Thank you very much, Mr. Chair.
I am very pleased to speak to the committee about the privacy implications of the post-market surveillance of pharmaceutical products. With me today is Patricia Kosseim, General Counsel and an expert in health law.
You have received a fairly comprehensive document prepared by our Office which starts out by saying that while Canadians regard the health care they receive as a top priority, they also consider ongoing privacy protection to be very important.
This morning, I will begin by briefly discussing some issues that are addressed at greater length in my submission, a copy of which has been circulated to members. These include the potential re-identifiability of data, the privacy implications of electronic health records, data breach notification requirements and finally, the concept of “work product” information.
The Privacy Act applies to federal government institutions, agencies and Crown corporations. As such, it applies to government health surveillance programs such as Health Canada's Canadian Adverse Drug Reaction Information System or CADRIS, and other government initiatives, such as the Federal Health Care Partnership's plans to develop electronic health records.
I'll start with the issue of re-identification of data as a privacy issue in post-surveillance of medications.
From a privacy point of view, one of the key issues we grapple with is the concept of re-identifiability, particularly in the era of increased digitization of health data and surveillance programs, proliferation of publicly available information through the Internet, and sophisticated technological capacity to link up information across different databases. Personal information is critically defined in both the public and private sector law as “information about an identifiable individual”. Exactly what is identifiable or potentially identifiable is a relevant issue for your present study.
Re-identification was at the heart of a recent decision in January of this year by the Federal Court in the matter of Gordon and Health Canada and the Privacy Commissioner of Canada. We were interveners. I bring to the attention of this committee four points.
First, in a situation involving personal information about an individual, the right to privacy is paramount over the right of access to information. That was the first major conclusion of this recent finding, which is not being appealed.
Second, the Federal Court adopted the legal test that was proposed by my office, and I quote: “Information will be about an identifiable individual where there is a serious possibility that an individual could be identified through the use of that information, alone or in combination with other available information.”
Third, the court concluded that disclosure of some information, in particular factual circumstances, where it is combined with personal information, is to be scrutinized for its effect on personal information.
Finally, the Federal Court emphasized the importance of ministerial discretion in deciding whether or not to exceptionally release this personal information in the public interest.
On privacy considerations in electronic health records, major initiatives under way to develop electronic health records promise great things for Canada's health care system: improved quality, efficiency, productivity of health care services, enhanced patient safety, more evidence-based decision-making, facilitated knowledge transfer, and greater accessibility to services and treatment.
So as health information structures proliferate across the country, the traditional lines between health care, surveillance, quality assurance, and research will become increasingly blurred. This is not necessarily a bad thing; however, the notion of purpose, which is such a critical concept in data protection laws, and the ones individuals actively turn their minds to when they provide informed consent in any meaningful way--we all ask what you want this information for, and what's going to be done with it--is increasingly being challenged by this approach.
As the concept of purpose becomes stretched, other purposes can begin to creep in. Beyond health-related purposes are other more worrisome purposes to which personal health information may eventually be put, particularly as external pressures for such information continue to rise. Marketing, employment, insurance considerations, law enforcement, and national security are just some purposes that loom on the horizon. These are clearly not part of the deal that Canadians think they are getting themselves into when they think of the development of electronic health records.
Another critical concept that is increasingly being challenged in the context of EHRs and electronic clinical trials is the central concept of accountability, particularly as more and more entities join up through interoperable systems, as public-private partnerships develop to leverage resources and achieve commercialization objects, and as data flows across provincial and national borders in a global economy. So I guess that's where I join up with my colleague the Auditor General.
In order to help work through some of these challenges, our office is participating in the recently created Canada Health Infoway privacy forum that brings together representatives of the health ministries and privacy oversight offices across Canada. We're very pleased to be part of this critical discussion that is starting to address issues of informed consent, secondary purposes, and accountability as they relate to the implementation of interoperable pan-Canadian electronic health record systems.
The third issue is data breach notification requirements as they relate to privacy.
With the growing digitalization of health data also comes increased scope and impact of potential breaches. A number of recent cases which I highlight in my submission have brought this problem to light. Not a day goes by in Canada without a report of someone finding identifiable personal health records in a trash cash behind a clinic, hospital or doctor's office.
Industry Canada is currently looking at how to incorporate into the Personal Information Protection and Electronic Documents Act, or PIPEDA, mandatory breach notification requirements. This is a welcome development which we hope will serve as an incentive for organizations to put proper security safeguards in place and to be open and transparent when something goes wrong.
In the meantime, our Office has issued guidelines to support organizations through critical actions steps, including assessing the risk and extent of potential harm, and deciding when, how, who and whether to notify individuals. When dealing with highly sensitive personal health information, special considerations should be taken into account, such as psychological risk of harm.
I would now like to turn to the section of my submission on work product, an issue that was discussed at length when other parliamentary studies were conducted on personal information protection. I am available to answer all of your questions about how concerns over protecting information apply to this area.