Ce billet est disponible en anglais seulement et apparaît sur le site anglophone de la Tribune-Santé. Cliquez ici pour atteindre le site et laisser un commentaire sur ce billet.

I am a privacy lawyer advising both the health and non-health sectors.  I have provided advice on the adoption of electronic health systems and have debated in diverse forums the challenges of moving health care into the electronic age.

There is much to debate – both pro and can – surrounding the development of a so-called “single electronic health record” – which is perceived to be an essential building block for province-wide – or even national – electronic records and communications systems for the sector.

The single electronic health record is generally defined as a comprehensive compilation of a person’s lifetime health care history, accessible by health care providers across different health systems and different points (e.g. acute care hospitals, physician offices) through electronic networks.  By making instantly available a patient’s complete medical history to all health care providers within a circle of care, EHRs have the potential to improve health care delivery.   Accuracy, currency, completeness and availability of health data are considered prerequisites to the effective functioning of the health care system, and can be made possible through EHRs.  EHRs lower the risk of injury due to medical information errors, and have the potential to advance health care research and cut costs by identifying areas for improvement.

While EHRs offer significant advantages to effective health care, they pose challenges to the security of personal health information.  Locks and pass-keys, though potentially sufficient in a paper-based system, are inadequate in an electronic environment.  Further, in a computerized environment the detriment made possible in the event of unauthorized access is magnified.  Computerized databases of personally identifiable information are more vulnerable than paper-based systems because they may be accessed, changed, viewed, copied, used, disclosed, or deleted more easily and by many more people than paper-based records.  The technological means to secure or render unidentifiable personal health information do exist.  The challenge is to ensure that systems meet patient/consumer expectations of privacy and security.

While we are still a distance away from a single “interoperable” EHR system across the whole sector in any province or territory, potential subsets of such a system are being adopted aggressively both within institutions, regionally and in some province-wide networks.

In addition, we see that private, commercially-based alternatives are being presented.  TELUS health space / Microsoft HealthVault and Google Health are opt-in services that are envisaged for adoption both by institutions (and potentially broader entities such as regional health centres) as well as by private individuals.  These services offer to create a “personal medical record” (or PMR) populated by information provided by their users.

Clearly, these private sector alternatives are moving into a space that has not yet been occupied.  Also, on first impression, they seem to offer certain advantages over the proposed public systems; for example, they operate on an opt-in basis, as opposed to the mandatory or opt-out bases that are expected to be the norm for public systems.  However, unless there is a dramatic shift in government thinking, we will – eventually – have a public EHR system in all Canadian jurisdictions.  Therefore, one of the challenges will be to determine whether there should be interconnection, or so-called “interoperability”, between the public systems and these private sector systems.

Whether – or when – such interconnectivity may occur will depend in large part on resolving issues similar to those being faced in trying to knit the disparate parts of current legacy systems together into an interconnected EHR: institutions, physicians offices, community care providers, pharmacies, laboratories and of course government.  These issues include compatibility of technology, security and systems; consistent and intercommunicable data quality; privacy rules; protecting integrity of the data; authorized access and data input; protection from data breaches; unauthorized/inappropriate usage; and – very importantly – access to one’s own personal information.