Information sharing and privacy present challenging juxtaposition

Social networking channels such as MySpace and Facebook have spawned virtual communities of users sharing personal information and bound by their common interests. It’s impossible to ignore the information-sharing potential of these tools and new government policies will have to take them into account – but how?

From the Government of British Columbia’s perspective, the underlying challenge is a familiar one. How does government design and operate information management systems that respect and incorporate both privacy and information sharing?

We have recently undertaken a focused review and revision of our information-sharing practices. We are in the process of developing new information management policy and practices that better promote the sharing of personal information where authorized, while maintaining stringent privacy protections.

Our goal is to remove existing barriers to information-sharing among organizations that provide important programs and services to citizens, while at the same time carefully protecting the privacy of the personal information in government’s trust. Our view is that efficiency does not preclude privacy, nor does privacy preclude effectiveness.

Consider for example an elderly person suffering from dementia, an accident victim, a lost child, a mentally ill homeless person, an individual battling cancer, a student transferring schools.At first glance, these appear to be a diverse group of individuals with separate needs.

But they all share at least one important common denominator – the need for timely and appropriate sharing of information amongst government departments or organizations to ensure they receive the services they require to manage their needs.

As the delivery of services to the public moves away from traditional, single-provider models, there is an increased pressure to ensure that whoever is providing service within a distributed network has the most appropriate and relevant information to ensure the quality and applicability of assistance provided. In other words, the flow of client information should not be artificially restricted by institutional silos.

A community social worker, an addictions counsellor, an emergency medical specialist or an educator may or may not operate within one specific care facility. He or she may be mobile, at a remote facility, work as a private contractor or operate as an independent service provider.

But no matter where the worker is located or who employs the worker, he or she absolutely requires accurate, up-to-date and complete information about clients at their fingertips to be able to provide non-compromised service and avoid undesirable or even harmful outcomes.

First we need an integrated technology infrastructure that allows seamless transmission of required data to the varied end points. Second, we need an authority and verification structure to support the right information getting to the right people at the right time. And third, we must develop recognized policy and practices that tie the authorities of each particular type of service provider to the range of services available to clients in need.

For example, a physician working at a local hospital would have authority through his or her professional affiliation as a health care practitioner licensed by a recognized authoritative body, such as the College of Physicians and Surgeons.

More complicated, however, is the situation of a nurse working at a health facility who is also employed at an outreach clinic. What quick and foolproof method is available that gives this nurse the right to see sensitive data about different clients, or even the same client in very different situations and locations?

Appropriate information-sharing and privacy policies and practices are essential – supported by new and developing technological options, such as the use of electronic service cards. These open the door to new capabilities such as electronic credentialing.

For example, a professional licensed to operate in a special field would have an electronic card verifying that he or she is a member in good standing with a licensing body and/or verifying that he or she is an employee of more than one institution. The card would be pre-validated by the appropriate authorities and could be readily provided to a data source to authorize the prompt release of personal information necessary to serve a client.

The hallmarks of this new information-sharing paradigm are speed, timeliness, accuracy and appropriateness – plus new digital technology and the best practices required to promote these values. In short, a system that inspires and actively supports the sage old adage: “The right information to the right people at the right time for the right purposes.”

Dave Nikolejsin is Chief Information Officer for the Province of British Columbia.

Related content:

U.K. politicians urge more haste on data sharing

One view may cure them all

Encrypt biometric data, urges Ontario privacy czar