Privacy in Health Research: Sharing Perspectives and Paving the Way Forward
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Canadian Institutes of Health Research
November 14, 2002
Privacy Commissioner of Canada
(Check Against Delivery)
It's a great pleasure for me to have this opportunity to meet with you this evening.
It isn't every day that a major Canadian organization holds a conference on privacy. This workshop is the most recent in a series of CIHR research initiatives that have informed and enlivened the public discourse on a subject that is of obvious concern and interest to me as Privacy Commissioner of Canada.
For the past two and a half years, the Canadian Institutes of Health Research has devoted tremendous energy to exploring Canada's new legal regime for the protection of personal health information. I know that this affinity for investigation comes with the territory when you're in the research business. But I still want to commend CIHR for the time and resources it has poured both into understanding the new environment and preparing Canada's health research community to operate effectively within it.
I also see that the organizers have managed to assemble an impressive mix of policymakers, health researchers, data collectors and custodians, consumer rights advocates and experts in law and ethics. I am confident that your exchanges during this two-day workshop will raise awareness about why it's important to protect personal health information and about how best to accomplish this in the health research setting.
The timing of this gathering is important. The Personal Information Protection and Electronic Documents Act, which regulates how organizations can collect, use and disclose personal information, will soon provide comprehensive protection against unwarranted invasions of people's privacy. Because of the way that modern research is structured and financed in Canada, many research activities will be captured by the Act when its purview expands in January 2004 to include all organizations engaged in commercial activities.
Many of you are understandably concerned about the potential impact of the Act on your studies. CIHR has an obvious interest in ensuring that researchers have access to the data they need to conduct high-quality research. On the other hand, it is important that researchers, data custodians and research ethics boards understand and comply with the law.
Let me be clear right from the outset: I have absolutely no intention as Privacy Commissioner of being an obstacle to health research, which plays such a vital role in saving lives and improving lives. I don't believe that respect for privacy is an impediment to health research - in fact, in today's world it's a condition essential to its success. And I am confident that the PIPED Act is entirely compatible with the successful carrying out of health research.
In my remarks this evening, I'd like to explain my position on privacy rights as they relate to health research and to respond to some of the concerns that CIHR has raised.
But first, I want to say a few words about the nature of privacy and the purpose of the Act. Privacy is a fundamental human right, recognized as such in the United Nations declaration of human rights. It is, as Justice La Forest of The Supreme Court of Canada so eloquently put it, "At the heart of liberty in a modern state."
But it's not only a fundamental human right, it's also an innate human need. When you go home at night, you probably close the curtains, draw the blinds - not because you're doing something bad, but because you need your privacy.
If you're on an airplane or a bus reading a book and someone starts reading over your shoulder, it probably makes you uncomfortable. It's not that what you're reading is secret or embarrassing-it's just that your privacy is being invaded.
If you've ever had the misfortune of having your home or even your car broken into, you know that the sense of intrusion - of having your privacy violated - can be even more painful than the loss of whatever was actually stolen.
I define privacy as the right to control access to one's person and to information about oneself. And nowhere is that fundamental human right, that innate human need, the right of privacy, more important than with regard to personal health information - information about the state of our own bodies and minds.
The Personal Information Protection and Electronic Documents Act attempts to balance the privacy rights of individuals against the needs of organizations to collect, use or disclose personal information. Enacted under the federal government's trade and commerce power, it is a truly modern statute designed to address a thoroughly modern problem.
The problem is this. Until relatively recently, privacy was protected pretty much by default. As long as information about us was in paper records, and scattered over a whole lot of locations, someone would have had to go to a lot of trouble to compile a detailed dossier on any individual. But now the move to electronic record keeping is eating away at the barriers of time, distance and cost that once guarded our privacy. Advances in information management have made it possible to collect, warehouse, link and cross-reference information as never before. This has increased efficiency in record keeping and multiplied the possibilities for combining data in ways likely to lead to new scientific discoveries. But it has also increased the risks of mismanagement and misuse of information, with all the potential harm that this can entail.
That's why we need the Act. It sets up a regime to regulate collection, use and disclosure of personal information, recognizing that not all reasons for using and disclosing personal information are equally valid, and that privacy is not an absolute right.
Here's what the Act says, in a nutshell:
Apart from a few limited exceptions, no organization can collect, use, or disclose personal information about an individual without that individual's consent.
The only purpose to which such information can be put is the purpose for which the consent was given.
Even with consent, an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.
Everyone has the right to see what personal information an organization has about them, and to correct any inaccuracies.
There is independent oversight - that's me and my Office - to ensure that the law is respected. And there is redress if people's rights are violated.
Right now, the Act applies to all personal information, including personal health information, that's collected, used or disclosed in the course of commercial activities by federal works, undertakings, and businesses, including information held about employees. The Act also applies to personal information that's held by provincially regulated organizations when it's sold, leased or bartered across provincial or national boundaries.
Beginning in January 2004, the Act will apply to all personal information collected, used or disclosed in the course of commercial activities by all organizations in Canada. And this is where research activities get captured.
But the Act does not apply in one special circumstance. In provinces that have passed privacy legislation that is "substantially similar" to the federal Act, the Governor in Councilcan exempt all or part of the provincially regulated private sector from the application of the Act for commercial activities that take place within the province's boundaries. The Act will continue to apply to federal works, undertakings and businesses in all provinces. And it will also continue to apply to personal information when it's collected, used or disclosed across provincial or national boundaries.
That's the statute in a nutshell.
I mentioned earlier that the Act does not treat all reasons for using or disclosing personal information the same. For example, Section 7 exempts organizations from seeking consent for the disclosure and use of information for certain purposes, one of which is scholarly research.
Specifically, paragraphs 7(2)(c) and 7(3)(f) of the Act permit an organization to use or disclose personal information without the knowledge or consent of the individual to whom it pertains if each of the following five conditions are met.
First, the disclosure or use must be strictly for statistical or scholarly study or research.
Second, the purposes cannot be achieved without using or disclosing the information.
Third, the information must be used in a manner that safeguards its confidentiality.
Fourth, obtaining consent must be impracticable.
And finally, the organization seeking exemption under section 7 of the Act must inform me - the Privacy Commissioner - of the proposed use or disclosure beforehand.
In short, the Act recognizes that purposes such as scholarly research need different rules, but demands that safeguards be built into the researcher's information handling systems so that the individuals whose personal information is being used are not inadvertently harmed in the process.
Clearly, the Act was never intended to deter or impede legitimate health research that uses information in ways that can have no possible impact on the individuals to whom it pertains.
I therefore intend, as I said in my annual report to Parliament last year, to interpret very broadly the definition of statistical or scholarly study or "research" in the Act.
Any bona fide health research, undertaken by legitimate organizations under appropriate safeguards, will, in my view, constitute "statistical or scholarly study or research" even if there is an element of pecuniary interest involved.
Second, I accept that health research, by its nature, requires personal information, although researchers should use the least identifiable information that will accomplish the desired purpose. As for the impracticability of obtaining consent, I accept as a general principal that cost factors and the difficulty of obtaining consent from 100 percent of a target population may make it impracticable to obtain individual consent for many health research studies. I therefore intend to take an expansive and liberal view on the question of impracticability of consent.
As for the requirement to inform me beforehand of any research for which an exemption under section 7 is sought, this too is something on which I intend to take a very liberal - I should say, reasonable and practical - approach. I and my Office have neither the resources nor the wish to be kept apprised of every single health research project taking place across Canada. Rather, I would want to be made aware of all the organizations carrying out such research, and the safeguards under which they operate.
And that brings me to the final condition for an exemption, and it's a crucial one. All this liberal interpretation on my part comes with an absolutely inflexible requirement: the information used for health research must remain strictly within the confines of the research project and it must be used in a matter that cannot in any way harm the individual to whom it pertains.
Under no circumstances whatsoever can it find its way to the individual's employers, insurers, relatives or acquaintances, governmental or law enforcement authorities, marketers or any other third parties. And the individual must not be contacted as a result of this information by anyone other than his or her own physician, or other primary health care provider, as the case may be. I will regard any breach whatsoever of this condition as an extremely grave violation of the Act.
In other words, when it comes to secondary uses of personal health information for health research projects, rule No. 1 is Do No Harm. Most of you will also recognize this as the principal ethic of the Hippocratic oath, which has been the cornerstone of medical ethics for the past 2 1/2 millennia, and which, not coincidentally, considers privacy the linchpin of the doctor-patient relationship!
Privacy and health care are inextricably linked. If people cannot feel confident that their personal information is safe with their doctor, the consequences will be dire. We know that many diseases have a better prognosis if they're caught and treated early. We also know that treating illness is more costly than preventive approaches. If people are reluctant to seek treatment, or if patients stop confiding in their doctors, both public health and the public purse will suffer.
But ethics and sound fiscal management aside, health researchers have their own pragmatic reasons for safeguarding privacy rights where personal health information is concerned. If people fear going to the doctor, even research samples will be skewed. Can you imagine how rapidly the quality and availability of data would deteriorate if patients began withholding information from their doctors or decided to forgo routine tests and visits to doctors in all but life-threatening situations?
Perhaps that's why privacy and confidentiality concerns have figured so prominently in the guidelines for screening scientific research projects in Canada. For example, Section 3 of the Tri-Council Policy Statement on Ethical Conduct for Research Involving Humans requires researchers to identify the purposes for which they will use information; it also places limits on information use, disclosure and retention. The Statement's position on avoiding harm is consistent with my own; it notes that individuals should be protected from harm caused by unauthorized use of personal information that they have reason to believe will remain private.
Research ethics boards have also played an important role in the health research community, helping ensure that Canadian research projects meet high ethical standards. Although a green light from a research ethics board can't trump the Act, I think that ethics boards can help researchers comply with the Act by incorporating the principles of fair information practices into their screening guidelines.
But the statute gives me the final word. Parliament has entrusted me with the duty of overseeing compliance with the Act. So let me say a few words about interpretation, particularly since CIHR has repeatedly sought greater clarity in the provisions of the PIPED Act.
Last year, CIHR proposed that the Act incorporate regulations offering guidance on several points that would prevent researchers from running afoul of the Act. As many of you know, I and my Office opposed such regulations - but not necessarily because I disagreed with their content. Rather, I feared that certainty would come at too great a cost, that the law would lose the flexibility needed to cope with both the accelerating pace of changing information technologies and the evolving nature of privacy. For example, although a certain piece of personal information may be entirely anonymous based on today's technology, tomorrow the same piece of information may be easy to trace instantly back to its source. Also, I thought that dotting every i and crossing every t would invite people to look for loopholes.
On the other hand, putting a watchdog with wide powers of discretion in charge of administering privacy protection affords a much more nuanced approach than relying on a narrowly legalistic view of the law. Although I have a law degree and a deep respect for the courts, black-letter law just can't always cope with the subtleties of privacy. It doesn't permit the level of discretion, sensitivity, and flexibility required to give effect to privacy as a right.
We've seen a lot of instances over the last few years where something that's deeply offensive and privacy-invasive is in fact not a violation of the letter of the law. The routine opening of international mail by Customs agents, for example, was not a violation of the law. But it was a grave privacy infringement nonetheless. It would have been difficult to challenge in court. But persuasion, flexibility, and reasonableness led to victories for privacy, and for all the parties concerned.
That kind of outcome, where you look beyond the letter of the law to better capture its spirit, is specific to the ombudsman model. And it works best when a privacy commissioner has some discretion to read the law in a sensitive, purposive way.
The same holds for the other side of the equation. Rigid regulations could backfire on their proponents, restricting research in ways that a common sense approach could avoid.
Which brings me to another concern that some of you have raised. When a particular use or disclosure of personal information is brought to my attention and I have to decide whether it violates the Act, I have to ask whether a reasonable person would consider the use or disclosure of the information for such purposes appropriate in the circumstances.
That's what section 3 says. What does it mean?
The reasonable person test is a long-standing feature of the common law that has been imported into many statutes. Its premise is that common sense, rather than advanced learning or high-level intellect, is all it takes to interpret the law. Who is this hypothetical reasonable person? For the purposes of the PIPED Act, it's me. It's my job, on behalf of Canadians, to look at all the facts from the perspective of a reasonable person and determine whether the reasons for using, collecting or disclosing personal information were appropriate in the circumstances.
The PIPED Act gives the Privacy Commissioner a great deal of discretion to interpret the Act and to seek out violators without waiting for a complaint to be filed. I know that CIHR has expressed concern about these wide powers of discretion and about the potential chilling effect that uncertainty will have on health research.
Let me attempt to put this fear to rest. Remember that similar alarms were sounded by some health groups while the Act was in Committee and even after it came into force last year. These groups lobbied for further delays in the application of the Act believing that it would have a dramatically negative impact on the health system. One year later, it's clear that their fears were unfounded. From where I sit, there has been no negative impact on the health system, nor any apparent inconvenience to business.
And I predict that the health research community will experience essentially the same smooth transition when the purview of the PIPED Act expands to encompass the entire private sector in just a little over a year.
I hope that I have managed to allay some of your concerns. The essence of my approach will be to allow health researchers to peer discreetly over the shoulder of the physician or primary health care provider. But with this privileged access will come the added responsibility of keeping information securely inside this larger circle.
It goes almost without saying that health research has a highly respected place in our society. We place great store in the new vaccines, new treatments and new medical technologies that have eliminated diseases and saved lives. Recently, there has also been a growing interest in health promotion research, research directed not only at combating illness or prolonging life, but at improving health and well being. Once content to prolong life, we now want to improve its quality, to live better.
I raise this point in the context of a speech on privacy because many people in the health sector have argued that we may need to accept certain infringements on our privacy today in return for the benefits we will derive from medical research tomorrow.
I don't think that this is a necessary or appropriate trade-off. In every speech I've given since I was appointed Privacy Commissioner, I've made a point of emphasizing the importance of privacy to individuals and to society. Privacy is a critical element in the basic freedoms that make our society worth living in. I rank it right up there with freedom of speech, freedom of association and freedom of conscience. If medical knowledge and lifesaving treatments come at a cost of our fundamental freedoms, how much joy will we derive from our prolonged lives and better health? We say that health is priceless. But is it really? Or does the world you live in have something to do with how much you can enjoy your good health. And isn't that why modern societies created human rights?
I mentioned earlier that CIHR has been an important voice in the policy dialogue that has grown up around the PIPED Act. Public policy development in Canada is a strangely adversarial process that becomes increasingly polarized the longer the debate continues. Sometimes the race to distance ourselves from one another obscures how much we have in common. My job and that of my counterparts in the provinces has been to staunchly defend the privacy rights of Canadians, especially their right to control access to their personal health information - the most private information of all.
But instinct tells me that privacy commissioners and health researchers share much common ground. CIHR has always framed its case for access to data in terms that have recognized the importance of protecting personal health information, given its fundamental and intimate connection with the right to dignity, integrity and autonomy. You have spoken of the compelling need to address public concerns for privacy and confidentiality of personal health information, as technological advances have made increasingly sophisticated data manipulation possible. You have acknowledged that policies and guidelines need to evolve in tandem with technology, to ensure that appropriate safeguards are in place and that fundamental rights to privacy and confidentiality are respected.
Although scientists and privacy commissioners come at the issue of privacy with different lenses and different analytical tools, I think that we share a common concern for human dignity and the quality of people's lives. I look forward to a continued lively dialogue with Canada's health research community and I wish you a productive and stimulating workshop.
Report a problem or mistake on this page
- Date modified: