The architecture for electronic health records in Ontario may already be in place, the province’s privacy commissioner doesn’t think it’s too late to consider Privacy by Design.
The methodology, pushed by commissioner Ann Cavoukian, calls for building privacy into projects by designing them privacy minded from the ground up.
And while the infrastructure has already been built for EHRs in Ontario, Cavoukian has released a white paper outlining how to keep privacy in mind going forward.
“As soon as that immediate health need is addressed, the privacy issues come to mind,” Cavoukian told the Toronto Board of Trade. “The most important thing is the delivery of health records, quickly,” she said. “But you can imbed a cloak of privacy and security around it.”
“The only people who are building EHRs are provincial governments and they’re following the Canada Health Infoway (CHI) architecture and blueprint,” said Michael Power, a Toronto-based lawyer who specializes in privacy issues.
Power thinks that the whitepaper (called Embedding Privacy Into the Design of Electronic Health Records to Enable Multiple Functionalities — Win/Win) might have been designed to ensure privacy priorities are maintained going forwards. “It might be an attempt to retrofit Privacy by Design (PbD) into Infoway’s approach to electronic health records,” he said. “If it is it’s probably a positive development.”
Cavoukian, who’s been through the health system herself through multiple neurosurgeries, related first-hand the shift between being a patient who’s EHR helped her doctors work faster and better to a privacy-minded after-care consumer. “I can tell you, I know exactly what it's like to go to an emergency and be scared and not care about privacy at all,” she said. “But as soon as that immediate health need is addressed, the privacy issues come to mind.”
In this, Cavoukian is addressing secondary uses for patient data. Few argue over the immediate benefit of electronic records in patient care. It just makes things easier. But the privacy concerns are still there and even more so when the records are used for research purposes.
In that instance, Cavoukian calls for stringent de-identification of data. This would assure, using a process that CHI has created software to do, that any pertient patient data is stripped from the medical records. Basically anything that might be able to in any way allow someone to identify who’s records they might be, whether it be personal life, identifying characteristics or otherwise.
In this, Power completely agrees. While obviously, Privacy by Design doesn’t apply directly to the EHR infrastructure anymore, as its been fairly static since the 1990s, those same principles can still apply going forward. “The PbD method is still valid and probably more important,” he said. “When you put technology into a particular setting, think about privacy.”