Language selection


Letter to the Commissioner on the Future of Health Care

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

The Privacy Commissioner of Canada, George Radwanski, sent the following letter to the Honourable Roy Romanow, Commissioner on the Future of Health Care, regarding electronic health records.

June 27, 2002

Dear Mr. Romanow:

I appreciated our having an opportunity to meet and discuss the importance of protecting personal health information. As promised, I am writing to set out my views more fully and to elaborate on my concerns about the consequences of failing to protect this information adequately.

Privacy is a fundamental human right. I believe that the best definition of privacy is the right to control access to one's person and information about oneself. This ability to control access is fundamental to protecting personal health information.

Personal health information-information about the state of our own bodies and minds-is the most private information of all. Most people go to great lengths to protect their personal health information because they recognize that if others have inappropriate access they may form judgments or make decisions that could have devastating consequences.

As I mentioned at our meeting, I am troubled by the growing enthusiasm for electronic health records. One of the problems in discussing the issue is that no one seems to know what the concept involves. Some proponents talk about creating large centralized databases, while others envisage a series of separate databases from which information can be extracted as needed. And others advocate the use of smart cards.

I have a number of concerns that I would urge you to consider carefully before endorsing the development of electronic health records systems:

There are privacy risks whenever personally identifiable information is stored in electronic form. With personal health information, the risks are greater because the information is very sensitive. Centralized databases invite inappropriate use and disclosure. No system is completely secure-even the Pentagon has been hacked. Preventing unauthorized access by authorized persons is almost impossible. In 2001, five pharmacists were disciplined and fined by the BC College of Pharmacists for inappropriately viewing the prescription records of colleagues, relatives, friends or acquaintances on Pharmanet. Biker gangs in Quebec have been able to gain access to confidential information in government databases. Police officers in Saskatchewan have been accused of inappropriately disclosing personal information from the RCMP's Canadian Police Information Centre (CPIC) database.

  • Once personal information has been released, it cannot be taken back and the harm cannot be undone. In the case of personal health information, the harm can be significant.
  • The issue of control is critical. When information is in a database or on a smart card, there are issues around controlling access. A doctor treating a patient for a broken wrist doesn't need to know about a past abortion. There may be situations where a health care provider may need to have access to information without consent during an emergency, but what is there to prevent health care providers and others from abusing this ability?
  • Function creep is almost inevitable. Function creep is a term that refers to the pressure to use personal information that has been collected for a very specific purpose for other purposes. It's not difficult to imagine that police forces will put forward a cogent argument in favour of seeing the information, for example, to ensure that a driver they have stopped doesn't have a history of mental illness. Or the life insurance industry will come up with arguments about why it should have access to databases to collect clients' medical information. And many organizations might demand access to electronically stored genetic information.
  • With respect to the argument that integrating personal health information will increase efficiency and reduce costs, we have yet to see any concrete support for this claim. In fact, a senior official with the Office of Health and Information Highway at Health Canada has stated that there is still no conclusive evidence that electronic health records are a good investment.
  • There's no groundswell of support among Canadians for linking health records electronically and creating huge databases of personal health information. Nor is the demand coming from health care providers. The Canadian Institute for Health Information's Annual Report for 2002 states that, according to an international survey of physicians in 2000, only about 40 per cent of Canadian doctors felt that electronic medical records would be "very useful" for improving quality of care.
  • I suspect that support for developing electronic health record systems comes from provincial health ministries and from the companies that develop these systems. I can understand why officials in these ministries may want to have ready access to personal heath information, but I am not sure that this has much to do with improving patient care. The existence of a database containing records of all of an individual's interactions with health care providers would make it much easier for provincial ministries to monitor health care use.

Unfortunately, it's not even possible to identify all of the privacy risks that would result from storing more personal health information electronically because one of the major unanswered questions about these systems concerns the flows of data. We need to know more about how the information would flow, how and where the information would be linked, how it would be protected and who would have access. Without such detail, health providers, bureaucrats, patients and privacy advocates are unable to determine where the risks are and how to eliminate them.

Because so many key questions remain unanswered, it is not possible to make categorical statements at this time, other than that this issue should be approached with the greatest care. For example, I am not opposed to having a secure intranet system in a clinic that would allow all the doctors in the clinic to have access to the records of shared patients.

Nor do I advocate unlimited patient control. As I outlined in my 2000-2001 Annual Report, I have taken the position that personal health information can be disclosed and used without consent for health research, but only provided that it remains strictly within the confines of the research project and that it can in no way harm the individual to whom it pertains.

For all of the reasons discussed above, I would urge you to take a cautious approach with respect to electronic health records systems. Early detection of major illnesses and preventive medicine have proven to be the most efficient and cost effective means of treating disease. If Canadians cannot be confident that the privacy of their health information will be protected, they may withhold vital information from their health care providers or avoid seeking treatment altogether.

The potential consequences of this sort of protective behaviour would be staggering-for ourselves as individuals, for the health care system, and for society as a whole. Rather than increasing efficiency and saving money, the introduction of electronic health records systems could make our health care system less effective.

Doctors cannot provide good diagnosis and treatment without full information, and people are not likely to surrender full information if they fear it might somehow be used against them. If the privacy of health information is not protected by the systems we build, health care in Canada will inevitably suffer, at tremendous social cost.

Thank you for giving me the opportunity to express my views on this important issue. Should you have any further questions on this matter, please do not hesitate to contact me.

Yours sincerely,

George Radwanski
Privacy Commissioner of Canada

Report a problem or mistake on this page
Error 1: No selection was made. You must choose at least 1 answer.
Please select all that apply (required):


Date modified: