Pan-Canadian Health Information Privacy and Confidentiality Framework

Health and the Information Highway Division, Health Canada
January 27, 2005

Table of Contents

• Introduction and Overview
• Core Concepts
• Core Provisions
• List of Appendices:
  • appendix A - Ancillary Provisions
  • Appendix B - Consultation Groups
  • Appendix C - Privacy Task Group

Link to work documents: Coming Soon

This document was created for the Advisory Committee on Information and Emerging Technologies and endorsed by the Federal/Provincial/Territorial Conference of Deputy Ministers of Health*

* Saskatchewan and Quebec did not endorse this document.

Introduction

Canadians expect and have confidence that the privacy and confidentiality of their personal information will be protected when governments use it in the course of providing programs and services. In no field is the maintenance of this trust more critical than in the health sector.

Recognizing the importance of privacy, the Federal/Provincial/Territorial Conference of Deputy Ministers of Health tasked its Advisory Committee on Information and Emerging Technologies to develop a Pan-Canadian Health Information Privacy and Confidentiality Framework. The objective of the Framework is to respond to Canadians' privacy and confidentiality expectations and to suggest a harmonized set of core provisions for the collection, use and disclosure of personal health information in both the publicly and privately funded sectors. Consistent, or at least more consistent, privacy regimes among jurisdictions would facilitate health care renewal, including the development of electronic health record systems and primary health care reform.

The Framework is a valuable tool to inform and influence any privacy legislative process within jurisdictions affecting personal health information. Since the Personal Information Protection and Electronic Documents Act (PIPEDA) applies in jurisdictions which, unlike Quebec and British Columbia, have not adopted "substantially similar" legislation, the Framework can also serve as a guide to achieving that objective. However, it is also understood that it is only a guide, not a prescription. The actual intent and wording of jurisdictional legislation will ultimately determine whether the legislation can result in an exemption from PIPEDA. Quebec did not participate in the development of the Framework, while Saskatchewan withdrew near the end of the process.

Overview

The Pan-Canadian Health Information Privacy and Confidentiality Framework is the result of extensive analysis and consultation. The analysis included a review of both domestic and international approaches to protecting personal health information privacy. As part of the consultation process, jurisdictions generally consulted their respective government departments, ministries and stakeholder communities. Health Canada consulted national care provider associations while provinces and territories generally conducted parallel activities with the associations' provincial and territorial counterparts (Consultation Groups - see Appendix B). Feedback was received from federal, provincial and territorial privacy commissioners, experts on genetic information and Canadians by means of a public opinion survey. The results of the consultations demonstrated strong support for the Framework and its objective of harmonizing privacy principles governing personal health information derived from both commercial and other activities. According to the survey, Canadians, for the most part, expressed strong confidence in the provisions of the Framework that were surveyed.

The Framework is comprised of core provisions aimed at protecting the privacy and confidentiality of individuals with respect to their health information, while enabling the flow of information where appropriate to support effective health care, the management of the health system and an interoperable health record. The core provisions are consistent with the requirements of the Canadian Charter of Rights and Freedoms and PIPEDA and reflect the realities of the health system. appendix A to the Framework is a listing of ancillary provisions that are provided for consideration. These ancillary provisions are not essential nor required by PIPEDA.

A principle that underpins the provisions is that the collection, use and disclosure of health information is to be carried out in the most limited manner, on a need-to-know basis and with the highest degree of anonymity possible in the circumstances. The Framework also recognizes that privacy is a consent-based right and, unless otherwise stated in legislation, the individual's consent must be obtained for any collection, use and disclosure of personal health information. In keeping with current practices within the health care sector, an implied knowledgeable consent model is proposed for the collection, use and disclosure of personal health information within the circle of care.

The Framework applies to recorded and unrecorded personal health information, whether in paper or electronic format. It does not propose a separate or exceptional legislative vehicle to govern genetic information but views genetic information as a component of personal health information.

The Pan-Canadian Health Information Privacy and Confidentiality Framework is a guide rather than a prescription as legislators have the ultimate authority to determine the type of privacy legislation they wish to adopt. However, the Framework is also a valuable tool to achieve more consistent privacy provisions across jurisdictions and across the commercial and non-commercial sectors of health care.

Core Concepts

The following core concepts are intended to support the core provisions to ensure the harmonization of scope, intent and spirit of the Pan-Canadian Health Information Privacy and Confidentiality Framework.

Custodians

Means an individual or organization that collects, uses, or discloses personal health information for the purposes of care and treatment, planning and management of the health system or health research.

The individual jurisdiction's legislation should include the following entities:

• Health service providers - a person who is licensed or registered to provide health services or who is a member of a designated class of persons. In general terms, this includes health professionals/health service providers/health care practitioners
• The Minister and Department
• Regional Health Authorities (where they exist)
• Hospitals and nursing homes and other identified health care facilities
• Pharmacists and pharmacies
• Boards, agencies, committees and other organizations identified in regulations
• Affiliates/agents e.g. employees, volunteers
• Cancer Board
• Mental Health Board
• Ambulance Operators
• Persons who maintain and administer an EHR system

Agent/Affiliate

In relation to a health information custodian, means a person/organization that, with the authorization of the custodian, acts for or on behalf of the custodian in respect of personal health information for the purposes of the custodian, and not the agent/affiliate's own purposes, whether or not the agent/affiliate is employed by the custodian and whether or not the agent/affiliate is being remunerated.

Personal health information

Means information about an identifiable individual that relates to the:

• physical or mental health of the individual, or
• provision of health services to the individual, and may include:
  
  
  • information about the registration of the individual for the provision of health services,
  • information about payments or eligibility for health care in respect to the individual,
  • a number, symbol or particular assigned to an individual to uniquely identify the individual for health care purposes,
  • any information about the individual that is collected in the course of the provision of health services to the individual, and
  • information derived from the testing or examination of a body part or bodily substance.

Personal health information does not include information that, either by itself or when combined with other information available to the holder, is anonymized, i.e. the identity of the individual who is the subject of the information cannot be readily ascertained from the information.

Information Manager

Is a person or organization that on behalf of the custodian:

• Processes, stores, retrieves, archives, or disposes of personal health information;
• De-identifies or otherwise transforms personal health information; and/or
• Provides information management or information technology services.

Record

Means a record of information in any form or in any medium, and includes information that is written, photographed, recorded, digitized or stored in any manner, but does not include computer programs or other mechanisms that produce records.

Research

Means a systematic investigation designed to develop or establish principles, facts or general knowledge, or any combination of them, and includes the development, testing and evaluation of research.

Use

Means to handle or deal with information and includes reproducing the information, but does not include disclosing the information.

Implied Knowledgeable Consent

Exists where it is reasonable in the circumstances and as a result of the individual's behaviour to believe that the individual knows:

1. the purposes of the collection, use, or disclosure and how their personal health information will be used or disclosed; and
2. that the individual may provide or withhold consent.

Individuals can be informed of their rights and the privacy policies through posting of notices, brochures and pamphlets and/or discussions in the normal course of exchange that takes place between the individual and the health care provider.

Once the individual is informed, in accordance with a) and b) above, consent can be implied if the individual continues to seek treatment or to provide information or behaves in a way which indicates by his/her observable behaviour that the individual is consenting to this collection, use and disclosure .

Circle of Care

Means the individuals and activities directly related to the health care and treatment of an individual. It is also intended to include the integrated care model.

Core Provisions

1. The Duties and Obligations of Custodians to Protect Personal Health Information
   
   
   • 1.1 Privacy Impact Assessment
     
     
     • 1.1.1.A Privacy impact assessments shall be conducted, publicized and maintained for new (or changes to existing) collections, uses and disclosures of personal health information in accordance with jurisdictional requirements.
     • 1.1.1.B Privacy impact assessments shall also be conducted when creating or modifying personal health information systems and communication technologies.
   • 1.2 Cross Border Transfer of Personal Health Information
     
     
     • 1.2.1 Where personal health information is disclosed or transferred between jurisdictions, health information custodians shall take reasonable steps for the protection of the information.
   • 1.3 Policies and Procedures
     
     
     • 1.3.1 A health information custodian shall have in place and comply with information practices, policies and procedures that meet the requirements of the respective jurisdiction's legislation and the regulations.
     • 1.3.2 A health information custodian must designate a contact person to help ensure compliance with the legislation, to respond to inquiries about information practices, and to receive complaints from the public.
     • 1.3.3 If personal health information is used or disclosed without consent beyond the scope of the custodian's description of its information practices:
       
       
       1. The custodian shall, without delay, notify the individual of the use or disclosure and inform the individual of available recourse/redress; and
       2. If the use or disclosure is to continue, consent shall be sought before proceeding.
     • 1.3.4 A health information custodian may only authorize an agent to collect, use, disclose or retain personal health information if the custodian has that authority under the applicable legislation. An agent may not exceed the authority given by the custodian.
     • 1.3.5 A health information custodian shall promote openness and transparency for the public on the policies and procedures.
   • 1.4 Information Manager
     
     
     • 1.4.1 Custodians, who entrust personal health information to an information manager must, prior to such action, enter into an agreement to establish appropriate security safeguards for the information to be provided.
   • 1.5 Data Matching
     (addressed as ancillary provisions, appendix A)
   • 1.6 Physical, Technical and Security Safeguards
     
     
     • 1.6.1 Custodians must take reasonable steps to establish and maintain administrative, technical and physical safeguards sufficiently up-to-date to protect personal health information from reasonably anticipated threats to the security or integrity of the information, including unauthorized access, use, disclosure, modification or destruction. These safeguards shall be based as appropriate on nationally or jurisdictionally recognized information technology security standards and processes, commensurate with the level of sensitivity of the personal health information to be protected.
     • 1.6.2 Custodians must ensure that its agents are aware of and adhere to all of the custodian's administrative, technical and physical safeguards in respect of personal health information.
   • 1.7 Retention, Storage and Destruction of Personal Health Information
     
     
     • 1.7.1 Custodians must take reasonable steps to maintain administrative, technical and physical safeguards. This includes appropriate measures for the retention and proper disposal of personal health information to prevent any reasonably anticipated unauthorized use or disclosure of the personal health information or unauthorized access following its disposal.
   • 1.8 Accuracy and Authentication
     
     
     • 1.8.1 When using or disclosing personal health information, a custodian must take reasonable steps to ensure:
       
       
       • 1.8.1.A - that the information is accurate, complete and up-to-date; and
       • 1.8.1.B - that disclosure is made to the person intended and authorized to receive the information.
   • 1.9 Personal Health Numbers
     (addressed as ancillary provisions, appendix A)
   • 1.10 Fines and Penalties
     
     
     • 1.10.1 Jurisdictions will apply appropriate sanctions for willful contraventions of these privacy requirements.
   • 1.11 Immunity from Suit
     
     
     • 1.11.1 No criminal or civil proceedings lie against the Commissioner/Review Officer, or against any person acting on behalf or under the direction of the Commissioner/Review Officer, for anything done, reported or said in good faith as a result of the performance or exercise or purported performance or exercise of any duty or power of the Commissioner as included in the respective legislation.
2. Right to Access One's Own Information
   
   
   • 2.1 An individual has a right of access to his or her own personal health information in the custody and control of a health information trustee or custodian, subject to limited and defined exceptions. This right includes the ability to examine, receive a copy of and request a correction to the information.
   • 2.2 A custodian has the right to refuse access to the individual's own information in the following circumstances:
     
     
     • 2.2.1 Knowledge of the information could reasonably be expected to result in harm to the individual or someone else;
     • 2.2.2 The information could reveal personal health information about another person.
   • 2.3 If the information about another person referred to in section 2.2.2 is severable from the record, the organization shall sever the information about the other person before giving the individual access to his/her record, unless the other person has consented to the disclosure of his/her personal information.
3. Collection of Personal Health Information
   
   
   • 3.1 When collecting personal health information directly from the individual the custodian must take reasonable steps to inform the person of the purpose for which the information is being collected and of the specified legal authority for the collection.
4. Elements of Consent
   
   
   • 4.1 Must be given by the individual to whom the information relates if she or he is capable of consenting at the time of consenting or by a substitute decision-maker.
   • 4.2 Must be knowledgeable.
   • 4.3 Must be able to be withheld or withdrawn and custodian must inform the individual of the consequences of such action.
5. Consent for collection, use and disclosure of personal health information for purposes of Care and Treatment
   
   
   • 5.1 If it is reasonable in the circumstance, a custodian is entitled to assume that it has an individual's implied consent to collect, use or disclose the information for the purposes of providing health care or assisting in providing health care to the individual unless the custodian is aware that the individual has explicitly withheld or withdrawn the consent by giving notice to the custodian.
   • 5.2 A custodian must take reasonable steps to comply with the individual's notice to withhold or withdraw consent and must inform the individual of the consequences of any such restrictions.
   • 5.3 Upon complying with any such request, a custodian must notify another custodian if in the opinion of the custodian the information is important for care and treatment (e.g. a recipient of the information) if an individual has indicated that they do not want parts of their personal health information disclosed for the purpose of providing health care/health services to the individual.
   • 5.4 It is possible for custodians to override a withdrawal of consent in an emergency situation.
     
     The custodian shall, without delay, inform the individual of the use or disclosure.
6. Express Consent
   
   
   • 6.1 Express consent must be obtained for the collection, use or disclosure of personal health information for purposes outside of the circle of care, except as specifically otherwise provided by legislation.
7. Disclosures Without Consent Unless Individuals Object
   (addressed as ancillary provisions, appendix A)
8. Uses With No Consent
   (addressed as ancillary provisions, appendix A)
9. Disclosures Without Consent
   
   
   • 9.1 To any person if the custodian believes on reasonable grounds that the disclosure is necessary for the purpose of eliminating or reducing a significant risk of serious harm to a person or group of persons.
   • 9.2 If the disclosure is authorized by a federal, provincial or territorial enactment.
   • 9.3 The custodian has the authority to disclose health information about the individual as required to comply with a subpoena, warrant or court order or when authorized by an enactment of the province, territory or of Canada.
10. Public Health Surveillance
    (addressed as ancillary provisions, appendix A)
11. Minors' Rights
    (addressed as ancillary provisions, appendix A)
12. Planning and Management of Health System
    (addressed as ancillary provisions, appendix A)
13. Substitute Decision Maker
    (addressed as ancillary provisions, appendix A)
14. Research
    
    
    • 14.1 The custodian may disclose personal health information for research purposes without the consent of the individual the information is about, provided that the researcher:
      
      
      • 14.1.1 Provides the custodian with a copy of the research plan
      • 14.1.2 Provides the custodian with a copy of the approval by a research ethics Committee
      • 14.1.3 Signs a research agreement with the custodian including terms and conditions, such as:
        
        
        • 14.1.3.A - the terms and conditions required by the research ethics committee;
        • 14.1.3.B - terms and conditions required by the data custodian relating to the use, protection (privacy and security), disclosure, retention or disposal of the personal health information;
        • 14.1.3.C - not to use the personal health information for any purpose other than the proposed research purpose;
        • 14.1.3.D - not to attempt to identify the individuals or to contact the individuals unless the data custodian or researcher has obtained prior consent by the individuals or the data custodian authorizes the contact under exceptional circumstances; and
        • 14.1.3.E - not to publish research results in a form that could reasonably identify an individual.
    • 14.2 A custodian may use and disclose personal health information without the individual's consent for research purposes if all the following conditions are met:
      
      
      1. the research cannot be achieved without using the information;
      2. the information will be used in a manner that will ensure its confidentiality;
      3. it is impracticable to obtain consent;
      4. the custodian informs the privacy oversight body of the jurisdiction.
15. Commissioners/Review Officers/Ombudsmen
    
    
    • 15.1 A privacy oversight body, not part of, or under the direction or control of, an organization that is subject to the legislation, shall be charged with the following duties and powers:
    • 15.2 The Privacy Oversight Body is responsible for:
      
      
      • 15.2.1 Monitoring how the Act is administered and conducting reviews;
      • 15.2.2 Whether a complaint is received or not and if the Commissioner is satisfied there are reasonable grounds, initiating investigations and audits to ensure compliance with provisions of the Act;
      • 15.2.3 Attempting to resolve a complaint by means of dispute resolution such as mediation and conciliation;
      • 15.2.4 Providing oversight regarding privacy impact assessment process;
      • 15.2.5 Engaging in research matters related to the Act;
      • 15.2.6 Developing and conducting public education programs;
      • 15.2.7 Promoting best practices; and
      • 15.2.8 Offering advice and comments to custodians.
    • 15.3 In conducting an investigation or an audit, the Privacy Oversight Body may:
      
      
      • 15.3.1 Require production of records;
      • 15.3.2 Summon and enforce the appearance of persons before the Commissioner;
      • 15.3.3 Compel persons to give oral or written evidence;
      • 15.3.4 Administer oaths; and
      • 15.3.5 Enter premises subject to appropriate safeguards/processes.
    • 15.4 On completing an investigation or audit, the Privacy Oversight Body may:
      
      
      • 15.4.1 Issue an order or make a recommendation to the custodian regarding any duty imposed by the Act or its regulations; and
      • 15.4.2 Recommend sanctions/damages against those who have contravened the Act.

Appendices

Appendix A - Ancillary Provisions

Pan-Canadian Health Information Privacy and Confidentiality Framework

Original Ancillary Provisions					Revised Provisions	Rationale /Comments
1	The Duties and Obligations of Custodians /Trustees to Protect Personal Health Information
	1.1	Privacy Impact Assessment
	1.2	Cross Border Transfer of Personal Health Information
			1.2.1.A	This could include: Transfer security: Ensure that the means used to transfer the information shall minimize the risk of unauthorized access, use, modification or disclosure. This includes reasonable measures to ensure the recipient is the intended person or body.	No change.	For Charter consideration express consent should be obtained when international transfer of personal health information occurs for purposes of care and treatment. (see section 6.1)
			1.2.2.B	Transfer conditions: Enter into a transfer agreement to address: the authority to transfer; data elements involved; subsequent use and disclosure authority; security, confidentiality and audit measures; and, dispute resolution mechanisms. The adequacy of privacy protections contained in transfer agreements may also be endorsed by jurisdictional privacy commissioners.	Transfer conditions: Enter into a transfer agreement to address: the authority to transfer; data elements involved; subsequent use and disclosure authority; security, confidentiality and audit measures; and, dispute resolution mechanisms. The adequacy of privacy protections contained in transfer agreements may also be endorsed by jurisdictional privacy oversight bodies.	Aligns with PIPEDA. Change the term "commis-sioners" to "oversight bodies" to address jurisdictional privacy oversight structures. For Charter consideration express consent should be obtained when international transfer of personal health information occurs for purposes of care and treatment. (See section 6.1 of the core provisions).
			1.2.2.C	Exception: Where it is not reasonable or practicable to enter into a transfer agreement, or where the transfer of health information is solely for the purpose of continuing care and treatment of an individual or where the transfer is required by law, reasonable measures should still be taken in accordance with sub-section a).	No change.	For Charter consideration express consent should be obtained when international transfer of personal health information occurs for purposes of care and treatment. (see section 6.1 of the core provisions). An example of when it may not be reasonable or practicable to enter into a transfer agreement could be in the event of emergency medical response to a natural disaster.
	1.3	Policies and Procedures
	1.4	Information Manager
		1.4.1	This contract may include limitations on the use and disclosure of personal health information, audit rights of the custodian, restrictions on sub-contracting, obligations respecting the return or secure destruction of personal health information upon termination of the contract and sanctions that may be imposed against the information manager who breaches, or attempts to breach the custodian's safeguards in respect of health information.		No change.
		1.4.2	Custodians /trustees that have entered into an agreement with an information manager may disclose health information to the information manager without the consent of the individuals who are the subjects of the information for the purposes authorized by the agreement.		No change.	When the custodian initially collects the information, it is within the circle of care and based on the implied knowledgeable consent of the individual. Given that the circle of care extends to administrative purposes for the delivery of health care services, it would not be necessary to obtain a second consent. The same rational would apply if a government, under a legislative authority, collected the information in that no further consent would be required. (See definition of "Information Manager")
		1.4.3	Custodian/trustees shall exercise appropriate due diligence on privacy, confidentiality and security safeguards before entrusting personal health information.		No change.
		1.4.4	Information managers must ensure that they comply with applicable legislation, standards, and policies. Custodian/trustees remain responsible for personal health information entrusted to information managers.		No change.
	1.5	Data Matching
		1.5.1	There must be authority for the collection, use or disclosure of individually identifying health information being used for data matching or that is being created as a result of the data matching.		No change.	Previously guideline. Now ancillary provision because of the impact of data matching on the individual's privacy Previously was 1.6.2
		1.5.2	A custodian may perform data matching using information that is in its custody or under its control. (There should be no requirement to prepare a privacy impact assessment for this type of data matching, provided the data matching is being done for an authorized purpose and will not result in a use of individually identifying health information that will affect the privacy of the individual who is the subject of the information.)		No change.	For Charter and PIPEDA considerations, outside the circle of care, express consent would be required unless otherwise provided by jurisdictional legislation. Previously guideline. Now ancillary provision because of the impact of data matching on the individual's privacy.
	1.6	Physical, Technical and Security Safeguards
		1.6.1	Custodians/trustees of electronic health records must establish and implement audit, security, and availability safeguards. Audit and security safeguards include data encryption, access controls, routine audit trails, privacy enhancing technologies, and secured back-up and recovery of records, to address reasonably anticipated security risks in the electronic environment. Availability safeguards include business resumption planning, disaster recovery planning and general availability of information communication technologies i.e. power outages.		No change.
	1.7	Retention, Storage and Destruction of Personal Health Information
		1.7.1	This includes appropriate measures for the retention and proper disposal of personal health information to prevent any reasonably anticipated unauthorized use or disclosure of the personal health information or unauthorized access following its disposal.		No change.
		1.7.2	Jurisdictions should develop standards for the retention of personal health information to ensure consistency and facilitate access to personal health information.		No change.
		1.7.3	Custodians/trustees must have a written policy concerning the retention, archival storage/access and disposal/destruction of personal health information.		No change.
	1.8	Accuracy and Authentication
	1.9	Personal Health Numbers
		1.9.1	An individual has a right to refuse to produce his/her health services number or any other prescribed identifying number to any person, other than a custodian/trustee who is providing a health service, as a condition of receiving a service.		No change.
		1.9.2	A person may require the production of an individual's health services number if that person/entity is listed by the jurisdiction. Note: Alberta as an example.		No change.
	1.10	Fines and Penalties
		1.10.1	A fine should not be more than a figure to be stipulated by the jurisdiction. The fines for a corporation should be higher.		No change.
	1.11	Immunity from Suit
		1.11.1	No action lies and no proceeding may be brought against the Crown, a custodian or any person for anything done or not done by that person in good faith while carrying out duties or exercising powers under the specific legislation including without limitation, any failure to do something where a person has discretionary authority to do something but does not do it.		No change.	The term "any person" includes employees.
		1.11.2	Any person who has reasonable grounds to believe that another person has contravened or intends to contravene a provision within a respective jurisdiction's legislation may notify the Commissioner/Review Officer and request and be granted whistleblower protection i.e. have their identity be kept confidential with respect to that notification of a contravention intended or otherwise.		No change.
2	Right to Access One's Own Information
	2.1	A custodian/trustee has the right to refuse access to the individual's own information in the following circumstances:			No change.
		2.1.1	- The information could identify a third party other than another trustee/custodian who provided the information in confidence; or		No change.
		2.1.2	- If the information was compiled solely for use in a legal proceeding to which the trustee is or may be a party or is protected by legal privilege.		No change.
		2.1.3	- If information was collected for the purposes of an investigation relating to a contravention of an agreement or a law;		No change.
		2.1.4	- If information was compiled for peer review, standards committee, regulatory body or risk management assessment;		No change.
		2.1.5	- If trustee/custodian believes on reasonable grounds that the request for access is frivolous or vexatious; or		No change.
		2.1.6	- Other exceptions prescribed in a regulation.		No change.
3	Collection of Personal Health Information
	3.1	A custodian /trustee may collect information:			No change.
		3.1.1	- for a lawful purpose related to the authority of the custodian/trustee		No change.
		3.1.2	- if it is expressly authorized by an enactment of the province/territory or federal level		No change.
		3.1.3	- if the information relates directly to and is necessary to carry out the custodian/trustee's authorized purpose/use as stipulated in the jurisdiction's legislation governing health information.		No change.
	3.2	A custodian/trustee must collect personal health information directly from the individual from whom the information is being collected except in the following types of circumstances:			No change.
		3.2.1	- The individual authorizes collection from someone else:		No change.
		3.2.2	- When the individual has had a substitute decision maker appointed;		No change.
		3.2.3	- Where the custodian believes, on reasonable grounds, that collection from the individual who is the subject of the information would prejudice: the interests of the individual, the purposes of collection, the safety of any other individual, or would result in the collection of inaccurate information;		No change.
		3.2.4	- Where collection from the individual who is the subject of the information is not reasonably practicable;		No change.
		3.2.5	- Where collection is for any of the following purposes:		No change.
			3.2.5.A	- assembling a family or genetic history where the information collected is to be used in the context of providing a health service to the individual from whom the information is being collected;	No change.
			3.2.5.B	- determining the eligibility of an individual to participate in a program of or to receive a benefit, product or health service from a custodian and the information is collected in the course of processing an application made by or for the individual who is the subject of the information; and	No change.
			3.2.5.C	- verifying the eligibility of an individual who is participating in a program of or receiving a benefit, product or health service from a custodian to participate in the program or to receive the benefit, product or service.	No change.
4	Elements of Consent
	4.1	Must be voluntary i.e. not obtained by deception or coercion.			No change.
	4.2	Must relate to the information.			No change.
5	Consent for collection, use and disclosure of personal health information for purposes of Care and Treatment
	5.1	A custodian must take appropriate steps to ensure that personal health information records (electronic and non-electronic) of an individual include appropriate notice (s) about any disclosure restrictions in place. Custodians must inform the individual of the consequences of any such restrictions.			No change.
	5.2	Where compliance with an individual's notice to withhold or withdraw consent places an unreasonable burden on a custodian/trustee, that custodian/trustee will not be expected to fully comply with the request but must take reasonable steps to inform the individual of why they are unable to comply. This requirement to take reasonable steps, in particular, within the EHR environment and within larger institutions, such as hospitals recognizes the technical costs to build in "masking" and the potential administrative burden on custodians/trustees.			No change.
	5.3	Implied, knowledgeable consent for the use and disclosure of the individual's personal health information for purpose of provision of health care/health services to the individual and the individual's ability to withhold or withdraw consent applies to the individual's personal health information in the non-electronic and electronic (EHR) environments. Individuals should not have the ability to instruct the provider to only use non-electronic means (paper, fax, etc.) for the purpose of providing health care/health services to the individual.			No change.
	5.4	The consent of the substitute decision-maker may be implied, and the custodian is entitled to rely on the assumption of validity of knowledgeable implied consent. Given the fact that the standard for consent is "knowledgeable", the custodian must take care in deciding when it is reasonable to rely on an implied consent, especially given that the substitute decision-maker may not be in front of them (e.g. could be obtaining consent by telephone/fax).			No change.
	5.5	The proposed provisions suggest that the individual would have the right to withhold or withdraw consent for information within their health record (electronic or non-electronic form) in whole or in part.			No change.
6	Express Consent
	6.1	Consent for disclosure of personal health information by a custodian to a person who is not a custodian must be express (unless otherwise indicated in these proposed framework provisions). For example, disclosure to third parties, such as lawyers and insurers/insurance companies, must be express. An exception is disclosure to third party carriers for purpose of payment.			No change.	Was a core provision and now replaced by an overriding core provision (sec. 6.1 of the core provisions). Now kept as an ancillary provision to provide guidance to jurisdictions. Legislative drafters should consider whether SPECIFIC privacy protection ought to be included for cases where identifiable information from or about third parties, and which is not personal health information, is embedded within a personal health information record.
	6.2	Consent for disclosure of personal health information by a custodian to another custodian, when it is not for the purpose of providing health care/health services or assisting in providing health care/health services, must be express. Disclosures as required or authorized by a federal or provincial/territorial enactment, treaty, agreement or arrangement made under those Acts, do not require express consent. Note: Although the proposed framework provisions reference and recognize the ability to use and disclose personal health information without consent as permitted and/or required by an existing federal or provincial/territorial enactment, treaty, agreement or arrangement made under those Acts, it is proposed that these vehicles at the time of their scheduled reviews be reviewed in light of the agreed-to provisions for the collection, use and disclosure of personal health information.			No change.	Was a core provision and now replaced by an overriding core provision (sec. 6.1 of the core provisions). Now kept as an ancillary provision to provide guidance to jurisdictions. Legislative drafters should consider whether SPECIFIC privacy protection ought to be included for cases where identifiable information from or about third parties, and which is not personal health information, is embedded within a personal health information record.
	6.3	A health information custodian shall not collect, use or disclose personal health information about an individual/trustee for the purpose of fundraising activities unless the individual expressly consents and the custodian collects, uses or discloses the information, as the case may be, subject to the prescribed requirements and restrictions, if any. Note: Given the reliance of hospitals and other health organizations on fund raising to sustain operations, Ontario intends to not require express consent but to allow the individual to "opt-out". Ontario's Bill31 amendment states that a health information custodian may collect, use or disclose personal health information only where the individual expressly consents, or the individual consents by way of an implied consent and the information only consists of the individual's name and prescribed types of contact information and the manner in which consent is obtained and the resulting collection, use or disclosure of personal health information for the purpose of fundraising activities shall comply with the requirements and restrictions that are prescribed, if any.			No change.
	6.4	A health information custodian/trustee shall not collect, use or disclose personal health information about an individual for the purpose of marketing anything unless the individual expressly consents and the custodian collects, uses or discloses the information, as the case may be, subject to the prescribed requirements and restrictions if any.			No change.
	6.5	Disclosure by a custodian/trustee to the media requires express consent, even when information about the individual is publicly available require express consent.			No change.
7	Disclosures Without Consent Unless Individuals Object
	7.1	A health information custodian/trustee has the discretion to disclose personal health information about an individual to family members of the individual or to another person with whom the individual is believed to have a close personal relationship if the information is given in general terms and concerns the presence, location, condition, diagnosis, progress and prognosis of the individual on the day on which the information is disclosed and the disclosure is not contrary to the express request of the individual.			No change.
	7.2	A health information custodian/trustee may disclose personal health information about an individual who is deceased, or is believed to be deceased:			No change.
		7.2.1	- for the purpose of identifying the individual;		No change.
		7.2.2	- for the purpose of informing any person whom it is reasonable to inform, the circumstances that the individual is deceased or believed to be deceased;		No change.
		7.2.3	- to the spouse, partner, sibling or child of the individual if the recipients of the information reasonably require the information to make decision about their own health care or their children's health care, having regard to any views that the individual previously expressed that are know to the custodian; and		No change.
		7.2.4	- for carrying out the deceased person's wishes for the purpose of tissue organ donation.		No change.
		7.2.5	- Where an individual is deceased, health information may be disclosed, to family members of the individual or to another person with whom the individual is believed to have had a close personal relationship, if the information relates to circumstances surrounding the death of the individual or to health services recently received by the individual and the disclosure is not contrary to the express request of the individual.		No change.
	7.3	A health information custodian/trustee may disclose personal health information about an individual to a successor where the custodian is transferring its records to the successor as a result of the custodian ceasing to be a custodian and the successor is the custodian. The custodian should make reasonable efforts to give notice to the individual before transferring the records, or if that is not possible, as soon as possible after transferring the records.			No change.
8	Uses With No Consent
	8.1	For the purpose of determining or monitoring/verifying the eligibility of the individual to receive health care/health services or benefits.			No change.
	8.2	For the Minister or another health information custodian to determine or provide funding or payment to the custodian for provision of health care.			No change.
	8.3	For the purpose of planning, monitoring, evaluation, resource allocation, audit or monitoring or preventing fraud for programs or services that the custodian delivers or funds in whole or in part.			No change.
	8.4	For the purpose of health service provider education e.g. providing health information records for educating agents/providers to provide health services.			No change.
	8.5	For the purpose of ensuring quality or standards of care (including providing for use and disclosure for risk management purposes, for quality of care committees or similar bodies) or standards of care within the trustee/custodian organization			No change.
	8.6	For the purpose of modifying the information to conceal the identity of the individual.			No change.
	8.7	For the purpose of contacting a relative or friend of the individual, if the individual is injured, incapacitated or ill and unable to give consent personally and the disclosure is not contrary to the express request of the individual.			No change.
	8.8	For the purpose of conducting an audit of the information if the person conducting the audit agrees in writing to destroy the information at the earliest opportunity after the audit is concluded and does not disclose the information to any person except as required to accomplish the audit or to report unlawful or improper conduct by the custodian or a health services provider.			No change.
	8.9	For a purpose as required or authorized by a federal or provincial/territorial enactment, treaty, agreement or arrangement made under any of those Acts.			No change.
9	Disclosures Without Consent
	9.1	To another custodian where the custodian disclosing the information has a reasonable expectation that the disclosure will prevent fraud, limit abuse in the use of health services or prevent the commission of an offence under an enactment of a province/territory or Canada.			No change.
	9.2	To persons acting on behalf of the individual including:			No change.	Refer to Substitute-decision maker in section 13
		9.2.1	A person who is legally entitled to make a health care decision on behalf of the subject individual;		No change.
			9.2.1.1	- A legal guardian;	No change.
			9.2.1.2	- A personal representative appointed in writing;	No change.
			9.2.1.3	- The administrator of an estate, if the use or disclosure is for the purposes of the estate; or	No change.
			9.2.1.4	- Someone to make decisions in circumstances where the individual is deceased. Note: Section D.6. on substitute decision-makers.	No change.
	9.3	To a health professional body or a prescribed professional body that requires the information for the purposes of carrying out its duties under an Act regulating the profession.			No change.
	9.4	To any person if the custodian believes on reasonable grounds that the disclosure will avert or minimize an imminent danger to the health or safety of any person.			No change.
	9.5	To an official of a penal or other custodial institution in which the individual is being lawfully detained if the purpose of the disclosure is to allow the provision of health services to the individual and to assist the institution or the facility in making a decision concerning the placement of the individual into custody, detention, release, conditional release, discharge or conditional discharge under existing provincial/territorial/ federal legislation.			No change.
	9.6	To another custodian for the purpose of ensuring quality or standards of care including providing for use or disclosure for risk management purposes, for quality of care committee or similar bodies or for the purpose of ensuring quality or standards of care within the trustee/custodian organization.			No change.
	9.7	To another custodian for the purpose of planning, monitoring, evaluation, audit, resource allocation or monitoring or preventing fraud against programs or services that the custodian delivers or funds in whole or in part. Note: Section D.5.6.			No change.
	9.8	To another custodian for monitoring prescriptions for certain drugs (e.g. triplicate prescription programs.)			No change.
	9.9	To an officer of the Legislature if the information about the individual is necessary for the performance of the officer's duties.			No change.
	9.10	If the disclosure is authorized by a federal, provincial or territorial treaty, agreement or arrangement made under any of these Acts.			No change.
10	Public Health Surveillance
	10.1	Personal health information may be disclosed for the purpose of public health surveillance without the individual's consent subject to overriding constraints, such as, least amount, highest level of anonymity and need to know and identified purpose as appropriate i.e. to promote and preserve public health, to prevent and address significant risk to the health and safety of the public.			No change.
	10.2	Disclosure for other public health purposes should be in accordance with Public Health Statutes to occur without consent and should only occur to authorized public health surveillance agencies or authorities.			No change.
11	Minors' Rights
	11.1	Any right or power conferred on an individual including the right to consent to collection, use and disclosure of information about the minor can be exercised if an individual is a child who is less than the age of majority, as stated in the jurisdiction, and who understands the nature of the right or power and the consequences of exercising the right or power. This includes disclosure to a substitute decision-maker/guardian or parent.			No change.
12	Planning and Management of Health System
	12.1	That the role of organizations specially established or designated to analyze health information to support improvements in the health system and the health of Canadians be recognized and that the organizations be authorized/designated to collect and use health information for research and analysis provided that certain conditions are met.			No change.
	12.2	Personal health information should be used and disclosed for health system management and planning purposes without consent subject to overriding constraints limiting the flow of the information for this purpose. Jurisdictions should only use and disclose information for this purpose subject to either; legislation authorizing use and disclosure; a privacy impact assessment subject to review by a Commissioner/Review Officer; or by disclosing personal health information to a prescribed entity (as allowed by the Ontario Bill 31.)			No change.
	12.3	In addition, it is proposed that a Minister may disclose personal health information to another Minister within the jurisdiction for the purpose of developing public policy subject to the overriding principles and constraints. It is clear that this ability would only occur under exceptional circumstances.			No change.	It is understood that disclosures, in this instance, are generally subject to PIA requirements and overriding principles of least amount of disclosure of personal information, highest amount of anonymity and need to know.
	12.4	A custodian may disclose personal health information to the Minister if the disclosure is necessary or desirable in the opinion of the custodian to enable the Minister to carry out duties of the Minister.			No change.	It is understood that disclosures, in this instance, are generally subject to PIA requirements and overriding principles of least amount of disclosure of personal information, highest amount of anonymity and need to know.
13	Substitute Decision Maker
	13.1	Rights or powers may be exercised by:			No change.
		13.1.1	- Adults (rebuttable presumption of capacity)		No change.
		13.1.2	- Minors with capacity		No change.
		13.1.3	- Guardians of minors without capacity		No change.
		13.1.4	- Personal representatives of deceased		No change.
		13.1.5	- Court appointed guardians or trustees		No change.
		13.1.6	- Agents in personal directives		No change.
		13.1.7	- Attorneys with power of attorney		No change.
		13.1.8	- Persons with written authorization (from the individual)		No change.
		13.1.9	- Substitute decision-makers by operation of law		No change.
		13.1.10	- Federal, provincial or territorial Statutes (e.g. mental health and human tissue gift legislation; Ontario's Bill 31)		No change.
		13.1.11	- Applicable law (e.g., common law, in loco parentis)		No change.
14	Research
	14.1	That common definitions be in place for research and research ethics committees			No change
	14.2	A Research Ethics Committee should consider the following in assessing whether to approve the proposed research:			No change.	Serious consideration should be given to incorporate these provisions in jurisdictions' legislation consistent with strong advice received during the consultation process.
		14.2.1	- Whether the personal health information is necessary to fulfill the objectives of the research;		No change.
		14.2.2	- Whether public benefits of the research outweigh the potential risks to privacy;		No change.
		14.2.3	- Whether obtaining the consent of the individuals the personal health information is about is impracticable or inappropriate;		No change.
		14.2.4	- Whether individuals the personal information is about have objected to such use; and		No change.
		14.2.5	- Whether adequate safeguards will be in place to protect the privacy of the individual and the confidentiality of their information.		No change.
15	Commissioners /Review Officers /Ombudsmen
16	Glossary
		"Privacy" Privacy includes a right to be free from intrusion and interruption. It is linked with other fundamental rights such as freedom and personal autonomy. In relation to information, privacy involves the right of individuals to determine when, how and to what extent they share information about themselves with others.
		"Confidentiality" Confidentiality is the obligation of an organization or custodian to protect the information entrusted to it and not misuse or wrongfully disclose it.
		"Security" Security is the process of protecting information by assessing threats and risks to that information and implementing the procedures and systems to restrict access and maintain the integrity of that information.
		"Collect" Means to gather, obtain access to, acquire, receive or obtain personal health information from any source by any means.
		"Data Matching" Means the creation of individually identifying health information by combining individually identifying or non-identifying health information or other information from two or more electronic data bases, or two or more electronic records.
		"Disclose" Means to make the information available or to release it to another health information custodian or to another person, but does not include to use the information.
		"Health Service" Means a service that is provided to an individual for protecting, promoting or maintaining physical and mental health; preventing illness; diagnosing and treating illness; rehabilitation; caring for the health needs of the ill, disabled, injured or dying; and includes, the compounding, dispensing or selling of a drug, a device, equipment or any other item to an individual, or for the use of an individual, pursuant to a prescription.
		"Health Service Provider" Means an individual who provides health services
		"Non-identifying health information" Means health information that cannot identify the individual or for which there is no reasonable basis to believe that it could be utilized, either alone or with other information, to identify the individual.
		"Genetic Information" As a component of personal health information may be defined as... "any information about an identifiable individual that is derived from the presence, absence, alteration, or mutation of a gene or genes, or the presence or absence of a specific DNA marker or markers, and which has been obtained from an analysis of the individual's DNA or from an analysis of the DNA of a person to whom the individual is related." (See Draft Genetic Privacy Act of Annas, Glantz and Roche)
		"Personal health number" Means the number assigned to an individual by (the Department/minister, etc.) to uniquely identify the individual
		"Research Ethics Committee" Means an independent board, committee or other similar body authorized to review and approve research involving personal health information under a law of Canada or a province or under applicable international and national research ethics standards.
		"Substitute decision-maker" In relation to an individual, means a person who is authorized under relevant legislation to exercise any right or power conferred on an individual by relevant legislation.

Appendix B - Consultation Groups

A National Public Opinion Survey was conducted by EKOS Research Associates Inc. in the early fall of 2004.

We would like to thank the following stakeholders for their feedback on the Framework:

National/Federal

Privacy Commissioners:

Information and Privacy Commissioner of British Columbia

Information and Privacy Commissioner of Ontario

Information and Privacy Commissioner of Saskatchewan

Office of the Privacy Commissioner of Canada

Core National Health Care Provider Associations:

Canadian Dental Association

Canadian Health Care Association

Canadian Medical Association

Canadian Nurses Association

Canadian Pharmacists Association

Canadian Psychological Association

Approximately 30 additional National Associations/Organizations were consulted through a survey.
The following associations/organizations submitted written submissions:

Canadian Association of Chain Drug Stores

Canadian Association of Social Workers

Canadian Association of Speech-Language Pathologists and Audiologists

Canadian Dental Hygienist Association

Canadian Massage Therapist Alliance

Canadian Nurses Protective Society

Canadian Physiotherapy Association

Canadian Society of Telehealth

Dietitians of Canada

IMS Health Canada Inc.

Opticians Association of Canada

Core Federal Interdepartmental Privacy Advisory Group:

Industry Canada

Justice Canada

Privy Council Office

Treasury Board Secretariat

Federal HealthCare Partnership, which includes the following departments:

Canadian Forces Medical Group

Citizenship and Immigration Canada

Correctional Services Canada

Department of National Defence

Fisheries and Oceans Canada
Health Canada's Branches/Programs through the Departmental Privacy Committee

Office of the Correctional Investigator
Royal Canadian Mounted Police

Public Works and Government Services Canada

Veterans Affairs Canada

Provinces/Territories

Alberta

Alberta Cancer Board

Alberta College of Pharmacists

Alberta Medical Association

Alberta Nurses Association

Canadian Mental Health Association (Alberta Chapter)

Capital Health Authority

College of Physicians and Surgeons

British Columbia

British Columbia Centre for Disease Control

College of Physicians and Surgeons

Fraser Health Authority

Interior Health Authority

Ministry of Health Services

Ministry of Health Services, Home and Community Care

Provincial Health Officer

Vancouver Coastal Health Authority

Vancouver Medical Health Officer

Manitoba

Canadian Blood Services

Manitoba Centre for Health Policy

Winnipeg Regional Health Authority

New Brunswick

Government of New Brunswick

Newfoundland and Labrador

Newfoundland and Labrador Centre for Health Information

Nova Scotia

Annapolis Valley District Health Authority

Cape Breton District Health Authority

Emergency Medical Care Inc.

Nova Scotia College of Pharmacists

Nova Scotia Dental Association

Nova Scotia Government Employees Union

Nova Scotia Health Records Association

Nova Scotia Health Research Foundation

Nova Scotia Medical Services Insurance

South West Nova District Health Authority

Nunavut

Government of Nunavut

NWT

Government of Northwest Territories

Ontario

Canadian Mental Health Association

Centre for Addiction and Mental Health

Ontario Bar Association, Privacy Law Section

Ontario Hospital Association

Ontario Medical Association

Psychiatric Patient Advocate Office

Saskatchewan

College of Physicians and Surgeons of Saskatchewan

Representative Board of Saskatchewan Pharmacists

Saskatchewan College of Pharmacists

Saskatchewan Justice

Sunrise Health Authority

Yukon

Government of Yukon

Appendix C - Privacy Task Group

Advisory Committee on Information and Emerging Technologies

Secretariat Health Canada: