Last week, Ontario’s Information and Privacy Commissioner released a discussion paper on privacy in the design of electronic health records (EHRs). The paper, entitled “Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities – Win/Win” was co-authored with the President and CEO of Canada Health Infoway. Canada Health Infoway is government-funded and was established to foster and accelerate the development and adoption of electronic health record systems.
There is significant potential for patient electronic health records to be used for important societal secondary uses such as improving clinical practice, facilitating health promotion and disease prevention, and allocating health resources. The authors argue that the “Big Data” potential in electronic health records should be matched with a rigorous de-identification process where that data may be used for secondary purposes, since in most cases the identity of the individual patient is not relevant.
Of particular note is that Ontario’s Information and Privacy Commissioner appears to accept that “contrary to detractors’ claims about the ease of re-identification, it has been shown that the re-identification of properly de-identified information is not an easy task”. Moreover, the Information and Privacy Commissioner also appears to accept that even though “de-identification may not guarantee the total elimination of all privacy risks (as indeed, no tool can), de-identification remains the vital first step that drastically reduces the risk of personal information being used or disclosed for unauthorized purposes.”