Are your health records private?

Here’s how privacy legislation protects your medical information.

Out of all the many records we wish to keep private, health information may be one of the most vital areas for confidentiality. Professional ethics for medical professionals have always included a component of awareness of privacy issues around medical history, diagnosis, and treatment.

But the system isn’t perfect – not only are human nature and error always present, new technologies present new risks. Recently a laptop was stolen from a Toronto hospital which contained confidential patient information. And some institutions consistently stretch the boundaries of how information is shared and used – for example, an emergency room visit may prompt a slew of mail from a hospital’s fundraising department.

Here’s a quick overview how federal and provincial privacy legislation protects your information, and new health records management tools to keep an eye on.

Federal privacy information
The most recent and relevant privacy legislation is the federal Personal Information Protection and Electronic Documents Act (PIPEDA). This Act stipulates that private sector organizations covered under the law cannot collect, use, or disclose personal information about an individual without that person’s consent. Even better: once collected, that information can only be used for the original purpose for which consent was obtained.

This Act may not apply in all provinces if they have privacy legislation that is substantially similar. But looking at the Act is a good way to get a sense of what Canadians across the country can expect – at least in some situations. As the Privacy Commissioner, Jennifer Stoddart, clarified in an address in 2004:

• PIPEDA does not extend to the core activities of hospitals — that is, patient care and treatment. Records of a patient’s stay in hospital are not covered by PIPEDA, although they would be covered by the applicable provincial health information privacy law.

• However, non-core activities do fall under PIPEDA even on hospital property. For example, a pharmacy leasing space within a hospital to carry on a business would fall under our federal Act.

• Individual doctors and other health practitioners also come under PIPEDA even if they also see patients in a hospital setting. A doctor, dentist, chiropractor or optometrist is a self employed professional engaged in commercial activity. So Health records generated by a patient’s visit to a private practitioner would be covered under PIPEDA.

Provincial privacy laws provide security
Quebec has had health privacy legislation for the public sector since the early 1990’s, and Alberta, Saskatchewan, Manitoba and Ontario have more recently enacted health – specific privacy laws.

These laws have teeth, too – at a recent privacy conference in Regina, one of the cases that was examined involved an Alberta medical office clerk who illegally checked the health records of her lover’s wife. The result? The clerk was fined $10,000 for illegally obtaining the information. In these provinces at least, Canadians can be more assured that their health information is being protected.

Electronic records bring increased need
As we move towards more electronic record keeping at both the federal and provincial levels, this issue becomes even more important. Health Canada has identified the creation of EHRs (Electronic Health Records) as a key priority in Canadian healthcare, and the Canada Health Infoway has been moving forward on this goal.