The last hearing before Parliament's holiday recess took place on Wednesday with the Canadian Medical Association, the Canadian Dental Association, and the Canadian Pharmacists Association providing their views on the legislation. Natalie Senst provides the full details:
CMA: Bonnie Cham, Chair, Committee on Ethics (BC)
CDA: Wayne Halstrom, President; (WH)
Andrew Jones, Director, Corporate and Government Relations (AJ)
CPA: Jeff W. Poston, Executive Director (JP)
Jim Peterson (Liberal)
Q: Have any of the Associations' members had issues with PIPEDA so far – if so what?
A: (CPA) Implied consent has helped with implementation in a time-sensitive environment – most pharmacies have consent by notice now (posted, leaflets).
A: (CDA – WH) The CDA had problems in 2003, when multiple interpretations of PIPEDA were being offered. In working on the parts initiative this helped to ease confusion in 2004. Offices have felt the burden of having to create a privacy code.
A: (CMA) Physicians had already protected privacy in their ethical standards and requirements. PIPEDA created a need for notices to inform patients in an already time pressed environment. The parts guidelines were helpful, but CMA wants to see those guidelines also recognized in the legislation itself.
Q: Combining federal laws with multiple provincial health laws, it seems like there are a lot of laws to take into consideration. Have you experienced any conflicts or difficulty coping with all the current legislation?
A: (CDA) Administrative burdens exist in general, but there are no particular concers. The cross-provincial legislation is not necessarily consistent and can be problematic.
A: (CMA) Some provincial legislation is substantially similar to federal, such as Ontario, Alberta and Quebec
A: (CPA) The administrative burden is significant. The CPA has to consider both public and private drug plans. The parts guidelines have been critical in allowing the burden to be manageable.
Q: What about your argument that information regarding prescriptions is work product and should be treated as private information?
A: (CMA) Consider stigmatizing diseases for which patients may need to be prescribed obvious drugs (for example, HIV). Knowing that their information may be disclosed to others may make patients less forthcoming with their doctors.
Q: What about the need to study prescribing patterns?
A: (CMA) The CMA recognizes the social interest for research and planning where there is suitable oversight by regulatory authorities. The CMA does not want this to be expanded to broad commercial use. Research boards can be useful.
Carole Lavallee (Bloc):
Q: So the provinces don't have similar legislation, and Quebec legislation is different? Is Quebec different from other provinces?
A: (CMA) PIPEDA is not applied in Quebec because Quebec privacy legislation is substantially similar. Quebec is therefore not subjected to PIPEDA like other provinces, but will be included in federal discussions where new issues arrive such as e-medical files. If federal changes are made, Quebec will have to change too.
Q: So you have to harmonize legislations? And this comes down from practice in the EU?
A: (CMA) Yes, that is what catalyzed PIPEDA. The OECD says if free exchange of information is allowed between states, each state must have protections for personal information.
Q: When the BC Privacy Commissioner came to the Review, he spoke about work needed on the federal level – what has been done about harmonizing health information?
A: (CDA) Harmonization of legislation across Canada has been dealt with using a pan-Canadian framework, particularly to prepare for the implications of e-health networks. PIPEDA is important with regards to cross-provincial and cross-international boundaries, especially given the mobility of people and health care professionals.
Q: Regarding e-files – pharmacies use these, but are not physicians still using paper?
A: (CMA) Primary care clinics are setting themselves up with e-records. Also e-documents are used in exchanging information with laboratories. Currently, e-files are not widespread in individual doctor offices.
Q: You have said that health information is not to be used for more than research. You used the term 'inappropriate' in regards to sharing health information with groups who do research and then sell it to private enterprises. Where do we draw the line?
A: (CPA) The collection and proscribing of data is not new. The critical issue is how does the information get used? The giving of information regarding how drugs are proscribed and used can benefit the community. Concerns are relatively few until some of that data is used to directly target marketing activities regarding individual prescriptions.
A: (CDA) Younger practitioners are attempting to move to paperless offices entirely
A: (CMA) Once collected, information can help people in the planning of services in a community. The concern is where data becomes nominal and patients of a particular doctor are known. This doctor is then open to targeting by high pressure marketing initiatives. There is a need for reasonable balances of information use.
David Tilson (Conservative):
Q: If a lawyer reveals confidential client information this is reported to the Law Society and that member is possibly disbarred. The law society is much stricter than the government legislation, making the system basically self regulatory – what about the health industry?
A: (CDA) Dentistry self regulation is very clear
A: (CPA) Strong sanctions exist regading codes of ethical practice and there is strict enforcement. Of added importance for pharmacists is that because they are located so much in the community and are accessible, if a pharmacy is known not to treat information privately then that pharmacy will go out of business.
A: (CMA) The CMA has a detailed code of conduct. Patient confidentiality is strictly upheld and includes fines.
Q: Consider a retail store (drycleaner keeping personal information) in comparison: the worst that can happen if they are found to be distributing private information is that the Privacy Commissioner can release the store's name – in all of your cases, outcomes are severe (such as no longer being able to practice) – what should PIPEDA do regarding remedies for other businesses/general public?
A: (CMA) In relationships of trust (doctor-patient; lawyer-client) the quality of data is so sensitive that it is not the same relationship as with your retail store and may perhaps be comparing apples and oranges.
Q: In regards to consent on websites, what impact does the use of legalese in consent information have. The average person doesn't have a clue what they've signed, so is there a way to make consent forms more user friendly?
A: (CDA) Yes, this is a problem – how valuable is an informed consent document when it is confusing to a patient?
Q: The average dentist may not understand the form either! (Nod from CDA) So once informed consent is given, then the insurance companies could find it out?
A: (CDA) Only when a complaint is made formally (private health records are not made available to insurers)
Tom Wappel (CHAIR) (Liberal):
Q: So there is no jumbled legalese?
A: (CMA) The package the CMA has been working on includes plain language versions. The Ontario Bar Association worked with health associations to have plain-language posters detailing personal privacy information. This seems to have worked quite well among Ontario physicians.
A: (CPA) The CPA has lots of experience regarding clinical trials and new drugs – in these cases it is critical to make sure a patient understands his or her options.
Q: In regards to recognition in law and Canadian healthcare, the CMA says they were originally told that the PIPEDA legislation was not intended to capture health information – who told the CMA this?
A: (CMA) When PIPEDA first made a legislative proposal the CMA asked about its applicability to health. The response of Industry Canada was that this doesn't even apply (when PIPEDA was a bill 99/00). I will follow up with colleagues on the particular source of quote. The parts guidelines were begun jointly with Industry to work towards health associations' compliance with PIPEDA (2003).
Q: In regards to the implementation of the parts guidelines: do you want the 20 pages of questions and answers annexed to PIPEDA?
A: (All) YES.
Q: Regarding work product, many witnesses have spoken about this at these reviews. All have been indicating that this is not personal information under the act – you disagree. Have any of your members been adversely affected by rulings of the Privacy Commissioner?
A: (CMA) One example is the following: a physician attended as information session for a drug and later agreed to have her prescribing patterns evaluated, she was then phoned every two weeks to determine why the education she had received was not being incorporated into her practice.
Q: But there is a difference between whether or not information is personal and whether information is properly used.
David Van Kesteren (Conservative):
Q: Years ago doctors put records in filing cabinets – is part of the problem the transfer to computers?
A: (CMA) Yes, this is one reason for safeguards – it is much easier to pull together databases of e-documents. We want to be able to protect information if patients don't want to be part of those databases. E-databases are a big part of the need for protection.
Q: Is there a safeguard for when going to databases – what takes precedence – patient privacy or health?
A: (CMA) Doctors have a duty of confidentiality regarding their patients – information that is required to be disclosed by law overrides the duty of confidentiality to a patient. It is important to have frameworks set up to weigh these decisions (research/regulatory boards)
Q: Global issues – is there a danger with respect to insurance companies?
A: (CMA) There is a definite concern respecting trans-border data flow – information from research subjects in Canada for example could be subjected to the US Patriot Act.
Q: Is this global concern what needs protection more than anything else?
A: (CMA) It is the most important emerging issue (trans-border flows; availability of telehealth; services provided to patients are no longer in the same geographical area)
Jean-Yves Laforest (Bloc):
Q: Regarding comments made by Ms. Lavallee about enforcing legislation in provinces where no parallel legislation exists. When these associations are representing health professionals nation-wide, what is your role in regards to places where provincial legislation governs (ie Quebec's medical association – do they represent privacy protection?).
A: (CMA) Doctors take an ethics course that is similarly given across the country. The CMA is working to create posters and manuals because principles are general, non-specific. Quebec practitioners are members of the CMA but have separate negotiations etc.
A: (CDA) In Quebec the dental assoc deals with Quebec- specific issues – members belong to both associations.
A: (CPA) The regulatory body in Quebec deals with specific issues regarding the impact of provincial issues – interpretation of Quebec legislation is by the provincial licensing body.
Carole Lavallee (Bloc)
Q: The CMA gave an interesting example of inappropriate health information use – Mr. Wappel said this is disclosure of information – not the use of personal information data that has been mined. Can each of you share some of these examples.
A: (CPA) Most information that is collected is de-identified from the patient's perspective – there is no direct identification of a patient – this is extremely important for the handling of information!
A: (CMA) A case where joint work was done between federal and Alberta and a fax transmission was misdirected & reported by the federal commission.
David Tilson (Conservative)
Q: Many people have insurance – insurance companies knows dental work is performed. Even if the health side protects information, what about information that the insurance company holds?
A: (CDA) Insurance companies can only have information specific to the work done, not the patient's overall health record.
Q: The definition of personal information and the exclusion of certain information has implications for dealing with concerns such as solving the issue of wait times. If certain information is excluded, does that affect information collection regarding wait times?
A: (CMA) Information can be collected about wait times that maintains confidential information (no name of the patient or other personal information are released).
Q: You don't agree that the definition of personal informaiton is too broad?
A: (CMA) No
Q: Back to wait times – there may be a benefit of this research – but there is concern that information cannot be released.
A: (CPA) This does create a double-edged sword – there are needs to protect personal information, and there are needs to create rich databases for effective system management. Careful thought is needed with regards to definitional issues. Information needs to be put towards making improvements in the health care system. There is a need for a peer review system that would be able to consider other privacy factors that might be at issue with the disclosure of information.
Q: Should names of doctors be allowed to be released?
A: (CPA) Data released to marketers doesn't include patient names. Should physicians' prescribing behaviours be investigated by peer review body, or the information used for direct targeted marketing purposes?
A: (CMA) Protection is not required from peer review authorities. The CMA doesn't want prescription patterns to be used for secondary commercial interests. The CMA worries that patients, if aware that their information could be sold for other commercial interests, would be afraid to disclose information about themselves, and this would be an impediment to health care.
Dave Van Kesteren (Conservative):
Q: Patient history is worth money – could patients call this their own property?
A: (CMA) The actual record is the physician's property, but a patient has the right to review his own medical data – SCC case 1992 – physician is a trustee for the patient of his record – the patient owns his information, but not the paper it is written on. Personal information protection is wanted with appropriate legislative oversights. Information ought to be used only upon analysis with decisions made by a commission overseeing everything.
Mr. Tom Wappel (Chair) (Liberal):
Q: BC has an exemption for work product – what do you know about BC pharmaceuticals not having to disclose information?
A: (CPA) All information is collected at one central point in BC, where the licensing body acts as custodian of the data. BC is a unique situation with this single point collection of data. I don't have direct answer but can inquire on whether such a resolution was made & on what basis.
Q: (CMA) On page three of the sublitted document with regards to work product information the CMA states a perceived and actual loss of control when prescribing data in regards to safeguarding patients. Why would a patient blame the CMA if the law doesn't prevent privacy disclosing actions?
A: (CMA) The CMA is concerned about its ability to give good health care when patients are not comfortable to be disclosing information. This is not the same as a general concept of work product. The patient's perception of 3rd party benefits may create inhibition of the patients – according to polling conducted on patient perceptions – the CMA will provide this data to the committee). Other data has been collected – see the Canadian Medical Journal.