HEALTH CARE
Online health records: Convenience vs. privacy
Last Updated: Monday, May 5, 2008 | 11:30 AM ET
By Grant Buckler CBC News
Patient Records
- Feature: Canada lags in electronic medical records
- Jan. 28, 2008
- Reality Check: Electronic health records - when will Canadian doctors join the computer age?
- Sept. 9 2006
- News archive: Google to store patients' health records
- Feb. 21, 2008
- News archive: Medicare records of 485 N.B. residents vanish
- Dec. 11, 2007
- News archive: Calgary hospitals share patient's e-records
- Feb. 9, 2007
Some day soon, Canadians will have access to free online tools for managing their health information. But there are concerns that plans to store the information on servers south of the border could mean unwittingly sharing it with the American government.
Private companies developing systems to help individuals conveniently manage their personal health information include technology heavyweights Microsoft Corp. and Google Inc.
Microsoft announced its HealthVault in October 2007. Still in a limited test phase in the U.S. at present with no date set for wider availability, it lets consumers collect their personal records from doctors and others in the health-care system, add information of their own (including records from compatible personal health gadgets), and store it all in one place, online, at no charge. People can also share the information with whomever they choose, such as family members.
In February this year, Google Inc. announced that a health-records project involving the famous Cleveland Clinic would be the pilot for a personal health-records service called Google Health. Roni Zeiger, Google Health product manager, says the service will let individuals put health-related information such as immunization records, medication, lab test results, allergies and medical reports all in one place by importing it from participating institutions or entering it manually.
The service will only be offered in the U.S. to start with, Zeiger says, and Google is not even saying yet when that will be. About Canada, Zeiger will say only that Google plans to expand the service internationally and Canada would be a logical early target.
Similarly, George Scriban, senior product manager for HealthVault, says Microsoft has no definite plans to offer HealthVault outside the U.S., but is working on it "because we do want this to be a global product."
Privacy concerns
These services will offer directly to individuals what the Canadian health-care system has been working for a number of years to create — a way of putting a person's complete health record in one place and making it available to whoever the patient chooses.
Yet there are concerns about how well these privately-operated databases will protect peoples' privacy.
In the U.S., the issue has already been raised that records maintained by private businesses like Google and Microsoft aren't subject to the Health Information Privacy and Accountability Act (HIPAA), which imposes strict rules protecting medical information. Canada has no national counterpart to HIPAA, but some provinces have similar legislation, and the same weaknesses may exist. Ontario's Personal Health Information Protection Act (PHIPA), for instance, contains definitions of custodians of health-care information that don't appear to cover private service providers.
Canadian law does offer another layer of protection: the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
PIPEDA regulations — or provincial counterparts where they exist — would cover health information stored in databases operated by private companies like Microsoft and Google, confirms Patricia Kosseim, general counsel in the federal privacy commissioner's office. The service provider would be required to make clear how data would be used, obtain patients' consent and notify them if information was disclosed to third parties.
Well, most third parties.
One clear exception is the Patriot Act, which took effect in the U.S. just weeks after terrorist attacks on New York and Washington in 2001. It gives authorities sweeping powers to obtain information about individuals, and forbids organizations that hand that information over to tell the individuals concerned that the organizations have done so.
The Canadian privacy commissioner has expressed concern about this law, but Kosseim says it can't stop U.S. companies from storing information about Canadians in the U.S., or from secretly handing that information over to U.S. agencies. It can only require them to inform Canadian customers that it could happen.
That warning would be included in an agreement the customer would be expected to read before using the service, Kosseim says. The concern is that while everyone who has signed up for an online service or installed software has seen agreements like this, not everyone reads them thoroughly.
Limits on data sharing?
While the privacy commissioner can't ensure Canadians' health data is stored in Canada, the health-care system itself might — and that's what Canada Health Infoway wants to do.
The agency, set up by the federal and provincial governments to promote electronic health records, announced plans in mid-April for a certification process for personal-health information services. Infoway plans to advise doctors, clinics and hospitals to provide health records only to certified services, and one condition of certification will be that data is stored in Canada.
That is "totally non-negotiable," says Richard Alvarez, the agency's chief executive.
Microsoft appears somewhat receptive to the idea. Scriban acknowledges there could be issues with transferring such data across borders, not only here but in Europe, and while he says the economics of operating separate data centres in each country might be a problem, he doesn't rule out the possibility.
Google, however, says its policy is to inform users of all its services that it processes personal information on servers "in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country." Google would share such information with law enforcement agencies in response to a court order or subpoena, a spokesperson says.
Even if data is stored in Canada, there could be concerns. In at least one ruling related to the U.S. Patriot Act, the privacy commissioner's office has said Canadian anti-terrorism measures — such as changes to PIPEDA after the Sept. 11 terrorist attacks that allow personal information to be disclosed to government institutions if it relates to national security, defence or international affairs — also present some privacy issues. And Wendy Armstrong, policy analyst and board member with the Consumer Association of Alberta, notes that PIPEDA allows certain investigative bodies, including private investigators, to obtain personal information without consent.
Armstrong adds that rules against disclosing an individual's information without his or her consent may not be real protection. If employers or insurers require such consent as a condition of employment or coverage, she says, the consumer doesn't have a real choice — "at the Consumers' Association, we would call it no choice at all."
Share Tools
Top News Headlines
- Botox injected by unlicensed practitioners
- Some Vancouver-area medical spas are ignoring Health Canada regulations that Botox be prescribed and injected by a physician, a CBC News investigation has revealed. more »
- Legalize pot, say former B.C. attorneys general
- Four former B.C. attorneys general are joining a coalition of health and justice experts calling for the legalization of marijuana. more »
- 6 ways Greece can bounce back
- Although Greece's economic future seems dire, a number of the country's sectors show promise, according to observers. more »
- Are you a good Canadian citizen? Compare yourself
- Waving the Canadian flag is an easy act of patriotism. But beyond that what are hallmarks of being Canadian? more »
Latest Health News Headlines
- Botox injected by unlicensed practitioners
- Some Vancouver-area medical spas are ignoring Health Canada regulations that Botox be prescribed and injected by a physician, a CBC News investigation has revealed. more »
- Diners keen on smaller side-order portions
- Researchers infiltrated a fast-food Chinese restaurant and found up to a third of diners jumped at the offer of a half-size of the usual heaping pile of rice or noodles, even when the smaller amount cost the same. more »
- Radiation after lung cancer doubted for some
- Older people with lung cancer shouldn't routinely receive radiation because it doesn't help them live longer, a new U.S. study finds. more »
- Legalize pot, say former B.C. attorneys general
- Four former B.C. attorneys general are joining a coalition of health and justice experts calling for the legalization of marijuana. more »
FEATURED HEALTH
- Legalize pot, say former B.C. attorneys general
- Botox injected by unlicensed practitioners
- Trudeau says sovereignty less of a bogeyman now
- Toronto NBA fans experience 'Lin-sanity'
- Immigrants the proudest Canadians, poll suggests
- Homicide follows Vancouver family argument
- Tires slashed on more than 100 cars in Surrey
- Online privacy erosion dismays critics
- Barefoot Newfoundland girl survives icy ordeal
