Setting Expectations: EHRs, Governments & Privacy

“If you build it, he will come”
Shoeless Joe Jackson – Field of Dreams (1989)

In the healthcare IT space, this famous movie line could easily be changed to “If you build a database, they will find secondary uses for it.”

An interesting article showed up in Computerworld last week concerning objections by privacy advocates to plans by the U.S. Office of Personnel Management (“OPM)”) to build a database that would contain information about the healthcare claims of millions of Americans.

What troubled people was the fact that the OPM will also make the database available for law enforcement purposes; for judicial or administrative proceedings, and to “researchers and analysts” for healthcare research purposes. To be fair, OPM claims it will de-identify the data but it’s too early to determine when or how.

One quote in the Computerworld article, attributed to Harley Geiger, policy counsel for the Centre for Democracy and Technology, encapsulates for me the “other shoe dropping”:

“This goes completely against public expectations of confidentiality in their [health] records,” he said. “People expect their healthcare provider to have their medical information. What they don’t expect is for the government to get a copy of that which they will then disclose to law enforcement and to Congress and to researchers.”

The argument for moving to health records “in electronic form” is based on better outcomes, less errors, faster service – all good points. People accept technology in healthcare because they think it will help them. Data mining wasn’t supposed to be part of the deal. Mr. Geiger’s response could be considered a visceral reaction to “database discrimination” (or future discrimination by reason of having a health condition found in a particular database of interest to policy makers).

The CDT suspicion of government intentions reflects a more American attitude but if Canadians are not concerned about the privacy of their health information, perhaps they should be. See the case of Sean Bruyea discussed in this recent post and the amendments made to legislation in British Columbia earlier this year. Bill 11, in amending the Ministry of Health Act, R.S.B.C. 1996, c. 301, created a new Part devoted to personal information. The legislative change (in s. 166) permits the collection, use and disclosure of personal information for a “stewardship purpose”  — a term so broadly defined as to be pretty well any purpose the government wants.

Stewardship can be viewed as code for proactive healthcare management. Provinces want to contain healthcare costs and one way to do that is to actively manage the health of your population. The current examples of healthcare management – though they are not publicly styled as such — are the various provincial diabetes initiatives. While helping chronic disease populations is a good thing, keep in mind that the Alberta’s Sexual Sterilization Act was only repealed in 1972. For those who don’t know about this corner of Canadian history, see this Canadian Encyclopedia entry and this recent CBC story.

What’s the connection between the two? Having government decide what’s good for people.

Labeling these “dots,” you have (i) electronic health records, (ii) databases, (iii) proactive health management by government and (iv) the violation of human rights. I am in no way suggesting they are connected. Let’s be clear: EHRs do not automatically lead to violations of human rights. However, assuming benevolence on the part of government isn’t necessarily a good starting point.

Even with the different funding models for healthcare in the United States and Canada, Mr. Greiger’s quote would also apply in Canada. Longitudinal electronic health records, held by government, form pools of data that might be subject to secondary uses that no one currently anticipates.

No one would argue that “health records in electronic form” is a bad thing. In most instances, this means electronic medical records – something very distinct from electronic health records.

One thing we’ve had in Canada is a degree of propaganda about electronic health records. People should think about what they expect from governments and the healthcare community with respect to how technology in healthcare gets used. This is not a “value for money” point; this is a “remember-job-1-is-giving-me-the best-possible-outcome-without-human-error” point.

People assume all “EHRs” are good. That isn’t necessarily the case. Electronic medical records in physician offices are good; Hospital Information Systems are good; governments accumulating personal health information in databases for non-billing purposes aren’t. Governments — and government agendas — change. Government expectations as to what it can do with personal health information may also change. It may be time to reset everyone’s expectations about health information databases.

2 Responses to “Setting Expectations: EHRs, Governments & Privacy”

  1. Great article Michael,

    I’m off now to check out the edits to the Ministry of Health Act, but felt compelled to quote security guru Bruce Schneier:

    “It is poor civic hygiene to install technologies that could someday facilitate a police state.”


  2. Perhaps you could elaborate on the distinction between electronic medical records and electronic health records. Which was e-Health in Ontario trying to create and manage?

Leave a Reply