Privacy and Confidentiality at CIHI

Document Sample
Privacy and Confidentiality at CIHI Powered By Docstoc
					Managing Health Information Privacy in Practice
Alumni Hall Victoria College, University of Toronto
October 25 - 26, 2004

Joan Roch Chief Privacy Officer Canadian Institute for Health Information

• Context

• The privacy program
• Management tools • Privacy impact assessments

• The new Ontario legislation

The Canadian Institute for Health Information - CIHI
National, not-for-profit, organization created in 1993, by Health Ministers, to: – serve as the national coordinating mechanism for health information – provide accurate and timely information required for: • sound health policy • effective management • public awareness of the determinants of health

CIHI - Functions
• Coding standards
• National repository for standard collections • Value added analysis and reporting • Facilitating analysis and research

CIHI – Data Holdings
• Twenty-one data holdings – Three data streams • 6 Health human resources - professional information • 3 Health expenditures - financial, no personal information • 12 Health services - personal health information

CIHI – Analysis and Reporting
Examples of CIHI value added analysis • • • • • Case mix groups Resource intensity weights Limited distribution – e.g. Comparative hospital reports Broad circulation – e.g. Health Care in Canada Regular reports from data holdings – the National Trauma Registry – the Canadian Organ Replacement Registry Ad hoc analysis – Minor hockey injuries

Examples of CIHI analysis and reporting


The Context
The health system
•Information intense •Patient care •Health reform and First Ministers Meeting Initiatives, e.g.
–Wait lists –Drug programs –Home care

The tension

The person
•Privacy rights

•Information systems provide efficiencies BUT •Information systems also increase accessibility •They are powerful •They are fast

•Privacy sensitive

•Public opinion polls

•Research and analysis
–Health indicators –Outcomes analysis

The solution
•Balanced laws •Knowledge, consent and notification •Robust data protection tools and privacy programs

Privacy Legislation
• General privacy legislation
– Federal - provincial – Public sector – private sector

• Health specific privacy legislation
– – – – Manitoba – 1997 Alberta – 2001 Saskatchewan – 2003 Ontario – November 1, 2004

• Key similarity
– CSA Model Code
• Approach to knowledge, consent and notification varies by jurisdiction

What Governs CIHI Activity
• • Ontario‟s Personal Health Information Protection Act Bilateral Agreements with jurisdictions – Negotiated under authority of the Ministries – Contain references to • privacy legislation in the jurisdiction • CIHI privacy policies Data Sharing Agreements – under development – identify limitations and obligations CIHI privacy policies – Employee confidentiality agreement as a condition of employment – “Need to Know” practices to limit access – Disclosure to third parties - rules



Components of Privacy and Confidentiality at CIHI?
• Physical safeguards – secure workspaces, key-coded password-protected entry


Technical safeguards – firewalls, enforced password policy, regular technical testing, etc. – Software choices – Built in - role based access controls – Q & A environment that masks identifiers in the data from analysts
Administrative safeguards – Privacy policies and procedures – Confidentiality agreements, bilateral agreements/ service agreements – Staff training – Data access authorization requirements – Policies related to offsite work and use of laptops


CIHI’s Privacy Program
Is responsible for: • Privacy principles document • Monitoring legislative developments • Review of issues and complex data requests • Providing privacy support to CIHI operations and developments

• Data sharing agreements
• Privacy impact assessments • Privacy audit program

• Staff privacy training
• Outreach activities

Organizational Chart
Privacy Secretariat
Glenda Yeates President and Chief Executive Officer

Joan Roch Chief Privacy Officer

David Flaherty Chief Privacy Advisor

Nicole Mitchell Senior Administrative Assistant

Kathleen Priestman Consultant

Ann Guinchard Consultant

Nancy Gill Analyst

Bruce Petrie Vice President Operations & COO

Jennifer Zelmer Vice President Research & Analysis

Sylvain Rocque Chief Financial Officer

Scott Murray Chief Technology Officer


CIHI’s Privacy Policies
Privacy and Confidentiality of Health Information at CIHI: Principles and Policies for the Protection of Personal Health Information and Policies for Institution-Identifiable Information, 3rd edition, April
–Based on the 10 Privacy Principles and the cornerstone of CIHI‟s privacy program –Developed in consultation with CIHI stakeholders –Includes a Legislative Framework section –Outlines policies AND procedures –Includes CIHI‟s • data request protocol • institution information policy –Approved by the CIHI Board

Data Cycle: Overview
Data Specification s

Data Collection



Data Processing

Data Maintenance

Privacy Management Tools
• Privacy policies and procedures document • Question and Answer or Fact Sheets • Variety of agreements – Confidentiality agreements - staff and contractors – Service agreements • Data access forms – Internal – for staff and contractors – External – for data disclosures • Templates for – Consents and authorizations – Privacy Impact Assessments • Training program

An Example - Data Dissemination
• Releasing reports and providing controlled access to personal health information by third parties for legitimate purposes are key CIHI activities Guiding Principle: Least amount of data and highest level of anonymity Types of 3rd party access – Published reports - web or in print – Standing disclosures - by formal agreement: • Federal level – Statistics Canada • Provincial level – Cancer Care Ontario – Return of information to provider – E-Reports – Ad hoc requests

• •

• Ad hoc Data requests – Generally from researchers and data providers – Disclosure policies are in the policy document – Aggregate vs. record level requests – Multi-stage review & approval process • Program area • Privacy Secretariat • Privacy, Confidentiality & Security Team • CEO – Potential for re-identification determines level of approval required – Complex cases may involve the Chief Privacy Advisor, a privacy commissioner, a ministry representative

Data Request Forms
• Different versions for aggregate and record level data • Both are 2 part forms – cover the10 privacy principles and require: – Researcher information – Description of the analysis – List of data elements requested – Evidence of REB review – Completion of part 2 • the confidentiality agreement

Data Dissemination Confidentiality Agreement
• Prohibits re-identification • Prohibits linking to other data • Limits purposes for which data may be used or disclosed • Specifies safeguards

• Limits publication or disclosure to aggregated data – which doesn‟t allow identification of any individual
• Permits CIHI to conduct on-site visits

• Must be signed before data released

Place of Assessment Tools
System development

Privacy Gap Analysis

Privacy Impact Assessment

Privacy Audit

Place of Assessment Tools
System development

Privacy Gap Analysis

Privacy Impact Assessment

Privacy Audit

What is a Privacy Impact Assessment?
• • A tool for assessing privacy issues and risk. A tool that should tell the story – Why the system exists - its purpose and authority – What information it collects and from where – How it manages the information – safeguards – storage practices – How it uses the information – If and how it discloses the information – The privacy implications of the system or program • consent and notification • the access, redress and complaint mechanisms that are in place • impacts to privacy A tool that should help answer the questions: – Are the privacy risks worth it? – Can they be mitigated?

Why are PIAs Done?
• Required by legislation or policy – British Columbia - legislation – Alberta – legislation – Saskatchewan – Manitoba - policy – Ontario – policy – Newfoundland - policy – Federal government - policy

Why do a PIA if it isn’t required?
• It‟s good business practice

• Public concern about privacy
• Builds trust • Promotes transparency • Facilitates communication • Fosters two-way education • Documentation • Privacy disasters are ruinous

Place of Assessment Tools
System development

Privacy Gap Analysis

Privacy Impact Assessment

Privacy Audit

Key Design Considerations
• What to assess or audit – Program area – Random selection – Highest area of risk

• What tool to use – Mandated form or not • How to get them done – contract out or in house – Unilateral or multidisciplinary approach

Some Factors for Success
• Senior management involvement and adoption • Point person – the privacy champion • A program – a plan • Apply the highest principles • Treating privacy as a process not an event • Assistance from technology • Use resources that are out there • Customize „off the rack„ solutions

• Know what data you collect, why you collect it and what you do with it.

Ontario Legislation and CIHI
• Provides level playing field

• CIHI as a „prescribed entity‟
• This special designation recognizes CIHI‟s – role in health information analysis – need to carry out our national role from our Ontario base. • This special designation requires review and approval of CIHI‟s privacy program every 3 years by the Office of the Ontario Information and Privacy Commissioner.

List of Resources for Privacy Policies and Programs
• Coach (Canada‟s Health Informatics Association) – Guidelines for the Protection of Health Information (
• Nymity Inc ( provides information about federal and provincial legislation, policies, Privacy Impact Assessments etc. Nymity also offers training and support programs as well as various compliance kits. Nymity supports the idea of “best practices.”

List of Resources (cont’d)
• Ontario Hospital Association ( – provides hospital tool kits to assist in the implementation and operationalization of PHIPA (Personal Health Information Protection Act) and QCIPA (Quality of Care Information Protection Act) • CIHI‟s Privacy Tool Kit ( y_toolkit_binder_2003_e.pdf) – provides information about CIHI‟s privacy principles, privacy training and frequency asked questions about privacy and data protection

• Canadian Medical Association (CMA) ( – provides information such as the CMA Health Information Privacy Code

List of Resources (cont’d)
• Information and Privacy Commission of Ontario ( – provides information such as publications surrounding legislation, news releases, presentations, special reports, frequently asked questions about legislation • Ministry of Health and Long-Term Care (of Ontario) ( tion/legislation_mn.html) – provides information with respect to legislation (Bill 31, Bill 105, Bill 8) and questions and answers • Access and Privacy Office – Government of Ontario ( provides information on various legislation, and privacy impact assessment guidelines, including a privacy impact assessment tool kit

List of Resources (cont’d)
• Office of the Privacy Commissioner of Canada ( .asp) – information on federal and provincial legislation, privacy impact assessment policy and guidelines, fact sheets etc. • Canadian Standards Association ( .asp?articleID=5287&language=English) - 10 principles of the CSA model code for the protection of personal information

• Various legal firms offer workshops and newsletters on health privacy

Shared By:
Lingjuan Ma Lingjuan Ma MS
About work for China Compulsory Certification. Some of the documents come from Internet, if you hold the copyright please contact me by