Ontario’s Diabetes Initiative, Part 2
This post was co-written by Michael Power and Anita Fineberg.
Ontario’s Diabetes Initiative raises more troubling questions than could be addressed in one posting, so here’s Part 2.
The Relationships: MOHLTC and eHealth Ontario
eHealth Ontario’s press release of 16 November had an interesting choice of words in a couple of places:
“eHealth Ontario was the driving force behind the work..”. and “Through this innovative mining of data, eHealth Ontario has also identified…” (Emphasis added).
The same message is presented in an article in February’s Hospital News.
These statements appear to confirm that the raw data from the Ministry of Health and Long Term Care (“MOHLTC”) database(s) was provided to eHealth Ontario, which then mined the data to identify Ontarians living with diabetes. The MOHLTC is a “health information custodian” under the Personal Health Information Protection Act (“PHIPA”). What was its authority under PHIPA to disclose the raw data to the Agency? Conversely, in what capacity under PHIPA did eHealth Ontario receive the data and undertake this analysis?
PHIPA does contemplate roles for “agents” and “service providers” of health information custodians. The limited authorized activities of “service providers” do not appear to accommodate all of eHealth Ontario’s interactions with the data for the Diabetes Initiative. If the Agency was acting as the agent of the MOHLTC, one would expect that the nature of the relationship would be explicitly delineated in a contractual agreement and that the functioning of the initiative would be transparent to all of those patients whose personal health information was being used without their consent.
The much-maligned Smart Systems for Health Agency and, arguably, its successor, eHealth Ontario, were created, in part because of public concerns about government access to personal health information, to serve as “a trusted third party to protect the patient information of health care providers” (language used by SSHA to describe itself and quoted in the 2007 IPC audit). This is understandable because one might argue that while government does need information in managing the health care system, there should some buffer preventing direct access to individual health information – in other words a mechanism to de-identify personal health information prior to its use by the MOHLTC. As the Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian, herself has noted in her 2004 guide to PHIPA:
“It is generally understood that the government needs information to plan and manage our publicly funded health care system. However, many people would be concerned if the government had unchecked access to their personal health information.” (Emphasis added)
Has the MOHLTC adopted a strategy to more actively “datamine” the OHIP billing database? Is it going the way of British Columbia in being more aggressive in data sharing? The data mining that has occurred suggests the line between eHealth Ontario and the MOHLTC has become blurred these days and, based on the press materials, it would seem that “ownership” of the Diabetes Initiative has shifted from eHealth Ontario to MOHLTC.
The Relationships: MOHLTC and Service Ontario
The Public Notice indicates that people may “opt out” by contacting Service Ontario (“SO”). This would seem a new role for that arm of the Ministry of Government Services but has that role been properly defined? What exactly is the relationship between MOHLTC and Service Ontario under PHIPA? An agent?
It appears that individuals who want to opt-out cannot yet do so on-line. Therefore, one has to call or visit Service Ontario and interact with a live person. What if an individual wants to discuss the implications of opting out? Has staff been trained to address situations beyond a simple statement of “I want to opt out”? Does Service Ontario get a copy of the patient list to confirm that the individual who wants to opt-out is on the list in the first place?
Diabetes, as a medical condition, is a matter between the patient and his/her healthcare provider; now one has to go and share that fact with Service Ontario – something quite different from simply applying for a health card or changing one’s address. Having diabetes may not have a social stigma attached to it but this is precedent-setting territory and one can’t help but wonder how this would go over with the voting public in the case of HIV-positive individuals?
Privacy Impact Assessment
Part 1 noted that there was no evidence that a privacy impact assessment (“PIA”) was completed. It is hard to believe that a PIA was not conducted (and it has been suggested that one has been done), however, the point stands. In her review of SSHA in 2007, Dr. Cavoukian recommended:
“61. In addition to the Enterprise Privacy Policy and the Enterprise Security Policy, post the written results of privacy impact assessments and threat, vulnerability and risk assessments on both the SSHA website: www.ssha.on.ca and on the privacy portal: www.privacy.ssha.on.ca or, alternatively, post these documents on the privacy portal and provide a direct link from SSHA’s website: www.ssha.on.ca to the privacy portal: www.privacy.ssha.on.ca.”
Some PIA summaries are posted on the eHealth Ontario site but only ones prepared by SSHA after the IPC audit. To the extent that eHealth Ontario conducts privacy impact assessments, it appears the agency has adopted a policy not to publish anything related to them.
There are rumours that eHealth Ontario will release PIA results but only under a written non-disclosure agreement (“NDA”). If true, what is it in a PIA that would require an NDA? A threat risk assessment might contain sensitive security-related information and could arguably be withheld, perhaps in part, from publication but a PIA? We wonder what would happen if a request under the Freedom of Information and Protection of Privacy Act (“FIPPA”) request were made for eHealth Ontario’s PIAs?
Assuming a PIA was done by eHealth Ontario, how did it address the PHIPA aspects in light of the many questions raised in this and the previous post? If the Diabetes Initiative “went back” to the MOHLTC, did they do a PIA? (And before anyone comments on the expense of that – one could easily take the eHealth Ontario PIA, copy all the relevant portions, and then simply address the distinctive MOHLTC aspects.) What were the views of the IPC about the PIA?
Too many questions and not enough answers.
It might be useful to request a copy of the PIA under FIPPA. Last year I appealed the MOHLTC’s refusal to release copies of the PIAs for OLIS, iPHIS and the drug viewer. The IPC ruled in my favour allowing only very modest redactions for security reasons. The Ministry or eHO would have very little grounds for refusing to release the document, if one exists.
The iPHIS PIA considered these problems; there was also a version prepared for Public Health Units, which they used to conduct their own analysis as Health Information Custodians.
Anyone interested in the IPC ruling on the OLIS, Drug Viewer and iPHIS PIAs can find it at http://www.ipc.on.ca/English/Decisions-and-Resolutions/Decisions-and-Resolutions-Summary/?id=8169.
Innuendo again. The facts are that eHealth has repeatedly tried to weaken the privacy constraints under which the Ministry operates. So far to no avail. They continue to blame the Ministry for blocking their efforts to build the DR and other systems, when in fact there is no such obstruction. eHealth was simply unable to build any systems, never had the capacity or know how. The “much maligned SSHA” that later became eHealth earned its reputation. You worked at SSHA Michael and you should know better.
MPH
Responding to an anonymous post is difficult since one doesn’t know who is at the other end of the conversation but one thing is evident: you seem have a better understanding of eHO/MOHLTC relations over the last year. I’ve been gone over a year from SSHA/eHealth and my sources are only what I read and what I hear “on the street”. Having said that, you’re entitled to your opinion and my editorial policy is not to prevent any expression of contrary opinions in the comments section of this blog. However, the point of these two blog posts was to highlight the fact that there are serious questions as to the privacy aspects of the diabetes initiative – not whatever wrangling occurred between eHealth Ontario and MOHLTC.
“eHealth”, up until recently, has been about EHRs and EMRs. As it appears to move into chronic disease management, we have not had a public policy debate as to whether the MOHLTC or eHealth Ontario (or any Ministry of Health or agency thereof) should have that role. Given the criticism by auditor-generals across the country (and in BC by the Privacy Commissioner) of eHealth initiatives, further clarification of the diabetes initiative’s compliance with PHIPA and the ethical discussions behind this initiative would certainly inspire more confidence.