Keep Health Data Private and Secure Every Day

You are currently viewing Keep Health Data Private and Secure Every Day

Community Clinicians’ Voices Heard on “Data Privacy Day”

Reflections on OntarioMD’s participation in the Information and Privacy Commissioner’s panel – and where we can do more

Ariane Siegel, General Counsel and Chief Privacy Officer, OntarioMD

Recently, I was invited to speak on the subject of “Building Trust in Digital Health Care” as part of the Ontario Information and Privacy Commissioner’s (IPC) Data Privacy Day. This subject is one of the four main strategic priorities set by Commissioner Patricia Kosseim for her term, leading up to 2025.

The role digital solutions play in supporting today’s medical practices cannot be understated. The onset of the COVID-19 pandemic rapidly accelerated our health care system’s reliance on virtual care, remote medicine, and data portability. These concepts are now matters of daily practice for clinicians and staff across Ontario. This rapid shift to reliance on new technologies and modalities of care has required health care providers to quickly learn and apply – sometimes complicated and unfamiliar – privacy and security considerations to manage new risks to Personal Health Information.

OntarioMD enthusiastically supports the adoption of new technologies across our health care system. We also appreciate that the time commitment sometimes required to implement these technologies can be frustrating to overburdened clinicians. Almost 20 years ago, OntarioMD led the province-wide deployment and adoption of Electronic Medical Records (EMRs), which are now integral to practice. We have continued our desire to be practical and trusted advisors and offer clinician supports in relation to emerging digital innovations – particularly for clinicians in the community (primary and secondary care). It is from this experience and perspective that I was asked to join the IPC’s panel to speak on the challenges and opportunities for improving, as well as building trust in, digital health solutions.

Also on the IPC panel was Sylvie Gaskin (Ontario Health), Michael Hillmer (Ministry of Health), Wendy Lawrence (St. Joseph’s Healthcare Hamilton), and Nyranne Martin (The Ottawa Hospital). I encourage you to review the Commissioner’s summary, or to watch the video recording for their valuable insights.

Several key themes resonated from our discussion:

  • Data portability and interoperability: Current technology needs to evolve so patient data can be exchanged. There is no universal medical record that patients and clinicians can easily tap in to. These limitations push clinicians to less secure alternatives (like the  fax machine, which everyone is working to phase out). In the meantime, we must encourage and enhance the promising communication solutions that we have, such as OntarioMD’s Health Report Manager, and Ontario Health-led solutions like the ConnectingOntario ClinicalViewer.
  • Training and resourcing for the community: Many clinicians in Ontario are not affiliated with major hospitals and their resources, like cybersecurity/IT support and training programs. Ensuring that all clinicians have affordable access to these fundamental tools is essential for maintaining public trust in the security of health information. Despite this, there are few solutions (and little dedicated funding) committed to this area. For our part, OntarioMD recently piloted successful privacy and security service bundles, comprised of DNS (domain name system) firewalls, training, and a custom maturity assessment to community clinicians with the support of the University Health Network and Health Sciences North. These were highly successful and very well-received by the community. We strongly believe there is room to grow these and similar offerings, with support from fellow stakeholders. Amongst the panel, I would say there was consensus that these measures could make a considerable, positive difference.
  • Focus on letting doctors just be doctors: The IPC asked the panel about strategies to encourage a privacy-respectful culture in health care. Health care workers are exhausted in the wake of the COVID-19 pandemic. To effectively promote privacy and uptake of technical innovations now, we need to consider how we best support clinicians. From the top down, this means that regulators must make efforts to normalize privacy – we are all human and make mistakes. Regulatory regimes should recognize this and focus on making privacy approachable and practical. Active participation in privacy programs must be encouraged amongst peers, and by authorities through regular training and education.
  • Regulators have an opportunity to make a difference: The panel participants emphasized that change and innovation occur slowly. That said, our current health care system is under immense pressure to meet immediate demands in the form of patient volumes, among other things. Faster, more efficient care driven by technology is likely the answer. The IPC (and its federal and provincial Counterparts) have taken positive steps to rapidly advance health care communications by a joint resolution to “Axe the Fax”. Other regulatory authorities can learn from this lesson – lawmakers have the power to compel rapid, meaningful change as needed across sectors. I am reminded of my days of practice in telecommunications when the Canadian Radio-television and Telecommunications Commission ordered telecom providers to rapidly develop a mutual solution for phone number portability. Data interoperability could be addressed through similar, concerted regulatory action and collaboration among vendors.

In the days following the panel discussion, OntarioMD continues to advocate for resources to protect community clinicians against cyber-threats. Certified EMRs are a major part of this strategy and solve a lot of our current problems. Many provide secure messaging to patients; many also offer provider-to-provider secure messaging via email. Infrastructure developments beyond the EMR are also essential – for instance, a robust firewall is critical to block common phishing threats. Of course, effective training and user knowledge underpins all of this (OntarioMD offers free online training for clinicians and their staff).

A common refrain during the IPC’s Data Privacy panel was the adage, “an ounce of prevention is worth a pound of cure”. My wonderful colleagues at OntarioMD would be pleased to help you put this into action with our tools and supports. Please feel free to contact for assistance, or with your questions or concerns in response to this article. We look forward to speaking with you.

Special thanks to Dr. Chandi Chandrasena (OMD Chief Medical Officer), Katherine Tudor (OMD Director Communications and Marketing), and Christopher McGoey (OMD Junior Legal Counsel), for their support in preparing for this engagement.

Join the discussion and share your thoughts in the comments field below.

Share your thoughts with us!