In electronic health care services, the use of personal information can be both critical and highly controversial. Michael Power, new chief privacy and security officer for Ontario’s e-health system, feels like he’s landed at ground zero in the debate over information technology and privacy protection.
“All privacy legislation in Canada goes back to fundamental principles. Health care is special in the sense of the directness of privacy concerns,” says Power, recently appointed vice-president for privacy and security at the Smart Systems for Health Agency.
Smart Systems for Health is an agency of Ontario’s Ministry of Health and Long-Term Care, responsible for building and administering the IT infrastructure that connects the province’s 150,000 health care providers.
Power sees Smart Systems as the middleman in the ongoing information privacy debate.
“There are a number of policy decisions that have to be made to get the right balance between individual privacy and service delivery,” he says.
On the one hand is the enormous sensitivity to an individual’s right to have his or her personal records kept confidential, explains Power. On the other, information must be employed through electronic health records to improve service delivery, pinpoint epidemics and other emerging problems. As well, medical research depends on being able to access information in the system.
It’s the Ontario government’s role to set the policies; it will be his job to make sure Smart Systems adheres to them as it rolls out EHRs and new programs in the coming years.
“It’s still early days, there’s a lot of talking and planning about the implications of what we will be doing,” notes Power, who has worked as chief privacy officer in private law practice and with the federal government, for PKI Secretariat at Treasury Board.
As a first step, some fundamental discussions are under way between government, medical service providers and IT suppliers to flesh out how the privacy issues will be addressed.
Power believes many of the concerns can be alleviated by spelling out who can access medical files, under which circumstances, and by ensuring that data collected is done on an anonymous basis. “We take the policy decisions and put them into operation. We have to make sure good security controls are in place.”
It’s a challenge that appeals to Power. “I’m concerned about the operational aspects of privacy and the development of technology.” So it didn’t take him long to say yes to a job offer out of the blue from Smart Systems’ new CEO, Bill Albino.
“It puts me in a more operational role than what I have been doing, which was mostly advising people,” he explains. “Also, I will be in a teamwork environment.”
In his previous positions, Power was a partner in Ottawa law firm Gowling Lafleur Henderson LLP and the company’s chief privacy officer. Before that, he was deputy director of the Public Key Infrastructure (PKI) Secretariat at the Treasury Board and held various positions in the justice department.
“Michael is an extremely knowledgeable and internationally recognized expert in the field of personal and data information privacy and security,” says Henry Brown, former managing partner at Gowlings.
“He knows the law and is well known in the business, having presented numerous lectures and papers across Canada and the U.S. He also knows government from the inside.”
Power’s government experience should prove crucial in dealing with privacy concerns raised in two independent reviews of the e-health agency earlier this year.
In a report to the Ontario government, Deliotte and Touche cited a number of privacy issues to be resolved before the four-year-old organization could finish its task of creating EHRs for Ontarians.
In addition the Information and Privacy Commissioner of Ontario has delivered a long list of recommendations that Power says will be addressed. “As an organization with a mandate that touches the privacy and security of the personal health information of every individual in the province of Ontario … SSHA must engender the utmost trust and confidence,” the Commissioner said.
“To foster this trust and confidence, it is the Privacy Commissioner’s expectation that SSHA should demonstrate leadership in privacy and security manners and adhere to high standards with respect to the privacy and security of personal health information.”
The Commissioner noted that Smart Systems needed to significantly improve its privacy and security procedures. In addition, better documentation management processes were to be implemented to ensure that up-to-date documentation on all privacy and security matters was readily available.
Power says the two reports make it clear what Smart Systems has to do to meet privacy concerns. If he gets his job right, he adds, we won’t hear much about him, just as the best referees are barely noticeable in a well played game.
Alex Binkley is a freelance journalist based in Ottawa. He can be reached at [email protected]
You could look it up: Privacy software packed with information