E. Sawatsky & Assoc..Inc Health Data Use in Canada: ’Secondary” but Important, MIE 2009

E. Sawatsky & Assoc. .Inc

Health Data Use in Canada: ’Secondary” but Important, MIE 2009


Secondary Use of Data

Canada’s EHR: We want information. We want privacy.

Translation: we want our society to provide good healthcare & provide human rights, respect and a society that values us.

Privacy advocates are concerned


Why DO we want an EHR?

For better healthcare, better planning predicated on better data, more available to the right person at the right place at the right time

But… for the right use

Use is not always described explicitly


Business goals: Patient safety Financially sustainability Legal compliance Good corporate citizen Credible Trusted

When the organization fails in one area it can create a lack of trust so that opportunities are lost in another. E.g. a privacy breach may affect a future business opportunity.

The Unknown: Change


The World is Changing

The world and its complexity –

The technology

Persons and their expectations

All of which relate to both privacy and the EHR as well as how we use health data for other purposes


Privacy is About DataData represents a person, in a

certain way.

It can be: Complete, or not Accurate, or not Relevant, or not Unbiased, or not and from, any number of perspectives


Complex Environments

There is greater risk due to: More stakeholders Political issues External partners (i.e. less control) New technology Less flexible organizational culture High investment Low tolerance for failure



But most of all the complexity comes from ….

the need to integrate data, to provide integrated Services …….

…..to an ‘integrated’ IndividualA integrated ‘system’ includes: data,

technology, people and processes – within a scope (program, dept, organization, the world.


Complex Environments Require

Greater oversight More planning, reporting,

communication More data protection Privacy culture There is a conflict with those who

would like things to remain simple, less overhead.



An era of dramatic change and opportunity Adoption of electronic medical records across the system. Barriers have been dramatically eliminated due to the electronic

format. Significantly easier to link data - far more significant disclosures. The potential value to individual patients and the health system is

huge, as are the potential risks. Requires a a policy infrastructure which balances the public interests

with the right of an individual – the balance of the positive needs of society versus the autonomy of the individuals.

Fundamental is the ethical use of information - often with vague definitions and/or categorizations – requires more clarity and effective oversight of the entire process.

Where consent is not required an effective governance model is key to uphold the principles : openness, transparency, and accountability


Complex Environments The level of due diligence must be commensurate with

potential risks, fulfill legal and ethical duties, and should at a minimum include:

Definition of the purpose and data requirements of the secondary use

Assessment the legal considerations Assessment of the ethical considerations Apply specific rules for research Establishing the consent model, and engage an approval

and oversight process as required Establishing the data and security controls

Source: Alberta College of Physicians and Surgeons


Complex Environments Requires a strong business focus in order that the

various risks are: Identified, Assessed, Mitigated, Balanced, ………. And privacy risk is only one

Requires the assumption that data will be protected Requires understanding of the ‘business’ within its

broad context: financial, legal, public relations


How Can We Change the Approach to Privacy

Often the previous approach has failed

Privacy is a societal construct

We cannot build a new concept with outdated methods

Will the concern go “out of date”

Privacy as an industry is not yet well evolved. (what is a PIA for anyway?) A task on a project plan?

An exam at the end of your project?

A risk management exercise?


The Provincial Health Services Authority: Mandate: to ensure the planning, coordination, accessibility,

quality, efficiency and effectiveness of selected province-wide health care programs by separately incorporated organizations.

Province-wide coordination of certain programs, services and support systems which are required by or applicable to all six health authorities and/or the B.C. Ministry of Health.

Each of PHSA and these five agencies are classed as “public bodies” under the FIPPA legislation, and are subject to its public disclosure rules. The agencies (Branches) are:

British Columbia Cancer Agency, British Columbia Centre for Disease Control British Columbia Mental Health Society British Columbia Transplant Society Children's and Women’s Health Centre

The Data Warehouse


PHSA and its Branches - further information-sharing is appropriate in support of a data warehouse.

Operate as an Integrated Program, performing information analysis and planning for PHSA and Branches.

Will provide integrated data and information products and services in support of coordination & management of PHSA, PHSA Programs and Branch programs.

Formulation of health service delivery policy , Policy analysis, evaluation and correction, Synchronization of health programs and activities, Regulation and enforcement, Intelligence gathering to monitor and evaluate programs and services, Communication.

The Data Warehouse


Program activities include providing information, data and reports in order to support performance management, quality and safety of services, and program evaluation.

Use of identifiable data is subject to ethics rules. FIPPA states no harm must come to the individual. Will use ISO standards currently being developed for

Clinical Data Warehouse, Dr. Andrew Grant University of Sherbrooke, Quebec

The Data Warehouse


Requirement: legal standing Requirement: appropriate governance Requirement: Accountability Requirement: Policy Requirement: Defined Purposes Requirement: Controls Default: Anonymisation

The Data Warehouse: An ‘Integrated Program’


Governance is Key Operating Policy Budgets Tools: Agreements Tools: Terms of Reference Requirement: protect ‘secrets’

An Integrated Program


Privacy law always states: collect only what you need

Data Warehouse = all data How do you know tomorrow’s questions How can the risk be reduced? MBUN? Anonymous? Saying ‘no’ – builds trust Strong operational policy & flawless

execution

Risks: Collection


The University of Ottawa, Department of Medicine has developed some new Privacy Enhancing Technology.

Based on a Strong mathematical foundation, and Peer reviewed algorithms

They have a new paper published in the Journal of the American Medical Informatics Association describing their de-identification algorithm: http://www.jamia.org/cgi/content/abstract/M3144v1which produces a globally optimal solution that ensures minimal distortion of the data, and they (say they) show that it is the fastest algorithm available today that is optimal and that is suitable for health datasets. It is implemented in their Privacy Analytics tool. The tool performs assessment of the risk of re-identification, de-

identification, pseudonymization.

Risk: Use


For what purposes may data be disclosed? May be different from the collection uses. This distinction will be made in the ISO Data Use standard now in development.

What technical controls are applied? What administrative controls are

applied? Expensive? No question Valuable? No question

Risk: Disclosure


Physical and technical and administrative controls must be absolutely impeccable.

We know this. We may not always do it Destruction techniques must be solid Openness and transparency for all

collection, use and disclosures Language is an issue. USA didn’t like

“disclosure” - wanted “sharing”.

Risk: Retention


Risks to groups – First Nations, PWA, family relationships

Linkage policy must be carefully set

Privacy law says: no harm Who decides what is harmful?

Risks: Retention


What if the organization fails? Who will take the data? Who should take the data? What will be expected? What will Archives want?

Risk: Retention


Assumptions Identified data disclosed only under strict

control, very limited and justified No access to identifiable data except in

justifies and defined circumstances Continued oversight to ensure procedures

don’t slip Process to define new purposes OPENNESS TRUSTED

Changes Required


EHR Infostructure: Conceptual Architecture

JURISDICTIONAL INFOSTRUCTURE

Ancillary Data& Services

Registries Data& Services

EHR Data& Services

DataWarehouse

OutbreakManagement

PHSReporting

SharedHealth Record

DrugInformation

DiagnosticImaging

LaboratoryHealth

Information

POINT OF SERVICE

Hospital, LTC,CCC, EPR

PhysicianOffice EMR

EHR Viewer

Physician/Provider

BusinessRules

EHRIndex

MessageStructures

NormalizationRules

Security MgmtData

Privacy Data Configuration

Physician/Provider

Physician/Provider

Lab System(LIS)

Lab Clinician

RadiologyCenter

PACS/RIS

Radiologist

PharmacySystem

Pharmacist

Public HealthServices

Public Health Provider

Longitudinal Record Services

HIALCommunication Bus

Common Services

ClientRegistry

ProviderRegistry

LocationRegistry

TerminologyRegistry


What’s in a name?- Secondary vs. Primary

CIHI & HSU Canadian Institute for Health Information

uses the term, ‘health system use’ but that is only one way of grouping some of the use descriptions.

Everyone wants the data Assumptions have been made that it will be

available but now the discussions have meaning – they are taking place.

There can be quite a bit of conflict and we are working through that


CHI: provides leadership, is arm’s length and national, but their strategy is to enable the P/Ts and CHI so that the individual systems are ready to ‘disclose’ data in a standardized way and that is designed in. Data will go from HA – MOH – CIHI (high level rolled up)

CIHI has a definition of Health System Use

Canada Health Infoway and The Canadian Institute for Health Information


CHI & CIHI’s opinions go into the ISO data purposes work that Canada is doing.

CIHI is working toward a Pan Canadian data set. They have worked out the technology approach and now will engage the public and physicians. In December of ‘08 the Ministers of Health made the decision to include secondary use in their design

Infoway (CHI) funded projects will ensure it is included.

Canada Health Infoway and The Canadian Institute for Health Information


Health System Use Project: A collaboration of the Provinces, Territories and Federal governments, Canada Health Infoway (Infoway, CHI) and Canadian Institute for Health Information (CIHI)

Being done using two working groups with senior representation

Health System Use (HSU) of data is essential to improving patient care and managing the health system.

Timing is critical for Health System Use as significant investments in EHR/EMRs are being made now.

Canadians support the public system and improvements in it (i.e. EMR/EHR = better information)

Strong support from heavy users (seniors and those with chronic diseases)

There is general trust that the public system will protect privacy

Canadian Institute for Health Information: Approach


Resistance and opposition more likely to be initiated by stakeholders

Physician concern regarding “score-carding” Physician concern will be articulated as violations of

patient/physician privilege Commercial sale of data will threaten privacy and expose

patients to discrimination by insurance companies, employers etc

They mean to have one flexible covenant that can provide an umbrella of assurance which

1. Will reflect the philosophy of current legislation

2. Will be written in plain language

3. Articulates how data will and will not be used.

Canadian Institute for Health Information: Approach

E. Sawatsky & Assoc. .IncHealth System Use Presentation to Conference of Deputy Ministers

A 5-PART STRATEGYto address technical requirements

33

1

2

3

4

5

5 Part StrategyJurisdiction Findings Next Steps


Hea

lth S

yste

m U

seM

ostly

pse

udom

ised

/ano

nym

ised

dat

a

34

Use of data for direct management of health services and programs

including quality improvement & decision support (program level)

Example: Chronic disease management tools based on clinical practice

guidelines are used by physicians to screen for and then assess and recommend

care for chronic disease sufferers

Use of data for direct management of health services and programs

including quality improvement & decision support (program level)

Example: Chronic disease management tools based on clinical practice

guidelines are used by physicians to screen for and then assess and recommend

care for chronic disease sufferers

Clinical Program Mgmt

(inc. QI and DS)

Use of data to manage health system

performance including analyses, planning, and monitoring, for example

Example: Analysis

of ACSCs led to development of access initiatives in low SES

neighbourhoods

Use of data to manage health system

performance including analyses, planning, and monitoring, for example

Example: Analysis

of ACSCs led to development of access initiatives in low SES

neighbourhoods

Health System Mgmt

(Administrative)

Use of data for population health services

surveillance

Future example: Use of data from ERs and

primary care offices for real-time management of

influenza

Use of data for population health services

surveillance

Future example: Use of data from ERs and

primary care offices for real-time management of

influenza

Surveillance(Pop. Health and Health

Services)

Use of data for research

Future example:Use of EMR data to study

impact of cardiac care guidelines on morbidity,

mortality in large populations

Use of data for research

Future example:Use of EMR data to study

impact of cardiac care guidelines on morbidity,

mortality in large populations

Research

DIRECT PATIENT CARE AND IMPROVED HEALTH OUTCOMES

Framework and Illustrative Examples (draft)

Defining the VisionAppendix A


Em

ergingE

xisting - EH

R

ADMISSION / DISCHARGE / TRANSFER

WAIT TIMES

HEALTH HUMAN RESOURCES

CLINICAL / ADMINISTRATIVE DATA (e.g., DAD/Lab/DI)

DRUGS

PRIMARY HEALTH CARE

35

PUBLIC HEALTH

EMR Investments

Drug Information Systems(based on CeRx)

EHR Specifications

Provider Registries

EMR, Hospital System Enhancements

Align with Potential Standard

Infoway

Immunization Repository

Candidates for future HSU priorities

Incorporate limited set of primary health care data requirements into Infoway’s EMR Investment Strategy - Summer 2009.

Appendix B

Seizing Opportunities


36

Standards FrameworkAppendix D


Different in each province but they are moving in the same general direction.

Timing is different Smaller populations do it sooner

Canadian Province’s Approach


Data Uses/Purpose of Use/ for ‘processing ‘ Meant to support electronic communication. Was identified as a gap in 13606 A fundamental principle underlying data use is that

the purposes for which data was orginally collected and that subsequent processing activities be the same or are Permitted.

A standardised list of purposes, forms the foundation for correspondence of permitted purpose between users, systems, organisations or policy domains.

First categorize on who benefits: exclusively the patient? Or a more broad benefit?

Dipak Kalra/UK Elaine Sawatsky/Canada, Italy, Brasil, Finland

ISO Standards Work


Interoperability standards are expanding the capacity for organizations to exchange data.

In order that data collection, storage, access, analysis, linkage, communication, disclosure and retention of the data (collectively called processing) is appropriate it will require fully computable policy that are themselves interoperable, so that requests between heterogeneous systems can all be evaluated consistently.

Knowing the purpose for which access to information is intended is essential in order to determine if access to data for processing activities are appropriate.

This problem has become not only one of determining that a user has permission to access particular items of information but also that the user has permission to use them for a specified purpose.

It is therefore essential to ensure that the context within which access and use is asserted is the correct one. Purpose when clearly defined, helps to ensure that access to protected information items is granted to properly authorized users under a specific, appropriate and unambiguous policy.

The explicit declaration of intended purpose prior to being granted access also helps to ensure that users understand that such access does not imply that use is also permitted for other undeclared purposes.

Purpose of use helps bring clarity to situations where there are multiple and potentially conflicting contextually sensitive policies for identical users’ access to identical information items.

Data Use


Secondary use of health data can enhance health care experience, expand knowledge ,strengthen understanding and support public health goals.

Secondary use is a necessary and accepted part of our health system supporting the effectiveness, efficiency and sustainability of the health system and an integral part of the cycle of research, medical evidence, accepted knowledge base

It is therefore critical to promote and enable secondary uses. Secondary uses are almost always directed to populations and

impact broader social, political and cultural aspects The following principles relating to secondary uses are added

to the CPSA data stewardship principles: Openness and transparency for all secondary uses Oversight and accountability Respect for personal privacy Patient, health system or social benefit Balance and reciprocity

AB College of Physicians & Surgeons


Absent in this environment is a governance process that would provide an ongoing review and oversight of the application of “reasonable public expectations” in specific approvals and uses, as well as the monitoring of parallel and unrelated events impacting the overall balance (i.e. evaluate incremental impacts of secondary uses and reaching the “slippery slope” or crossing a “tipping point”).

A governing body, spanning health system sectors and groups as well as having public representation could provide this oversight. The mandate would be to protect the public interest as well as vulnerable individuals and populations by setting and monitoring parameters for purposes deemed within the “public interest” and “reasonable public expectations”.

Physicians who will be using data for secondary purposes, or disclosing information for subsequent secondary purposes are expected to perform a level of due diligence prior to using or disclosing information for secondary uses.

AB College of Physicians & Surgeons


[email protected] Ognjenka Djurdjev, Corporate Director

PHSA, [email protected]

Khaled el Emam, U of Ottawa, [email protected]

Louie Barre, Canadian Institute for Health Information, [email protected]

Contacts

Documents

E. Sawatsky & Assoc..Inc Health Data Use in Canada: ’Secondary” but Important, MIE 2009