Privacy and Use of Primary Care Medical Records
Healthcare in Canada
Canadians reasonably expect that their medical information will only be used for their healthcare, and that any other use would require their consent. It’s not like Facebook, where users volunteer personal information with no expectation of privacy or limits on use (e.g. targeted advertising). Or so one would think. Evidently, patients’ confidential primary care medical records are being shared without patient authorisation with data brokers who analyse these data for pharmaceutical companies to target marketing at physicians and patients (Globe and Mail, JAMA Network). These analyses are not subject to the ethical review normally performed on medical research.
Patients and healthcare professionals generally support analyses and research designed to improve patient outcomes, not ones designed to increase profit for pharmaceutical companies. Objectives matter. When a physician reviews a patient chart, the objective is to select the best treatment for the patient, which may mean prescribing an on-patent drug. When the Therapeutics Initiative at the University of British Columbia reviews a class of drugs, the objective is to provide practitioners with treatment protocols that are best for patients. When a drug broker analyses primary care records, the objective is to find patients in whom their sponsor’s drug can be used, even if it’s not optimal therapy. It’s like having a hammer and looking for things to nail even if a screw or glue would be better.
Sharing of primary care medical information by data brokers breaches patient privacy. “Deidentifying” medical records by removing patient name does not anonymise a record. The record itself is a unique combination of events and tests that can be combined with other datasets to identify a patient.
This use of primary care medical records by data brokers and pharmaceutical companies may be legal, but it’s not right. With physicians in short supply, patients could not freely provide consent even if asked. Privacy legislation hasn’t kept up with technology and physicians (the data custodians) have yet another responsibility that takes time away from patient care. At its heart, this is an information stewardship problem that requires legislation and standards at the federal level, and rationalisation of roles and responsibilities at the provincial and territorial level that make them the custodians of primary care medical records, not doctors.
1. National Healthcare Information Legislation. The federal government should enact legislation to ensure that patients’ medical information is only used by practitioners (e.g. physicians, pharmacists) for patients’ healthcare unless patients authorise another use. Patients may consent to use of their medical records for the care of relatives (e.g. diagnosis and treatment of genetic disease) or to participate in research that has passed ethical review. Ensuring patient ownership of their medical information is more important than legislating data interoperability. Interoperable medical data won’t significantly address administrative burden for physicians but will make data compilation easier for data brokers.
2. National Standard Electronic Medical Records System. To ensure Canadian medical information is subject to Canadian law and to support stewardship of health information, the federal government should license and mandate the use of one, national standard Electronic Medical Records (EMR) system. Canada would require the EMR to be hosted in Canadian data centres, where data are not vulnerable to foreign law, e.g USA PATRIOT Act. A national standard EMR would reduce cost (licensing, training) and administrative burden for physicians and other practitioners.
3. Government Custodians of Health Information. Provincial and territorial governments should transfer responsibility for stewardship of healthcare information from physicians (and other practitioners) to provincial or territorial agencies. Accountable to practitioners and patients, these new agencies would become custodians of primary care medical records and administer them on behalf of patients. Patients would authorise access and use of their medical records, and could consent to participate in research that had passed ethical review. A complete and accurate medical record (One Patient, One Record) stored in a central information repository and accessed with a standard EMR would enable team-based care and workflow management. This would substantially reduce administrative burden and frustration, and free up physician time for medicine and work-life balance.
This is just one aspect of a more complete healthcare system modernisation and transformation project (e.g. objective, strategy, high-level service model, use-case scenarios, analyses) that can be found here.
greg steer
Enterprise Coach
