HEALTH CARE
Online health records: Convenience vs. privacy
Last Updated: Monday, May 5, 2008 | 11:30 AM ET
By Grant Buckler CBC News
Patient Records
- Feature: Canada lags in electronic medical records
- Jan. 28, 2008
- Reality Check: Electronic health records - when will Canadian doctors join the computer age?
- Sept. 9 2006
- News archive: Google to store patients' health records
- Feb. 21, 2008
- News archive: Medicare records of 485 N.B. residents vanish
- Dec. 11, 2007
- News archive: Calgary hospitals share patient's e-records
- Feb. 9, 2007
Some day soon, Canadians will have access to free online tools for managing their health information. But there are concerns that plans to store the information on servers south of the border could mean unwittingly sharing it with the American government.
Private companies developing systems to help individuals conveniently manage their personal health information include technology heavyweights Microsoft Corp. and Google Inc.
Microsoft announced its HealthVault in October 2007. Still in a limited test phase in the U.S. at present with no date set for wider availability, it lets consumers collect their personal records from doctors and others in the health-care system, add information of their own (including records from compatible personal health gadgets), and store it all in one place, online, at no charge. People can also share the information with whomever they choose, such as family members.
In February this year, Google Inc. announced that a health-records project involving the famous Cleveland Clinic would be the pilot for a personal health-records service called Google Health. Roni Zeiger, Google Health product manager, says the service will let individuals put health-related information such as immunization records, medication, lab test results, allergies and medical reports all in one place by importing it from participating institutions or entering it manually.
The service will only be offered in the U.S. to start with, Zeiger says, and Google is not even saying yet when that will be. About Canada, Zeiger will say only that Google plans to expand the service internationally and Canada would be a logical early target.
Similarly, George Scriban, senior product manager for HealthVault, says Microsoft has no definite plans to offer HealthVault outside the U.S., but is working on it "because we do want this to be a global product."
Privacy concerns
These services will offer directly to individuals what the Canadian health-care system has been working for a number of years to create — a way of putting a person's complete health record in one place and making it available to whoever the patient chooses.
Yet there are concerns about how well these privately-operated databases will protect peoples' privacy.
In the U.S., the issue has already been raised that records maintained by private businesses like Google and Microsoft aren't subject to the Health Information Privacy and Accountability Act (HIPAA), which imposes strict rules protecting medical information. Canada has no national counterpart to HIPAA, but some provinces have similar legislation, and the same weaknesses may exist. Ontario's Personal Health Information Protection Act (PHIPA), for instance, contains definitions of custodians of health-care information that don't appear to cover private service providers.
Canadian law does offer another layer of protection: the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
PIPEDA regulations — or provincial counterparts where they exist — would cover health information stored in databases operated by private companies like Microsoft and Google, confirms Patricia Kosseim, general counsel in the federal privacy commissioner's office. The service provider would be required to make clear how data would be used, obtain patients' consent and notify them if information was disclosed to third parties.
Well, most third parties.
One clear exception is the Patriot Act, which took effect in the U.S. just weeks after terrorist attacks on New York and Washington in 2001. It gives authorities sweeping powers to obtain information about individuals, and forbids organizations that hand that information over to tell the individuals concerned that the organizations have done so.
The Canadian privacy commissioner has expressed concern about this law, but Kosseim says it can't stop U.S. companies from storing information about Canadians in the U.S., or from secretly handing that information over to U.S. agencies. It can only require them to inform Canadian customers that it could happen.
That warning would be included in an agreement the customer would be expected to read before using the service, Kosseim says. The concern is that while everyone who has signed up for an online service or installed software has seen agreements like this, not everyone reads them thoroughly.
Limits on data sharing?
While the privacy commissioner can't ensure Canadians' health data is stored in Canada, the health-care system itself might — and that's what Canada Health Infoway wants to do.
The agency, set up by the federal and provincial governments to promote electronic health records, announced plans in mid-April for a certification process for personal-health information services. Infoway plans to advise doctors, clinics and hospitals to provide health records only to certified services, and one condition of certification will be that data is stored in Canada.
That is "totally non-negotiable," says Richard Alvarez, the agency's chief executive.
Microsoft appears somewhat receptive to the idea. Scriban acknowledges there could be issues with transferring such data across borders, not only here but in Europe, and while he says the economics of operating separate data centres in each country might be a problem, he doesn't rule out the possibility.
Google, however, says its policy is to inform users of all its services that it processes personal information on servers "in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country." Google would share such information with law enforcement agencies in response to a court order or subpoena, a spokesperson says.
Even if data is stored in Canada, there could be concerns. In at least one ruling related to the U.S. Patriot Act, the privacy commissioner's office has said Canadian anti-terrorism measures — such as changes to PIPEDA after the Sept. 11 terrorist attacks that allow personal information to be disclosed to government institutions if it relates to national security, defence or international affairs — also present some privacy issues. And Wendy Armstrong, policy analyst and board member with the Consumer Association of Alberta, notes that PIPEDA allows certain investigative bodies, including private investigators, to obtain personal information without consent.
Armstrong adds that rules against disclosing an individual's information without his or her consent may not be real protection. If employers or insurers require such consent as a condition of employment or coverage, she says, the consumer doesn't have a real choice — "at the Consumers' Association, we would call it no choice at all."
Share Tools
Top News Headlines
- Syria massacre toll up to 108, UN monitor says
- The UN Security Council is holding an emergency meeting Sunday to discuss the recent massacre in the Syrian town of Houla, in which 108 people died, many of them children under the age of 10. more »
- CP Rail negotiations 'stalled,' union says
- Negotiations between Canadian Pacific Railway Lt. and the union representing 4,800 striking locomotive engineers and conductors have come to a "stall" after the government appointed mediator walked out at 2 p.m. ET, a union spokesman says. more »
- Ryder Hesjedal wins prestigious Giro d'Italia
- Victoria, B.C., native Ryder Hesjedal has become the first Canadian to win one of the cycling world's three Grand Tour events, wrapping up the 2012 Giro d'Italia with an excellent performance in the final stage in Milan. more »
- Neighbour may have helped find missing kids in Mexico
- Two Winnipeg children who had been missing for nearly four years were found in Mexico after a man raised concerns about his neighbour, according to a private investigator. more »
Latest Health News Headlines
- Alcohol addiction team wants higher energy drink prices
- Mixing alcohol with caffeine-rich energy beverages is a trend that is continuing to rise in Canada, despite repeated warnings that the combination is unsafe, a new report warns. more »
- How curry spice helps the immune system kill bacteria
- A spice used in curry dishes helps to prevent infection and now scientists think they've got a lead on how. more »
- Calgary EMS station opens to the public
- Curious Calgarians got a look at a northwest EMS station this morning. more »
- Yellowknife toddlers catching hand, foot and mouth virus
- An outbreak of hand, foot and mouth disease in Yellowknife is causing many toddlers and their parents some major discomfort. more »
FEATURED HEALTH
- Teen struck by lightning in Ottawa dies
- Missing Winnipeg children found in Mexico
- Quebec tornadoes cause millions in damage
- Montreal protesters march in peaceful defiance
- Syria massacre toll up to 108, UN monitor says
- Woman's remains found in hockey bag on Cape Breton river
- Everest team unable to bring down Toronto woman's body
- WWE apologizes to Brazil over Canadian's flag stomp
- Pope's butler arrested in Vatican leaks scandal
