Infoway recognizes that privacy has both technical as well as non-technical aspects and that both need to be considered in interoperable electronic health information systems in Canada. Infoway supports work on non-technical issues through mechanisms such as the Privacy Forum and the Health Information Privacy group.
Established in 2007 and sponsored by Infoway, the Privacy Forum includes representatives from each federal/provincial/territorial Ministry of Health and Privacy oversight body. The focus of the Forum is to discuss issues set out in Infoway’s 2007 White Paper on Information Governance of the Interoperable EHR (iEHR).
With the interoperable Electronic Health Record (iEHR) comes a new context needing review to ensure personal health information is managed in a secure manner that respects patient privacy. Jurisdictions are already working individually on iEHR information governance issues. The Privacy Forum provides a collegial setting for jurisdictions to share and leverage their collective knowledge and experiences.
Health Information Privacy (HIP) Group
The Health Information Privacy (HIP) Group was established in December 2008, as a separate working group of health ministry representatives, independent of the Privacy Forum, to develop common understandings that can be considered by jurisdictions to address selected information governance issues.
The key priorities for both the Privacy Forum and the HIP are:
- Accountability — Organizations that collect or disclose personal information must clearly identify who is responsible for ensuring compliance with applicable data protection legislation and institutional privacy policies. In the iEHR context, accountability may become more complex as information management and transfer patterns change.
- Secondary Use — The EHR will result in volumes of potentially valuable information for research and other uses. Consideration needs to be given to what constitutes appropriate secondary use of EHR data and how to achieve transparency for patients about such information practices.
- Information Consent — Jurisdictions have varying legal requirements regarding consent for the collection, use and disclosure of personal health information. This could create challenges for the flow of information across jurisdictional boundaries.
- Inter-jurisdictional Data Flows — A key objective of pan-Canadian EHR systems is to facilitate the flow of data within or across provincial/territorial borders for care and treatment. This will call for business procedures to support data flow and ensure a workable approach as data flows across boundaries.
Key privacy resources
- Consent management solutions paper: Information to help jurisdictions with consent management solution choices, planning and implementation
- Privacy and EHR Information Flows in Canada, Version 2.0: 53 "common understandings" to support appropriate and privacy protective disclosures of EHR information
- EHRS Blueprint: Technology framework for securely sharing health information
- EHR Privacy and Security Architecture: Privacy and security requirements and standards for an interoperable EHR
- A Conceptual Privacy Impact Assessment of the EHRS Blueprint: Ensuring privacy is considered in the development of the EHRS blueprint
- White paper: Information Governance of the Interoperable Electronic Health Record
- EKOS Survey: Canadian attitudes towards electronic health information and their privacy
- Privacy and EHR Information Flows: 33 "common understandings" for the disclosure of EHR information