Understanding Privacy’s Role in Enabling Interoperability

0

By Abigail Carter-Langford

There are many challenges to enabling interoperability in health care within and across jurisdictions — there is a plethora of IT systems speaking different languages in a multitude of care settings across several jurisdictions, each with unique needs and requirements. A lot of work needs to be done — and is being done — to enable data to flow across these silos. However, one misperceived barrier isn’t really a barrier at all, but can in fact provide guidance and clarity when building interoperability into systems and workflows. This misperceived barrier? Privacy laws.

To understand how privacy laws can aid interoperability in health care, we must first understand what interoperability is and why it is so important that information be shared between health care providers.

Interoperability is a means of enabling health information to flow seamlessly and consistently across the health care continuum. It not only means that data flows between different systems but that these systems are speaking the same language.

Why is this important? When patients are dealing with a complex health issue, it often means seeing a variety of providers — primary care providers, specialists and perhaps even the occasional trip to the emergency department (ED). Additionally, patients who live in one province may become injured in another while on vacation or experience a flare up of an existing condition. When information flows smoothly between these settings, it improves the continuity of care.

Access to information about the medications patients are taking or any allergies they have can, for example, help EDs avoid potentially fatal errors. Interoperability prevents duplications and delays, and helps improve patient outcomes.

Interoperability is also aimed at improving patients’ access to their personal health information (PHI). The ability to access one’s own PHI is a cornerstone of providing patient-centred care.

Unfortunately, there is a common misconception that privacy laws in Canada are a barrier designed to prevent the sharing of information between authorized providers. Privacy laws, in fact, support the protection of PHI and access to that information as deemed necessary, including providing access directly to patients and health care providers when required for the provision of care.

Enabling interoperability and the flow of data between systems can open up a host of questions. How can a clinician obtain meaningful consent from the patient for sharing a patient record? Can a clinician block or mask personal health information within a patient’s record? What if a clinician does not want to share a patient’s information? Which clinician is responsible for the patient’s record when information is shared?

Privacy laws can provide some clarity when it comes to these types of questions. Canadian privacy laws include guidance on rules for the collection, use, disclosure and security of PHI. They also make clear that while health care providers are the custodians of the information the data belongs to the patients. Canadians have a right not only to access their PHI, but to correct the information. Privacy laws also provide processes for the independent review of decisions made by PHI custodians and recourses for violation of the legislation.

Privacy legislation can also provide guidance for roles and responsibilities when information is shared between multiple providers. When custodians share information, they not only share custody and control of PHI, but they also share accountability. Shared accountabilities may pose unique legislative compliance challenges, since custodians may be unsure which obligations are applicable to them.

As technologies and practices change, privacy laws, too, are evolving, with a number of new laws and changes proposed. These include calls for changes to consent provisions, stronger enforcement powers and a balanced approach for data protection that enables appropriate access for health innovation.

These types of proposed changes could help Canada shift to a truly patient-centric model. They would entail further embedding data sharing requirements in privacy legislation, implementing pan-Canadian standards for data sharing to make it easier to share data across jurisdictions and a more robust data governance model. Improving digital literacy and privacy education for patients, third-party service providers and data custodians could also help further establish the notion of patient agency over PHI.

Canada Health Infoway (Infoway) is committed to driving interoperability in Canada by working to establish collaborative frameworks to engage stakeholders in priority projects, and to support and publish terminology standards. Equally important, Infoway is also working to clarify the role privacy laws can play in building interoperable solutions. To learn more about how privacy laws can help enable interoperability, download Privacy as an Enabler: Sharing Personal Health Information for Interoperability Primer.

Abigail Carter-Langford is Chief Privacy & Security Officer and Executive Vice President, Governance, Risk & Compliance with Canada Health Infoway.

www.infoway-inforoute.ca