By Tasha Prychitko and Jennifer Siddall
Tasha Prychitko and Jennifer Siddall, CHIMA Manitoba Nunavut (MBNU) Chapter volunteers, had the chance to attend the 2022 Updates on the Emerging Privacy Management Practices in Health Care Series webinar facilitated by Jean L. Eaton on May 2. This virtual presentation highlighted some of the recent developments and trends in digital health, changes to privacy legislation, and recent privacy breaches across Canada.
In this article, our goal is to see how these updates fit within Manitoba’s health information landscape through the lens of our experience as residents and health information management (HIM) professionals in Manitoba.
The opening topic highlighted updates in digital health. New initiatives, such as digital prescriptions through the Prescribe IT program developed by Canada Health Infoway and the establishment of standards for virtual care providers, are some of the many areas which have continued to develop over the past year. Artificial intelligence (AI), such as smart machines and software, is increasingly present in our health care system, and the introduction of contact tracing apps in many provinces during the Covid-19 pandemic has proved invaluable. The Public Health Information Management System (PHIMS) in Manitoba was key in tracking, storing, and distributing Covid-19 immunization information and personal health information (PHI) associated with the vaccine, and a new Covid-19 Data Quality team was established. Jean emphasized the importance of performing a privacy impact assessment (to assess its potential harms) before collecting new PHI and reviewing standards for collection and retention. These new technologies have benefited health care providers and their patients by delivering health care through different platforms.
Legislative changes have occurred and been presented in annual reports published by each province’s Information and Privacy Office. There is a movement to align policy between the provinces, and Jean explained that legislative changes in one province would likely be mirrored in other provinces, harmonizing policy across the country. The biggest takeaway regarding current privacy legislation is to be attentive to the legislation in other regions, as those changes often influence and become part of one’s own province’s legislation in the future, much as we’re seeing with Bill C-11 (The Digital Charter Implementation Act, 2020). Aligning provincial policies makes us more similar than different. In Manitoba, there were updates to the Whistleblower Protection Act and an ombudsman report on complaints relating to collecting and distributing Covid-19-related PHI. Common issues affecting PHI and access to it in all provinces are unresponsiveness, delays, loss of control, disparate systems, and a lack of access to shared systems.
The final topic covered was recent examples of breaches in the news. One major issue is the delay in reporting or detecting breaches, which extends the reporting and response times. In Manitoba, an employee was found to have inappropriately accessed the provincial drug program database within the Manitoba Health, Seniors and Active Living department. According to the report, this employee received a $7,500 fine for snooping. Another example in Manitoba was of a nurse improperly accessing the Emergency Department Information System (EDIS) but continuing to have access to the system during the investigation. In this case, there was no action against the nurse because the affected individuals did not make a complaint to the privacy officer or ombudsman. Monitoring the news, being vigilant, and staying informed on privacy breaches across Canada’s health care system should inform the evaluation of your facility’s database structure to minimize possible breaches that could surface if not addressed.
Overall, Jean recommended that the public be more aware of their ownership of and responsibility for their health data and know that some risk exists when providing PHI to our health care providers.