record systems form a key part. The Advisory Council on Health Infostructure was commissioned by the Minister of Health to consider how information technologies and systems could best support and promote more informed decision-making by health professionals, administrators, planners, policymakers and individual Canadians.  In its Final Report, Canada Health Infoway: Paths Towards a Better Health¹ issued in February 1999, the Advisory Council developed a vision for a pan-Canadian health infostructure (“Canada Health Infoway”):

The Canada Health Infoway empowers individuals and communities to make informed choices about their own health, the health of others and Canada’s health system.  In an environment of strengthened privacy protection, it builds on federal, provincial and territorial infostructures to improve the quality and accessibility of health care and to enable integrated health services delivery.  It provides the information and services that are the foundation for accountability, continuous improvement to health care and better understanding of the determinants of Canadians’ health.²

This vision was accompanied by four strategic goals:

1. To empower the public by providing Canadians with equitable and affordable access to credible information, helping them make health lifestyle choices and allowing them opportunities to become involved by holding the health system accountable and providing input into health policy.
2. To strengthen and integrate health care services by providing health care professionals and providers with communication and information tools, and the supporting environment they need to improve the quality, accessibility, portability and efficiency of health care services.
3. To create strategic information resources for ensuring that Canada’s health system continues to improve and becomes accountable to Canadians, including integration of standardized data to allow comparisons and new insights, expanded or new data coverage, data exchange and connectivity, increased analytical expertise and dissemination of results.
4. To improve privacy protection by harmonizing legislative rules for the use of personal health information across public and private sectors, for health care treatment and secondary uses such as health research.

Electronic Health Records as the First Critical Building Block

Central to the vision of a pan-Canadian health infostructure, and critical for the achievement of its four strategic goals, is the electronic health record. 

The Council believes that, with particular care, electronic health records can actually enhance privacy protection, improve patient care, enable telehealth, empower citizens through greater control of their own health records and serve as the foundation for an ever-improving information and evidence-based health system …³

The Council contemplated, in addition to improved provision of health care, possible uses of EHRs in research using potentially identifiable information, subject to the full panoply of fair information principles including independent review, oversight and audit.

In October 1999, the Conference of Deputy Ministers of Health directed the Federal / Provincial / Territorial Advisory Committee on Health Infostructure (“ACHI”) to develop a blueprint and tactical plan for implementing a pan-Canadian health Infostructure. 

The resulting ACHI Blueprint and Tactical Plan, issued in 2000⁴ (and subsequently updated in 2001⁵), called for an incremental approach to the development of the infostructure.  It recommended as its top priority tactical initiative the development of electronic health records.  EHRs were identified as the central building block for a pan-Canadian health infostructure.  Also clearly contemplated were complementary or interdependent building blocks or components.  These included the development and deployment of other data holdings, as well as the necessary systems and mechanisms to allow rapid extraction, routing and transformation of clinical data from EHRs to these other local, provincial/territorial and/or national data holdings in order to support health surveillance and research.⁶

The Creation of Canada Health Infoway Inc.

On September 11, 2000, First Ministers committed to a number of key priorities in order to enhance effective fulfillment of their responsibilities for health.⁷  Among these was a commitment to work together to strengthen a Canada-wide health infostructure to improve quality, access and timeliness of health care for Canadians, including a commitment to develop electronic health records.

As a strategic response to this Ministerial commitment, Canada Health Infoway Inc. (hereafter “Infoway”) was created in January 2001.  Incorporated as an independent, not-for profit organization, Infoway was mandated to strengthen and coordinate health information systems across Canada to improve efficiency, cost-effectiveness, access, quality and safety within the health sector.  Infoway has as its corporate members the deputy ministers of health of the federal, provincial and territorial governments of Canada.  At its inception, Infoway was granted an initial $500 million by the Government of Canada to “foster and accelerate the development and adoption of electronic health information systems with compatible standards and communication technologies on a pan-Canadian basis with tangible benefits to Canadians.”

Support for Infoway buoyed by the Movement for Broader Health Care Reform

In October 2002, the Senate Standing Committee on Social Affairs, Science and Technology issued its Final Report on the State of the Health Care System in Canada – The Federal Role⁸ (hereafter “the Kirby Report”) commenting on electronic health records as follows

… an EHR system is the first step in gathering health-related information that will allow for evidence-based decision making throughout the whole health care system.  An EHR system also offers tremendous opportunities to integrate the various components of Canada’s health care system that currently work in silos.

An important characteristic of an EHR system is that it can make patient data available to health care providers and institutions anywhere on a need-to-know basis by connecting interoperable databases that have adopted the required data and technical standards.   Not only can an EHR system greatly improve quality and timeliness in health care delivery, it can also enhance health care system management, efficiency and accountability.   Moreover, the data collected from an EHR system can provide very useful information for the purpose of health research.⁹

In view of the important function of electronic health record systems in the broader context of health care reform, the Kirby Report called for additional financial support to be given to Infoway.

In November 2002, the Romanow Commission issued Building on Values:  The Future of Health Care in Canada¹⁰ (hereafter “the Romanow Report”), emphasizing the importance of electronic health records as “one of the keys to modernizing Canada’s health care system and improving access and outcomes for Canadians.”¹¹ The Romanow Report goes on to state that “with a complete system of electronic health records in place, there are some important benefits for individual Canadians, for health care providers, researchers and the system as a whole.”¹²   It recommended that

Canada Health Infoway should continue to take the lead on this initiative and be responsible for developing a pan-Canadian electronic health record framework built upon provincial systems, including ensuring the interoperability of current electronic health information systems and addressing issues such as security standards and harmonizing privacy policies.¹³

Canada Health Infoway sets out on an Incremental Development Strategy

With its expanded mandate and corresponding budget, Infoway is uniquely positioned to lead, direct and influence the development, coordination and integration of health infostructures across the country.  This opportunity lies in the strategic investments it deliberately chooses to make and the conditions and incentives it attaches to those investments. 

A review of Infoway’s Annual Reports and Business Plans from the time of its creation in January 2001 to present day reveals the deliberate adoption of an incremental strategy for fulfilling its mandate – indeed, the same incremental approach that was recommended by ACHI Blueprint and Tactical Plan in 2000.¹⁴ 

While espousing its broader mandate in its first Annual Report of 2001-02,¹⁵ Infoway identified as its immediate strategic priority one piece of it – the development and implementation of interoperable EHR solutions:

As a first step, the development and implementation of interoperable EHR solutions on a pan-Canadian basis will lead to an improved health system with benefits for both patients and providers.  As the Advisory Committee on Health Infostructure points out, EHR solutions at the clinical level will support requirements for coordinated patient assessment, treatment plans and reviews and become a basis for improving the quality and continuity of care provided by clinicians.
…
Infoway’s role is to lead, facilitate, promote and foster the accelerated development and adoption of a pan-Canadian health-care infostructure, focused initially on interoperable electronic health record solutions.¹⁶

Infoway’s goal, as set out in its Annual Report of 2002-03,¹⁷  is to have EHRs in place for half of the country’s population by the end of 2009.¹⁸ Aligned with this goal, the organization initially identified 5 initial building blocks or target investment programs, centred primarily on facilitating the development of EHRs for care and treatment purposes.  These included the establishment of:

• a common architecture and standards to ensure interoperability between EHR systems,
• client, provider and location registries,
• drug information systems,
• diagnostic imaging systems, and
• laboratory information systems.¹⁹

In February 2003, the Government of Canada increased its investment in Infoway by another $600 million and expanded its mandate to include the development of

• a Telehealth strategy to encompass the provision of health information expertise and services in various settings over distances.²⁰

In March 2004, the Government of Canada increased again its investment in Infoway by another $100 million to develop in collaboration with federal, provincial and territorial governments

• an integrated Public Health Surveillance System for a long-term, clinically robust and permanent approach to support Canada’s increasing public health needs.²¹

More recently, the organization highlighted as one of its identified actions:

• to continue to widen the circle by engaging “new stakeholder groups (e.g., patients, researchers) to extend the reach of electronic health record solutions.”²²

One could posit a number of good reasons for adopting an incremental approach to developing a pan-Canadian health info-structure. For one, such an approach would assist Infoway in dealing with the significant change management challenges it faces.  Throughout its strategic documents, the organization has consistently highlighted acceptance by end-users as a critical success factor.  Its efforts have been focused in these initial stages on the need to promote and facilitate buy-in from health care providers in order to bring them to use and adopt information technologies more readily than they might otherwise be inclined to do.  Implementation of EHR solutions which touch more directly on providers’ daily routines, have direct impact on their professional practices and engage them as primary stakeholders in the development process may be a good place to begin to change attitudes, cultures and behaviours.²³

Another possible reason may be attributed to a second identified strategic direction of the organization, which is to protect and build on existing initiatives in order to leverage investments, bridge jurisdictions and bring existing networks into a seamless whole.  It may well be that many of the existing initiatives at the local, provincial/territorial or regional level are indeed EHR or Electronic Medical Record (EMR) initiatives which Infoway has undertaken to preserve, enhance and coordinate as a first phase of a pan-Canadian health info-structure.  Indeed, Infoway’s strategic focus may simply be mirroring the incremental approach already being used by the jurisdictions that are actually building and using EHRs.²⁴

A third possibility for the incremental approach may have to do with how the structural architecture of the pan-Canadian health info-structure is being conceived, designed and planned.  Since the early planning phases, it was recognized that a single, nation-wide repository of clinical data on all Canadians was neither feasible nor desirable.²⁵  Rather, what is being envisaged is an integration of interoperable systems, registries, and repositories that can connect and essentially speak to one another through gateways.  The EHR itself has been described as the necessary first “building block,” the “cornerstone,” the “central component” of a pan-Canadian health info-structure.  The framework and architecture that Infoway developed in July 2003 to guide the development of EHR solutions in Canada, EHRS Blueprint, described it this way: ²⁶

The EHR will be the integrating vehicle that allows data and information to flow from health sub-system to health sub-system.  We have seen radical changes in the Health Needs of Communities over the last several years.  If the health system, in general, and the Federal and Provincial/Territorial Governments, in particular, wish to employ a rapid, flexible response to emerging Health Needs, it requires a concept for moving data.  That concept is the Electronic Health Record.²⁷

A final possibility that might, alone or in combination with others, help explain the adoption of this incremental strategy is the identified need to establish public trust gradually over time, by starting with parts of the larger vision that can demonstrate tangible benefits for patients.  On this theory, individuals might come to better accept the incremental phases of the larger pan-Canadian health info-structure vision based on the trust that developers can leverage and capitalize on in the early phases, with the hope of having it extend through to subsequent phases.²⁸

The Incremental Approach and the Importance of Privacy

Reasonable though it may be from a business perspective, the incremental approach to development of a pan-Canadian health infostructure has important implications for privacy protection. 

There is no question that the importance of privacy figures prominently in all the key documents that set out the strategic vision of a pan-Canadian health infostructure or parts thereof. 

In addition to the seminal reports and documents already canvassed above, Infoway has defined its own vision:

A high-quality, sustainable and effective Canadian health-care system supported by a pan-Canadian health infostructure that provides residents of Canada and their health-care providers with timely, appropriate and secure access to the right information whenever and wherever they enter the health care system.  Respect for privacy is fundamental to this vision [emphasis added].²⁹

One of the outcomes of Infoway’s regional stakeholder fora that Infoway held across the country in its first year was that “Privacy and security of information must be ensured.  A coherent and harmonized approach, supported by enabling technologies, is required.”³⁰

Infoway’s EHRS Blueprint document lists many questions which much be answered in a consistent manner and states that “Privacy and security is a critical requirement for the EHR; it is generally understood that the concept and existence of an EHR will not be achievable unless security and privacy considerations can be fully implemented.”³¹

Given its critical position of leadership, Infoway has the unique opportunity to influence the extent to which privacy and security are built-into e-health information systems from the ground up.  It can do this through minimal requirements it identifies and attaches as conditions to its strategic investments.  Indeed, Infoway has identified and described privacy and  security requirements for an interoperable EHR.

Building even further on these privacy and security requirements, Infoway recently released Electronic Health Record Infostructure (EHRi) Privacy and Security Conceptual Architecture (PSCA),³² targeted to vendors, system developers and system administrators, setting out a series of services, in the form of different models and possible options, to satisfy the requirements.  Though the PSCA is deliberately forward-looking, in that it describes a desired future state for the EHR infostructure, that future state is still focused primarily on health care and treatment purposes.  It does not fully work through the requirements and systems necessary to enable collection, use and disclosure of personal health information through the EHR for health surveillance or research purposes, leaving many questions unanswered about how privacy protection will be managed in the broader vision of the pan-Canadian health infostructure. 

In the next few minutes, I would like to raise a number of these questions, that I hope can be factored into a more complete and meaningful privacy framework – perhaps the next iteration of the PSCA – which takes more fully into account the broader uses to which we know EHRs will eventually be put. 

1. Accountability

The very first fair information principle in the CSA Model Code for the Protection of Personal Information (CAN/CSA-Q830-96),³³ now codified in law since 2000,³⁴ is that of Accountability.  “An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the [fair information] principles.”

How can the principle of accountability be given meaningful effect in the broader vision of a pan-Canadian health infostructure?

How will responsibility be realistically apportioned between all those “organizations hosting components of EHR infostructure” and those “organizations connecting to the EHR infostructure”?  In the event of a major breach, will the system be able to point to the precise problem area?   Who will carry the burden of having to prove where things broke down?  The collectivity of organizations involved or the patient him or herself?   If the problem cannot be pinpointed to a specific organization, will all organizations be held jointly responsible?  Who will have the obligation of notifying patients of the breach where a duty of notification exists? 

As the group of EHR infostructure (EHRi) users is expanded to allow non-regulated health professionals, such as researchers, to gain access to EHR data, who will these researchers be?  Will they include commercial researchers? 

How will research uses be governed?  Who/what will be the gateway?   Will the organization hosting the server or components of it (such as a government agency or ministry or a large publicly funded institution) act as the gateway to ensure that researchers obtain data in accordance with legislative requirements of the applicable jurisdiction?  What jurisdictional rules will apply, especially as models referred to in EHRS Blueprint envisage various possibilities, including the deployment of shared services across two or more provinces, or even the possibility that specific components of the EHRS (domain repositories, for instance) may be shared by two jurisdictions?

Will the gateway be at the point of service itself (such as a hospital, clinic or physician offices), in accordance with the legislative requirements applicable there? 

Alternatively, the EHRS Blueprint (like the ACHI Blueprint and Tactical Plan before it) seems to suggest a movement of data from EHRs to separate health research infostructures.  It states:

The data stored in the EHR infostructure will be optimized for patient/person driven access performed by healthcare professionals in the context of providing services to individuals.  This is usually not very conducive for research and statistical analysis types of application that need to perform queries addressing large subsets of data.  In most cases, to sustain the purposes of research and analysis, it is understood that the preferred approach would be to extract large sets of data from the EHRi and load such data into separate data stores optimized for research purposes.”³⁵ [emphasis added]

By virtue of what authority will data be allowed to move from EHR systems into these separate research repositories?  What are these separate data stores?  How will their legitimacy be recognized?  Will there be some accreditation, certification or designation process in place?  Who is responsible for them?  Will it be these separate research data repositories that now serve as the access gateway?  What jurisdictional rules will apply to them?

What role does Infoway play in all of this?  As the delegated strategic investor of 1.2 billion taxpayer dollars, it provides “leadership in setting strategic directions for EHR development that accelerate implementation and increase leverage.”³⁶ Although it allows organizations room for flexibility, it has “an opportunity and an obligation to provide direction to the development of health care IT in Canada”³⁷ including, I would argue, policy direction for privacy and security requirements.  Though the ultimate policy direction is established by legislation in each jurisdiction, there is an evident need for leadership to translate these legislative rules into practical and workable guidance for vendors and developers, to identify the most stringent set of rules engaged in any transborder data flows and to help ensure that these highest rules are met.  Such policy direction might be in the form of best practices or actual funding conditions, accompanied in either case by the necessary due diligence for promoting and/or ensuring compliance.  

As long as things proceed smoothly, the federal/provincial/territorial corporate model of Infoway can be admired for its flexibility and ability to move forward in a collaborative manner.  But if something goes wrong, a major data spill for example, who will be responsible?  Will responsibility be determined by the geographical location of the breach? If the loss occurs as data flows across provincial borders, will federal responsibility be engaged? If so, how will the principle of Ministerial accountability for 1.2 billion federal tax dollars be squared with a corporate model that gives the federal Minister of Health responsibility for only one-fourteenth of the decision-making process?

Will the federal, provincial and territorial governments be held equally accountable for the monies invested in, and the strategic directions given by Infoway, by virtue of their representation on its Board?  What happens in 2009, 1.2 billion dollars later, when the goal of 50% of Canadians having EHRs is reached?  Will Infoway be dissolved?  Who will ensure continuity in leadership?

What is the role of privacy oversight bodies in all of this?  Will they be given a consultative role in reviewing Privacy Impact Assessments (PIAs) for EHR systems?  Will they be given an auditing role?  Are there the necessary resources in each of the jurisdictional offices to carry out this role on a pan-Canadian basis?

More broadly speaking, will there be meaningful stakeholder and public consultation to determine which types of uses and disclosures should be permitted and under what conditions?  Will there be any continued, concerted efforts to harmonize relevant legislation across the country to establish a common floor, building on the Pan-Canadian Framework for Privacy and Confidentiality of Personal Health Information that was endorsed by the Conference of Deputy Ministers of Health in February 2005³⁸?

Many of these questions, despite their fundamental nature, have yet to be addressed.  As noted in the PSCA,

this document continues to evolve within a collaborative framework of consultations with Canadian health informatics experts and with healthcare representatives of Canada’s federal, provincial and territorial jurisdictions and professionals and it is expected that broad consensus on the P & S architecture will be achieved.  Nevertheless, the question of exactly how the secure and privacy protective design, implementation and ongoing operation of the eHRi is achieved is ultimately a question to be resolved by whatever information governance structure is put in place to guide the deployment of the EHRi across Canada and the future inter-jurisdictional flow of information that the EHRi will facilitate.  Many EHRi governance issues are unresolved at the time of this writing.³⁹

Though a tremendous amount of work has been done to date to articulate privacy and security requirements and conceptual architecture, the time has come to address these fundamental issues of accountability.  Good governance is critical for building public trust.  Yet, without an understanding of how accountability structures and functions operate in the broader vision of a pan-Canadian health infostructure, we risk going too far down the road toward a pre-determined and less than optimal structure with solutions developed on a piecemeal basis that may be neither sustainable nor desirable in the longer term.

2. Openness

A second fundamental fair information principle requires organizations to make readily available to individuals specific information about their policies and practices relating to the management of personal information.

Yet, unless the incremental approach to EHR development is situated within the larger vision of a pan-Canadian infostructure, this principle cannot be fully respected either.  If the EHR is to be eventually linked with other health information databases, if the circle of users is to be widened and permissible purposes expanded, that vision needs to be explained up front in clear, straightforward and readily understandable terms. 

While there might be much merit in an incremental strategy that seeks to work out the first critical piece of a very complex puzzle first, demonstrate tangible benefits of the use of EHR for health care and treatment purposes, begin to change attitudes and facilitate acceptance, and build public trust, before introducing other parts of the larger vision, there is a risk such a strategy might fail.  The accumulated trust may be undermined as subsequent phases of a pan-Canadian health infostructure are developed that people did not know were part of the deal. In order to play the game, people need to know what the rules are.

I would further argue that the openness principle applies to the rule-making process itself, particularly when that process is being subsidized by public dollars.  Even as the rules are being created, there is great interest in having that discussion take place openly, in clear and simple language, and inclusive of all views and perspectives.

3. Identifying Purposes

Another important fair information principle requires the organization to identify the purposes for which personal information is to be collected at or before the time the information is collected. 

An incremental approach to development, once again, seems to be fundamentally at odds with this principle if the full range of purposes to which EHRs will eventually be put is not fully disclosed from the outset.

The PSCA, focusing only on health care and treatment, does not appear to match the broader purposes originally envisaged in 1999 for a pan-Canadian health infostructure. First Ministers committed to these broader purposes, which have since been touted in all major reports on health care reform and which were instrumental considerations leading to increased funding.

The most direct purpose of EHRs is to enhance the quality of care delivered by health care professionals in the context of a specific encounter with a patient.  Typical example situations include, patients in emergency situations, patients requiring remote access to specialized care because they live in rural areas, patients requiring medical care while traveling far from home, or patients requiring complex regimens of care from multiple professionals, with potential for confounding treatments or adverse drug effects.

Yet, in the broader vision of a pan-Canadian health infostructure, there are other purposes for EHRs once they are fully integrated and interoperable, including health surveillance, health research and management of the health system. 

An EHR … would give authorized providers rapid access to their patients’ complete, up-to-date medical records, including physician visits, hospital stays, diagnostic tests, prescribed drugs and laboratory tests.  It would do so while safeguarding their patient privacy.  A network of interoperable EHR systems in Canada – one that links clinics, hospitals, pharmacies, and other points of care – will help improve Canadians’ access to health services, enhance quality of care and patient safety, and make the health care system more efficient.⁴⁰

These other purposes are also referred to in Privacy & Security Requirements and PSCA, though they are not further elaborated on, as they are seen  to be outside the main focus of the document which is framed as care and treatment.

Although these are certainly laudable purposes, some would even say intricately related to improved quality and access to care, they are qualitatively different from care and treatment and must be made explicit at the outset — at the point of collection — if public trust is to be maintained.

4. Consent

One of the most critical fair information principles requires knowledge and consent of the individual for the collection, use and disclosure of personal information. 

The PSCA for the EHR goes to great lengths in an attempt to operationalize different jurisdictional consent requirements for care and treatment.  Yet how realistic is it to expect enabling technologies to operationalize consent requirements applicable in the jurisdiction from which personal health information is being sent, particularly where the organizations hosting the servers or parts thereof may receive that information from sources spread out across multiple jurisdictions, or may themselves be straddled across two or more provinces.  Will the enabling technologies allow any room for human judgment in applying these consent requirements?

The PSCA is silent on how the consent requirements will apply to health surveillance and research.  So what are the implicit assumptions being made about consent for research purposes?

Is it assumed that with a proper identity protection service and anonymization service, all that will be released to researchers is pseudonymized or anonymized data and therefore, consent will not be required?  Yet, we know that researchers sometimes need identifiable data in order to carry out a survey component or some other qualitative research on lifestyle factors, for example.

Is it assumed that, even if identifiable or potentially identifiable, information is involved, legal exemptions will apply to allow release of data to researchers without consent?  If so, which exemptions will apply, according to which jurisdiction’s rules?  The jurisdiction where the organization hosting the EHR server is located? The jurisdiction where the researcher seeking to gain access is located?  The jurisdiction where the health research database which contains all data downloaded from the EHR is located?

Jurisdictional questions are not just about technical, legal wrangling.  Seeing these issues from the perspective of an office that deals with problems after they arise, I can attest to how real and complex these issues truly are.  Despite all the goodwill and collaboration in the world between privacy commissioner offices across the country, the fact remains that there are limits to what we can do under our respective laws.  Far from being legal, technical barriers, questions of jurisdiction are fundamental to Canadians’ exercise of their privacy rights.  Not to think these issues through in advance risks delaying action, leaving individuals in limbo, with no specific jurisdiction to turn to and/or no one jurisdiction able to resolve all their issues.

One of the common conditions or criteria for the research exemption to apply is the requirement that consent is impracticable to obtain.  Would it not be somewhat disingenuous to claim after the fact that consent is impracticable to obtain when there is an opportunity now, as EHRs are being created, to seek consent at the outset, or at least notify patients of future potential research uses?

If consent is sought at the outset, i.e., the creation of the EHR, what will the consent cover?  Will it cover all future research uses, broadly speaking?  Or will individual consent need to be obtained for each individual research project once specified?  How is this issue any different from the complex debates going on currently about appropriate consent models for the creation of large research platforms or registries for longitudinal research containing sensitive personal information, such as genetic databanks, for example?  After all, interoperable EHR systems, once connected to other repositories, also have the potential of cumulating lifetime clinical information about an individual from cradle to grave that would be invaluable for research purposes.  So where is the parallel debate about consent for research access to interoperable EHR systems happening?

Moreover, how will masking provisions be operationalized from province to province in the context of research.  That is, suppose the question is asked and answered – the individual does not want their personal health information used for research purposes.  Will that personal directive be honored even in jurisdictions where research is statutorily permitted on a non-consensual basis and absence of objection on the part of the individual is not one of the necessary conditions for the exemption to apply?  Will the individual’s objection be overridden?  The CIHR Privacy Best Practice Guidelines⁴¹ and the Pan-Canadian Privacy and Confidentiality Framework⁴² both recommend as a best practice, that absence of objection be a condition for research access without consent.  Are there any incentives being built in to the privacy and security requirements to encourage vendors and developers to aspire to such best practices?  Or, absent such incentive, will the natural gravitating force push them to meet only the minimum floor set by specific laws?

Once again, it seems that an incremental, “let’s build it, and they will come” approach fails to take into account all of these considerations at the outset.  The PSCA framework has been developed in abstraction of these other purposes, purporting instead to accommodate different consent rules for care and treatment.   But unless these broader purposes are integrated into the next iteration of the PSCA soon, we will have missed the opportunity to resolve these issues by building in the appropriate notification and/or consent requirements at a still relatively early stage.   

Conclusion

Even though the incremental approach to developing a pan-Canadian health infostructure makes good business sense, the opportune time has come now to take the PSCA to the next level and elaborate a privacy management framework that applies to the big picture.  This big picture analysis, I would submit, allows a more meaningful application of the fair information principles, enhanced protection of privacy rights and, ultimately, greater public trust for this whole endeavour. 

In contrast, the incremental approach we see being adopted in other policy areas like national security and lawful access as examples, has the subtle effect of gradually driving down Canadians’ reasonable expectation of privacy over time by numbing the cumulative effect of the changes in a manner barely perceptible and unbeknownst to them.

Just as Canadians want national security, effective law and order, surely they want quality health care services too, accessible to them and their loved ones in times of need.  However laudable these purposes are, let Canadians know the full deal and decide on their own terms how much they want them and how much they are prepared to give in return for them.   The answer to that equation depends entirely on the variable of trust. 

Let’s invest now in the efforts needed to build, to earn and to sustain that public trust.

* I would like to thank my colleague, Marnie McCall, for helping me edit this paper for publication on the OPC website.

¹ Advisory Council on Health Infostructure.  Canada Health Infoway:  Paths Towards a Better Health (Ottawa:  February 1999); also available at http://www.hc-sc.gc.ca/hcs-sss/pubs/ehealth-esante/1999-paths-voies-fin/index_e.html.  Unless otherwise noted, all URLs were accessed in the period Dec. 9-15, 2005.

² Ibid., p. 1-3.

³ Ibid., p. 1-4.

⁴ F/P/T Advisory Committee on Health Infostructure,  ACHI Blueprint and Tactical Plan.  (Ottawa:  Health Canada, December 2000); also available at http://www.hc-sc.gc.ca/hcs-sss/pubs/ehealth-esante/2000-plan-infostructure/index_e.html. 

⁵ F/P/T/ Advisory Committee on Health Infostructure, Tactical Plan for a pan-Canadian Health Infostructure, 2001 Update (Ottawa:  Health Canada, November 2001.

⁶ ACHI Blueprint, supra, n. 4, pp. 16, 20-21.

⁷ First Ministers’ Meeting, Communiqué on Health (Ottawa: Canadian Intergovernmental Conference Secretariat, Ref. 800-038/004), available at www.scics.gc.ca/cinfo00/800038004_e.html.

⁸ Standing Senate Committee on Social Affairs, Science and Technology (Michael Kirby, Chair).  The Health of Canadians – The Federal Role (Vol. 6, Recommendations for Reform)(Ottawa: October 2002); aussi disponible de http://www.parl.gc.ca/37/2/parlbus/commbus/senate/com-e/SOCI-E/rep-e/repoct02vol6-e.htm.

⁹ Ibid., p. 175.

¹⁰ Commission on the Future of Health Care in Canada (Roy Romanow, Commissioner).  Building on Values:  The Future of Health Care in Canada (Ottawa:  November 2002), also available at
http://www.hc-sc.gc.ca/english/care/romanow/index1.html.

¹¹ Ibid., p. 77.

¹² Ibid., p. 76.

¹³ Ibid., p. 78.

¹⁴ ACHI Blueprint, supra, n. 4.

¹⁵ Canada Health Infoway, Accelerating the Development of Electronic Health Information Systems for Canadians (Annual Report 2002); aussi disponible de http://www.infoway-inforoute.ca/en/ResourceCenter/ResourceCenter.aspx.

¹⁶ Ibid., pp. 4, 18.

¹⁷ Canada Health Infoway, Annual Report 2002-03;also available at http://www.infoway-inforoute.ca/en/ResourceCenter/ResourceCenter.aspx.

¹⁸ Ibid., p. 4.

¹⁹ Ibid., p. 7.

²⁰ Canada Health Infoway, Building Momentum (2003/04 Business Plan), p. 9; also available at http://www.infoway-inforoute.ca/en/ResourceCenter/ResourceCenter.aspx.

²¹ Canada Health Infoway Inc., Coming Together (2003-2004 Annual Report, Corporate Plan Summary 2004-2005), p.12; also available at http://www.infoway-inforoute.ca/en/ResourceCenter/ResourceCenter.aspx.

²² Canada Health Infoway Inc..  Building on our Successes: Corporate Business Plan 2005-06, p. 14; also available at http://www.infoway-inforoute.ca/en/ResourceCenter/ResourceCenter.aspx.

²³ Annual Report 2002, supra, n. 15, p. 9.

²⁴ Ibid.,  p. 8.

²⁵ Ibid.

²⁶ Canada Health Infoway. EHRS Blueprint: An interoperable EHR Framework, July 2003; available at http://www.infoway-inforoute.ca/en/ResourceCenter/ResourceCenter.aspx, registration required.

²⁷ Ibid., p. 139.

²⁸ Business Plan 2005-06, supra, n. 22, p. 6.

²⁹ Annual Report 2002, supra, n. 15, p. 7.

³⁰ Annual Report 2002-03, supra, n. 17, p. 15.

³¹ Blueprint, supra, n. 26, pp. 30-31.

³² Canada Health Infoway, Electronic Health Record Infostructure (EHRi) Privacy and Security Conceptual Architecture, Version 1.1, June 2005, available at http://knowledge.infoway-inforoute.ca/CHIPortal/Forums/PSA/, registration required.

³³ Canadian Standards Association. CSA Model Code for the Protection of Personal Information (CAN/CSAS-Q830-96) (Ottawa: CSA, 1996), available for purchase for $35 from CSA or on-line at http://www.csa-intl.org/onlinestore/ISO_Search_Results.asp?query=Q830.

³⁴ Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5; also available at http://laws.justice.gc.ca/en/p-8.6/93196.html.   

³⁵ Blueprint, supra, n. 26, p. 8.

³⁶ Business Plan 2003-04, supra, n. 20, p. 5. 

³⁷ Ibid., p. 9.

³⁸ Pan-Canadian Health Information Privacy and Confidentiality Framework (Ottawa: Health Canada, January 27, 2005), available at http://www.hc-sc.gc.ca/hcs-sss/pubs/ehealth-esante/2005-pancanad-priv/index_e.html.

³⁹ PSCA, supra, n. 32, p. 107; or see Canada Health Infoway. Electronic Health Records (EHR) Privacy and Security Requirements, V. 1.1, February 7, 2004, pp. 11-12; available at http://knowledge.infoway-inforoute.ca/CHIPortal/Forums/PSA/, registration required.

⁴⁰ Annual Report 2002-03, supra, n. 17, p. 6;  or see Business Plan 2003-04, supra, n. 20, p. 4.

⁴¹ Canadian Institutes of Health Research, CIHR Privacy Best Practices Guidelines (Ottawa:  CIHR, September 2005); also available at http://www.cihr-irsc.gc.ca/e/29072.html.

⁴² Pan-Canadian Privacy and Confidentiality Framework, supra, n. 38.