Ontario’s Diabetes Initiative: Big Brother Carries a Stethoscope
Hi there. We’re the Ontario Government. We know you have diabetes but don’t worry we’re here to help. We’re going to send “The Diabetes Testing Report” to your doctor. It will tell him or her when you last had three important tests: blood sugar test (A1C), cholesterol test (LDL), and retinal eye exam. If you don’t want us to do this, you can contact our general service provider, Service Ontario, to “opt out”. Please do so by 11 June 2010.
This is the gist of a Public Notice that I understand appeared in newspapers in Ontario on the 24-25 April 2010 weekend. You can download a copy of the Notice here. It simply references the “Government of Ontario” so it’s not clear whether this initiative is being conducted by the Ministry of Health and Long Term Care (“MOHLTC”) or eHealth Ontario. Given their close relationship (after the events of last year), it’s difficult to know where to place the dividing line between the two.
There are a number of nagging questions associated with this initiative.
1. Where did they get this data?
The first inkling of this initiative cropped up in November 2009 when the then CEO of eHealth Ontario, Rob Devitt, announced a Baseline Diabetes Dataset Initiative, indicating that someone, somewhere, through data mining, had compiled a list of 906,577 patients and their almost 9000 family doctors.
Did MOHLTC use its own OHIP (billing) database to extract this information? It appears yes. MOHLTC used its own major source of information to identify individuals who were beneficiaries of the A1C and LDL tests and eye exams. The Health Insurance Act requires confidentiality with respect to billing information, subject to that Act, the Personal Health Information Protection Act (“PHIPA”) and the Freedom of Information and Protection of Privacy Act (“FIPPA”).
2. Has MOHLTC violated FIPPA?
It is doubtful that FIPPA applies directly at all. MOHLTC is a FIPPA Custodian and PHIPA applies to all of the Ministry’s records containing personal health information (“PHI”), including “mixed” records. The only “cross-walk” is via s.43(1)(f) of PHIPA whereby an institution subject to FIPPA is permitted to disclose PHI for the original or a consistent purpose [FIPPA, s. 42(1)(c)]; for law enforcement purposes [FIPPA, s. 42(1)(g)]; or to the federal government for audit purposes [FIPPA, s. 42(1)(n)].
Under s. 42, disclosure is permitted for the purpose for which it is collected or a consistent purpose. One may question whether using PHI – collected for billing administration purposes – for the purpose of establishing this diabetes database is a consistent purpose. Using information for other purposes is one of the things that people fear about large government databases.
3. Has MOHLTC violated PHIPA?
MOHLTC is a “health information custodian” for the purposes of PHIPA and consent is required unless PHIPA otherwise authorizes the collection, use and disclosure without consent.
PHIPA has a long series of provisions that permit disclosure without consent. None of them seem to fit quite right. Section 38(1)(a) of PHIPA permits disclosure “to a health information custodian… if the disclosure is reasonably necessary for the provision of health care and it is not reasonably possible to obtain the individual’s consent in a timely manner, but not if the individual has expressly instructed the custodian not to make the disclosure” (Emphasis added)
Is it not reasonably possible to obtain an individual’s consent in a timely manner? This is not a population-screening program where that argument might be made. Physicians are to be provided with this information. One might wonder if physicians should have been asked to enroll patients in the program after discussing the issue with them.
Section 39 of PHIPA permits disclosures for the purposes of health or other programs. The most obvious provisions appear to be 39(1)(c) – disclosure to a registry – and (d) – disclosure where the “disclosing custodian and recipient custodian provide health care or assist in the provision of health care”. MOHLTC is not a “prescribed person” that operates a registry as described in 39(1)(c) and it seems a stretch to consider the three specific requirements of 39(1)(d) cover this situation.
I emphasize disclosure here but it is to be noted that there are permitted uses under PHIPA for health information custodians. Section 37(1)(c) permits health information custodian use of personal health information “for planning or delivering programs or services that the custodian provides” while 37(1)(d) permits use “for the purpose of risk management, error management or for the purpose of activities to improve or maintain the quality of care or to improve or maintain the quality of any related programs or services of the custodian”. It’s arguable that these provisions give cover to the MOHLTC for use; however use is very distinct from disclosure.
4. For physicians, is verification of the information a violation of the Policy on Confidentiality of Personal Health Information of the College of Physicians and Surgeons of Ontario?
Under that Policy, physicians can share information with others involved within the patient’s circle of care without asking for the patient’s consent. In the context of this initiative, this suggests that the government forms part of the “circle of care”. According to the Policy, “[t]he patient’s express consent is required for providing his or her personal health information outside of the circle of care, except where otherwise directed by statute.” It doesn’t seem to me that verification of personal health information under this initiative is either required or authorized by law.
I’m informed that the OMA has endorsed this initiative and indicated to its members:
“As part of the BDDI, each family physician in Ontario will be asked to verify a list of diabetic patients from their practice. A one-time payment, based on the number of diabetics within each practice and only available to family physicians, will be made to those who return their verified list to the Ministry.
Family physicians who return their verified list will then receive a “Diabetes Test Report,” which will indicate the last date each of their diabetic patients received an A1C, LDL or retinal eye exam, as well as data on how many of their patients received these three tests within the recommended guideline period.”
Physicians are not required to discuss the Initiative with their patients. I can’t help but wonder if anyone has thought about whether this is a violation of basic medical ethics?
5. Is MOHLTC violating the Canadian Charter of Rights and Freedoms?
Even if legislation permits the MOHLTC (or eHealth Ontario for that matter) to undertake this initiative, one issue to consider is whether this initiative violates the “reasonable expectation of privacy” found in s. 7 of the Charter. There is a “balancing of interests” test – found in R. v. Oakes – and it would be interesting to see what analysis, if any, was done. This isn’t a database for research purposes meant to benefit society as a whole; this is a government database for managing the healthcare of individuals. Isn’t that a little too intrusive into the lives of people to do so without the basic requirement of consent?
6. What is the position of the Information and Privacy Commissioner of Ontario?
There is no evidence of any privacy impact assessment having been conducted. Having said that, I would find it hard to believe that MOHLTC did not consult with the IPC on this initiative. If yes, did MOHLTC follow the guidance provided by the IPC?
The shame of it all is not what they want to do but how. What stood out for me were the words “opt out”, especially an “opt out” that has a deadline of approximately six weeks from the date of the Public Notice. If the program is so good, why not ask people with diabetes to participate first? If you’re paying physicians to verify the information, could you not pay them to discuss and enroll people into the program? If a fundamental aspect of privacy is consent, when did the MOHLTC get the consent of the patients concerned? And if they didn’t, shouldn’t they – as a matter of common decency – have done so? Is this paternalistic approach a harbinger of things to come?
No one told me Orwell’s Big Brother would come in the guise of wearing a white coat and carrying a stethoscope.
Hi Michael
Thank you for this timely view of the DR privacy and regulatory questions. I am sure this will get a close reading by numerous civil servants ensconced in this discussion.
Invoking Orwell weakens the otherwise cogent argument presented here, and serves only to add drama at the expense of credibility. “Nineteen Eighty Four” is not a cautionary tale about the dangers of health databases or a state bent on preventative care. The points made are also important enough as they stand; hyperbole wasn’t necessary.
The transition of eHealth from being part of the Ministry to becoming an agency created some confusion about the custodianship of the data. When eHealth became an agency, the Ministry rightly decided to review the data sharing agreements in this new light, depite political pressure from eHealth to force the issue. These agreements are still being negotiated and are by no means ratified and the data has not been shared.
“Is it not reasonably possible to obtain an individual’s consent in a timely manner?”
let’s rephrase this for clarity: “is it possible to obtain the consent of 900,000 individuals in a timely manner?”. I vote No. I think MOHTLC has a strong , strong case for an exception under 38(1)a.
The idea of asking doctors for patient list is,as they say, laugh out loud funny. Do doctors really know – off the top of their head – which of their patients have Diabetes? How would they find that out? by combing through years of paper medical records by hand? How many years would that take.
Sorry, I just don’t see the big brother aspect here. for a first pass baseline/data gathering exercise this is a decent approach. I’m glad to see some forward progress!
Jonk
You argue that consent in a timely manner is impossible but who has established any timeframe for this exercise? Is there a timetable we don’t know about?
You also state that doctors shouldn’t be asked for patient lists. I didn’t suggest that but it does appear that doctors will be asked to verify lists first. Doesn’t that involve checking those very same paper medical records you refer to? Since the MOHLTC wants the list verified – and is paying for it – it would seem they don’t think it’s “laugh out loud funny”.
If you can’t see a big brother aspect here, that’s ok. You’re entitled to your opinion. My only questions – since you’ve used a Government of Ontario IP address – is to ask whether you’re a government employee or a contractor/consultant? And what Ministry are you working in?
My sympathies are with the ministry on this one, and that is independent of where I work. If this is not permitted by the legislation, in my view it should be.
I do not think it’s appropriate for the list owner to speculate on the motives of commentors based on their IP addresses. To some extent it’s an infringement on their privacy. We’re not talking about astroturfing here, with a horde of insiders anonymously defending the policy to make it look more popular than it is. The views expressed by ‘jonk’ are ones that may reasonably be held by anyone. You are free to disagree, and as a matter of law he/she may be wrong, but those observations do not turn on where he/she works. (Are you suggesting that the remarks may be more or less valid depending on whether ‘jonk’ worked at MOHTLC or MNR or … wherever?)