SYDNEY AUSTRALIA 
+61 2 9267 3700

Protecting privacy and managing consent in e-health records

The health system is undergoing a digital transformation as more health services and practitioners adopt electronic health records. I recently attended a seminar on digital health information held by the International Association of Privacy Professionals, iapp- ANZ, and sponsored by Microsoft, that explored the many benefits, as well as the potential impediments for e-health records.
The panel of experts all acknowledge the benefits of e-health systems, especially for big data analysis supporting better disease recognition, familial tracing and diagnosis and the linking of screening program and treatment data. We are only at the beginning of health system improvements based on digital health records. Researchers are gaining new insights as existing data is enriched, digital images are captured and made accessible for improved or remote diagnosis. Data analytics and new tools can identify disease and treatment patterns in large datasets.

Telemedicine
By Intel Free Press http://www.flickr.com/photos/intelfreepress/6948764580/sizes/o/in/photostream/

Individuals receive better health care from fully informed practitioners. Practitioners need to know that frail or elderly patients are being prescribed a wide variety of medicines that may interact to cause adverse reactions. Hospitals need timely access to diagnostic test results and avoid the costs incurred when tests have to be duplicated because data cannot be accessed. Complete medical history can be accessed when a patient moves hospitals or to a new provider or is frail or incapacitated. Digital access, flexibility and sharing of data leads to better health outcomes and reduced health system costs. Australian governments are currently making significant investments developing e-health platforms to achieve these benefits.

Trust and privacy protection
How will government win trust so that patients accept e-health records? Can patients ensure that their privacy is protected? Can patients control what information is shared, who can access it, and they can withdraw their consent?
Individuals will only agree to upload and maintain their e-health records when they trust the system, when they trust the government to act as the custodian of their private information. A new regime of documented and specific consent is needed that empowers patients to control their e-health record.

Managing consent: what, how and when

1. Consent for a specific purpose
Legislation requires that e-health data can only be used for the purpose that it was collected, in most cases for individual treatment, unless the patient provides consent that information can be used for a secondary purpose. So we have the situation that data has been collected e.g. for a medical research purpose, and now we could re-use this data for analysis, treatment reviews and modelling using new techniques, but this re-use requires patients consent for a secondary purpose. However, gaining patient consent retrospectively is impractical, and requesting consent for potential and future uses is problematic when these are not yet known. Consent will need to become a more nuanced and updateable record which enables a user to withdraw consent at some future time.
2. Consent must not be a pre-condition for service delivery
Health services will need to ensure that default consent is not required or required as a condition to receiving a service. So when a patient gives permission to share test results, that doesn’t give consent for the data to be shared with others, to be sold or re-used for commercial purposes.
3. Keeping records of consent
Health practitioners and consumers need better awareness about privacy protection and the management of user’s consent. A draft consultation paper from the UK’s Information Commissioner provides guidelines on how to manage patient consent, including advice on the recordkeeping requirements for user consents. The guidance is based on principles and supporting guidelines:

  • Consent should offer genuine choice and control,
  • Requires a positive opt-in, not opt out
  • Explicit consent requires clear and specific statement of consent
  • Make it easy to withdraw consent, and tell people how
  • Keep evidence of consent,
  • Avoid making consent a precondition of a service.
  • Consent should be clear, concise and easy to understand
  • Consent should be separate from other terms and conditions.
  • Health services should provide instructions if the patient wants to withdraw their consent.

Health service providers should keep records of consent, including when and how consent was given, and updated. Health services will need to retain records to show evidence of consent. Although there is an overhead to keep sound records, the long term benefits will be a trusted e-health system.

Without trust, without explicit consent and the confidence that consent is controlled by patients, users are less likely to accept and use e-health systems.

About the Author

Kerry Gordon is a Director and Consultant with Recordkeeping Innovation. She works on digital recordkeeping and archives for clients in Australia and SEAsia.  Kerry delivers regular training programs in records management and managing digital records.  Kerry has a Masters Degree in Information Management from Monash University, Melbourne and has experience in developing large scale strategic studies for digital transition, classification and retention, managing administrative and organisational change, project management and communications supporting information governance.

Innovative Information Management by design

We all recognise that things move quickly, the technology we have today will be surpassed swiftly by innovative solutions.  Diversity of digital channels for social interaction and communication are expanding rapidly and being adopted in business environments.

Digital formats

Many of these channels are relatively young compared to mobile phones, email and other portable devices…

Many of these channels are relatively young compared to mobile phones, email and other portable devices…

       

LinkedIn

2002

Facebook

2004

Twitter

2006

Instagram

2010

It is fascinating to look at preparations for change in administration from the Obama Presidency to the next. It illustrates the level of adoption of social channels as a means to engage people.  President Obama used a variety of channels extensively.  Over his 8 year period in office the White House used Twitter, Facebook, Instagram, Snapchat, YouTube. Medium, Tumblr and Flickr.  You might find these articles describing the social media aspects of the Presidential Transition and plans to preserve and pass on the digital legacy of this group an interesting read.

Another recent article outlines comments from Atlassian co-founder Mike Cannon-Brookes relating to economic changes stemming from technological advances.  He cites an example relating to 2.5 million people driving cars as a significant part of their job, saying “Those jobs are all going away whether it takes 10 years, 15 years or 20 years, it doesn’t matter”.   We have also seen “disruption” through establishment of innovative online services (e.g. AirBnB, Uber).

While comments about workforce and industrial changes may sound gloomy, it also provides opportunity for innovation, highlighting the need to think differently about our work – to be “change ready”.

How can we think differently about technology in our professional world?

Electronic document and records management systems (EDRMS) have been implemented over the last 20+ years as “a” means to manage information. Many of these products are born from systems that managed paper records.  They may be integrated with other business systems if the funding and executive sponsorship exist.

Changes we are seeing in the social media realm extend into the broader business environment, with documents generated by multiple business systems and a workforce that is much more mobile.

Some options to manage the information generated might include:

  • Using an EDRMS as a single tool to manage documents and records
  • Capturing records created by other business systems in an EDRMS, either as an export or a manual process
  • Integrating with business systems to capture and manage records via an EDRMS for recordkeeping purposes
  • Managing records within source business systems

Not an exhaustive list, but some of the approaches we see across the range of organisations we work with.

Issues

Sticking with EDRMS as a single tool is becoming less and less practical:

  • Business models are less stable – frequent organisational change, services may be provided through third parties, outsourced or privatised
  • Organisations implement an array of systems to manage core business functions
  • Business systems may have some of the features expected from a recordkeeping perspective, but they seldom have all the functionality required to meet recordkeeping standards.
  • Exporting information from or integrating with business systems is often complex, expensive, takes time to plan and implement.

In a fast paced business environment there is little tolerance for projects take a long time to implement – agility is needed. To quote one of my favourite songs by Queen – I want it all and I want it now.

So where are the opportunities?

There is definitely potential to manage our information by design, looking at the broad information architecture within organisations to:

  • Focus on work processes and the information created
  • Identify information assets, where they are and how they are managed (beyond EDRMS)
  • Take a risk and value based approach, applying our scarce resources to mitigate and control risks
  • Influence early through established frameworks:
    • Business planning, risk assessment and management
    • Procurement processes, contract and project management
    • Ensuring system requirements address recordkeeping requirements, assessing their level of compliance as part of system acquisition or upgrade
    • Information security, privacy and access arrangements
    • Information governance and other communities of practice

Taking a “by design” approach beyond EDRMS might include:

  • Developing simple tools to assist non-specialist staff to navigate requirements as part of their business and system planning activities
  • Designing self-assessments for business systems to identify risks and mitigation strategies
  • Information management plans fit for purpose – for simple or complex systems, guidance on migration or decommissioning

Traditional approaches are changing, as professionals we can add value to management of information across operations, providing guidance as part of business processes and systems – by design.

About the author

Toni Anderson has worked in the information and records management field for a substantial period in a range of Local, State, Commonwealth government organisations and the private sector, nationally and internationally, building a strong professional profile through participation in industry forums and associations. Toni has extensive experience in strategic planning, development of records and information management frameworks, policy and procedures, business classification schemes, retention authorities, the specification of requirements, selection of enterprise content and records management systems to meet business needs, implementation of a broad range of software products and associated change management.  Toni has been instrumental in transitioning from project to business as usual operations, and leading teams providing high quality information services.

Musing on issues raised at IAPPANZ ‘Trust in Privacy’ Summit, Nov 2016

Image: flickr g4ll4ls

Image: flickr g4ll4ls

The IAPPANZ (International Association of Privacy Professionals, Australia New Zealand Chapter) held its annual summit in November, titled ‘Trust in Privacy’. I really like this conference which gets the top privacy brains talking to the community. Amongst other things there were updates from Privacy Commissioners on their jurisdiction which inter alia (have I been at a legal focussed conference?) allowed me to glean the following interesting issues:

  • 83% of FOI requests at Commonwealth level are for personal information
  • The Privacy Amendment (Re-identification Offence) Bill 2016 has been referred to committee which is anticipated to report in February 2017.

From NZ, some of the top issues reported by John Edwards Privacy Commissioner were:

  • Discussion of mandatory data breach reporting, which surely is coming to Australia in one form or another pretty soon
  • The introduction in Latin America of the concept of ‘Habeas data’ – a right to seek to know what information is held about a person in a data source (manual or automated), with remedies which vary between jurisdiction.

Beyond these very useful and interesting updates on specific jurisdictional issues I was really engaged by the presentation by Malcolm Crompton, himself a previous Privacy Commissioner. My musings are only part of his presentation, available here: http://iispartners.com/Publications/index.html (under Privacy regulation and reform). In particular I was struck by:

  • A very interesting diagram of data types and individual awareness, categorising data as provided, observed, derived and inferred from Abrams ‘The Origins of Personal Data and its Implications for Governance’ (2014) http://informationaccountability.org/wp-content/uploads/Data-Origins-Abrams.pdf
  • The observation that privacy (particularly managing personal information) is really a question of implementing an implicit social licence. If that social licence is not observed or deliberately broken, then there will be backlash. Observing a social licence isn’t the same as compliance with the law.
  • A questioning of whether the privacy framework as currently conceived is really working all that well. It is operating at an incredibly granular level – individual consent to specific information; so much information; managing inferred data rather than data supplied directly by an individual. Is the current framework really feasible as a way forward, and if not, what alternatives might exist.

The discussion during the day reinforced the absolute synergy with recordkeeping issues, as you would expect. But interestingly there was NOT ONE reference to recordkeeping made!!!  None the less, information governance is certainly on privacy professionals’ agendas. And so, too, were the problems of getting appropriate attention from senior decision making levels of organisations. Much synergy but not much appreciation of the need to think outside disciplinary silos – always work in progress.