What is Infoway’s role respecting privacy and security of digital health information systems in Canada?
Privacy and security (P&S) are key elements of Infoway’s work in digital health. P&S were built into the initial blueprint for electronic health records in 2005 and 10 years later P&S continues to be integral to its work.
In addition to continuing to require that projects funded by Infoway conduct a Privacy Impact Assessment, P&S are key elements of new and evolving Infoway initiatives such as its Certification Services, innovation projects (e.g., e-Booking) and the interoperability strategy.
Infoway also promotes knowledge sharing, integration of P&S into digital health initiatives and consistency in P&S solutions in digital health. It does so by working closely with the jurisdictions through projects, hosting the pan-Canadian Health Information Privacy Group (HIPG) and Privacy Forum (PF) whose focus is on developing common approaches to information governance issues and contributing to privacy legislation development initiatives across the country (e.g., New Brunswick, Nova Scotia, Newfoundland and Labrador, Yukon, Northwest Territories, Ontario and Prince Edward Island.)
That being said, Infoway is not the only body addressing the privacy and security of digital health solutions.
Provinces, territories and the federal government are responsible for privacy legislation and for the development of the digital health solutions in their jurisdictions.
Privacy Commissioners are responsible for oversight of the legislation.
Individual health care institutions, organizations and application developers are responsible for implementation of policies and practices needed to operationalize P&S solutions.
And, as consumers increase the use of personal devices to access portals, mobile applications and remote monitoring devices, they will have increasing responsibility for the safe use and security of their own devices and systems.
Privacy and security involve more than technology and more than one organization and each area has an important role to play in ensuring that privacy is respected and systems are secure.
What are the Privacy Forum and Health Information Privacy Group?
The Privacy Forum, established in 2007 and sponsored by Infoway, includes representatives from each federal/provincial/territorial Ministry of Health and/or e-Health agency as well as each jurisdictional privacy oversight body. The Forum offers a mechanism for members to share and leverage their collective knowledge and experience on privacy matters in the development of digital health initiatives.
Infoway also sponsors the Health Information Privacy Group (HIPG). Established in 2008, this group is made up of health ministry and e-Health agency representatives and focuses on the development of common approaches to information governance issues as they pertain to privacy in digital health information systems.
Does Infoway create or manage digital health information systems?
No, Infoway does not create or manage any personal health information systems. That is done by the jurisdictions or health delivery organizations
Does Infoway hold or manage repositories of personal health data?
No, Infoway does not hold or manage any repositories of personal health data.
Does Infoway conduct Privacy Impact Assessments (PIAs)?
No. PIAs are completed and submitted to Infoway by the applicable project teams.
Have Canadians been consulted regarding EHRs and privacy? What views or concerns do they have?
In addition to any research that may be conducted by the provinces and territories, Infoway has conducted public opinion surveys on the subject of "Electronic Health Information and Privacy." Findings of surveys conducted in 2012 and 2007 indicate that Canadians support the use of electronic health records and expect their privacy to be protected in the collection, storage and use of their personal information.
The table below identifies the measures Canadians would like to see in place to protect the privacy and security of their personal health information and what privacy and security protections exist.
|Measures that increase Canadians’ comfort with electronic health records (EHRs)||What is in place in jurisdictional laws and EHRs|
|Being able to find out when and who accessed their health record||Laws: all jurisdictions have access provisions; EHRs: EHRs enable this through:
|Knowing they would be informed of any privacy breach that occurred||Laws: breach notification obligations are increasingly being required; EHRs: EHRs enable this through:
|Being able to access and correct their records||Laws: all jurisdictions have access and correction clauses; EHRs: EHRs have processes in place to document changes to records|
|Legislation that would make unauthorized access of health records a criminal/serious offence||Laws: all newer laws have penalty provisions, and some include criminal prosecution|
Who do I contact if I need more information on privacy as it relates to digital health initiatives?
For specific privacy queries related to your jurisdiction, please contact your ministry or department of health.
For Infoway-related initiatives, please contact us.