Upload
geraldine-flynn
View
216
Download
0
Embed Size (px)
Citation preview
E. Sawatsky & Assoc. .Inc
Health Data Use in Canada: ’Secondary” but Important, MIE 2009
E. Sawatsky & Assoc. .Inc
Secondary Use of Data
Canada’s EHR: We want information. We want privacy.
Translation: we want our society to provide good healthcare & provide human rights, respect and a society that values us.
Privacy advocates are concerned
E. Sawatsky & Assoc. .Inc
Why DO we want an EHR?
For better healthcare, better planning predicated on better data, more available to the right person at the right place at the right time
But… for the right use
Use is not always described explicitly
E. Sawatsky & Assoc. .Inc
Business goals: Patient safety Financially sustainability Legal compliance Good corporate citizen Credible Trusted
When the organization fails in one area it can create a lack of trust so that opportunities are lost in another. E.g. a privacy breach may affect a future business opportunity.
The Unknown: Change
E. Sawatsky & Assoc. .Inc
The World is Changing
The world and its complexity –
The technology
Persons and their expectations
All of which relate to both privacy and the EHR as well as how we use health data for other purposes
E. Sawatsky & Assoc. .Inc
Privacy is About DataData represents a person, in a
certain way.
It can be: Complete, or not Accurate, or not Relevant, or not Unbiased, or not and from, any number of perspectives
E. Sawatsky & Assoc. .Inc
Complex Environments
There is greater risk due to: More stakeholders Political issues External partners (i.e. less control) New technology Less flexible organizational culture High investment Low tolerance for failure
E. Sawatsky & Assoc. .Inc
Complex Environments
But most of all the complexity comes from ….
the need to integrate data, to provide integrated Services …….
…..to an ‘integrated’ IndividualA integrated ‘system’ includes: data,
technology, people and processes – within a scope (program, dept, organization, the world.
E. Sawatsky & Assoc. .Inc
Complex Environments Require
Greater oversight More planning, reporting,
communication More data protection Privacy culture There is a conflict with those who
would like things to remain simple, less overhead.
E. Sawatsky & Assoc. .Inc
Complex Environments
An era of dramatic change and opportunity Adoption of electronic medical records across the system. Barriers have been dramatically eliminated due to the electronic
format. Significantly easier to link data - far more significant disclosures. The potential value to individual patients and the health system is
huge, as are the potential risks. Requires a a policy infrastructure which balances the public interests
with the right of an individual – the balance of the positive needs of society versus the autonomy of the individuals.
Fundamental is the ethical use of information - often with vague definitions and/or categorizations – requires more clarity and effective oversight of the entire process.
Where consent is not required an effective governance model is key to uphold the principles : openness, transparency, and accountability
E. Sawatsky & Assoc. .Inc
Complex Environments The level of due diligence must be commensurate with
potential risks, fulfill legal and ethical duties, and should at a minimum include:
Definition of the purpose and data requirements of the secondary use
Assessment the legal considerations Assessment of the ethical considerations Apply specific rules for research Establishing the consent model, and engage an approval
and oversight process as required Establishing the data and security controls
Source: Alberta College of Physicians and Surgeons
E. Sawatsky & Assoc. .Inc
Complex Environments Requires a strong business focus in order that the
various risks are: Identified, Assessed, Mitigated, Balanced, ………. And privacy risk is only one
Requires the assumption that data will be protected Requires understanding of the ‘business’ within its
broad context: financial, legal, public relations
E. Sawatsky & Assoc. .Inc
How Can We Change the Approach to Privacy
Often the previous approach has failed
Privacy is a societal construct
We cannot build a new concept with outdated methods
Will the concern go “out of date”
Privacy as an industry is not yet well evolved. (what is a PIA for anyway?) A task on a project plan?
An exam at the end of your project?
A risk management exercise?
E. Sawatsky & Assoc. .Inc
The Provincial Health Services Authority: Mandate: to ensure the planning, coordination, accessibility,
quality, efficiency and effectiveness of selected province-wide health care programs by separately incorporated organizations.
Province-wide coordination of certain programs, services and support systems which are required by or applicable to all six health authorities and/or the B.C. Ministry of Health.
Each of PHSA and these five agencies are classed as “public bodies” under the FIPPA legislation, and are subject to its public disclosure rules. The agencies (Branches) are:
British Columbia Cancer Agency, British Columbia Centre for Disease Control British Columbia Mental Health Society British Columbia Transplant Society Children's and Women’s Health Centre
The Data Warehouse
E. Sawatsky & Assoc. .Inc
PHSA and its Branches - further information-sharing is appropriate in support of a data warehouse.
Operate as an Integrated Program, performing information analysis and planning for PHSA and Branches.
Will provide integrated data and information products and services in support of coordination & management of PHSA, PHSA Programs and Branch programs.
Formulation of health service delivery policy , Policy analysis, evaluation and correction, Synchronization of health programs and activities, Regulation and enforcement, Intelligence gathering to monitor and evaluate programs and services, Communication.
The Data Warehouse
E. Sawatsky & Assoc. .Inc
Program activities include providing information, data and reports in order to support performance management, quality and safety of services, and program evaluation.
Use of identifiable data is subject to ethics rules. FIPPA states no harm must come to the individual. Will use ISO standards currently being developed for
Clinical Data Warehouse, Dr. Andrew Grant University of Sherbrooke, Quebec
The Data Warehouse
E. Sawatsky & Assoc. .Inc
Requirement: legal standing Requirement: appropriate governance Requirement: Accountability Requirement: Policy Requirement: Defined Purposes Requirement: Controls Default: Anonymisation
The Data Warehouse: An ‘Integrated Program’
E. Sawatsky & Assoc. .Inc
Governance is Key Operating Policy Budgets Tools: Agreements Tools: Terms of Reference Requirement: protect ‘secrets’
An Integrated Program
E. Sawatsky & Assoc. .Inc
Privacy law always states: collect only what you need
Data Warehouse = all data How do you know tomorrow’s questions How can the risk be reduced? MBUN? Anonymous? Saying ‘no’ – builds trust Strong operational policy & flawless
execution
Risks: Collection
E. Sawatsky & Assoc. .Inc
The University of Ottawa, Department of Medicine has developed some new Privacy Enhancing Technology.
Based on a Strong mathematical foundation, and Peer reviewed algorithms
They have a new paper published in the Journal of the American Medical Informatics Association describing their de-identification algorithm: http://www.jamia.org/cgi/content/abstract/M3144v1which produces a globally optimal solution that ensures minimal distortion of the data, and they (say they) show that it is the fastest algorithm available today that is optimal and that is suitable for health datasets. It is implemented in their Privacy Analytics tool. The tool performs assessment of the risk of re-identification, de-
identification, pseudonymization.
Risk: Use
E. Sawatsky & Assoc. .Inc
For what purposes may data be disclosed? May be different from the collection uses. This distinction will be made in the ISO Data Use standard now in development.
What technical controls are applied? What administrative controls are
applied? Expensive? No question Valuable? No question
Risk: Disclosure
E. Sawatsky & Assoc. .Inc
Physical and technical and administrative controls must be absolutely impeccable.
We know this. We may not always do it Destruction techniques must be solid Openness and transparency for all
collection, use and disclosures Language is an issue. USA didn’t like
“disclosure” - wanted “sharing”.
Risk: Retention
E. Sawatsky & Assoc. .Inc
Risks to groups – First Nations, PWA, family relationships
Linkage policy must be carefully set
Privacy law says: no harm Who decides what is harmful?
Risks: Retention
E. Sawatsky & Assoc. .Inc
What if the organization fails? Who will take the data? Who should take the data? What will be expected? What will Archives want?
Risk: Retention
E. Sawatsky & Assoc. .Inc
Assumptions Identified data disclosed only under strict
control, very limited and justified No access to identifiable data except in
justifies and defined circumstances Continued oversight to ensure procedures
don’t slip Process to define new purposes OPENNESS TRUSTED
Changes Required
E. Sawatsky & Assoc. .Inc
EHR Infostructure: Conceptual Architecture
JURISDICTIONAL INFOSTRUCTURE
Ancillary Data& Services
Registries Data& Services
EHR Data& Services
DataWarehouse
OutbreakManagement
PHSReporting
SharedHealth Record
DrugInformation
DiagnosticImaging
LaboratoryHealth
Information
POINT OF SERVICE
Hospital, LTC,CCC, EPR
PhysicianOffice EMR
EHR Viewer
Physician/Provider
BusinessRules
EHRIndex
MessageStructures
NormalizationRules
Security MgmtData
Privacy Data Configuration
Physician/Provider
Physician/Provider
Lab System(LIS)
Lab Clinician
RadiologyCenter
PACS/RIS
Radiologist
PharmacySystem
Pharmacist
Public HealthServices
Public Health Provider
Longitudinal Record Services
HIALCommunication Bus
Common Services
ClientRegistry
ProviderRegistry
LocationRegistry
TerminologyRegistry
E. Sawatsky & Assoc. .Inc
What’s in a name?- Secondary vs. Primary
CIHI & HSU Canadian Institute for Health Information
uses the term, ‘health system use’ but that is only one way of grouping some of the use descriptions.
Everyone wants the data Assumptions have been made that it will be
available but now the discussions have meaning – they are taking place.
There can be quite a bit of conflict and we are working through that
E. Sawatsky & Assoc. .Inc
CHI: provides leadership, is arm’s length and national, but their strategy is to enable the P/Ts and CHI so that the individual systems are ready to ‘disclose’ data in a standardized way and that is designed in. Data will go from HA – MOH – CIHI (high level rolled up)
CIHI has a definition of Health System Use
Canada Health Infoway and The Canadian Institute for Health Information
E. Sawatsky & Assoc. .Inc
CHI & CIHI’s opinions go into the ISO data purposes work that Canada is doing.
CIHI is working toward a Pan Canadian data set. They have worked out the technology approach and now will engage the public and physicians. In December of ‘08 the Ministers of Health made the decision to include secondary use in their design
Infoway (CHI) funded projects will ensure it is included.
Canada Health Infoway and The Canadian Institute for Health Information
E. Sawatsky & Assoc. .Inc
Health System Use Project: A collaboration of the Provinces, Territories and Federal governments, Canada Health Infoway (Infoway, CHI) and Canadian Institute for Health Information (CIHI)
Being done using two working groups with senior representation
Health System Use (HSU) of data is essential to improving patient care and managing the health system.
Timing is critical for Health System Use as significant investments in EHR/EMRs are being made now.
Canadians support the public system and improvements in it (i.e. EMR/EHR = better information)
Strong support from heavy users (seniors and those with chronic diseases)
There is general trust that the public system will protect privacy
Canadian Institute for Health Information: Approach
E. Sawatsky & Assoc. .Inc
Resistance and opposition more likely to be initiated by stakeholders
Physician concern regarding “score-carding” Physician concern will be articulated as violations of
patient/physician privilege Commercial sale of data will threaten privacy and expose
patients to discrimination by insurance companies, employers etc
They mean to have one flexible covenant that can provide an umbrella of assurance which
1. Will reflect the philosophy of current legislation
2. Will be written in plain language
3. Articulates how data will and will not be used.
Canadian Institute for Health Information: Approach
E. Sawatsky & Assoc. .IncHealth System Use Presentation to Conference of Deputy Ministers
A 5-PART STRATEGYto address technical requirements
33
1
2
3
4
5
5 Part StrategyJurisdiction Findings Next Steps
E. Sawatsky & Assoc. .Inc
Hea
lth S
yste
m U
seM
ostly
pse
udom
ised
/ano
nym
ised
dat
a
34
Use of data for direct management of health services and programs
including quality improvement & decision support (program level)
Example: Chronic disease management tools based on clinical practice
guidelines are used by physicians to screen for and then assess and recommend
care for chronic disease sufferers
Use of data for direct management of health services and programs
including quality improvement & decision support (program level)
Example: Chronic disease management tools based on clinical practice
guidelines are used by physicians to screen for and then assess and recommend
care for chronic disease sufferers
Clinical Program Mgmt
(inc. QI and DS)
Use of data to manage health system
performance including analyses, planning, and monitoring, for example
Example: Analysis
of ACSCs led to development of access initiatives in low SES
neighbourhoods
Use of data to manage health system
performance including analyses, planning, and monitoring, for example
Example: Analysis
of ACSCs led to development of access initiatives in low SES
neighbourhoods
Health System Mgmt
(Administrative)
Use of data for population health services
surveillance
Future example: Use of data from ERs and
primary care offices for real-time management of
influenza
Use of data for population health services
surveillance
Future example: Use of data from ERs and
primary care offices for real-time management of
influenza
Surveillance(Pop. Health and Health
Services)
Use of data for research
Future example:Use of EMR data to study
impact of cardiac care guidelines on morbidity,
mortality in large populations
Use of data for research
Future example:Use of EMR data to study
impact of cardiac care guidelines on morbidity,
mortality in large populations
Research
DIRECT PATIENT CARE AND IMPROVED HEALTH OUTCOMES
Framework and Illustrative Examples (draft)
Defining the VisionAppendix A
E. Sawatsky & Assoc. .Inc
Em
ergingE
xisting - EH
R
ADMISSION / DISCHARGE / TRANSFER
WAIT TIMES
HEALTH HUMAN RESOURCES
CLINICAL / ADMINISTRATIVE DATA (e.g., DAD/Lab/DI)
DRUGS
PRIMARY HEALTH CARE
35
PUBLIC HEALTH
EMR Investments
Drug Information Systems(based on CeRx)
EHR Specifications
Provider Registries
EMR, Hospital System Enhancements
Align with Potential Standard
Infoway
Immunization Repository
Candidates for future HSU priorities
Incorporate limited set of primary health care data requirements into Infoway’s EMR Investment Strategy - Summer 2009.
Appendix B
Seizing Opportunities
E. Sawatsky & Assoc. .Inc
36
Standards FrameworkAppendix D
E. Sawatsky & Assoc. .Inc
Different in each province but they are moving in the same general direction.
Timing is different Smaller populations do it sooner
Canadian Province’s Approach
E. Sawatsky & Assoc. .Inc
Data Uses/Purpose of Use/ for ‘processing ‘ Meant to support electronic communication. Was identified as a gap in 13606 A fundamental principle underlying data use is that
the purposes for which data was orginally collected and that subsequent processing activities be the same or are Permitted.
A standardised list of purposes, forms the foundation for correspondence of permitted purpose between users, systems, organisations or policy domains.
First categorize on who benefits: exclusively the patient? Or a more broad benefit?
Dipak Kalra/UK Elaine Sawatsky/Canada, Italy, Brasil, Finland
ISO Standards Work
E. Sawatsky & Assoc. .Inc
Interoperability standards are expanding the capacity for organizations to exchange data.
In order that data collection, storage, access, analysis, linkage, communication, disclosure and retention of the data (collectively called processing) is appropriate it will require fully computable policy that are themselves interoperable, so that requests between heterogeneous systems can all be evaluated consistently.
Knowing the purpose for which access to information is intended is essential in order to determine if access to data for processing activities are appropriate.
This problem has become not only one of determining that a user has permission to access particular items of information but also that the user has permission to use them for a specified purpose.
It is therefore essential to ensure that the context within which access and use is asserted is the correct one. Purpose when clearly defined, helps to ensure that access to protected information items is granted to properly authorized users under a specific, appropriate and unambiguous policy.
The explicit declaration of intended purpose prior to being granted access also helps to ensure that users understand that such access does not imply that use is also permitted for other undeclared purposes.
Purpose of use helps bring clarity to situations where there are multiple and potentially conflicting contextually sensitive policies for identical users’ access to identical information items.
Data Use
E. Sawatsky & Assoc. .Inc
Secondary use of health data can enhance health care experience, expand knowledge ,strengthen understanding and support public health goals.
Secondary use is a necessary and accepted part of our health system supporting the effectiveness, efficiency and sustainability of the health system and an integral part of the cycle of research, medical evidence, accepted knowledge base
It is therefore critical to promote and enable secondary uses. Secondary uses are almost always directed to populations and
impact broader social, political and cultural aspects The following principles relating to secondary uses are added
to the CPSA data stewardship principles: Openness and transparency for all secondary uses Oversight and accountability Respect for personal privacy Patient, health system or social benefit Balance and reciprocity
AB College of Physicians & Surgeons
E. Sawatsky & Assoc. .Inc
Absent in this environment is a governance process that would provide an ongoing review and oversight of the application of “reasonable public expectations” in specific approvals and uses, as well as the monitoring of parallel and unrelated events impacting the overall balance (i.e. evaluate incremental impacts of secondary uses and reaching the “slippery slope” or crossing a “tipping point”).
A governing body, spanning health system sectors and groups as well as having public representation could provide this oversight. The mandate would be to protect the public interest as well as vulnerable individuals and populations by setting and monitoring parameters for purposes deemed within the “public interest” and “reasonable public expectations”.
Physicians who will be using data for secondary purposes, or disclosing information for subsequent secondary purposes are expected to perform a level of due diligence prior to using or disclosing information for secondary uses.
AB College of Physicians & Surgeons
E. Sawatsky & Assoc. .Inc
[email protected] Ognjenka Djurdjev, Corporate Director
PHSA, [email protected]
Khaled el Emam, U of Ottawa, [email protected]
Louie Barre, Canadian Institute for Health Information, [email protected]
Contacts