Language selection


Privacy Risks and Mitigation in Consumer Health Informatics Products

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.


University of Victoria




There is a rapidly emerging market for consumer health informatics (CHI) applications and services on the Internet. CHI applications provide health related services direct to consumers (patients and their caregivers). Their adoption has great potential benefits but also bears risks related to information privacy. Personal health information is among the most sensitive type of information. Objective of this research project was to systematically review and categorize the spectrum of emerging CHI service offerings and to identify risks associated with these products. A further objective was to review and assess strategies for mitigating these identified risks.

The result of this project has been published in a series of three reports. The first report develops a taxonomy of CHI products based on a systematic review of the literature on CHI technologies over a time span of one decade. The second report systematically identifies privacy risks associated with the different categories of services, assesses their severity and reviews current mitigation mechanisms. The research shows that current privacy legislation and industry codes fall short of properly addressing many of the privacy risks associated with CHI services. The third report investigates certification as a means of mitigating privacy risks in CHI applications. The project studied certification schemes and approaches related to health information systems in general and CHI applications in particular, including Canada Health Infoway’s certification program for CHI systems. The comparative study revealed strengths and weaknesses in certification programs.

This document is available in the following language(s):

English only

  • Report 1: Jens Weber, Anissa St Pierre, James Williams, Consumer health informatics services – a taxonomy, Report for the Privacy Commissioner of Canada, March, 2011. English (PDF document)
  • Report 2: Jens Weber, James Williams, Anissa St Pierre. Consumer health informatics services – privacy risk assessment & mitigation, Report for the Privacy Commissioner of Canada, March, 2011. English (PDF document)
  • Report 3: Jens Weber, James Williams, Anissa Agah, Consumer health informatics services - certification programs – strengths and weaknesses, Report for the Privacy Commissioner of Canada, July, 2011. English (PDF document)

OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

Tel: (250) 472-5700
Fax: (250) 472-5708

Report a problem or mistake on this page
Error 1: No selection was made. You must choose at least 1 answer.
Please select all that apply (required):


Date modified: