Trust in Digital Health

As Schedule 4 of Bill 106, the Pandemic and Emergency Preparedness Act, 2022 (Schedule 4) would amend the Personal Health Information Protection Act, 2004 (PHIPA) by introducing new regulation-making powers, the IPC submitted recommendations to  Ernie Hardeman Chair of the Committee Standing Committee on Finance and Economic Affairs to address each of these proposed regulatory powers.

This letter to Dr. Catherine Zahn, Deputy Minister of Health and Ms. Hillary Hartley, Chief Digital and Data Officer offered the IPC’s recommendations to help ensure ongoing protection of the privacy rights of Ontarians as the proof of vaccination certificate initiative continued in the province.

Our frequently asked questions on health cards and health numbers clarify who may collect, use or disclose health numbers for health care purposes, as well as the use of health cards as a proof of identity. Originally published November 2004.

“There is nothing permanent except change.” - Heraclitus

These famous words of the Greek philosopher, Heraclitus, have never rung truer than they do today.

As with everything else in life, the delivery of health care continues to change and evolve, especially over the last two decades, during which we have seen exponential growth in digital technologies. Catapulted by the pandemic, the digitization of health care services has accelerated even more rapidly to adapt to the virtual world in which we all find ourselves currently living. The ravaging impacts of COVID-19 on peoples’ lives have reminded us all of the indispensable need to share health information in a coordinated, efficient and timely manner, and of the critical role that public health officials and researchers play in understanding illness and developing effective treatments.

That’s why my office selected Trust in Digital Health as one of the four strategic priorities that will focus our efforts now and into the future in order to enhance our positive impact and our value added for Ontarians. Our goal is to promote confidence in the digital health care system by guiding custodians to respect the privacy and access rights of Ontarians, and by supporting the pioneering use of personal health information for research and analytics to the extent it serves the public good.

While change is inevitable, custodians remain obligated to comply with Ontario’s health privacy law, the Personal Health Information Protection Act (PHIPA). But then, even PHIPA has undergone significant changes recently.

Ontario’s health privacy law is a living document that has transformed over time, adapting to changes in society and technology. Nearly twenty years ago, when PHIPA was first enacted, the most advanced features of smartphones — for those of us who even had one — were email and text, on a monochrome screen, no less. Today, you can browse the internet, watch movies, and order dinner on your smartphone. You can even use it to meet virtually with your health care provider. You can sync it to wearable devices that monitor your health and store biometric information about your heart rate, temperature, respiratory data, sleep patterns, movements, and exercise levels.  You can even share this data with clinical researchers or with your health care providers, and the sharing of digital health information among custodians to deliver more efficient and effective health care has become routine practice.

To reflect these advances in technology, various changes to PHIPA have come into effect. In March 2020, amendments were made to address the ways personal health information is increasingly being collected, used, and disclosed in digital formats. These changes may be incremental, but they are nonetheless consequential.

To further our goal of promoting trust in digital health, the IPC has issued a new publication called Digital Health under PHIPA: Selected Overview.

This new publication is designed to help health information custodians navigate the recent round of PHIPA amendments. It provides an overview and explanation of these recent changes, hopefully in a manner that custodians will find easily accessible. Topics include the electronic health record (EHR), interoperability of digital health assets, electronic audit logs, consumer electronic service providers, and access to records in electronic format.

Public trust in how our personal health data is processed for good purpose is critical for the successful adoption of digital health technologies and ultimately improving health care outcomes for everyone. I recommend that all health information custodians read our new publication and familiarize themselves with the new provisions to remain in compliance with PHIPA as they integrate digital information technologies into their health care delivery practices.

Our office is always here to help if you have any questions about this publication or other matters related to health information and privacy.

Patricia

• Download Digital Health under PHIPA: Selected Overview 

Today, I had the pleasure of presenting at the annual PHIPA Connections Summit. This year, the summit presenters explored emerging issues related to personal health information management in a pandemic. In my presentation, I shared some health sector statistics from 2020, touched on the recent changes to Ontario’s health privacy law, PHIPA, and introduced our new guidance for professionals in the health care sector, Privacy and Security Considerations for Virtual Health Care Visits. Hopefully, this guide will be a helpful resource for health information custodians (custodians) currently delivering or planning to deliver virtual health care to their patients.

With the onset of COVID-19, and the requirement to adhere to social distancing guidelines, virtual health care has become a convenient alternative for custodians to connect with, and care for, their patients. Virtual health care includes digital communications such as secure messaging, telephone consultation, and videoconferencing.

In May 2020, the Canadian Medical Association (CMA) polled 1,800 Canadians and found that almost half had used virtual care to access a physician and were highly satisfied with the results. The same study found that almost half (46%) who accessed virtual care since the COVID-19 outbreak would prefer a virtual method as the first point of contact with their doctor.  Bearing in mind that this survey was conducted only two months into the global pandemic, one might expect those numbers to be even higher today as people have increasingly adjusted to their digital lives.

While research points to a widespread acceptance of virtual health care, it is important to consider the privacy and security risks posed by the technology used to deliver this type of care. It is also important for Ontario-based custodians to be aware that PHIPA applies equally to virtual care as it does to in-person care.

In addition to providing a brief refresher on PHIPA, our virtual health care guidance explores various considerations for secure videoconferencing sessions and provides tips on how custodians can help patients navigate electronic medical record systems, such as patient portals.

Many studies and discussion papers have signalled that virtual health care is here to stay. For example, in a national survey conducted through the month of September 2020, Environics Research found that 70% of Canadians agreed that virtual healthcare represents the future of health care. This is also a takeaway from the CMA poll, affirming that Canadians would like to see virtual care options continued, improved, and expanded after the COVID-19 crisis subsides.

There is no doubt that virtual health care can provide much-needed advice, consultation, and peace of mind, especially in these changing and uncertain times. However, it is important for custodians to have the appropriate technical, physical, and administrative safeguards in place to ensure that virtual health care platforms are secure and privacy-protected for their patients, today and in the future.

While health care may be going virtual, patient trust should remain real.

On behalf of the IPC, thank you to all those in the health care sector who work tirelessly to help keep us safe.

Stay well.

Patricia