DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The Promise of Personal Health Records

Posted on September 10, 2009 by Dissent

Resolution of Canada’s Privacy Commissioners and Privacy Enforcement Officials

CONTEXT

Personal health records (PHRs) have started to attract attention in Canada with recently announced services from the public and private sectors that will offer online health records for consumers. This has major implications for the development of the pan-Canadian electronic health infostructure. In this context, a PHR is generally an online health record that is initiated and maintained by an individual patient but there are a variety of other models and terms (such as patient portal ).1

Whether or not PHRs are developed by the private or the public sector, Canada’s Privacy Commissioners want to ensure that they encompass the highest privacy standards. Now is the time to build components of PHRs that enhance patient privacy and control.

The Commissioners recognize that PHR services will be appealing to many people who may want to store their medical records online. If a large majority (84%) of Canadians consistently respond2 in favour of being able to access their own health information summary, including medical treatments they have received, they will no doubt be even more interested in the opportunities online PHRs may be able to deliver, as well as the potential for more robust control over their own personal health information.

Privacy Commissioners note that Canada Health Infoway has launched a pre-certification service for “Consumer Health Platforms,3 to define standards and architecture. Regardless of such initiatives, PHRs must conform to applicable Canadian privacy laws.

Developing privacy-enhancing PHRs should be consistent with the original vision for the electronic health infostructure. A decade ago, the landmark Final Report of the Advisory Council on Health Infostructure took a strong position in favour of patient control when it set out its strategic direction on electronic health records. Among other key recommendations, such as logging of all access to a patient’s record, the authors called on ministers of health to develop electronic health records systems that operate “on a need-to-know basis and under the control of patients.4

Canada’s Privacy Commissioners see the development of PHRs as an opportunity for the patient empowerment envisioned by the authors of the Final Report. If governments and industry make the right choices now, PHRs could be a key privacy-enhancing technology to improve patients’ control over their own health information. PHRs may be the method patients have been waiting for to engage with their health care providers and to be informed about their options in controlling how the health system makes use of their electronic health record (EHR).

IN THIS CONTEXT, CANADA’S PRIVACY COMMISIONERS AND PRIVACY ENFORCEMENT OFFICIALS  (COMMISSIONERS) RESOLVE AS FOLLOWS:

  1. Whether PHRs are developed by the private or public sector, the Commissioners call on all developers to ensure that the applications meet the relevant laws and reflect privacy best practices.
  2. The Commissioners encourage the government of Canada, and provincial and territorial governments, to accelerate the integration of PHR services that would allow patients to:
    1. access to their own health information,
    2. set rules for who should or should not be allowed to see their own personal health information,5
    3. express their wishes for how their health information is used by health researchers and others,6
    4. receive privacy and security breach notification alerts,
    5. see who has accessed their records,
    6. request that errors in their record be corrected, and
    7. gain access to resources and contacts in the health ministries and the privacy oversight offices to better address their privacy concerns.
  3. The Commissioners call on Ministries of Health to keep Commissioners and the public informed of their progress toward developing and implementing PHRs.

Notes

1 There are patient portals and other forms of online access where a patient’s information is maintained under the control of a provincial health system, physician, hospital or insurance company.

2 EKOS survey, Final Report,  Electronic Health Information and Privacy Survey: What Canadians Think” 2007, August 2007, pp.56-57, Online: http://www2.infoway-inforoute.ca/Documents/EKOS_Final%20report_EN.pdf

3 Canada Health Infoway Press Release,  Infoway launches new certification service for health information technology vendors,  February 12, 2009, Online: http://www.infoway-inforoute.ca/lang-en/about-infoway/news/news-releases/396-infoway-launches-new-certification-

4 Recommendation 3.4, Advisory Council on Health Infostructure, Final Report, Paths to Better Health, February 1999, p.3-10, Online: http://www.hc-sc.gc.ca/hcs-sss/alt_formats/pacrb-dgapcr/pdf/pubs/ehealth-esante/1999-paths-voies-fin/1999-paths-voies-fin-eng.pdf

5 The health-specific privacy legislation in some jurisdictions includes masking and locking provisions which permit some patient control.

6 D. Willison, “Use of Data from the Electronic Health Record for Health Research   current governance challenges and potential approaches,  March 2009, Online: http://www.priv.gc.ca/information/pub/ehr_200903_e.cfm

No related posts.

Category: Uncategorized

Post navigation

← Heartland: Judge to Hear Motions to Dismiss Suits
Chase notifies customers of lost storage tape →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.