Duplicate databases protect privacy

Public and mental health workers in New Brunswick track client files using the Department of Health and Wellness’s Client Service Delivery System. Social workers, who serve many of the same people, track information using a separate but similar system called the N.B. Families Computer System. They

aren’t connected. Staff in either department can determine if the other serves a particular client by consulting a third database called N.B. Clients, but that only tells them what departments the individual deals with and gives them a phone number to call for more information.

A foolish oversight? Not according to the provincial government. Although the provincial auditor general criticized the Client Service Delivery System in 2002 for such ills as missed deadlines and budget overruns, there is a reason the two departments’ information stores aren’t connected. Danny Keizer, the province’s acting chief information officer, says confidentiality legislation stands in the way.

Keizer says there have been other cases where legislative changes were made to facilitate better integration of data. “”Theoretically there are a whole bunch of things that could be done there,”” he says, “”but practically in the situation it was difficult to execute them.””

Big Brother issues

One obstacle, Keizer says, was that when the databases were being developed, another information integration effort had just provoked a public outcry. Human Resources Development Canada set out to create a database called the Longitudinal Labour Force File, bringing together a wide assortment of information about Canadians, like employment insurance and social assistance records, immigration files and income tax returns.

But Bruce Phillips, then federal Privacy Commissioner, raised concerns about the database. A public outcry followed. Newspapers dubbed it the ‘Big Brother database.”” In May 2000, Human Resources Minister Jane Stewart cancelled the project.

The cancellation came not a moment too soon for privacy advocates, who argue government can too easily intrude on citizens’ private lives if all information in government hands is readily accessible in one place at the click of a mouse.

“”The more another individual or body can know about you, the more power and leverage they have over you,”” says Darrell Evans, executive director of the British Columbia Freedom of Information and Privacy Association. “”If we look at human history, we see that you cannot rely on the powerful people, whether they’re elected or not, to do the right thing. Privacy is just essential to freedom.””

But there are tradeoffs. Few citizens want government prying into their private affairs, but they want government services provided quickly and efficiently. Making information readily accessible helps make that happen. Nowhere is this more evident than in health care, where immediate access to information can be a matter of life and death.

In any government effort to share citizens’ information, “”the issue that is really stopping the various agencies is, are we contravening the Privacy Act?”” says Tim Bouma, an executive consultant with Montreal-based CGI Group Inc., which does extensive information technology work for governments. Once privacy and governance issues are resolved, Bouma says, technology issues follow naturally.

The good news is, the New Brunswick example notwithstanding, patient and other information can be shared. Some say recent privacy legislation makes it easier by providing clear guidelines so government agencies no longer have to guess what is acceptable and what is not.

The federal Privacy Act, which concerns government agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), which covers the private sector, are clear: To use information for any purpose other than that for which it was collected, you need consent from the person who provided it. The act allows uses consistent with the original purpose, notes Charles Taillefer, senior policy advisor in the information privacy and security policy division at Treasury Board Secretariat. But otherwise, except in certain defined situations such as criminal investigations, consent is required.

The federal government in 2002 adopted a privacy impact assessment policy that defines clear guidelines for assessing the privacy implications of any new project, says Taillefer. The guidelines require defining “”the full information life cycle from the point it’s collected to the point it’s disposed of,”” he says.

Privacy poses challenges

Bouma lists six key questions about any information-sharing proposal. What jurisdiction is ultimately responsible for the information? What legislation authorized collection of the data? Why was the information collected? Under what authority could information be disclosed beyond the original purpose? What is the sensitivity or security designation of the information? And finally, what authority is there to destroy the information? Once those questions are answered, “”you can start to build some rules.””

The University Health Network, which operates several Toronto hospitals, and the Toronto Community Care Access Centre, have many patients in common. They also share a chief information officer, Matthew Anderson. Last August they launched an initiative to integrate computer systems and share patient information. Anderson says the technical challenges are minor compared to the privacy issues.

Patients must consent before their information can be shared. Usually the best approach is to keep the two organizations’ databases separate, he says, merging data at the user interface layer while it remains in the custody of the organization that collected it. It is fairly easy to block access to data if a patient has opted out of sharing.

The Ontario e-Health Council is spearheading efforts to create a unique patient identifier for use throughout the province’s health care system.

Tom Closson, chair of the council and president and chief executive of the University Health Network, says this will facilitate improvements in health care, such as efforts to reduce wait times.

The system will let patients specify that information not be shared.

Anderson says privacy legislation such as the Privacy Act and Ontario’s Personal Health and Information Privacy Act (PHIPA) have been “”very helpful to us,”” because they provide clear guidelines. Peter Oberle, director of service transformation for the Chief Information Officer branch of the federal Treasury Board Secretariat, agrees.

“”We don’t view the Privacy Act as a barrier,”” he says.

Share on LinkedIn Share with Google+
More Articles