DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The Promise of Personal Health Records

Posted on September 10, 2009 by Dissent

Resolution of Canada’s Privacy Commissioners and Privacy Enforcement Officials

CONTEXT

Personal health records (PHRs) have started to attract attention in Canada with recently announced services from the public and private sectors that will offer online health records for consumers. This has major implications for the development of the pan-Canadian electronic health infostructure. In this context, a PHR is generally an online health record that is initiated and maintained by an individual patient but there are a variety of other models and terms (such as patient portal ).1

Whether or not PHRs are developed by the private or the public sector, Canada’s Privacy Commissioners want to ensure that they encompass the highest privacy standards. Now is the time to build components of PHRs that enhance patient privacy and control.

The Commissioners recognize that PHR services will be appealing to many people who may want to store their medical records online. If a large majority (84%) of Canadians consistently respond2 in favour of being able to access their own health information summary, including medical treatments they have received, they will no doubt be even more interested in the opportunities online PHRs may be able to deliver, as well as the potential for more robust control over their own personal health information.

Privacy Commissioners note that Canada Health Infoway has launched a pre-certification service for “Consumer Health Platforms,3 to define standards and architecture. Regardless of such initiatives, PHRs must conform to applicable Canadian privacy laws.

Developing privacy-enhancing PHRs should be consistent with the original vision for the electronic health infostructure. A decade ago, the landmark Final Report of the Advisory Council on Health Infostructure took a strong position in favour of patient control when it set out its strategic direction on electronic health records. Among other key recommendations, such as logging of all access to a patient’s record, the authors called on ministers of health to develop electronic health records systems that operate “on a need-to-know basis and under the control of patients.4

Canada’s Privacy Commissioners see the development of PHRs as an opportunity for the patient empowerment envisioned by the authors of the Final Report. If governments and industry make the right choices now, PHRs could be a key privacy-enhancing technology to improve patients’ control over their own health information. PHRs may be the method patients have been waiting for to engage with their health care providers and to be informed about their options in controlling how the health system makes use of their electronic health record (EHR).

IN THIS CONTEXT, CANADA’S PRIVACY COMMISIONERS AND PRIVACY ENFORCEMENT OFFICIALS  (COMMISSIONERS) RESOLVE AS FOLLOWS:

  1. Whether PHRs are developed by the private or public sector, the Commissioners call on all developers to ensure that the applications meet the relevant laws and reflect privacy best practices.
  2. The Commissioners encourage the government of Canada, and provincial and territorial governments, to accelerate the integration of PHR services that would allow patients to:
    1. access to their own health information,
    2. set rules for who should or should not be allowed to see their own personal health information,5
    3. express their wishes for how their health information is used by health researchers and others,6
    4. receive privacy and security breach notification alerts,
    5. see who has accessed their records,
    6. request that errors in their record be corrected, and
    7. gain access to resources and contacts in the health ministries and the privacy oversight offices to better address their privacy concerns.
  3. The Commissioners call on Ministries of Health to keep Commissioners and the public informed of their progress toward developing and implementing PHRs.

Notes

1 There are patient portals and other forms of online access where a patient’s information is maintained under the control of a provincial health system, physician, hospital or insurance company.

2 EKOS survey, Final Report,  Electronic Health Information and Privacy Survey: What Canadians Think” 2007, August 2007, pp.56-57, Online: http://www2.infoway-inforoute.ca/Documents/EKOS_Final%20report_EN.pdf

3 Canada Health Infoway Press Release,  Infoway launches new certification service for health information technology vendors,  February 12, 2009, Online: http://www.infoway-inforoute.ca/lang-en/about-infoway/news/news-releases/396-infoway-launches-new-certification-

4 Recommendation 3.4, Advisory Council on Health Infostructure, Final Report, Paths to Better Health, February 1999, p.3-10, Online: http://www.hc-sc.gc.ca/hcs-sss/alt_formats/pacrb-dgapcr/pdf/pubs/ehealth-esante/1999-paths-voies-fin/1999-paths-voies-fin-eng.pdf

5 The health-specific privacy legislation in some jurisdictions includes masking and locking provisions which permit some patient control.

6 D. Willison, “Use of Data from the Electronic Health Record for Health Research   current governance challenges and potential approaches,  March 2009, Online: http://www.priv.gc.ca/information/pub/ehr_200903_e.cfm

No related posts.

Category: Uncategorized

Post navigation

← Heartland: Judge to Hear Motions to Dismiss Suits
Chase notifies customers of lost storage tape →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • 70% of healthcare cyberattacks result in delayed patient care, report finds
  • Police disrupt “Diskstation” ransomware gang attacking NAS devices
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​
  • Fourth Circuit upholds West Virginia ban on abortion pills
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.