National data bank may not be a good idea

By Shannon Hagerman

A few years ago, a Quebec woman went to a hospital for some regular lab tests. Imagine her shock when doctors told her she had a terminal illness. Later, she got a very disturbing phone call. It was from a funeral home. It wanted to sell her a deluxe package.

The phone call wasn’t a coincidence. Someone at the hospital accessed her medical records and sold her private medical information, just to make a few bucks.

This is one example Brian Foran from the federal privacy commission uses to illustrate how easily someone’s privacy can be violated. While these risks have always existed, technology has made it easier to store vast amounts of information inside personal computers and databases, meaning a security breach could have much more disastrous consequences.

Privacy isn’t something that only doctors should be talking about. Canadians should be voicing their opinions and telling their physicians how they want their medical information used, or live with the consequences.

One proposal that Health Canada is considering, the Canadian Health Infoway, would be an electronic network linking hospitals, clinics, physicians and specialists to a common system. It would break down provincial barriers and eliminate the need for duplicate tests like blood work or X-rays when a person switches doctors. It’s a huge undertaking, still in its infancy. What form it will take is still being discussed but the technology exists to put individuals’ patient records, family medical history, hospital admittance records, dental files, pharmaceutical records, even non-medical information like employment status into one national system.

Members of the medical community say the proposal could have wide reaching benefits but watchdogs argue that privacy could be jeopardized unless certain safeguards are in place.

Federal privacy commissioner Bruce Phillips criticized the proposal in his 1997 annual report.

“The prospect of a greatly expanded collection and sharing of personal health information sets privacy alarms ringing,” the report says. “Medical records currently accessible to patients and a limited number of others, could no longer be said to be confidential when hundreds of strangers can access them electronically.”

University of Ottawa professor, Valerie Steeves, studies technology and its effect on human rights. For over 10 years, Steeves has been examining the issue of privacy. She says her major concern is the unintended consequences of creating mass computerized information systems.

“Once you pull all that information together, it becomes very seductive,” Steeves said.

Steeves cites an example in the United States where a pregnant woman had genetic tests preformed and found out the child she was carrying was at risk for Down’s Syndrome. Once her insurance company found out about her tests, it refused to insure her.

Dr. Robert Spasoff thinks privacy advocates like Steeves are jumping to conclusions. Spasoff heads the epidemiology and community medicine unit at the University of Ottawa and argues a national computer network will have far-reaching benefits.

“I believe the risks to privacy and confidentiality are much smaller than what people think,” he said.

A national health network would allow researchers to track health outcomes and judge how non-medical factors like unemployment, poverty, or geography affect health.

Confidentiality is a problem doctors have always grappled with. Now, the answer may be found in the technology itself. Public Key Infrastructure (PKI) is one method of encrypting information. When X wants to send a message to Y he/she would look up Y’s public ‘key’ in a directory, use it to encrypt the message and send it off without fear of it being intercepted or read by someone else. But in this type of scenario, how can individuals be sure their records won’t be shared without their knowledge?

Ontario recently proposed draft legislation to protect personal health information which includes a provision, allowing individuals to block specific information from their health record. For example, someone who is HIV positive could remove the information from their permanent medical record.

It’s time health care providers start talking about privacy and how they will safeguard it for their patients. The Canadian Medical Association started things rolling after introducing a draft privacy code but there’s still a lot of work to be done.

In the end, Canadians will have to ask themselves what they are comfortable with.

A person’s medical file belongs to them, not their doctor, not the government. Using a patient’s medical information without his or her knowledge and consent is an invasion of privacy. That’s the bottom line.