Privacy Protection in eHealth

One of the cornerstones of eHealth is the protection of personal health information. All patient information in B.C. is protected by privacy measures that are among the strongest in Canada.

B.C.'s new e Health (Personal Health Information Access and Protection of Privacy) Act introduced April 2008 moves B.C. a step closer to its goal of giving citizens access to their health records and medical information, while protecting privacy, through electronic health records.

Access to patient information will be restricted to only those having a legal right and clear need to access the information or to access the systems where the information resides.

Protection of Personal Health Information in the Electronic Health Record

Electronic Health Records support secure, timely access to quality information by authorized health care providers at the point of care. British Columbians’ personal health information will be protected through new and enhanced privacy and security measures that allow the sharing of information for direct patient care while at the same time balancing the need for privacy protection.

Electronic health records present an opportunity to improve on paper-based filing systems where we have little or no record of who has accessed our information. Privacy protection will be achieved through a combination of technology, processes, standards and people using a new eHealth privacy and security policy framework that:

  • Starts with privacy and security policy developed through an inclusive process, building on the knowledge and experience of clinicians, professional regulatory bodies, the public, and privacy, community, and patient advocacy groups.
  • Introduces innovative and effective legislation: the eHealth Personal Health Information Access and Protection of Privacy Act creates a privacy framework that is tailored to each electronic health record database, one that builds on the existing protection offered in the Freedom of Information and Protection of Privacy Act, and the Personal Information Protection Act.
  • Incorporates the B.C. government central security information management policies that are founded on internationally recognized privacy and security standards. 
  • Imposes binding privacy and security obligations on any person who has access to personal health information – this includes contracted service providers, health service providers, and health authority partners. 
  • Surrounds electronic health records with strong and effective security measures such as network security, strong authentication, intrusion detection systems, data encryption, system timeouts, secured remote access and education and training

And establishes an information access model that:

  • Makes information available to health service providers based on the specific role that they have in providing health care 
  • Gives individuals the ability to issue disclosure directives that block access to their personal health information in the electronic health record
  • Puts procedures in place to monitor all access to personal health information, and for quickly investigating and addressing any privacy or security breaches that are identified 
  • Sets significant penalties for unauthorized collection, use or disclosure of personal health information. 
  • Makes sure individuals can access their own personal health information and request correction to it. 
  • Will create a representative and expert group to make sure that appropriate information is available for health research and planning, to sustain an accountable and effective health care system. 
  • Maintains an ongoing privacy and security assessment and improvement program that educates users on privacy and security best practices, and measures the privacy and security impact of all new initiatives.