ACTUALIZACION DE ITEMS DE INVENTARIOS

Most of the recent discussions about the protection of personal information and in particular health information have focussed on the impact of developments in informa- tion technology and the increasing use of computerized record systems. “The health care industry is in the midst of an era of unprecedented computerization of medical records

42 See e.g. Freedom of Information and Protection of Privacy Act, above note 28, section 1(1)(g), (j). The British Columbia Freedom of Information and Protection of Privacy Act, Statutes of British Columbia 1992, c.61, since 1995 has covered, in addition, professional gov- erning bodies such as the College of Physicians and Surgeons. Freedom of Information and Protection of Privacy Act (Amendment), Statutes of British Columbia 1993, c.46, section 28(6), sec- tion 30. E. Shaw, J. Westwood & R. Wodell,

The Privacy Handbook: A Practical Guide to Your Privacy Rights in British Columbia and How to Protect Them(Vancouver: B.C. Civil Liberties Association, 1994) at 103. A similar amendment is proposed for Alberta; see “Information and Privacy Legislation Being Extended First to Education and Health Care,” Government of Alberta News Release, August 27, 1997. 43 W. H. Minor, “Identity Cards and Databases in Health Care: The Need for Federal Privacy Protections” (1995) 28 Columbia Journal of Law & Social Problems 253 at 278-79; Shaw, Westwood & Wodell, see above at 100.

44 Shaw, Westwood & Wodell, see note 42 at 102; “Health Information Privacy,” see note 5 at 509. 45 Courts may incorpo- rate a duty of confidential- ity into an implied con- tract between physician and patient; “Health Information Privacy,” see note 5 at 509 n. 292; S. Rodgers-Magnet, “Common Law Remedies for Disclosure of Confidential Medical Information,” “Appendix 1” in Krever Commission, see note 6, vol. 3, 297 at 323.

46 McInerney v.

MacDonald, see note 39 at 148-50.

47 Shaw, Westwood & Wodell, see note 42 at 102.

and data.”66_{Computerizing records is part of many health care reform proposals, since}

it would not only increase efficiency but also significantly cut costs.67_{However, the}

general public is apparently nervous about the potential effects of these changes: in recent polls 85 per cent of people said that protecting confidentiality of medical records was very important to them, and 90 per cent believed that computers make it easier for someone to improperly obtain personal information.68_{While there is some disagree-}

ment about the exact nature and extent of the impact of technology on the protection of privacy, there is no doubt that “pervasive use of computers has enhanced society’s ability to collect, store, retrieve, process, and disseminate data on individuals, quite often with- out the individual’s knowledge and consent.”69

For instance, the ease of recording and storing information in computer databases may mean that information will be collected and retained that might not have been otherwise.70_{The centralized storage of large amounts of information also increases the}

likelihood and severity of breaches of privacy. Traditionally, records have been kept in manual form in a number of different (and usually secure) locations, making it difficult to obtain information and especially to obtain and combine a wide range of data from vari- ous sources.71_{Unless special protections are built into the system, access to a database can}

provide an authorized or unauthorized user with an unprecedented amount of informa- tion. Even when different sets of data are held in different systems, it is often possible to “link” or “match” the data for a particular individual using some identifier. This practice, known as computer matching, presents a serious threat to personal privacy since it allows a user to compile a detailed dossier or profile on an individual by linking data from many different sources,72_{and thereby acquire extensive knowledge about that person,}73_without

the individual’s knowledge or consent. Matching may also detach information from its context and lead to the proliferation of false or misleading information.74

As a result, the means by which health information is identified in a computer system has become extremely important. In health care, the use of unique identifiers (a name, number or other unique marker for each individual)75_{would allow a compre-}

hensive record for each patient to be compiled from information scattered geographical- ly and over the years. These “patient-based longitudinal records,” which would contain “all data relevant to the health of an individual … collected over a lifetime,”76_would

carry obvious benefits for quality of care and administrative efficiency. However, the additional threat to privacy means that limits on the use of unique identifiers may be appropriate.77_{Of special concern is the use of an identifier that would allow links to be}

made between health records and other forms of personal data. For example, privacy advocates in the United States strongly resisted the proposed use of the social security number (SSN) as an identification number for the reformed health care system.78

Because of the widespread use of the SSN by both government and private entities, the SSN may be used to access and link information about many aspects of a person’s life.79

Those concerned about privacy are alarmed at the prospect of this pool of information

48 “Health Information Privacy,” see note 5 at 509-11.

49 See above at 511. 50 New Zealand Privacy Commissioner, Health Information Privacy Code 1994 (Auckland, N.Z.: Privacy Commissioner, 1994). Found at http://www.knowledge basket.co.nz/privacy/health/ hipcnc.htm. 51 See note 36. 52 H.R. 52, 105th Congress, 1st Session. Found at ftp:/ftp.loc.gov.pub/thomas /c105/h52.ih.txt. This bill was introduced in the House of Representatives January 7, 1997 by California Representative Gary Condit. Condit intro- duced earlier versions of this bill in 1994 and 1995 (H.R. 435), which were supported by industry representatives, privacy advocates and health poli- cy experts; J. Goldman, “Statement of Janlori Goldman, Deputy Director, Center for Democracy and Technology, Before the House Committee on Government Reform and Oversight Subcommittee on Government Management, Information and Technology on Medical Records Technology,” found at http://www.cdt.org/priva- cy/health/960614_testimo- ny.html. 53 House of Representatives 3482, 104th Congress, 1st Session. 54 S. 1360, House of Representatives 52, 105th Congress, 1st Session. 55 See Ontario Ministry of Health, A Legal Framework for Health Information (Consultation Paper) June 1996; Manitoba Health, Privacy Protection of Health Information(Discussion Paper) May 1996. 56 Bill 30, Health Information Protection Act, 1st Sess., 24th Leg., Alberta, 1997 [hereinafter Bill 30]. 57 Found at http://www.gov.on.ca/healt h/english/profess/phipa/ph ipa.html on 12 February 1998.

including intimate details about a person’s health. The use of a number specific to the health care system would help to alleviate these concerns.80

The choice of an identifier is one issue to be considered with respect to health care cards. Developing technology has also added other issues, however. Various types of cards have been used for identification and insurance purposes in the health care system for many years. Typically, these cards carried basic information that was printed or embossed on the card.81_{Several types of “advanced card technologies” (“smart cards”)}

are now available, including magnetic strip, integrated circuit and optical storage cards.82_{These cards can not only store much larger amounts of information (including}

images such as x-rays, for optical storage cards), but can also process information and be used to access central databases.83_{The cards could be used for identification, insur-}

ance, communication between care providers and as a portable, comprehensive patient records, which could be valuable for emergency and outreach care.84_{Pilot projects have}

already begun testing the use of such cards in many countries, including Canada.85

Reactions have been ambivalent: some fear misuse of smart cards – the cards would be vulnerable to theft or fraudulent use by third parties – while others feel that use of these cards could actually enhance individuals’ control and privacy.86

New information technologies also pose significant challenges for the definition and enforcement of duties to protect privacy. For example, since a centralized database containing health records could be accessed from a number of different points in a con- nected system of computers, in contrast to a paper record which is physically located in one place, it may be difficult to determine who should bear the primary responsibility for ensuring that no unauthorized access takes place. Furthermore, physical security measures,87_{while essential, will not be sufficient to protect computerized records;}

efforts must be made to build security into the system itself. Another enforcement prob- lem is that with computerized data, a breach of security may be difficult or impossible to detect. “In an electronic, on-line system, the data can be viewed, studied, and down- loaded from any location. The viewer of the information has not acquired any physical materials, making any theft virtually undetectable.”88