ETHI Committee Meeting

     I call the meeting to order.

    Good afternoon, ladies and gentlemen. We have quorum.

    Welcome to meeting 25, which is pursuant to the order of reference of Tuesday, April 25, 2006, and section 29 of PIPEDA. We're conducting a statutory review of part 1.

    Today we have with us from the Canadian Medical Association, Bonnie Cham, who is the chair of the committee on ethics, and Jean Nelson, who is the assistant director of legal services and chief privacy officer; from the Canadian Dental Association, Wayne Halstrom, who is the president, and Andrew Jones, who is the director of corporate and government relations; and from the Canadian Pharmacists Association, Jeff Poston, the executive director.

    Welcome to everybody. As you know, each of you will have an opportunity to make an opening statement. We'll do them all at once, and then we'll proceed with our questions and answers.

    I see a finger up, if not a hand, so before we start, allow me to recognize Madame Lavallée.

    Mr. Chairman, despite all the respect we have towards our guests who honour us with their presence today, I would appreciate the opportunity to discuss a motion that you might not have noticed.

    In that motion, the Minister of Justice is urged to provide us with a bill before next Friday and you are asked to write to him to remind him of that deadline.

    Could we set aside some time to talk about this motion, say at 5 p.m.?

    Well, Madame Lavallée, I guess the answer is this. Even though it is not on the orders of the day on the sheet in front of you, that is simply an oversight. You are item two, as I promised at the previous meeting. However, I have no real jurisdiction to call the meeting at 5 p.m. with respect to our witnesses. We have three major organizations here who presumably have some real problems, or at least some advice—I shouldn't say real problems—with respect to PIPEDA. I think we should hear them out. However, I assure you that if there is time before I bang the gavel at 5:30 p.m., your motion will be dealt with at that time.

    Could we nevertheless have those 10 minutes before the end of our meeting? I am sure that our distinguished guests will understand that we have a work schedule and that we must take 10 minutes to discuss certain questions. If you can guarantee that it will be at 5:20 p.m., I will be pleased with that.

    Madame Lavallée, you know I can't guarantee anything. As the chair, I'm a servant of the committee. However, I will put it to the committee.

    Is there unanimous consent to conclude the examination of witnesses at 5:20 p.m. so that we can deal with Madame Lavallée's motion?

    Some hon. members: Agreed.

    Alright.

     I hear no negatives, so that's what we'll do. We'll conclude at 5:20 p.m. with the witnesses. I assure you that you'll have ample opportunity to make your points, and then we'll proceed with the motion that Madame Lavallée has been desperately trying to have us deal with for quite some time.

    I will be eternally grateful, Mr. Chairman.

    Okay.

    With that, enough of our talking; let's get to the witnesses. I'll call on Ms. Cham from the Canadian Medical Association to begin.

     Thank you very much.

    The Canadian Medical Association, CMA, is pleased to be here today to participate in your review of the Personal Information Protection and Electronic Documents Act, or PIPEDA. The CMA has had a long-standing interest in privacy-related matters, including enhancing measures to protect and promote the privacy of health information. We welcome the opportunity to share our policies and thoughts on these vital matters.

    As a pediatric oncologist from Winnipeg and chair of the CMA's committee on ethics, I come here today with one bottom line. Physicians have always taken, and continue to take, their patients' privacy very seriously. This is the cornerstone of the special bond between patients and their doctor and has been thus since the time of Hippocrates. In recognition of the importance of privacy, the CMA has produced such documents as the CMA code of ethics and the CMA health information privacy code to guide our more than 64,000 members across the country. These documents existed before the federal government introduced PIPEDA. We speak to you today out of our concern for protecting and ensuring the privacy of medical information.

    We would like to raise three specific issues. The first is recognition in law of the unique nature of health care, the second is physician information as work product, and the third is emerging privacy and health information issues.

    To the first point, recognition in law of the unique nature of health care, I would like to highlight the importance of recognizing in law the special circumstances of protecting health information. In fact, when PIPEDA was first being debated, CMA posed questions about the scope of the act and was told the legislation, originally designed for commerce and the private sector, would not capture health information. We were also told that even if it did, PIPEDA wouldn't change how we practised medicine.

    The passing of PIPEDA generated enough concern and uncertainty that government agreed to delay its application to health for three years. For example, PIPEDA failed to clarify the issue of implied consent for the sharing of patient information among health professionals providing care. For example, when the family physician says to a patient they're going to be sent to see an oncologist to run some tests and the patient agrees and follows that course of action, then clearly there is consent to the sharing of their health information with others. As an oncologist, I assume there is consent to send the test results to other specialists I may need to consult to advance the patient's care in a timely fashion. This, however, needed to be addressed before PIPEDA was applied to health care.

    The delayed application allowed the federal government and the health care community to work together and develop a set of guidelines to apply PIPEDA. The resulting PIPEDA awareness-raising tools, known as PARTs, contain a series of questions and answers that make up guidelines for health care providers. They answered many of our concerns, provided necessary definitions, and allowed for the implied consent model to continue to be used within the circle of care. The CMA applauds the government for this collaborative effort. The results and guidelines have been used by health care providers ever since.

    However, we remain concerned that the PARTs guidelines have no legal status. This limitation creates a degree of uncertainty that the CMA would like this legislative review to see addressed by ensuring the PARTs series of questions and answers are referenced in PIPEDA. In addition to participating in the PARTs initiative since PIPEDA's implementation, the CMA has designed practical tools for physicians and patients. We've adopted the CMA policy, “Principles Concerning Physician Information”, to address the importance of protecting the privacy of physician information. We've produced Privacy in Practice: A Handbook for Canadian Physicians to help physicians maintain best practices in the protection of patient health information. Finally, CMA PrivacyWizard™ was created to help physicians record their current privacy practices, communicate these to patients, and identify possible areas for enhancement.

    The second issue I'd like to address is physician practice information as “work product”. I referred earlier to CMA's policy document on physician information. The CMA strongly believes physicians have legitimate privacy concerns about the use by third parties of information such as prescribing and other practice data for commercial purposes. Currently deemed “work product”, this information can be collected, used, and disclosed without consent.

     We feel that PIPEDA inadequately protects this information. We recognize that it is information generated out of the patient-physician relationship. We disagreed with findings of the previous Privacy Commissioner that physician prescribing information is not subject to PIPEDA's privacy protection provisions for personal information. The CMA has consistently advocated that physician prescribing data and other practice information is personal information, and appeared as an intervenor in a Federal Court review of this issue that was ultimately settled by the main parties.

    As well, insufficient regard for the privacy of prescribing and other physician data could have a negative impact on the sanctity of the physician-patient relationship. Patients confide highly sensitive information to physicians with the expectation that this information will be kept in the strictest confidence. This expectation exists because they know that physicians are under ethical and regulatory dictates to safeguard their information and that physicians take these responsibilities very seriously. The perceived and indeed actual loss of control by physicians over information created in the patient encounter, such as prescribing data, could undermine the confidence and faith of our patients that we are able to safeguard their health information.

    This concern is not hypothetical. For physicians, so-called work product information also encompasses such practice patterns as discharge rates, referral rates, billing patterns, hospital lengths of stay, complaints, peer review results, mortality, and readmittance rates.

    With the advent of electronic medical records and growth in pay-for-performance and outcome-based incentive programs for physicians, there is an enormous potential for the resulting physician performance data or work product to be mined by other parties and used to influence performance review—traditionally the purview of the medical licensing authorities—as well as decisions around treatment funding and system planning.

    The lack of transparency in the sale and compilation of physicians' prescribing and other performance data means that physicians might find themselves to be the unwitting subjects and targets of marketing research. We believe practice decisions must be made in the best interests of patients, not the bottom-line interests of business and marketers.

     CMA therefore recommends a legislative change to include physician information as personal information under PIPEDA. Legislation in Quebec provides an example that is consistent with CMA's approach, since it requires regulatory oversight and gives individuals the right to opt out of the collection, use, and disclosure of professional information.

    Finally, I would like to address emerging privacy and health information issues. With budgetary and demographic pressures, our health care system is under strain. Physicians are striving to deliver timely quality care to patients, often with competing and multiple demands. Physicians are therefore seeking assurances from lawmakers that any amendments to PIPEDA will take into account the potential impact on them and their patients.

    Therefore, we seek assurances that, one, health care is recognized as unique when it comes to the disclosure of personal information before the transfer of a business, such as one physician transferring his or her practice to another. This is already regulated at the provincial level through the appropriate licensing bodies. As a general rule, physicians must give notice to the public, whether via a newspaper ad or a notice in the office, about the change in practice.

    Secondly, we would like the federal government to consider the impact of the transborder flow of personal information on telehealth and electronic health record activities. Communications between patients and physicians via electronic means are likely to increase and to move across geographic boundaries with increasing frequency.

    Finally, we would like the federal government to study the issue of international cross-border data flows, particularly among Canadian researchers who receive funding from U.S. drug companies. These arrangements should be governed by Canadian law, PIPEDA, not American, such as HIPAA or the U.S. Patriot Act.

    In closing, the privacy protection of personal health information is a responsibility that my colleagues and I do not take lightly. It is a key pillar of our relationship with Canadians. They not only expect it, they deserve it.

    I look forward to taking questions from committee members.

    Thank you.

    Thank you very much, and congratulations; you were just under ten minutes.

    Next, from the Canadian Dental Association, Mr. Halstrom, please.

     Thank you very much, Mr. Chair.

    Good afternoon, ladies and gentlemen.

    Thank you for inviting the Canadian Dental Association to speak to you today during the statutory review of the Personal Information Protection and Electronic Documents Act, which we commonly refer to as PIPEDA.

    I am the CDA's president, Dr. Wayne Halstrom. CDA represents over 18,000 dentists across Canada. It has as its mission to act as the national voice for dentistry, dedicated to the advancement and leadership of a unified profession and to the promotion of optimal oral health as an essential component of general health.

    We welcome the opportunity to make our views known today because we have consistently engaged with the federal government on the issue of privacy of personal health information. We were active participants in the parliamentary debates that led to the passing of PIPEDA in the year 2000. We responded to the Canada Gazette consultations and appeared as witnesses before committees of both chambers of Parliament as PIPEDA made its way through the parliamentary process.

    CDA has always been an advocate for legislation that protects our patients' personal health information from abuse and misuse in circumstances when it is released from the dentist-patient relationship. We do not support federal privacy legislation that creates an additional administrative burden for dentists. Dentists work within a provincial legislative framework that requires us to protect the privacy of patient information. CDA knows that dentists have an outstanding record when it comes to privacy protection and that there is no need to alter our current best practices.

    Throughout the fall of 2003, there was a great amount of confusion and uncertainty about how PIPEDA would apply to dentistry and to our practices. We recognized that dentists were being inundated with multiple interpretations of what their obligations would be under PIPEDA. We called upon the Minister of Industry and his industry department to develop implementation guidelines for the application of PIPEDA, with consultative input from our association and others in the health sector. The federal government did not respond with guidelines entrenched in law for the health sector, but they did respond to the concerns of the CDA and others in the health care sector. They understood the need to create a process that would allow the health community to have its concerns addressed by the federal government and put an end to the uncertainty and misinformation.

    We at the CDA appreciated the federal government's initiative to produce information that would help our members understand their obligations under PIPEDA versus simply obtaining another legal opinion on how PIPEDA would apply to dentists. CDA was an integral member of the working group that met regularly with officials from the Privacy Commissioner's office, Justice Canada, Health Canada, and Industry Canada to create the PIPEDA awareness-raising tools, as we've heard, the PARTs initiative for the health sector. This process created the final content for the federal government's interpretation of PIPEDA, a series of straightforward questions and answers that add clarity to the requirements around obtaining consent, disclosing personal health information to private insurance companies, office safeguards, and requests to change information on a dental record, to name but a few.

    Perhaps the greatest accomplishment of the PARTs initiative during the fall of 2003 was to clarify the federal government position on knowledge and consent. The PARTs initiative concluded that under PIPEDA, the patient's knowledge of the collection, use, and disclosure of his or her personal health information is required. A patient must be made aware of his or her privacy rights through methods such as the posting of notices and discussions in the normal course of exchanges that take place between a patient and a dentist. CDA is pleased that through the question and answer initiative the federal government provided this interpretation of implied consent that does not place an increased administrative burden on dentists.

    We created a poster that assisted members in informing patients about their privacy rights. We have provided the committee with both our poster and the PARTs initiative series of questions and answers, but we remain concerned that the good work of the PARTs initiative has no legal status. Although the questions and answers clearly dealt with the concerns of the oral health sector, we know that multiple interpretations of PIPEDA remain, and an increasing paperwork and administrative burden is still required by some health care providers because the questions and answers have no formal legal status.

    It is our recommendation to your committee that the PARTs initiative series of questions and answers be referenced in PIPEDA.

    To conclude, Mr. Chairman, we know that PIPEDA aims to provide assurances to the public, our patients, that their personal health information will continue to be managed and shared confidentially and securely.

    At the CDA, one of our key result areas is to make a recognizable contribution to improving the oral health of Canadians. In order for us to deliver optimum care and improve the oral health of Canadians, our patients must feel comfortable that their personal health information will not be misused in circumstances when it is released from the dentist-patient relationship.

    Privacy is a right, underpinning health care in Canada. This right is addressed in legislation, codes of ethics, standards, and procedures. We are comfortable with the outcomes of the PARTs initiative and we now are asking your committee to formally entrench the work of the PARTs Initiative in PIPEDA.

    I and my colleague, Mr. Andrew Jones, CDA's director of corporate and government relations, are happy to answer any questions you may have.

    Thank you very much.

    Thank you.

    That was just under six minutes. Excellent.

    For the Canadian Pharmacists Association, you have ten minutes, Mr. Poston. That was no reflection...if you want it, you've got it, and away you go.

     Thank you very much. We'll see how we do. Perhaps there should be a prize for the one who gets closest to ten minutes.

    Good afternoon. The Canadian Pharmacists Association, or CPhA, welcomes this opportunity to present to you today during your review of PIPEDA. My name is Jeff Poston, and I'm the executive director of CPhA.

    For those of you who are unfamiliar with our organization, the Canadian Pharmacists Association is the national voluntary organization of pharmacists, committed to providing leadership for the profession of pharmacy and improving the health of Canadians. Our members include pharmacists in all areas of practice: community pharmacies, hospitals, universities, governments, and industry.

    We know that pharmaceuticals are a vital part of the Canadian health care system. Retail spending on drugs is forecast at just over $25 billion this year, or 17% of total health care spending. However, there's a recognized need to improve both the safety and outcomes of drug therapy. Pharmacists' scope of practice is changing so that they can better help their patients achieve optimal outcomes from drug therapy.

    We would like to state the pharmacy profession's strong commitment to the protection of patient confidentiality and privacy. This is evidenced from our professional code of ethics, legal provincial standards of practice, and CPhA's own privacy code for pharmacists. Pharmacists have demonstrated their capacity to achieve this, using technology such as electronic patient files and the online transfer of prescriptions for payment to public and private drug plans for over 15 years.

    Every day across Canada, pharmacists dispense over one million prescriptions. Many of these are for patients with mental illness, HIV/AIDS, infections, and serious illness—health information that is entrusted to us and kept confidential by us. Pharmacists strongly believe that Canadians' right to privacy protection of health information is fundamental.

    At the time PIPEDA was drafted, we had three primary concerns. First, it did not make a distinction between the therapeutic purposes for which personal health information is used, even when it's paid for through private plans, and the commercial purposes for which personal information resulting from commercial transactions is normally used.

    We were also concerned that it created two levels of privacy protection rights for Canadians, one for people covered by public drug plans paid for by provincial governments and one for those covered by private plans. Also, the impact on the health care system of the proposed changes was unanticipated. What the impact would be on patients' and providers' time, and the ensuing financial burden, was unknown.

    We originally proposed amending the legislation so that it would not apply to the health care sector for a period of five years, to allow for the development of specific health privacy protection legislation by the provinces. After this five-year period, we proposed that the act would apply to the health care sector if provincial health privacy legislation were not in place.

    Before PIPEDA came into effect, there were major concerns that PIPEDA could impede care. There was a lot of confusion about what it meant for everyday practice. Because of the pre-PIPEDA work done by the privacy working group of health provider and consumer associations, including all the groups before you today, the development by CPhA of the pharmacist's personal information privacy code, and the overriding provincial privacy legislation, PIPEDA has not had the negative effect on pharmacy practice that we first anticipated. However, there are three specific areas of concern that CPhA would like to raise during the review of the act.

    First of all, the PIPEDA awareness-raising tools initiatives, or PARTs, was particularly important in interpreting the effect of PIPEDA on the health care sector and clarifying when the legislation was applicable. CPhA's development of the pharmacists' privacy code and other practice tools, such as guidelines, brochures, and posters, helped pharmacists prepare for PIPEDA.

    The questions and answers of the PARTs initiative have served as the primary guideline for how this legislation affects the provision of health care. CPhA, like our colleagues here today, is concerned that PARTs still does not have legal standing. These guidelines are fundamental to the application of PIPEDA in the health sector.

     CPhA would like to see the PARTs guidelines specifically referenced in the act so that they have official legal status. In particular, the principle of implied consent in the direct care and treatment of a patient, as defined in a circle of care, needs to be recognized under PIPEDA. This is recognized as a core concept in the pan-Canadian health information privacy and confidentiality framework.

    There are a number of privacy issues that arise when patient information is being used for research purposes. Health information for research is produced and created by all sorts of health care professionals, and we have to allow appropriate exchange and use of such information. This data is particularly useful in helping to assure the appropriate use of health care services to measure outcomes and develop health policy. We believe health information data should not identify individual patients and should not be used for purposes outside of appropriate statistical scholarly study or health care research.

    We support the appropriate collection, exchange, and use of health information, including prescribing data, for health care research. Specifically with respect to pharmaceuticals, this data could be used to support optimal prescribing and utilization. This is for quality assurance purposes, and it needs to occur within a peer-reviewed process. However, we do have concerns that sometimes this information is used inappropriately.

    We must look to a future with electronic prescribing and electronic health records. Having patients' health information directly at the point of care will enable the appropriate health care provider to make better, more informed decisions concerning patient care. These electronic information systems will enhance patient health outcomes and safety and will maximize the efficient use of health care resources. In an e-health environment, pharmacists will need to read and write to the EHR in order to communicate and work collaboratively with other providers and make better-informed patient care decisions.

    We have collaborated with the Canadian Association of Chain Drug Stores and the Canadian Society of Hospital Pharmacists to develop principles and elements to guide the development and use of these electronic drug information systems. One of the key principles is that health information systems, including pharmacy information networks, must employ rigorous, stringent security measures and comply with privacy legislation to protect the confidentiality of patient information, while not constraining the ability of health care providers to access information and to practise in a patient-focused and efficient manner.

    The PARTs guidelines play an important role in clarifying PIPEDA for the health care sector. This will be even more significant in the future with the evolution of electronic patient records. It is important that the current interpretation of the legislation as it applies to health care is also extended to the future electronic transmission of health information. The pan-Canadian health information privacy and confidentiality framework is an important step to supporting such developments.

    In conclusion, the protection of personal health information has and always will continue to be of paramount importance to pharmacists. The relationship of trust between patients and pharmacists is fundamental to the delivery of care.

    Thank you again for the opportunity to allow CPhA to participate in this review of PIPEDA. I'd be pleased to answer any questions you might have.

    Thank you very much, Mr. Poston. You were also under ten minutes. We certainly appreciate that from all of our witnesses.

    We'll begin our first round with Mr. Peterson.

    Thank you for being here.

    Have any of your members experienced any difficulties with the way PIPEDA works now? If so, what?

    I don't think we've had much difficulty. About four pharmacy issues have gone before the federal Privacy Commissioner, which is a relatively small number when we see about a million prescriptions filled daily. I think at the beginning there was a lot of concern, but the PARTs guidelines, particularly the concept of implied consent within the circle of care, have helped with implementation.

    Most pharmacies have a system of consent by notice. They either have a notice posted in the pharmacy about how information is used or they give the patient a brochure or leaflet. We've really seen no major problems.

    In the context of dentistry, most of the challenges were in the time period of the fall of 2003, before the legislation came fully into effect in the health care sector, when there were multiple interpretations and a great amount of confusion in the system. As was mentioned, our members were being inundated with seminars on how to prepare for the implementation of the legislation. Some of our colleges went to great lengths to inform their members about how to best deal with the legislation.

    Through this time period, we worked on the PARTs initiatives, especially to get the interpretation of implied consent into action, which calmed down the burden on the membership.

    Beyond that, I would say that there has been some increased burden on individual offices, with respect to creating a privacy code, and an increased day-to-day burden on the practice of dentistry, when in fact the dentist-patient relationship was always enshrined in this protection of privacy.

    So there certainly have been some consequences, but the PARTs initiative helped to ease things early in 2004.

    Ms. Cham.

    My comments would be quite similar, in that as I said, physicians had already been protecting patient privacy as part of their ethical and professional obligations in the day-to-day interaction between physicians and patients. But there was the added impetus with PIPEDA to have written policies and notices to inform patients about their office privacy practices.

    This is not a bad thing, but it is done in an already time-pressed environment. But where we found some assistance for this was in the PARTs guidelines for health care providers. These guidelines outlined in greater detail exactly what the obligations of health professionals were under PIPEDA, while also acknowledging the priority assistance and protection offered by the physicians' codes of ethics and regulatory obligations. This is part of our rationale and reasoning for wanting to have the PARTs guidelines also recognized in the legislation, because that eased the burden.

    Thank you.

    You're subject to federal law and three provincial laws of general application. Are there also four provincial laws dealing specifically with health records? Am I wrong about that?

    There are three different associations. I'm not sure if that necessarily would apply to all three.

    It seems as if you have a lot of laws to take into consideration when it comes to running a practice involving two dentists or a physician. Have you experienced conflicts, or do you find it difficult to cope with all of this regulation?

    One of the great concerns we have is administrative burden in general, and you're absolutely correct that there are a number of laws that affect us—certainly the ethical and regulatory things that apply from province to province, sometimes not necessarily consistently.

    So it is an ongoing burden that makes us very interested and anxious to make sure that as little administrative burden as imaginable comes with these kinds of proposals.

     If I might, the fact that some provincial legislation has been found to be substantially similar, such as Ontario's Personal Health Information Protection Act, has eased some of that confusion, because CMA's division, the Ontario Medical Association, worked very closely to put together privacy posters to gear up to that specific piece of provincial legislation.

    So you're very right. There is Ontario. Alberta has health-specific legislation, and of course Quebec and the Maritimes.... In our interpretation, the territories is the jurisdiction where PIPEDA applies to the health information sector.

    If I could just add, the general issue of administrative burden for health care practitioners is a significant one, particularly in the pharmacy sector, where we have to deal with significant administrative loads around both public and private drug plans. Certainly at the time that PIPEDA was drafted, because of the vagueness of the legislation, we were very concerned about what the administrative burden was likely to be. Hence they asked for delaying it substantially, until we could get more specific information around health care.

    In practice, again echoing what my colleagues have said, the PARTs guidelines have been very critical in allowing that burden to be manageable.

    But again, in every provincial jurisdiction, each with its own privacy legislation, pharmacies in those provinces have obviously had to comply with that. But usually this has been recognized as being substantially similar, so less of a burden.

     So from the health care providers' point of view, you haven't really seen any particular problems with PIPEDA.

    Ms. Cham, you mentioned that information regarding prescriptions is treated as work product information and should be treated as personal information. Why do you say that?

    This information is gained in the patient-physician relationship when we're diagnosing illnesses and prescribing drugs. It's not hard to imagine that patients who are being treated by physicians for potentially stigmatizing diseases may be less forthcoming with information about themselves if they realize that information may be available to others.

    I have no problem with that.

    What about information about prescribing patterns or something, which would be totally different and has been held to be quite all right?

    We recognize that there is a social interest in having that type of information to be used as peer assessment, to be used as aggregate data, to be used for research and planning, and to do so with suitable oversight by regulatory authorities. But what we want to prevent is the commercial use of that kind of information by private interests for marketing research. Under the appropriate regulations, such as those they would come under, we feel that medical licensing authorities, or pharmacy regulating boards in individual provinces, and research boards are what should be regulating these types of uses of that data.

    Thank you, Mr. Peterson.

    Madame Lavallée.

    Thank you, Mr. Chairman.

    If I understood correctly, Mr. Peterson was referring earlier to provincial laws and the federal law. Here is what I understood from previous testimony: the Personal Information Protection and Electronic Documents Act applies in provinces where there is no similar law to protect personal information.

    Would anyone like to confirm this for me?

    Yes, that's correct, as I understand it.

     I have a legal colleague here who can perhaps answer that.

    Alright.

    In Quebec, we have an Act respecting the Protection of Personal Information. The federal law would not apply to health, dental and pharmacological care. Is that correct?

    Allow me to respond, Ms. Lavallée.

    The Quebec Act respecting the Protection of Personal Information has indeed been found substantially similar to the Personal Information and Electronics Document Act. Consequently, the federal Act does not apply in Quebec, just as it does not apply to Ontario’s health sector.

    So if I understand correctly, your statements today concern other provinces of Canada, and not Quebec, since a similar law exists in Quebec. Is that correct?

    Except for new issues such as electronic medical files. Should a change arise, Quebec’s Act respecting the Protection of Personal Information would have to be amended because it was adopted in 1994. The level of protection must also be increased.

    The laws must correspond; they need to be harmonized.

    Yes, exactly. I believe the guideline on harmonizing laws comes from a European committee.

    Pardon me, I didn’t quite understand what you just said.

    You say that it comes from the European Union?

    It was the catalyst for creating the federal Act. That is to say, a European committee at the OECD suggested that, in order to promote exchange and trade with each other, States should enact laws to protect private information. I believe it was the catalyst that brought about the federal Act at the end of 1999.

    Thank you very much for this valuable information.

    When the Information and Privacy Commissioner of British Columbia appeared before the Committee, he said that there was much work being done at the federal level with regard to protecting health information.

    Did you participate in that work and, particularly, on harmonizing the confidentiality of health information throughout Canada? Could you elaborate on that?

    To my knowledge, the Canadian Medical Association was not in partnership with Great Britain on this issue but we are members of the World Medical Association (WMA). In this regard, the question as to how to protect the privacy of patients remains.

    Other representatives here today might have something to add on this subject.

    I just want to clarify. Concerning the harmonization of legislation across Canada, I think the most important piece of work we've seen on that particular area, which we did participate in, was the development of this pan-Canadian framework that I referred to in our presentation. That has really set out to try to promote at least some harmonization and some commonality of some of the approaches that the different legislation at the provincial level has given us.

    Particularly, I think the view of the pan-Canadian framework exercise that was led by one of the federal assistant deputy ministers, Mr. Marcel Nouvet, was that there was the need to really prepare for the implications of the electronic health record.

    I think one of the areas where PIPEDA is important, in terms of future health care systems, is in the transmission of information across provincial boundaries and also across international boundaries, as well as in looking at what some of the implications of that might be as we move to a world where we have electronic records. We have a lot more mobility of people, but there are probably also issues we'll have to face concerning the mobility of health care professionals as well.

    Actually, with regard to electronic files, it is easy to see how things work with pharmacists and dentists: all their information is processed electronically.

    As for physicians, there are practically no electronic files. I don’t know if your physician uses them but I have mostly seen paper files.

    Is there starting to be a trend among physicians to take the electronic route or do they continue to prefer paper files?

    There are a number of primary care clinics that are setting up initiatives for electronic health records. In addition, there's a lot of electronic exchange of information in the hospitals and in clinics among radiologists, for example, and among laboratory information systems. So there is a lot of personal health information on electronic records in Canada.

    In the individual doctors' offices, it's not widespread yet, but there is certainly interest and potentially movement towards making this much more widespread. So I do agree that we need to have proper regulations to ensure protection of privacy.

    Ms. Cham and Mr. Poston, you said earlier that a patient’s medical information should not be used for purposes other than research. Mr. Poston, you used the word “inappropriate”.

    Do you not find it difficult to distinguish one from the other? Some companies use and collect medical information. They share part of it with university groups for research and sell some to private enterprise for market studies, I suppose. That would surely be useful. They probably want to know what kind of medications they could sell more of.

    Do you not think it difficult to categorize these things? What constitutes “going over the line”? Do you know?

    First of all, the drug utilization prescribing data has been collected and used in many different ways for many years. The practice of collecting prescribing data from community pharmacies in Canada has probably gone on for 30 or 40 years. I think it's a very good example—and you've put your finger on the issue—to show that the critical issue is how that information gets used. The information is extremely useful to show us how drugs are actually being prescribed and used in the community.

    People tend to forget that about 50% of prescriptions in Canada are paid for in the public sector; the others are in the private sector. The methods that are used give us one way of collecting information from both sectors so we can get a very complete picture of what is happening.

    This has gone on, and there was relatively little concern about the issue until we saw the emergence of some of this data's being used to directly target marketing activities of the few individual physicians. I think when the data is used in aggregate, at a group level, there's less concern about it, but when it's used for commercial purposes to target individual physicians, that's an issue of concern.

    The other important area is that I think the data that gets collected has to—

    I am sorry. My time is up.

    I’m sorry.

     You have no time. You managed to ask that very complicated question at 6:58 of your time. It is an important question, so I am going to allow all of the witnesses to answer. But no further questions at the present time.

    Yet, it wasn’t so complicated.

    Dr. Halstrom, do you have a comment?

    Yes. I would like to take the issue back to the adoption of electronic communications in dental offices. One of the things we can expect to happen as these events unfold is....

    We are finding that the younger practitioners, people coming out of dental schools and going into practice, are making attempts to move to paperless offices. They have very little interest in following the patterns of practice that my generation had. We're going to see that whole thing tilt over time. It is certainly coming as a force.

    Dr. Cham.

    I agree very much with Mr. Poston's comments. The issue is how the information is used once it's collected. Aggregate information about how drugs are being used in a community can certainly help people who are planning services in that community, and it can improve the state of health in that community.

    What we worry about is when the data becomes nominal, even in terms of naming the physician, if not his patients. For example, if a physician is a high prescriber of HIV-type drugs, it becomes known who his patients are. That can be a potential problem for privacy. As mentioned earlier, it can also leave people open to being targeted for certain high-pressure marketing initiatives.

    We would prefer that information be regarded as a subset of personal information, so there can be reasonable balances of the legitimate uses of that information versus these kinds of marketing commercial uses.

    Thank you.

    Mr. Tilson.

    Ms. Preston, as you know, when—

    Who, Mr. Tilson?

    I'm sorry. Ms. Nelson.

    Nelson. Okay.

    Sorry, Ms. Nelson.

    A voice: Close.

    Mr. David Tilson: Yes, it was close.

    As you know—maybe not—when someone in a law office, a lawyer or a staff person, reveals confidential information about someone's file and the client finds out about it, that is reported to the law society. That lawyer--and it might have even been his or her staff—is in big, big trouble. They could be disbarred; they certainly could be reprimanded. In other words, there is very strict self-regulation by the law society—far more strict regulation than the government on this sort of thing.

    My question is whether the dental college, the medical college, the pharmaceutical college, or whatever they're called—I mean, we're talking about government regulation. I believe the law society is completely self-regulatory on these sorts of things. If private information is revealed, that lawyer is in big trouble.

    Absolutely.

    It's exactly the same in dentistry. The self-regulation aspect is very clear on that, and it is forcefully enforced.

    I would further add from pharmacy that there are strong sanctions such as codes of ethics and professional standards of practice that require that in law. Certainly colleges of pharmacy are extremely strict in terms of enforcement.

    There's an added important piece to be considered with respect to pharmacies because of our location in the community. Pharmacists are probably the most accessible health care providers. Unlike my colleagues, you don't have to book an appointment to see one of my members. They are very accessible. If a community pharmacy is known not to treat information in a confidential manner, the word soon goes around the community and that pharmacy is essentially out of business. So there's an additional sanction over and above the strict legislation that applies from a College of Pharmacy perspective that is enforced by the local community.

     I find all of this very interesting, because if you talk to someone working in a retail store, a convenience store, or it could be anyplace—I've given the example of a dry cleaner who gets lists and all kinds of personal information about people—the worst that can happen to those people, if they're ever found out, and I'm not convinced that some of them can even be found out, is that the Privacy Commissioner can release their name. Whether it's a big corporation or whether it's the local dry cleaner, that's all that can happen to them, which most of the witnesses who have come before us have said is very serious, but in all your cases, including the law society, you can no longer practise.

    So I guess I'm asking you to go beyond your professions. You stipulate, or your associations or your colleges stipulate, penalties. The evidence that has seemed to come forward is that the worst penalty that you can have, other than going to court, I suppose, in some tort matter or contract matter, is to have your name released. That's it.

    Can anybody comment on that?

    Can I also ask the CMA to comment? You didn't have a chance to comment on the first part.

    Thank you.

    Again, the colleges of physicians and surgeons right across the country have as part of their code of conduct the ultimate importance of keeping patient information confidential, and we would be subject to fines—

    I knew all that. I just wanted to get into this next issue as to your recommendations for PIPEDA.

    If I understand the question, are you seeking more the remedy component of it?

    Yes. I want to know what penalties—

    If I understand what you're saying, the remedy for these self-governing professions is on a more severe scale than what you're saying is the remedy in—

    It sure is.

    So are you asking us, do we recommend that PIPEDA's remedies be more akin to the professional types of remedies?

    I'm just making an observation that your penalties are very severe. The general public's penalties, really, witnesses have come and said, are severe, but compared to your penalties they're nothing.

    In the relationship of trust that is the foundation for these relationships between doctor and patient, lawyer and client, the consequences have to be severe or you wouldn't even have a relationship; it may be declined because of the quality of the data that's being shared. But in the commercial context, do you have the same trust with that store clerk at the dry cleaner that you would with your doctor, your dentist, or your pharmacist? So I would ask, are we comparing apples to apples here?

    The CMA doesn't have a particular submission on the penalty provision of it, but we would just say that physicians have been regulated and will continue to be regulated by their code of ethics by their colleges.

    Okay.

    I'll move on to the issues on websites, the consent business.

     I went to a dentist and there was paperwork, and it was really full of legalese. I'm sure the dentist didn't draw it up. It was drawn up by Ms. Nelson. That's a serious issue, because I don't think—and I'm looking at all of you, maybe not the pharmaceutical people, but certainly the medical and the dental people—the average person who reads that sort of thing has a clue what they've signed. The dentist or the doctor says, “Here, this is something new that the government has come up with; we have to comply with this rule, so just sign right here”, and you see two pages of legalese and it's very complicated.

    Is there a way to make these consents that the dentists and the doctors are sticking in front of their patients more user-friendly?

    I think one of the great benefits of enshrining the parts of the program would be to put some teeth in the whole question of this consent issue. I agree with you, and I've seen for years the whole question of, how valuable is an informed consent that you have from a patient who has no basis of medical or dental understanding that would allow him or her to evaluate that?

    I will pass to my legal colleague over here. I don't see a lot of value in informed consent, particularly the confusion to the patient. So if through the legislation that exists with PIPEDA those sorts of things can be clarified and simplified, I would agree.

     I'll bet you the average dentist may not explain it. He or she may not understand the form either. “Would you tell us what your latest health condition is? I want to put this—Because I'm going to be working on you, I want to know what your latest health condition is.” Then, I suppose, the insurance company could find out, couldn't they?

    Only through the activity of a complaint to the college.... The regulatory body would be in a position to demand any information relative to patient care, but the private health record of the patient is not made available to the insurer.

    Thank you, Mr. Tilson.

    Would the other two witnesses or groups agree that plain language consent is better than the jumbled legalese?

    Mrs. Nelson.

    I don't know if I should leap into the fray, given that my name has already been invoked as the poster child of jumbled legalese.

     What I would offer is that in the kit you received is the privacy poster that CMA worked together with our divisions on. It looks very specifically at a plain language version. At the provincial level, when it came to the Ontario health information act, the Privacy Commissioner worked with the lawyers, actually, the bar association and the Ontario Medical Association, to have plain language posters and plain language forms. Actually, there was a collaboration of lawyers, privacy regulators, and physicians to come out with appropriate forms. So there's a good example of—and it seems to have worked quite well in the Ontario physician setting.

    Mr. Poston.

    We would certainly support plain language in consent forms. There are a number of areas of pharmacy practice where patients are required to provide consent. Obviously, we have a lot of experience particularly relating to the development of clinical trials relating to new drugs. The critical thing is to make sure the patients really understand what their options are and what the situation is. So keeping it as plain and as simple as possible is clearly our goal.

    Thank you.

    We're now going to round two, which are five-minute rounds. We'll start with me, and then Mr. Van Kesteren, and Monsieur Laforest. If anybody else wants to ask questions, just get the attention of the clerk.

    I'd like to ask Dr. Cham and Ms. Nelson a question.

     In your opening remarks, under number one, the recognition in law of the unique nature of health care, you said that when PIPEDA was in fact first debated, CMA posed questions about the scope of the act and was told, one, that the legislation would not capture health information; and two, even if it did, it wouldn't change how we practise medicine. I'd like to know who told you that.

    I'm actually going to defer that to Ms. Nelson, who has a lot more history with the organization.

    When PIPEDA was first put forth as a legislative proposal, CMA and other health care groups said, “Wait a minute, what about its application to health?” I think some of the response at the administrators' level from Industry Canada was, “What do you mean? It doesn't even apply to health.” So it was at that level of asking, why are you raising this question?

    So it was representatives of Industry Canada with whom you were engaging, who then told you that PIPEDA wouldn't apply to health information.

    I think the initial reaction was, “Where are you coming from with that?” We were doing this for trade and commerce to promote—so it didn't seem that it was something specific to health that was worthy of comment.

    As a caveat, I wasn't working at the association at that time. The brief that's in your package on Bill C-6 gives a more fulsome history of that, so I would direct your attention to that. I could follow up with my colleagues on the actual source of that quote.

    I'll put it another way. Was that information that you were given incorrect, in your view?

    I would say yes, because that's why we have the PARTs guidelines, and that's where there has been all this effort to make sure the professions are actually working towards compliance with PIPEDA.

    That's why I'm curious. You have Industry Canada saying, “It won't even apply to you folks”, on the one hand, and then, even before the act comes into force with respect to the health professions, there are already discussions, one presumes, with Industry Canada about the PARTs guidelines. Are these the same people who told you it wouldn't apply in the first place?

     I think there are two moments in time, so it was when PIPEDA was a bill.

    That's a song, isn't it?

     When PIPEDA was a bill in 1999-2000, that sort of moment, it didn't really apply to health or where you're coming from. But then in the fall of 2003, when, after that delay period, it was going to apply, the health care providers said to Health Canada and Industry Canada, “We're hearing all kinds of different stories about how it's going to apply as express consent and we need to bring together some guidelines for clearance.”

     There was something like a four-year gap between those communications. That's my understanding.

    I see. Thank you.

    You asked for the implementation of the parts guidelines as part of the statute. I just want to be clear. In your package you have something called “PIPEDA Awareness Raising Tools (PARTs) Initiative for the Health Sector, Questions and Answers”, 20 pages. Is this whole thing what you want to see as being annexed to the act and thereby having legal status? Q and A—just so we understand, is that what you're talking about?

    Yes, that's it.

    That's correct.

    Okay.

     We've heard a lot about the issue of work product. We've heard a number of witnesses from Industry Canada, from the Privacy Commissioner, and we've heard evidence that there was a ruling by the previous Privacy Commissioner, all of them indicating that this is not personal information as contemplated by the act. And you disagree with that. I understand that.

    Have any of your members been adversely affected by the ruling of the Privacy Commissioner? If so, in what way?

    I would say that's a very difficult question to quantify. The way in which they may have been adversely affected is that information about their specific prescribing patterns are known to people who purchase that information.

    If I can give a very simple example, a physician attended an education session about a particular drug—and this is a physician I know in Manitoba. Following that, her prescribing patterns were evaluated by the pharmaceutical industry representative in her area. She was phoned on about an every two-week basis to try to determine why the education she received wasn't being incorporated into a change in prescribing patterns. That was interrupting her work. It was close to harassment. It was obviously a direct marketing effort. We, as an association, would rather that information about individual physicians and their prescribing patterns wasn't in the hands of pharmaceutical representatives.

    Yes, I understand that.

    I think Ms. Nelson said something about mixing apples and oranges. There is a difference between whether or not it is personal information as defined by the act, and it may not be, and the use of that information and whether or not that use is proper. Those are two separate discussion topics.

    My time is up, as was pointed out by the vice-chair.

    We now go to Mr. Van Kesteren.

    Thank you, Mr. Chair.

    The trouble with having the last questions is all these people take all the good ones.

    I want to just follow up on something, and this was asked on the other side too. The way I understand it, years ago doctors took their records and just put them in a filing cabinet. Is that really part of the problem? I can't see where there would be too much of a breach of privacy there. Someone's got to literally get into the filing cabinet.

    Is it because we've moved, we've had this transition period into the computers? Is that part of the problem? Is that one of the reasons why we're seeing all this transition, and as well maybe a little bit of reluctance from physicians specifically?

    I believe it is the reason these safeguards need to be introduced. It's much easier to pull together databases that can be useful to other commercial interests or other very legitimate purposes. But we want to be able to protect that information if patients don't want to be part of these large databases.

    I don't think we're seeing physician resistance really to those safeguards being put in place. We just want to make sure that they are not unduly burdensome and adding an extra administrative layer.

    But I do think the move to electronic databases is a very big part of the need for these protections.

    That leads to my second question.

    Is there a danger, or is there a safeguard towards this danger—? When we go to databases, what takes precedence? Is it the patient's privacy or public health?

    That is a very individual, circumstantial kind of question that has to be addressed in any issue.

    For example, even before electronic databases, if we look at the duty of confidentiality of physicians to their patients, if things are required because of risk to the patient or to identifiable persons, or if information is required to be transmitted because of law, then those duties override the confidentiality duty to the patient. It really depends very much on the nature of the information and what the intended purpose for it is. There would be ways through either research boards or regulatory boards to weigh those decisions, and that's why it's important to have frameworks set up to do that.

    Of course, since we have a global network, is there a danger that perhaps insurance companies could access it, not necessarily from the Canadian site but by moving globally and then positioning themselves in other countries and gaining access to information on, you mentioned perhaps, HIV or something, or if somebody were taking drugs?

    I'm picking on insurance companies, but is there that danger? Does that exist?

    We are concerned about the transborder data flow. Actually, that's one of the points we mentioned. I think that is a potential concern and why these databases have to be guarded safely. Research subjects in Canada who are participating in multinational trials could have their information located in the United States and could then be subject to acts such as the U.S. Patriot Act. These are issues that we feel Canadians need to be really proactive on to ensure that we're protecting our citizens' privacy.

     Mr. Tilson was saying just a minute ago, too, that you people could have written a book on privacy. You don't need PIPEDA to tell you how to do it. I mean, you're much more stringent.

    Am I getting this right? Other than the fact, such as the physician you were talking about who was being harassed, and that's a different issue—Is that really the thrust? Is that the thing we're most concerned about—in this series of questions I've asked—that we're moving to global information? Is that really what we're trying to protect more than anything else?

    I think that's probably the emerging issue that is the most important one. With PIPEDA, we've probably dealt a lot with the commercialization of information and those issues. It is those transborder flows, the availability of telehealth, and the fact that physicians may be providing services to people who don't live in their geographical area anymore. All these issues become very important when we consider how we're going to protect health information.

    Good. Thank you.

    Thank you.

    M. Laforest, s'il vous plait.

    Thank you.

    Ms. Lavallée asked a question earlier with regard to the application of the federal Act in provinces where no equivalent provincial law is in effect.

    Since you are representatives of a Canada-wide medical association, do you also represent physicians, pharmacists and dentists in areas where there are also provincial associations? Are there associations, such as the Quebec Medical Association, that represent them with regard to the protection of private information?

    This question is addressed to all three groups.

    I can answer on behalf of the CMA. We have a chapter called the Quebec Medical Association but our code of ethics applies throughout the country.

    Our chapter is working on creating posters and a guide for physicians to help them improve their practice as required.

    Indeed the principles involved in privacy protection are extensive; they do not come under any single authority. It’s like that everywhere.

    Does that association report to the Canadian Medical Association or is it completely autonomous?

    According to our bylaws, it is a part of the Canadian Medical Association. However, these people have their own sphere of influence in terms of negotiations at the provincial level. We also maintain contact with the Quebec Federation of General Practitioners.

    What about dentists?

     In dentistry we have the Canadian Dental Association that speaks for the over 18,000 dentists throughout the country. In the province of Quebec, there is a Quebec dental association that deals with Quebec-specific issues. It relates to the government in Quebec. And there's also the regulatory body, the order, in Quebec that regulates the dental profession within the province. But we at the Canadian Dental Association have individual voluntary members who join our association from the province of Quebec, and we speak for them on issues of national importance and here on issues with the federal government.

    Are those people members of both associations?

    Yes, there are dentists who belong to both—

    Are they not all in the same situation?

    —the Quebec dental association and the Canadian Dental Association. So yes, there are dentists who belong to both organizations in the province.

    With pharmacy, the guidelines and codes of practice and posters and brochures that we produce may be used nationally. But all of the provinces have provincial licensing bodies. So the provincial l’Ordre des pharmaciens du Québec will be the regulatory body in Quebec that will often work with the other pharmacy association to deal with the specific issues as to how provincial legislation will affect pharmacy practice in those provinces.

    So we provide some general information. We will provide individual brochures, leaflets, posters, that type of thing that may be used nationally. But the interpretation of legislation at the provincial level and its application to practice will be done by the provincial licensing body.

    Thank you.

    Ms. Lavallée, would you like to continue?

    Is there time left?

    You have one minute left.

    Ms. Cham, you gave an interesting example of what you consider inappropriate use of medical information. Mr. Wappel replied that it was more a question of revealing information on a physician’s practice than one of revealing personal information.

    Can you give us an example of inappropriate use of medical information?

    I'm just giving that a moment of thought.

    Alright.

    I actually don't have any specific examples.

    I don't know if you're aware of any that have been reported to the association, Jean.

    Ms. Lavallée, so I can understand correctly, are you talking about information on the health of patients or information—

    We are talking here about the protection of private information. We asked Ms. Cham earlier to give us an example. It seems that the information revealed was not private information but rather information on physicians’ practices. We know that pharmaceutical companies have access to this information through their sales data in any given sector, especially when the physician practices in a small community.

    Do you have examples to give us? Our time is running out, I’m sorry. You could answer us in writing if the answer is not readily available. I would like to know if you have examples of cases where revealing a patient’s private information constitutes a violation of the law.

    I know of just one example, and it goes back to Mr. Van Kesteren's question. I think one of the things that's important to recognize is that most of the data or information that gets collected is de-identified from a patient's perspective. So a lot of these databases that get created for research purposes or for public health purposes don't actually have the direct identification of the patient in them. I think that's becoming a really important principle with respect to the handling of health care information, that when it gets aggregated and into databases, one of the really important processes is that it is de-identified so you're unable to identify individual patients from the data.

    So there is a very important level of protection of the patient at that level of data aggregation

    I can tell you about a case where both the Federal Commission and the Alberta Commission were involved. A fax transmission was misdirected. The case was reported by the Federal Commission and we can therefore give you the file number. The work was shared because one legal aspect concerned Alberta while another was under federal jurisdiction. We will send you the information on the subject.

    Thank you.

     Madame Lavallée, it's amazing how one minute became four.

    Mr. Tilson.

    Dr. Halstrom, I don't know what the percentage is, but many people have insurance. You have the dental work done, you give them your insurance information, and the insurance company knows what dental work has been performed before you even leave the office. They know all about what you just did.

    I am assured that all of you protect the information you have, but then the insurance company has information on the work you've just done. I don't know whether there are restrictions on the insurance company or whether you're concerned about that.

    We would be concerned about any use of that, but they can only have information on the procedure that was done on a given tooth or in a given quadrant. It's specific to the work that was done, not to the overall health record.

    There is the question of personal information, the definition of personal information, and the exclusion of certain information. Provincial and federal governments are concerned about the issue of wait times. I'm sure the medical people are concerned, and maybe the dental people too; we all are. If certain information is excluded, does that essentially euchre the government people from trying to cut down on wait times?

    That type of information can be collected in a way that keeps the names of patients confidential but is able to track how long wait times are. There are certainly programs in many of the provinces that are tracking wait times, keeping all of that information confidential from anybody other than the people giving the direct care. But you're able to know exactly when a patient accessed a system and how long it took them to get to surgery, without releasing their name or any personal information. So I don't think that protecting privacy would impede that kind of data collection.

    There are people who say that the definition of personal information is too broad. Do you agree with that?

    I probably don't agree with that. I think we have to be broad in our definition and protect all personal information about patients and people.

    I'm returning to the issue of wait times. There's a problem. We're trying to figure out...I mean, this applies to the druggists. You mentioned statistics on health care and research. If you get too tight on this information it can't be released.

    It's a bit of a two-edged sword. It's important that patient information is protected, but you certainly want to make sure you have quite a rich database of information to enable you to manage the system effectively.

    Some really careful thought has to be given to some of these definitional issues. If we're concerned about the efficiency and effectiveness of the health care system in general, a lot of this information relating to utilization—whether it's utilization of operating theatres, drugs, or whatever—has to be collected, disclosed, and analysed in a way that helps us make improvements to the system.

    The critical piece is that the information needs to be collected, but there need to be some peer reviews so it isn't interpreted and used without some serious consideration of other factors that might be influencing utilization. The peer review piece is important in how it gets used.

     You can release information as to what doctors are prescribing, and you can release the names of the doctors. Should you be allowed to release the names of the doctors? I'm going to ask both of you to answer that question.

    I think what happens, throughout the history of the pharmacy, is that the data gets collected, in fact, by a whole variety of people, particularly third-party payers, and the data gets released to market research companies. The requirement is that all of this information not include a patient's name, that it's de-identified from the patient's perspective.

    I think what we were saying—

    But it includes the names of the doctors.

    The physician's name is included. What we're saying is that the information.... Let me give you an example. Taking the example that my colleague from the CMA qualified, we wouldn't see that information being allowed for the direct targeting of individual physicians for marketing purposes. We would not support that.

    However, for example, information could be used--perhaps on an aggregate basis or even, you could argue, on an individual physician basis—if you had a physician, for example, who was prescribing wildly out of line with established guidelines. I think the important issue we have to wrestle with is whether that particular physician's prescribing behaviour should be investigated in some way by their provincial licensing body, or whatever, or by some peer review body.

    I think there is a distinction between the evaluation and use of information to improve the effectiveness of the system and the use of information for direct targeted marketing purposes. In both cases, you may need the identity of the physician, but it does come down to this question of how things are being used and for what purposes they're being used.

    Ms. Nelson or your colleague, go ahead, please.

    Maybe I can just comment that I would agree with those comments entirely, that we're not trying to protect physicians' prescribing patterns from being analyzed in order to cause improvements to the system. We're very open to peer review or having regulatory authorities look at making sure that physicians are practising at a good level of care. What we would like to see restricted is the selling of those prescription patterns for commercial interests. We feel it's important for them to be available for furthering and improving the system. For secondary commercial interests is where we would see this. We would worry that patients—

    How are you going to stop that?

    Sorry, Mr. Tilson, it's already been seven minutes.

    Would you like to finish?

    I would just like to say we would worry that patients, if they were aware that their physician's prescribing information could be sold to other commercial interests, might be more cautious about what they would reveal to their physicians, and that would be an impediment to their care.

    Thank you.

    Mr. Peterson.

    I have no questions. I'll cede my time to Mr. Tilson.

    Would you mind ceding a question to me?

    I'll cede three to you and one to Mr. Tilson.

    Are there members besides Mr. Tilson and me who want to ask a question?

    Mr. Van Kesteren, go ahead.

    I'll cede two to Mr. Van Kesteren.

    Some hon. members: Oh, oh!

    What happens in property? I want to understand the property rights.

    A patient has a history, and that history is worth money, as far as a medical doctor is concerned. If he were ever to sell his practice, could the courts ever be challenged and say that history is actually the patient's property?

    I'm going to start, and I'm going to ask Jean, probably, to elaborate a bit more on the legal aspects. The actual record is, I believe, the physician's property, because you actually have an obligation to maintain your records for at least seven to ten years after you've stopped taking care of that patient. However, the patient absolutely has the right to review their medical data at any point, unless there's something in the record that the physician really feels could be detrimental to the patient's health, in which case they may need to take it someplace else to be arbitrated.

    Would you like to clarify that a bit?

    I'd just like to say that there was a Supreme Court case in 1992 in which it was decided that the physician owns the paper record but is actually a fiduciary agent or trustee for the information that belongs to the patient. In the case of a transfer of a physician's practice, that's regulated at the college level as well. There are guidelines about notices and guidelines about the kinds of appropriate custodianship, because it's something taken very seriously. The information belongs to the patient, but the actual paper that it's kept on is something that's kept separate and apart.

    I'd like to go back to something, with the chair's permission. Mr. Tilson asked a question regarding what CMA would like to see. I think we'd like to see personal information be broad enough to encompass prescribing information, and then have within that tent the appropriate regulation oversight, such as exists in Quebec, where there is a commission that looks at situations and says this reason is more compelling than others, so there actually is a vetting of it. At the end of the day, it might turn out, as Dr. Cham and Mr. Poston were saying, that the information is used, but at least there is an analysis of it. It's not just cut off from any kind of overview or analysis.

     So the commissioner makes that decision?

    In Quebec it's the Commission d'accès à l'information. There's an actual formal request to have it. There's a process in place.

    But who specifically makes the decision ?

    It's the commission that views the application to use professional information, as it's called. There is a process enshrined in law in Quebec to do that.

    Should that happen here?

    That's a recommendation that CMA would make to the committee.

    Mr. Van Kesteren, your turn.

    No, that's what I was curious about.

    You're done? Okay.

     Mr. Poston, our information is that the private sector privacy legislation in British Columbia has an exemption for work product. But we have information that the B.C. pharmacists have recently passed a resolution not to disclose physician prescribing patterns to anyone.

    Do you know anything about that?

    I don't have a lot of information around the detail, but I do know that the situation in British Columbia is fairly unique in Canada.

    First of all, information from both the public and private prescriptions would be collected through the government. All prescriptions in British Columbia, actually, whether they've been paid for by the private sector or public sector, are collected at one point in time. That's been one of the important features of the pharmacare data. The licensing body for pharmacists in British Columbia is the body that acts as the custodian of that data. I know that specific parts of that have been looked at recently, but I'm not familiar with the details of it.

    B.C. is in somewhat of a unique situation in Canada in that they have that single point of collection for both public and private data. As well, the custody of the system is in the hands of the licensing body of pharmacists.

    Not to be irritating about it, but is your answer then, no, I don't know whether the pharmacists passed such a resolution?

    I don't know the details relating to that. I know it has been under review, but I'm not current on the recent changes.

    Is there some way you could inquire and then advise us?

    Absolutely. I would be pleased to talk to my colleagues in the licensing body in British Columbia and get you that information.

    All right. And if they did make such a resolution, could you also ask them on what basis they thought they could do so and advise us of that?

    Absolutely we'll do that.

    Thank you.

    I have one question, I guess, for the Canadian Medical Association.

    On page 3, your second-last sentence of the first paragraph, referring to work product information, says the following:

    The way I read this, you're saying that your patients wouldn't trust you even though there was no legal impediment to use that information. In other words, the law doesn't prevent it, so why would the patient blame you?

    We're not so concerned about being blamed by the patients—

    But that's what your sentence says.

    What we're concerned about is the effect on our ability to give them good health care. If they don't trust us or have confidence that their personal information will be kept confidential, then they may not be fully comfortable disclosing it to us.

    So we're not worried about being in court, even; we're worried that patients won't trust us, won't give us the information, and we won't be able to give good care.

    But none of that information involves patients. Is that correct?

    If I may, I think it has to do with the relationship that's generated. If you make the analogy to work product, it's not the general work product, in the federal Privacy Commissioner's decision, of how much tarragon a chef uses or how many shingles a roofer uses. It's actually, instead, what kind of medication am I receiving? If the patient perceives that third parties are commercially benefiting from that exchange, is that patient going to be more reluctant or more inhibited to share that information?

    There actually have been data studies—CMA itself has done polling, which we'd be happy to share with you--showing that patients have indicated that they will be less likely to confide in their physicians as they perceive more third parties intruding into that encounter. Because that's the lynchpin of the whole thing: the secondary users of it.

    If I might, CMA—

    Before you continue, yes, we would like that information and that polling data, if you wouldn't mind.

    I'm sorry to interrupt. Please go ahead.

    Sure.

    We can also share with the committee peer-reviewed articles that were published in the Canadian Medical Association Journal about physician prescribing practices and data, and what happens at the pharmacy level.

    Dr. Zoutman of Kingston has written many articles on this. He actually did a survey—it's not current, being from 2004, but it is very relevant—on what happened at the pharmacy level. We'd be happy to share that with the committee.

     Okay. Thank you.

    Committee members, are there any other questions?

    All right. I want to thank our witnesses very, very much for coming and giving their testimony today and giving us their best advice as to how we could improve PIPEDA.

    We wish you all the best. Happy holidays, Merry Christmas, and a Happy New Year, on behalf of all committee members.

    Now, Madame Lavallée, you in fact have an amazing 26 minutes, if you want, to proceed with your motion.

    That's too much.

    We already know what the motion is. You don't have to restate it. You've already spoken to it.

    Is there any other member who wishes to speak?

    You don't have a quorum.

    I don't have a quorum? There are six members.

    You need seven.

    Madame Lavallée, we do not have a quorum.

    Oh, Mr. Tilson, it's your last new trick.

    I'm so sorry about that, but c'est la vie.

    I’ll be very pleased to speak about my motion at our meeting on Tuesday, January 29. Don’t think I’ll forget about it. Otherwise, it will turn into a motion to blame the Minister.

    Okay.

    Whether there's quorum or not, I wish everybody happy holidays, Merry Christmas, and a Happy New Year.

    The meeting is adjourned.