By Maggie Bergeron, HealthSwapp
Moving healthcare online is an important step in improving clinical workflow and achieving outstanding patient care and outcomes. However, “history has shown that medical innovations are frequently accompanied by new risks.
Accordingly, physicians [and healthcare practitioners] must keep the potential for harm to patients in mind and must actively manage the potential liability risks…” (Neal D. Choosing an electronic health records system. Innov Clin Neurosci 2011;8(6):43-5)
This is part 1 in a 2 part series that will explore privacy policies and security of healthcare in Canada as it relates to physiotherapists.
Respecting privacy and protecting patients’ health information are critical when moving your practice management solutions online. This is why all Canadian provinces and territories have privacy laws, and some have now developed specific e-health laws. Full privacy policies for all provinces or territories can be found here. Provinces, territories and the federal government are responsible for privacy legislation and for the development of digital health solutions. Canada Health Infoway works closely with the provinces and territories to develop solutions to safeguard Canadians’ personal health information. They also work with all digital health initiatives to build solutions that comply with privacy regulations. healthSwapp – the digital health company that I’ve co-founded – has worked closely with Canada Health Infoway to ensure that our platform is compliant with all privacy and security legislations. We monitor provincial and federal guidelines to ensure we remain compliant, and we conduct regular third-party audits to ensure that our patients’ data is always safe.
The Personal Health Information Protection and Electronic Documents Act (PIPEDA) is federal legislation in Canada, which came into effect in 2004. PIPEDA protects the collection, use and disclosure of personal information across the country. PIPEDA doesn’t apply if the province where you live has a similar legislation – for example, Ontario practitioners are governed by the Ontario legislation known as PHIPA (Personal health Information Protection Act). This chart outlines the provinces governed by a provincial legislation and those governed by federal legislation:
| Provinces with their own legislation | Provinces who follow PIPEDA |
| British Columbia (Personal Information Act) | Saskatchewan |
| Alberta (Personal Information Protection Act) | Manitoba |
| Quebec (An Act Respecting the Protection of Personal Information) | Nova Scotia |
| Ontario (Personal Health Information Protection Act) | Prince Edward Island |
| New Brunswick (Personal Health Information Privacy and Access Act) | Nunavut |
| Newfoundland and Labrador (Personal Health information Act) | Northwest Territories |
So, what is Personal Health Information or PHI? PHI is identifying information collected about an individual, whether oral or recorded, including information about an individual’s health and family health history, treatment provided and health card number. It’s not necessary for the individual to be actually named for the information to be considered personal health information. PIPEDA and many of the provincial privacy policies mandate that we only collect the minimal PHI needed for the job. Depending on your area of practice, the amount and type of PHI will vary based on your population and their needs. For example, my practice is a MSK out-patient clinic for chronic pain. When appropriate I view and store imaging results in a patient’s chart, such as an MRI or CT scan. However, it’s rare that I would need to see a patient’s blood test results or keep that within their chart. Collecting too much information not only puts me at risk as a clinician but also clutters my e-charts with too much information.
Who is in charge of the PHI collected? After many meetings and discussions with policy decision makers, we determined that healthSwapp is not the health information custodian. If you’re not the custodian within your facility, then you’re an agent.
As I was developing healthSwapp and becoming familiar with the Canadian privacy legislation, one challenge was to determine who would be the health information custodian. Were we (my team and I), the developers of healthSwapp (an online platform for physiotherapists and a mobile app for patients for home exercise prescription) the health information custodian? healthSwapp collects patient information including name, date of birth, email address and any home exercise prescription provided by their physiotherapist – this is considered PHI.
After many meetings and time spent reading about other health developers experiences, we discovered that healthSwapp is not the health information custodian. The practitioner who is seeing the patient remains either the agent or health information custodian, depending on their role within the clinic.
Another important decision we made as a team, in collaboration with our lawyers, is that patients would be the owners of their data. This means that patients will always have access to their information on healthSwapp for free and for as long as they want. While a patient’s practitioner will still be either the health information custodian or agent, the patient is a critical partner in this relationship. Your patient will be able to access, view and share their previous home exercise programs, any notes they took throughout the program, their symptom levels charted over time and their history of functional goals via the Patient Specific Functional Scale. I believe that this is an important part of the movement towards patient-centered care and enables the patient to take control of their own rehabilitation.
Our patients want to be active members in their rehabilitation and we should facilitate and encourage them to be. Patient-focused innovation in physiotherapy will enable us as practitioners to provide faster, more effective care while empowering our patients to be in control of their health. Canada’s healthcare system is going digital. It’s a private, secure and effective way to improve healthcare and facilitate patient centered care.
healthSwapp, in partnership with the DMZ – the number one university business incubator in North America – hosts a monthly Meetup, RehabTO. The event brings together healthcare practitioners, patients, thought leaders and companies in the healthcare space to discuss innovation and technology in rehabilitation. Our next event will be on Wednesday January 20and we’d love if you would like to join us for an evening of networking and thought provoking speakers. Stay connected and find more information on our Meetup page. RehabTO is free to attend as long as you RSVP 24 hours in advance.
Part 2 of this series will explore one of the biggest and most significant changes that practitioners are currently making – the transition to Electronic Medical Records (EMR), also called Electronic Health Records (EHR). I’ll outline the questions you should ask potential vendors, what you need to know about privacy and security with EMR systems and why EMRs will improve our clinical practice.
Check out this YouTube video to understand why the healthcare system needs EMRs to provide better care to patients, make our lives easier and improve communication
