Committee Transcript 2001-Feb-27 | Legislative Assembly of Ontario

Personal Health Information Privacy Act, 2000, Bill 159, Mrs Witmer / Loi de 2000 sur la confidentialité des renseignements personnels sur la santé, projet de loi 159, M^me Witmer

Office of the Provincial Auditor
Mr Erik Peters

Ontario Medical Association
Dr Albert Schumacher
Ms Barbara LeBlanc

Ontario Pharmacists' Association
Ms Barbara Stuart
Ms Holly Rasky
Mr Gerry Cook

Psychiatric Patient Advocate Office
Mr Vahe Kehyayan
Ms Lora Patton

CARP
Mr Bill Gleberzon

College of Physiotherapists of Ontario
Ms Jackie Schleifer Taylor
Mr Richard Steinecke
Mr Rod Hamilton

Canadian Institute for Health Information
Mr Richard Alvarez

College of Dental Hygienists of Ontario
Ms Fran Richardson
Mr Richard Steinecke

Mr Marvin Siegel

Canadian Institutes of Health Research
Ms Patricia Kosseim
Dr Don Willison
Mr Matthew Furgiuele

AIDS Committee of Toronto
Mr Lee Zaslofsky

Privacy Management Group
Mr Christopher Comeau
Ms Jeanne Bickle

Borden Ladner Gervais
Ms Daphne Jarvis
Ms Jacinthe Boudreau

Ontario Physiotherapy Association
Ms Caroline Gill
Ms Signe Holstein

Canadian Mental Health Association, Ontario division
Ms Patricia Bregman
Dr Barbara Everett

Electronic Child Health Network
Mr Andrew Szende

Ontario AIDS Network1014
Mr Stephen Squibb

Schizophrenia Society of Ontario
Ms Janice Wiggins

Mr Clement Babb

Ontario Occupational Health Nurses Association
Mr Brian Verrall

Royal College of Dental Surgeons of Ontario
Mr Irwin Fefergrad

STANDING COMMITTEE ON GENERAL GOVERNMENT

Chair / Président
Mr Steve Gilchrist (Scarborough East / -Est PC)

Vice-Chair / Vice-Présidente
Mrs Julia Munro (York North / -Nord PC)

Mr Toby Barrett (Norfolk PC)
Mrs Marie Bountrogianni (Hamilton Mountain L)
Mr Ted Chudleigh (Halton PC)
Mr Garfield Dunlop (Simcoe North / -Nord PC)
Mr Steve Gilchrist (Scarborough East / -Est PC)
Mr Dave Levac (Brant L)
Mr Rosario Marchese (Trinity-Spadina ND)
Mrs Julia Munro (York North / -Nord PC)

Substitutions / Membres remplaçants
Mr Doug Galt (Northumberland PC)
Mr John Gerretsen (Kingston and the Islands / Kingston et les îles L)
Ms Frances Lankin (Beaches-East York ND)
Mrs Lyn McLeod (Thunder Bay-Atikokan L)
Mr John O'Toole (Durham PC)
Mrs Sandra Pupatello (Windsor West / -Ouest L)
Mr R. Gary Stewart (Peterborough PC)
Mr Bob Wood (London West / -Ouest PC)

Also taking part / Autres participants et participantes
Mr Phil Jackson, manager, population health strategies unit,
Ministry of Health and Long-Term Care

Clerk / Greffière
Ms Anne Stokes

Staff / Personnel
Mr Andrew McNaught, research officer,
Research and Information Services

The committee met at 0907 in committee room 1.

PERSONAL HEALTH INFORMATION PRIVACY ACT, 2000 / LOI DE 2000 SUR LA CONFIDENTIALITÉ DES RENSEIGNEMENTS PERSONNELS SUR LA SANTÉ

Consideration of Bill 159, An Act respecting personal health information and related matters / Projet de loi 159, Loi concernant les renseignements personnels sur la santé et traitant de questions connexes.

The Chair (Mr Steve Gilchrist): I call the committee to order as we proceed with our issues on Bill 159, An Act respecting personal health information and related matters.

OFFICE OF THE PROVINCIAL AUDITOR

The Chair: First up this morning is the Office of the Provincial Auditor. Mr Peters, come forward, please. Good morning and welcome to the committee. You barely escaped public accounts and back again today.

Mrs Lyn McLeod (Thunder Bay-Atikokan): He hasn't escaped public accounts.

Mr Erik Peters: Back in at 10 o'clock.

I appreciate the opportunity to comment on Bill 159, An Act respecting personal health information and related matters, which is also commonly referred to, in short, as PHIPA, even though I find that is just as long as the title of the act.

While most of the members are familiar with the role and responsibilities of the Provincial Auditor, I would like to provide some background and context to our audit work and how this proposed legislation could impact on my ability to carry out my duties and responsibilities under the Audit Act. I've asked the clerk to distribute a copy of the Audit Act to you so that you may refer to the pertinent provisions I will be speaking about.

In a nutshell, the purpose of my presentation is to ensure that our historical and legislated access to information rights mandated under the Audit Act continue under this new proposed legislation.

Free access to all information needed to fulfill responsibilities is fundamental to auditing. This principle, as it applies to the Provincial Auditor, is given statutory definition in the Audit Act, which incidentally I consider a wonderfully balanced piece of legislation. On one hand, it gives us access to all information that we need to do our job; on the other hand, it limits the use of that through oaths of secrecy to strictly using that information for purposes of the Audit Act. The only exception is if we detect any wrongdoings that should be reported under the Criminal Code.

The opportunity to consider all relevant facts before forming and reporting my opinions is fundamental to the fulfillment of my statutory duties. In conducting their examinations, my staff must have access to all pertinent information and explanations.

Under section 10 of the Audit Act, every ministry of the public service, every agency of the crown and every crown-controlled corporation is required to provide the Provincial Auditor with such information regarding its powers, duties, activities, organization, financial transactions and methods of business as the Provincial Auditor requires, and the Provincial Auditor shall be given access to all books, accounts, financial records, reports, files and all other papers, things or property belonging to the ministry, agency of the crown or crown-controlled corporation and necessary to the performance of the duties of the Provincial Auditor. So very far-reaching access rights.

To fulfill our responsibilities under the Audit Act, we require access to a wide variety of information and records. For this reason, the access-to-information section in the Audit Act is necessarily worded in generic terms. However, specifically in audits of the Ministry of Health and Long-Term Care, we have frequently found it necessary to access ministry information and records that fall within the definition of personal health information. The example that comes to mind is OHIP records. In carrying out our audit work at the ministry, my staff have always had access to all information and records that we considered necessary to conduct our audit work. We would like to see this practice continue and be embodied explicitly in Bill 159.

I would also like to draw to your attention clause 12(2)(a) of the Audit Act, which obliges me to report to the assembly on whether, in carrying out the work of the office, we received all the information and explanations we have required.

To give you a plain illustration on OHIP, how do we make sure that the ministry has not paid for two hysterectomies on the same woman? This has happened. It became public knowledge that there were in one year at least 43 cases where doctors had billed twice for hysterectomies. For example, how do we ensure that things like this don't happen in our system and don't happen to taxpayers' money?

At this point, I should mention that my office is in the process of seeking amendments to the Audit Act. My office has made proposals to amend the Audit Act with the primary objective of providing the Provincial Auditor with the discretionary authority to perform value-for-money audits of organizations that receive grants from the province of Ontario or an agency of the crown. In 1996, the Legislature's standing committee on public accounts unanimously endorsed our proposed Audit Act amendments. In fact, just last week I updated the public accounts committee on the status of our proposed amendments.

In formulating our proposed amendments to the Audit Act, I should tell you that we have sought-and that was done on my personal advice-the advice of the Information and Privacy Commissioner regarding the issues surrounding privacy and our access to personal health information and records. In this regard, included in our proposed amendments to the Audit Act is an anonymization clause-I have trouble with that word, but the meaning is clear to me-that has been drafted by the office of the Information and Privacy Commissioner. I can share that with you, if you like, and we brought copies along if you'd like to have that.

Turning specifically to the proposals laid out in the paper entitled Ontario's Proposed Personal Health Information Privacy Legislation for the Health Sector, or Health Sector Privacy Rules, dated September 2000, and Bill 159, the health sector privacy rules recognize the need for disclosure of personal health records for audit purposes. I would also note that this is consistent with the following recommendation made by the Royal Commission Into the Confidentiality of Health Information in its 1980 report, and I quote from that report:

"That legislation governing the confidential information maintained by hospitals and health care facilities permit the disclosure of health information to prescribed government recipients authorized to collect, audit"-my emphasis but it's there-"or inspect confidential information under provincial legislation."

So the commission already recommended this.

It is my office's view that, in the absence of specific exclusions in any other act, section 10 of the Audit Act provides my staff with the authority to access for audit purposes only a wide variety of information and records, including what Bill 159 refers to as personal health information.

With this in mind, I would refer the committee to subsection 36(1) of Bill 159, which provides the discretionary authority for a health information custodian to disclose personal health information authorized by other acts. I emphasize the word "discretionary" because the section uses the word "may," not the word "shall."

In discussions with the Ministry of Health staff on this issue, we have been informed that the ministry has always intended that access-to-information rights of the Provincial Auditor that are currently authorized under the Audit Act should continue under PHIPA. Specifically, clause (i) of subsection 36(1) provides for the discretionary-I repeat, discretionary-disclosure of personal health information which could cover the access to information and records permitted or required by the Audit Act. However, again I would like to stress that this provision is discretionary.

Although the policy paper supporting the proposed legislation recognized the need for access to personal health information specifically for audit purposes, the proposed legislation does not sufficiently address the mandatory nature of my office's requirement to access this information for audit purposes.

I want to stress that the success of our audit process depends to a very large degree on access to all relevant information and records that my staff consider necessary to the performance of my office's duties under the Audit Act, and so the wording in PHIPA should make this as clear as possible.

We also understand the sensitivities regarding personal health information and are cognizant of the need to maintain adequate systems to protect the confidentiality of this sensitive information. To this end, we have already for many years instituted a policy of anonymization of personal health information retained in our working papers. As well, the Audit Act provides various measures to protect the confidentiality of information, including a mandatory oath of office and secrecy, and a mandatory requirement that staff of my office are to preserve secrecy with respect to all information that comes to their knowledge in the course of performing their duties under the Audit Act, except-and I repeat section 27 here-"as may be required in the administration of this act"-that's where I referred to balancing-"or any proceedings under this act or under the Criminal Code." Also, under section 19 of the Audit Act, our audit working papers are protected from public disclosure.

To conclude my presentation, I want this committee to know that there will be times when my staff will need access to personal health information in order to fulfill my duties and responsibilities under the Audit Act. I want to ensure that our historical and legislated access-to-information rights under the Audit Act continue under this new proposed legislation.

With this in mind, my suggestion would be to include a separate section for mandatory disclosure to the Provincial Auditor. In this regard, we believe that the following wording would, without any doubt, achieve the intended objective of ensuring that the Provincial Auditor's access-to-information rights authorized under the Audit Act continue under this legislation, Bill 159. The wording is as follows: "A health information custodian shall disclose personal health information to the Provincial Auditor for the purpose of enabling him or her to carry out his or her statutory responsibilities under the Audit Act."

This concludes my presentation. I would be happy to answer any questions that you may have.

The Chair: Thank you, Mr Peters. That does give us about two minutes per caucus. We'll start the rotation with the official opposition.

Mrs McLeod: Thank you very much, Mr Peters, for your presentation and also for your recommended amendment. I would share your concern that there be something specifically addressing the issue of access to the auditor as required for public audits, because I think there are a number of areas of the bill which do need amendment, and even those areas of access that you've identified in the bill could be affected by the amendment process we're going to go through. There is a section 11 that allows for other acts to specifically prevail over this act. Some of us have some concerns with even that clause, so I think an amendment that would speak specifically to the access for audit would be important.

Could I ask you, though, a little bit more broadly and touch on something you raised in your presentation, and that's that when you do access OHIP files, if you find evidence of fraud-you didn't say fraud; you said a violation of the Criminal Code-you would be required to report that. If you found evidence of OHIP fraud, I assume there is a potential criminal charge there. To whom would you report that? What I'm getting at is, if we're able to tighten up government access to private health information, how would you see the follow-up to your report of OHIP fraud being carried out?

0920

Mr Peters: I think largely because we are not medical practitioners, to identify whether fraud has occurred-fraud actually is what a court decides is fraud. If we have a suspicion of fraud or an indication of something going wrong, what would normally happen under the circumstances is that we would bring it to the attention of the ministry first, because the ministry has a process whereby these incidents are reported to something called the Medical Review Committee. That is a panel of experts that would sit on it and determine whether something has actually happened, that a doctor has provided a billing that is inappropriate. We would ask them to instigate the process from this end; in other words, have experts look at it from that point of view.

In the audit we also ensure that those processes are in place; in other words, that it doesn't just rely on our audit to identify those instances but also that their own staff have a process to follow when they find instances where they have concerns that should be brought forward.

Specifically, from then on, an investigation starts and processes start. A while back-I don't know how many years back-we had, for example, a doctor billing in such a way that he virtually didn't sleep all week. He charged so many hours that we didn't know where he took the time from, that sort of thing. But all these billings must be supported of course by medical records, identification of the patient and what services were rendered.

Ms Frances Lankin (Beaches-East York): To follow up on that, why is identification of the patient necessary for your office? For example, you could have the record; it can be identified by, say, an OHIP number. You don't need the name and address and that kind of information, do you?

Mr Peters: Absolutely right. That is quite correct. The only problem we have found with the old numbers, as we did in hearings on it, is that the process is now being tightened up, I think partially because of findings we had in 1992. For example, if you just had a name and an initial, you could find yourself in the possession of eight OHIP cards. There was a street value for these cards. They could be sold.

We had an incident, for example, in one hospital where a pregnant woman presented a card and only by accident the nurse identified-she said, "How did you do this? You gave birth about three months ago." On investigation it turned out that a woman had simply passed off her card to a sister from another country who then came.

Ms Lankin: That would be something the forensic investigators in the Ministry of Health would be notified of or there would be another investigation. For the purposes of audit, is there a requirement for you to see the patient's name attached to the actual OHIP billing record?

Mr Peters: Only one of efficiency, because what we would hate to have ministry staff do is, for example, if we want to look at 100 doctor's billings, that they would have to go through and obliterate all the personal identifiers in it. What we have agreed to with the privacy commissioner is that we can indeed see the name, but that's as far as it will go. Actually, they were more generous with us than I thought. I thought we would be in a research-only mode, if you will, but they said-that's the privacy commissioners' ruling-yes, we can retain the records in our working papers provided we obliterate all information that personally identifies that individual, including, incidentally, the health card number.

Ms Lankin: That probably speaks to the issue of technology within the Ministry of Health and how these records are stored and maintained. With a different technological set-up, they would be able to provide you all of the patient's OHIP payment schedule for a particular doctor without the patient's name being attached to it. Because all you need to see is what that doctor is doing and what those records are, right? Is there anything in your audit process that would relate it back to an individual patient's name?

Mr Peters: It would to some extent, because if you look at Bill 159 again, section 14 identifies that we have the right, for audit purposes, to match computer records. If the name happens to be a critical field on which we need to match, then we should have the right to do that. That is provided for in the bill. I think it's section 14(3) of Bill 159.

Ms Lankin: Would it be satisfactory, if in the majority of cases in doing audits of OHIP it is reasonable to look at the records without a name, that if a particular kind of audit required the name, you go back to the ministry? It would be like two steps, a higher level of access to that information.

Mr Peters: That would be quite fair and that could be built into the act, but it is vital to us that it shall be disclosed. In other words, we would consider it a scope limitation if we couldn't have information to complete our audit.

Ms Lankin: So whatever information is absolutely required must be guaranteed by the legislation, but it can be done in such a way at every step along the way to protect the personal health information of someone and their personal identifier, until such time as the nature of an audit requires that piece of information.

Mr Peters: Very much so, because one of the things that is paramount under our legislation is that we can follow payments out of the consolidated revenue fund, and we really are looking at all situations where there is a health service provider. Virtually all health service providers must support their demand for public money from the taxpayer with an identification of the services they render. In most instances that information includes the identifier of the people who ultimately receive the service. If this chain were broken, we could not perform our duties under section 9 of the Audit Act, which is to follow properly where taxpayers' money has gone.

Mr Bob Wood (London West): Has the privacy commissioner seen your proposed amendment and does she endorse it?

Mr Peters: Yes, absolutely. As I said in my presentation-and I will provide it to you-I have wording here that was provided by Ms Cavoukian's office.

Mr Wood: Does this give you any greater power than the federal auditor has in terms of access to information?

Mr Peters: No, it does not. It is a straightforward process.

Mr John O'Toole (Durham): Thank you, Mr Peters. I have two small questions. I'm wondering if Bill 159 will give the minister or the ministry more power to manage, measure and report program effectiveness. Will Bill 159 give the ministry more power to manage and control the effectiveness of the different programs?

Mr Peters: I can't answer your question because I have not reviewed Bill 159 for that purpose.

Mr O'Toole: A very short question here is, do you think that paper records are more or less secure than digital records?

Mr Peters: No, they are as secure, we would think.

Mr O'Toole: Paper and digital are both the same level of security in terms of general access?

Mr Peters: It's a rather interesting question and I think you particularly may appreciate the answer. If information is properly password-protected and the system security is properly exercised, I would consider computer records to some extent safer than paper records. But that is a big "if" and this is something we look at continually as to whether there is adequate security over the computer systems.

Mr O'Toole: Isn't that where we generally have to go? Whether it's at the federal level or the provincial level, or in fact the municipal level, the way information moves today, that is an inevitable consequence of the technology and the way business is transacted today.

Mr Peters: Absolutely, and therefore every action must be taken by ministries and agencies and crown-controlled corporations to ensure that those systems are secure, because it is a fact of life that much of the business of government today could not be carried out without adequate information technology support.

The Chair: Thank you, Mr Peters. We appreciate your coming before us here this morning. Good luck in public accounts.

Mr Peters: Thank you. Just a quick question: was the committee interested in Ms Cavoukian's-

The Chair: Very much so, please. In fact, you can leave that with the clerk. Thank you.

Ms Lankin: Is there a copy of your written submission as well that could be circulated?

Mr Peters: Yes, there is one, but it has to be checked against delivery.

0930

ONTARIO MEDICAL ASSOCIATION

The Chair: Our next presentation will be from the Ontario Medical Association. Good morning and welcome to the committee.

Dr Albert Schumacher: Thank you. Good morning. I'm Albert Schumacher, President of the Ontario Medical Association and a family physician from Windsor. Barb LeBlanc from the OMA staff is with me to assist during the question period.

I come before the committee today with some ambivalence, since it is not clear to me that Bill 159, at least in its present form, provides a useful frame of reference for our dialogue. After this committee received technical briefings from the federal and provincial privacy commissioners, the OMA hoped that the formal committee process would be delayed so that the Ministry of Health and Long-Term Care could redraft the bill in order to address the serious concerns that were raised.

We supported this approach for a couple of reasons: first, it seemed like a constructive way to go and, second, it meant that we wouldn't have to sit before you today and state, in no uncertain terms, that we think Bill 159 is not an appropriate piece of legislation as it is written. The OMA has been actively, and we believe constructively, involved in health privacy since we began this process in 1995, but we are feeling extremely frustrated that we've seen very little movement on the key issues. Let me be clear: we support the need for this type of legislation, but if, and only if, it is substantially changed.

Doctors and patients are very disturbed by this legislation for a number of reasons, not the least of which is its impact on the very heart of the doctor-patient relationship. I am very uncomfortable when I hear ministry officials and others talking in very impersonal terms about their information needs, without appearing to realize that for my patients this isn't about bits of data; it's about their innermost emotional and personal secrets. It's about a bill that would allow the government to have access to those secrets with no patient control.

As a physician, I am in a unique and privileged position of trust. People tell me things that they do not readily share with other people, even their closest family and friends. They tell me things that they're embarrassed about, like parental abuse; they tell me things they're fearful of, like the fact that the chest pains they've had may affect their job status; and they tell me things that might cause them severe stigma if known publicly, like alcohol or drug abuse. They also talk with me about matters linked to their genetics and their family history, things that would have repercussions for their entire family if known. Patients don't share this information with me casually, but they do share it because they know that it's necessary so that I can help them. They also know that I have a duty to maintain their confidentiality and that their secrets are safe with me. That bond of trust is critical to the practice of medicine and must not be underestimated by this committee. Without it, patients may be less likely to share vital information with their doctors. I worry that if you don't give me good information, I can't give you good care.

As we look at the Personal Health Information Privacy Act, we should keep foremost in our minds the fact that patient information is shared in a very sensitive and personal context, and although we might imagine many different and interesting uses for the information, it is not a commodity for common use and trade. In its current form, Bill 159 sets the stage to open patients' medical information to unprecedented access and to undermine the trust relationship that exists between physicians and their patients.

The government correctly argues that it needs information to manage the health care system and to more effectively plan for the future. I believe it's critically important that we move forward to utilize information technology in order to improve patient care and system management. I do not believe, however, that the development of information technology should come at the expense of patient privacy.

Despite having asked repeatedly, the OMA has yet to receive a clear answer as to why the minister, the ministry and the district health councils need complete access to patients' charts for planning purposes. The ministry can capture all of the information it needs for planning by using sophisticated epidemiological information. They do not need access to identifiable individual patient information.

The same holds true for system management. Information that demonstrates patterns of usage by demographic cohort and geographic area provides very useful information for the ministry to fulfill its legitimate planning and management functions. The government does not need to give itself the power to force health care providers to surrender private patient records for these purposes.

Bill 159 also gives the government the power to regulate how patient information will be coded and stored and with whom it will reside. The OMA believes that these are important policy questions in their own right and should not be buried in the vast regulation-making powers of Bill 159. The government should not be able to force the standardization of patient records or to force all patient information to be stored in massive government data repositories. Instead, the collection of data should be done through a consensual process involving both the physicians and, most importantly, the patients.

I'd just like to return to my previous point relating to ministry access to information for a moment and to clearly state for the record that the OMA does not support the provisions of Bill 159 that would allow the government to force the disclosure of patient charts that are held by physicians. I would like to reiterate in the strongest possible terms the fact that the OMA objects to section 31 of the proposed act and believes that it must be deleted entirely. The OMA does not believe that Bill 159 has any possible claims to legitimacy as a privacy bill if it does not rectify the sweeping intrusion by the government into its citizens' personal lives. This legislation should be about the protection of data and not the collection of data.

The OMA has prepared extensive written comments on Bill l59 which have been circulated; however, the more closely we examine the legislation, the more we realize that we don't need to simply rewrite one section or another of the bill. Instead, we need to start by fundamentally rethinking the underpinnings of the legislation. The OMA remains committed to provincial legislation that is specific to health care, and we cannot and do not support Bill l59 in the form that is before us.

I recognize that I have not addressed many of the specifics in Bill l59 in the time allotted to us today, but I hope that my comments have helped committee members to more clearly understand the strong stand that physicians take on this issue as advocates for our patients. I would be pleased to use our remaining time for questions.

The Chair: We have about three minutes per caucus. This time we'll start with Ms Lankin.

Ms Lankin: Thank you very much. I appreciate your presentation. Yesterday we heard from a member of your association, Dr Franklin from London, who took a very different position and suggested to us that the privacy requirements in Bill 159 were onerous, in particular for group physician practices, although it would be difficult for sole practitioners as well. He was of the opinion that there would be requirements for additional security and those sorts of things. I have to say it left most of us feeling very uncomfortable about how private our records are now in doctors' offices.

I take from the presentation you made today and from the comments you made earlier that the OMA, representing doctors, by and large feels that it's a key responsibility of a physician to maintain patient confidentiality, that patient-doctor relationships are reliant on that. At this point in time, I think you would disagree with the presentation we've heard from Dr Franklin then.

0940

Dr Schumacher: Again, not having heard or read his transcripts, I want to reiterate that the first premise of any physician in practice is to do no harm. We certainly know that the information contained in probably everyone's chart in some way or another can harm that patient, so one of our first duties is to make sure that absolute confidence is maintained.

On the issue of how strongly you have to lock up records or how many locks on the doors we've had, on a practical basis we have not, over the last 20 years that I've been in practice, seen violations of this that have certainly come to our attention in any great way.

Ms Lankin: Let me go on to another issue then. You addressed in your presentation support for the need for good information for health systems management. I think we would agree strongly on that. The OMA is involved in participating with the ministry on that; also for good epidemiological research, the kind of development of peer practice, best practices, those sorts of things. We've been told that there are certain circumstances, both in epidemiological study and in systems management, where identifiers are going to be required to do longitudinal studies in order to provide good information. Do you accept that? Do you see any circumstance where identifiers are going to be required? If so, are they the rare minority? What's your opinion on that?

Dr Schumacher: None would come to mind to me that I could describe, so it would certainly have to be something very rare where you would require that to be followed. Certainly in those cases where that would be required, I think it would be paramount to have written patient informed consent to have that happen. But none come to mind.

Ms Lankin: Let me take this one step further. In your defence of protection of privacy of information, in the previous draft of the discussion paper there was the concept of the lockbox. It has been said to us that it should be the patient's right to keep information from you as the doctor, for example, if we are aware of the consequences of that, if we are aware that that means you may not be able to provide the best diagnosis and the best health care, but in a system that's not paternalistic, that is our right as an individual, to control our private information. Is the OMA supportive of a lockbox provision in the legislation?

Dr Schumacher: We are not supportive of the lockbox. We certainly understand the concerns that you raise about the sensitivities of information and not sharing it; however, we are frequently required to seek other opinions, consultations from specialists, where certain things are absolutely critical to the understanding of a patient and how you'll move that forward. Again, I think that in the transmission of that information one tries to certainly be succinct and to be to the point. However, just as you would treat someone who is a diabetic quite differently if you're a specialist, that's a piece of information you really can't leave out in the even two-sentence discussion of that patient. Similarly, in many circumstances other diagnoses, whether they be heart disease or positive HIV status or other important indicators that affect a whole variety of other conditions and treatment, can't necessarily be well withheld. So, no, we don't agree with the lockbox on that basis.

Mr Wood: Would you support a provincial act that was substantially similar to the federal act?

Dr Schumacher: As this committee is aware, we certainly had problems with the federal legislation. We would like to see a provincial act that would be similar to the federal act so that we could beat it out and have our own act in Ontario. We have some common concerns about the federal act as it's written and we would certainly look forward to an act that would not be ruled substantively dissimilar so that we would be ruled out of order by the feds.

Ms Barbara LeBlanc: I think the other thing is that we're supporting a provincial scheme partly because the federal legislation wasn't drafted with health care in mind and so it doesn't always fit very well. One of the positive things about Bill 159 is the fact that it allows information to move for health care purposes in ways that we think it needs to.

Mr Wood: In 30 seconds, could you describe what changes you'd like to see in the federal act and a provincial act, just to touch on the areas very quickly.

Ms LeBlanc: I don't think we really have any opportunity to change the federal act.

Mr Wood: What I'm saying is, in the drafting of the provincial act, tell us what changes from the federal act you would like to see.

Ms LeBlanc: I think the first thing is that the federal act requires that there be a consent each time information moves within a system. Obviously in health care, among health care providers, that's not necessarily reasonable enough for the hospital circumstance, for example. That's a significant issue.

The other thing that's important, and I'm not sure how we're going to deal with it, is the consent question. The federal act deals with consent. The provincial act also deals with informed consent, and we're going to have to grapple with how we define that. I think those are two of the big issues.

Mr O'Toole: I have a couple of very quick questions. You would agree that in the profession information is shared between practitioners today?

Dr Schumacher: That's correct.

Mr O'Toole: And it's shared in various formats?

Dr Schumacher: Yes, it is.

Mr O'Toole: And for very ethical and professional reasons always.

Dr Schumacher: That's right.

Mr O'Toole: Is the patient always informed?

Dr Schumacher: I believe the patient is usually aware. Certainly when I consult with a consultant, they're aware that I'm going to transmit a referral request or a letter that accompanies that. The patient will usually ask that the other pertinent documents go forward. So there is usually patient involvement and implied consent in all of those transactions.

In the areas that go outside of my transmitting information to another physician, when it deals with an insurance company or another third party, that certainly requires written consent by the patient. I think most physicians take that further. They provide a typewritten report based upon that written consent. But when the entire chart is requested by the insurer or by a lawyer, physicians will usually go back and check with the patient that that's indeed what they wanted. There's a lot of difference between your entire record and what I transmit for the purposes of a car accident or a lawsuit.

Mr O'Toole: I just have one further small question. On page 2, in the second last paragraph, you go to some length to explain that the government shouldn't be able to standardize patient records. I find it inconceivable that there isn't some uniformity for the transmission, either electronically or in paper form. Without that, the system is completely incomprehensible. If you are insisting that this enforced standardization isn't acceptable to the OMA, what is?

You are sharing data, digital and otherwise, today. You have a format. It's called a language of some sort. I find it incomprehensible that that would be a dismissive part of this legislation, given the fact that today is already here digitally, and if it isn't, they'd better get their heads around it, in my view.

If that can be used in some critical way to be more accountable in the system, even if it's in digital format, without the patient identifiers, there is some risk that Erik Peters or others could make some assessments based on this kind of data format much more easily than some years ago. Do you follow the line of thinking? Not only that, it should be uniform across Canada, in my view; Canada shouldn't have different codes in every province. I'd like you to respond to that.

Dr Schumacher: Sure. Let me respond first of all by saying that even with the data that OHIP has tried to organize around diagnostic coding, this has not gone extremely far or served the patient very well, especially from the fact that typically in my office I'm seeing the average patient for three or four diagnoses at the same time and actually treating all three or four of those things. There's only one coding that OHIP can accept or is even interested in. In fact, the statistical data from that code has never been very good because of the way it has been managed. So it is not as good as the information in the hospitals.

Second, a lot of innovative charting has been developed, not by the ministry or by the government but indeed by physicians. I would point out and highlight the well baby record used in Ontario, which was developed by two family physicians in Goderich, as an excellent way of charting and managing our newest residents.

Similarly, the maternity documentation is something that's undergoing continuous review, that is being developed and pushed forward. It's a standard that's taken up by all the delivery rooms in the hospitals and enforced in that way.

I think there is a lot of innovation that is always moving forward in record-keeping to make it not only more patient-friendly but physician-friendly and in a form usable by all. One would hate to see it very limited or constrained in any way as to affect progress.

0950

Ms LeBlanc: Just to add to that, the OMA is working with the ministry on developing the core data set emergency health records, and we think that standardizing certain information is very useful. You have to realize that what we're talking about is the entirety of the patient chart.

Mrs McLeod: I have one question and then a question from my colleague. I completely share your concerns about the breadth of directed disclosure, where the minister can require you to disclose confidential health records. I think the breadth of that in the bill has raised some questions about what is the government's intent in bringing forward the bill-is it really to get better access for government to health information?-as opposed to the stated intent, which I think you would support, which is the assurance of health information among the health care professionals that need to share that information for the better management of the patient.

You oppose the lockbox, which is in the federal legislation. Do you see the lockbox as inhibiting the ability to share that needed information? You seem to suggest that. Is that your primary concern about the federal legislation and is it therefore your main reason for feeling that Ontario legislation is needed, to ensure that we don't have a lockbox through the federal legislation that would prohibit the sharing of information? If that's not the primary reason for Ontario legislation, what gap do you think is there that we need legislation to fill right now?

Dr Schumacher: I think the reason for requiring the legislation-and you asked a bigger question going back-is that we need to make sure that health information which is now collected and dealt with by many people other than doctors, nurses and hospitals is treated in the same way with the same constraints on it and the same attention to privacy that my profession has dealt with over the last 200 years in Ontario. We know that the information in many other people's records will contain many elements that are very similar, so we want to make sure that in the health context that's taken into account.

The lockbox is not the only concern as far as the federal legislation goes. Certainly there are logistical problems with going into a record and having two parts, the secret part and the not-secret part, that can be shared and disclosed. As I mentioned, sometimes the secret part is very important and critical for many other areas of care. I think Ontario needs its own legislation, because I've always felt that Ontario is one of the forerunners in the provision of health care in Canada. We certainly lead many of the other provinces in our developments, in our technology and so forth, and I hope we continue to in the future. I think it's important that we have our own health privacy legislation for that reason. I am adamant in seeking the protection of the patient as something that actually works.

Mr John Gerretsen (Kingston and the Islands): I'd like to ask you a question with respect to a presentation that was made yesterday here. There was false information in medical records of a doctor who was convicted of fraud. What is the OMA's position on that? Do you support the idea that obvious erroneous information, as a result of court cases etc, that's contained in a patient's file should be deleted by the ministry as a matter of course, rather than the lengthy process that this individual had to go through? There are still no assurances that the erroneous information will be taken from his file. Does the OMA have a position on that kind of situation?

Dr Schumacher: It's certainly our position that in cases of fraud, OHIP needs to deal with and correct that information. That should be done without any lengthy delay or process. I can tell you that the medical record kept by any physician who has been charged with that kind of fraud on a criminal basis becomes completely irrelevant and would be ignored by anyone else in my profession. Certainly, any insurers or other people who may have contact with that need to treat that information in that same fashion.

Mr Gerretsen: You've made 23 recommendations here in your lengthier report. Have you shared these with the government before and have you had any response to them at all?

Ms LeBlanc: We've been involved in this process for five years now and this is merely the latest iteration of concerns that have been on the table several times at this stage of the game. We've been dealing with Ministry of Health staff very closely.

The Chair: Thank you very much for making your presentation before us here this morning.

ONTARIO PHARMACISTS' ASSOCIATION

The Chair: Our next presentation will be from the Ontario Pharmacists' Association. Perhaps we could get everyone to take their discussions outside, please.

Welcome to the committee. Again, we have 20 minutes for your presentation, for you to divide as you see fit between either an oral presentation or a question-and-answer period.

Ms Barbara Stuart: Good morning, Mr Chairman and committee members. My name is Barbara Stuart. I'm the CEO of the Ontario Pharmacists' Association. Thank you for allowing us to make our submission today.

Before we begin, I'd like to introduce our delegates. To my left, Sal Cimino is a practising licensed pharmacist and is the chairman of OPA's board of directors. To his left is Gerry Cook, also a practising licensed pharmacist and a member of the executive committee of OPA's board of directors. To my immediate right is Holly Rasky, who is our director of government relations and general counsel. Ethan Poskanzer, to Holly's right, is our external legal counsel.

In terms of who we are, we've included in your brief an overview of OPA. I think most of you know who we are. Also included for your reference are two of our previous submissions that we've made to the government on the issue of the privacy legislation.

We have a few concerns, and we'd like to address those this morning. There are only about three or four in number, so we'll be brief.

We support the need for legislation which establishes clear rules respecting the confidentiality of health information, the circumstances in which disclosure is permitted and the necessary requirements to obtain patient consent. We also recognize, though, that the requirements for patient confidentiality should not impede the ability of health care providers to provide needed medical care to patients. As a result, we support the legislation's goal of safeguarding the privacy rights of individuals, while at the same time ensuring that health care providers have ready access to personal health information.

We are concerned, though, that some portions of the act are unclear or too broad, thus defeating these purposes. I'll go right to our first point of concern. It refers to section 29, the ability of pharmacists to access needed health information from prescribers. First and foremost, it is essential that pharmacists, in order to perform their role in the health care system, be able to obtain all health information necessary to allow pharmacists to do four things: (1) to provide optimal patient care; (2) to determine whether the patient meets criteria for government-related programs; (3) to be compensated for their services; and, (4) to comply with all legal requirements. Section 29 of the act should be revised to clearly provide that prescribers may provide personal health information to pharmacists for all of these reasons.

The problem is that the current wording of section 29 could be interpreted as only allowing the prescriber to release this information so that the prescriber can get paid. It is not clear that the language authorizes one health care professional to release information to another so that the second health care professional may obtain reimbursement. As a result, it is not entirely clear that a physician is permitted to disclose health care information to a pharmacist under section 29 so that the pharmacist may obtain payment. Further, it's not clear that such disclosure is permitted where it is necessary for a pharmacist to comply with relevant statutory obligations.

A related concern is that other legislation that impacts on health information, such as the Medicine Act, needs to be reviewed and revised to ensure that a single, clear set of rules applies to the disclosure of personal health information. There is little point in allowing prescribers to provide information to a pharmacist under one act while another act may be interpreted as limiting or prohibiting such disclosure.

1000

Under the regulations to the Medicine Act, it is not considered to be professional misconduct for a doctor to give information about a patient, including access to the patient's records, to a pharmacist for "the purpose of providing care to the patient." What is meant by the phrase "providing care" seems to vary, depending upon the particular physician. Unfortunately, many prescribers take a narrow view of what information they can or will provide to a pharmacist. This can have a significant impact on the pharmacist's ability to provide optimal care, follow the law and obtain payment for his or her services.

The reason section 29 is so important is that in order to fill a prescription lawfully and in order to ensure proper payment, the pharmacist may need to know why the prescription was written. This is particularly true when dealing with the interchangeability of products on the Ontario Drug Benefit Formulary.

It is essential that a pharmacist be able to obtain reliable information from the attending physician since an individual patient may not be aware of the diagnosis or may forget important details of treatment. Further, the pharmacist may have no direct interaction with the patient, whose prescription may be presented by a person acting on the patient's behalf rather than directly by the patient at the pharmacy.

While pharmacists have a good working relationship with the medical profession, our members tell us that prescribers often refuse to provide them with necessary patient information, stating that it would be professional misconduct to do so as the information is related to questions of reimbursement and not relevant to patient care. However, as we just explained, pharmacists require this information to be able to dispense medications following the rules established by the government and to provide optimal patient care.

Just as it is critical for physicians to have all relevant medical information to permit them to perform their tasks, so too is it critical for pharmacists to have all relevant information to permit them to perform their tasks. Prescribers, given their role in the health care system, generally are the gatekeepers of patient information. It is essential, however, that the law permit professionals, who must work as a team, to have access to necessary information in order to adequately and lawfully fulfill their role as health care providers.

Item number 2 of concern is the definition of "operators." I would now like to turn to the difficulty we foresee in determining which individual in a particular pharmacy is the health information custodian for the purposes of the act. This difficulty arises from the term "a person who operates" in paragraph 4 of the definition of health information custodian. Bill 159 deems "a person who operates ... a pharmacy" as a health information custodian. The meaning and extent of who is included in this definition has a significant impact on the interpretation and application of the entire act.

The problem is, in the case of a pharmacy, the person who operates the pharmacy could be an individual store owner; two or more individuals who are in partnership with one another; a corporate head office, as may be the case for a chain of stores; or a non-pharmacy, non-health-care-related corporation, such as a supermarket which operates a pharmacy in one or more of its stores.

The definition of "a person who operates ... a pharmacy" will impact on how the act applies and is interpreted, as the operator of the pharmacy is the custodian of the personal health information.

It may be useful where there is more than one person or entity which may be considered to be the health care custodian to allow the individuals to designate among themselves who will be the health care custodian for the purposes of the act in order to avoid these difficulties.

A related concern is the implications of the definition of "person who is employed by or in the service of a health information custodian." Section 16 of the act deems these individuals as acting on behalf of the custodian "when exercising powers or performing duties for or on behalf of the custodian." It does not appear that these powers and duties are required to be tied to the provision of health care. Therefore, if the custodian is a supermarket, then employees who are not involved in the providing of health care or related services, such as the butcher, may be deemed to be acting on behalf of the custodian. We are concerned that this is too broad. Is the supermarket supposed to ensure that the butcher does not have any access to personal health information, and ensure that if he or she does, that the collection is done in accordance with the rules? What is the butcher to do if Mrs Smith decides to tell him or her about her arthritis while the meat order is being filled?

Consideration should be given to including a provision which limits the application of the act to persons who perform services related to the delivery of health care on behalf of the custodian.

Item 3 of our concern is the requirement to keep the identity of individuals separate from personal health information, which is subsection 12(5). We are concerned that the requirements of this section may result in compromised patient care. This section requires custodians, when using, collecting or disclosing personal health information, to do so in a manner, to the extent reasonably possible, that conceals the identity of the individual. We appreciate that the section includes the proviso that the purpose of the collection, use or disclosure of the information still be met. However, these requirements are too onerous and ambiguous in the context of a pharmacy. We recognize it is important to ensure that such information is kept confidential and secure. However, requiring the segregation of all patient information would be onerous, time-consuming and potentially dangerous for the patient; for example, separating the name from the medication on the prescription bottle.

Item 4, and it's our last item of concern, is duties with respect to accuracy, and again that is in section 24(2). It's the final concern, because we feel it's not reasonable to require the health information custodian to ensure that the information is "accurate, complete and not misleading" when disclosing the information. A pharmacist cannot, in all circumstances, ensure that the information provided to him or her meets these standards since the pharmacist often is required to rely on others, whether it is the patient, the prescriber or another source, for that information.

Mr Chairman, those are our comments. Again, I thank you for the opportunity to present them to you. We would be pleased to answer any questions.

The Chair: That leaves us three minutes per caucus for questions. This time we'll start with the government.

Mr Wood: That was a very clear and helpful presentation. I have no questions, but thank you very much for coming.

Mrs McLeod: I appreciate a number of points you have raised that we hadn't heard before. One of them is that whole issue around payment, which I hadn't understood until I realized that you're now dealing in some cases with differential uses of certain drugs and the only way you can find out whether or not it is in fact on the drug plan, whether the individual is going to be covered as well as whether the pharmacist will get paid, is to call the doctor and find out whether or not this is under the formulary a prescribed use of that drug. Thank you for bringing that to our attention.

I was a little less sure about that person who operates a pharmacy question because it seems to me-God forbid I should be speaking for the government, but the answer the government might give is, yes, that owner of the supermarket is required to make sure that the health records that are kept in the pharmacy section are secure and that there is not access to the butcher of an actual record. I would appreciate some further comment on that.

Also, we've had a number of presentations from the colleges, including the Ontario College of Pharmacists, and one of the concerns they have is that the colleges should be exempt so that they can carry out their regulatory functions and they can access the records they need for that purpose. My main question, among others I'd like to ask you today, is, if the colleges are exempt, as the regulatory bodies, and we have Ontario legislation that deals with front-line providers, does that create two sets of rules, in your view, that the providers are operating under, or is that something you'd be fairly comfortable with?

Ms Holly Rasky: Thank you for the question. I don't think there would be a problem with there being two sets of rules, because the purposes of the colleges' business would be different from the fundamental business of the health care providers. I understand that they are regulated under the Regulated Health Professions Act, and if it's their position that they shouldn't be covered under this legislation, as I understand that to be, then I don't think we have a reason to disagree with that. There are safeguards in place.

Mrs McLeod: Could I ask you too, if I have another moment, about the lockbox provisions that are in the federal legislation. The federal legislation, as I understand it, would certainly apply to pharmacies if we don't have Ontario legislation. Do you see the provision of a lockbox as making it difficult for pharmacists to be able to contribute fully to patient management, or, for example, if you think somebody is doctor-hopping with drug prescriptions, can you spot that through the prescribing as opposed to having broader access to the patient records?

Ms Rasky: I think we were pleased to see the removal of the lockbox provision from the provincial act. I think it's dangerous to have. Patients may not necessarily appreciate the information and the sensitivity of the use of that information in their own care. For example, you may not be aware, but one pharmacy cannot provide information to another pharmacy, even if they're in the same chain. If you have a situation where a patient put a lockbox around certain information in one store and the other store is trying to fill a prescription, it's very hard then for the pharmacist to identify potential dangers between interaction of the possible medication, or other information a pharmacist might need to get the information to provide the best treatment. It's important that the pharmacists and the health care providers need to have a certain amount of information to provide sufficient patient care and I think that's just a very important principle. That's part of the balancing between a patient's rights and the ability of health care providers to do their job.

1010

Ms Lankin: Two or three things. Let me start at the tail end of your presentation. I'm perplexed by your concerns around section 24(2), which says that people who are going to disclose information have to take reasonable steps to ensure that it's accurate. Presumably your records contain information about prescriptions that have been written and have been filled, and the registration information in most cases. Presumably you take reasonable steps as you're entering that into your system when you're talking to the individual patient or the person presenting on behalf of the patient. I am often asked, "Is your address still such-and-such, Ms Lankin?" I don't understand your concern about that section, that that's an unreasonable requirement.

Ms Rasky: I guess it's a concern that arises out of, in particular, a government program called the limited use program. Under that program the patient is only covered for certain prescriptions provided that they've taken certain medications, step-up therapy. You don't get the big drug until you've tried other medication. There is need for clarity with some of these programs about what the obligation of the pharmacist is to obtain confirmation about whether the patient has-

Ms Lankin: That really has nothing to do with disclosing information. The circumstances in which you disclose information as a health information custodian are limited, right?

Ms Rasky: Yes. I guess our concern is whether the obligation would extend to actually phoning the physician to ensure that patient information we got perhaps from the patient or one of the patient's health care givers is accurate. It's hard to know what "reasonable steps" means, that's all. Just some clarity would be helpful.

Mr Gerry Cook: The concern is largely with information we don't receive at first hand but receive from a second party. We can't actually take the steps to ensure whether that information is accurate or not.

Ms Lankin: I think what most pharmacists do now would be deemed to be reasonable, but it's something we could get the ministry's interpretation of and that might give you ease.

With respect to your concern about keeping the identity of individuals separate from personal health information, again, this is a section that really steps out in a number of ways and says "where possible." It's not an absolute requirement. I would think all of us concerned about the privacy of our health information would want all reasonable steps to be taken. It says that if you can do it without private health information, just on registration, do it just on registration. If you've got to go the next step, take this precaution. If you can do it by keeping separate the identifier from that and it still meets the purpose of why you're collecting the information, then do that. If the purpose of a pharmacy collecting the information is to be able, when the person comes back, to check and see what their prior prescriptions are and ensure that there aren't any contraindications or whatever, I can't see how anyone would oblige you under this legislation to have taken the step and to keep the information separate. Again, I don't understand the nature of the concern here. Is it something you just need clarification on from the ministry and a sense of ease about what's expected of you?

Ms Rasky: I think that's exactly right. Our sense is that the legislation is drafted to try and catch a number of instances, including different kinds of health care providers. Our concern is simply that the rules be clear, easy to follow and not interfere in patient care. A clarification is really what we'd be looking for there.

Ms Lankin: My last question is with respect to your concern under section 29. Right at the beginning, section 29 indicates that a health information custodian may disclose personal health information to another health information custodian "if the disclosure is made for the purpose of providing, or assisting in providing, health care to the individual." Although we've had a number of suggestions of amendments that should be made to that section, you're saying you think what will happen under that is you will only be given the information if it's for the purpose of payment. Yet it says here, "for the purposes of providing, or assisting in" the provision of health care. There may be a need for a better understanding between doctors and pharmacists, but it would seem to me that what you do is the provision of health care and that you would be covered under that.

Tell me exactly what your concern is, and would you also comment on the overarching statement there where it says the person's custodian "may disclose personal health information." We've heard a number of comments that that "may" is too discretionary. Could you comment on the discretionary aspect of it and comment on what your actual concern is, given clause (a), which says you should get the information?

Ms Rasky: I think part of the concern is a drafting issue. I may be overstepping, but my sense is the intention was to allow exactly for the provision of the information, as you say. My concern is that in the drafting it doesn't clearly appear to allow for the provision of the information from one health care provider to another for the purpose of that second health care provider to get paid. It just says that they can release the information and it could be-you see, as you read at, for example, 29(1) that you can disclose the personal health information relating to an individual, "(c) for the purpose of obtaining payment...."

Ms Lankin: But sub (a)-

The Chair: Sorry, Ms Lankin. We've hit our 20 minutes.

Ms Lankin: It says, "for the purpose of providing, or assisting in" health care.

Mr Cook: I think the concern is that you wouldn't have needed a separate section for payment if that was encompassed by (a). So payment is a separate issue, and the problem is that while the legislation is clear as to whom you provide the information to in (a), it's not that clear as to whom you provide the information to in the other sections. It's largely a drafting problem, but I think the intent is to allow for the sharing of that information for all of those purposes. It's just that in some cases they tell you whom you provide the information to; in some cases they tell you the purpose for which the information is provided.

Ms Stuart: I would just add to that, if I may, very quickly that all three questions that you ask really revolve around the broadness of the wording. It's not so much that the content or the intent is not understood; it's that when several different people read it or try to understand it, they come up with different interpretations.

The Chair: Thank you very much for coming before us this morning.

PSYCHIATRIC PATIENT ADVOCATE OFFICE

The Chair: Our next presentation will be from the Psychiatric Patient Advocate Office. Good morning and welcome to the committee.

Mr Vahe Kehyayan Good morning. My name is Vahe Kehyayan. I'm the director of the Psychiatric Patient Advocate Office. With me are Lora Patton, our legal counsel, and David Simpson, our systemic policy adviser.

We would like to thank the committee for its invitation to further consult on the proposed personal health information bill. The PPAO is a quasi-independent program of the Ministry of Health and Long-Term Care which was created in 1983, in part to advocate on behalf of the psychiatric patients in the provincial psychiatric hospitals, including those recently divested.

We are here before the committee to raise concerns with the proposed bill from the perspective of our clients, who are the seriously mentally ill. Although some of the issues raised by our office will echo those of others, we hope to provide this committee with some insight into the specific areas of concern for our clients.

We strongly support the government's recognition of the need for clear, effective legislation that will protect the personal health information of the people of Ontario. We also recognize the challenges in creating legislation that enhances health care delivery while ensuring that individual privacy is protected.

We also support the decision to incorporate an impartial oversight body to ensure compliance with the law and to resolve disputes. The selection of the privacy commissioner to fulfill this role allows a single point of contact for individuals seeking adjudication of complaints and will allow a single body to review the implementation, application and compliance with the law.

In addition, we are pleased that the bill incorporates the concept of consent from the Health Care Consent Act. The definition of consent as provided in the bill requires that a valid consent be specific, informed, voluntary and not obtained through misrepresentation or fraud. These elements have a profound impact on the balance of the bill, setting a high standard for an individual's choice in the process. That high standard must be maintained in each provision of the bill and remembered when drafting all exclusions to that basic principle.

We believe that further amendments are necessary to strengthen the bill's ability to protect private health information and enhance public confidence in the integrity of the health care system.

1020

Our submission which is before you will primarily address three areas of concern: (1) the erosion of consent-based disclosure; (2) the decreased access to one's own personal health information; and (3) the lack of sufficient enforcement mechanisms. I'm going to ask Lora Patton to comment on these three areas.

Ms Lora Patton: Good morning, Mr Chair, members of the committee. As Mr Kehyayan has stated, I am going to begin discussing the erosion of consent-based disclosure that we find in the bill, and before we begin dealing with specifics I'd like to take a step back and comment on the general thrust and the purpose of the legislation.

The protection of individual health information is fundamental to our clients. Those suffering from mental illness continue to face discrimination from many sources and unanticipated disclosures could cause significant harm. Disclosure of information relating to diagnosis, hospitalization and treatment could adversely impact personal relationships, employment and insurance coverage, as well as causing embarrassment due to the stigma still associated with mental illness.

Beyond the potential harm resulting from disclosure, the individual's inability to control that disclosure and the inability to track potential distribution erodes our clients' comfort in any protective legislation. Our clients have an expectation that their private health information will be protected and only disclosed with their knowledge and consent. They have an expectation that the government does not have unlimited access to that information and an expectation that the government or health information custodians cannot pass that information to other parties for undefined purposes.

This fundamental belief that information will be kept confidential by a health care practitioner is essential to maintain trust with the health care system to encourage individuals to seek diagnosis and treatment, and to confide sensitive information that may be necessary for that treatment.

To illustrate the importance of the public's trust, we can look to recent changes to the Mental Health Act. In that act, new changes create community treatment orders, or CTOs. CTOs can allow an individual to remain in or return to the community by providing a comprehensive system of treatment, care and supervision. A CTO may be thought advantageous by the treatment team for a number of individuals who would otherwise be required to stay in a hospital for long periods of time.

One problem with the CTO scheme, however, is the lack of protection surrounding personal health information. At the time a CTO is being considered, a physician may discuss that individual's health information with a number of organizations, professionals or lay people in the community. Consultations may take place with landlords, family members and any other person who may be involved in the treatment plan, all without the specific consent of the individual.

As a consequence of these provisions, a number of our clients are extremely reluctant to enter a CTO. While a CTO may provide increased freedoms and access to specialized programs, our clients are concerned that their information will not be properly protected within this scheme.

Privacy legislation must address the public's concerns relating to confidentiality and ensure that specific, informed and voluntary consent is obtained whenever identifiable personal mental health information is disclosed. This bill, despite the specific provisions of consent, as set out in section 21, fails to meet the basic premise that disclosure requires consent and consequently it fails to meet the privacy expectations of our clients.

The bill grants broad powers to the Minister of Health and Long-Term Care to obtain and disclose personal health information. Subsection 30(5), for example, allows disclosure by the minister for the purpose of managing the health care system. This clause exemplifies the excessively broad drafting of exceptions to basic privacy protections. It is unclear what types of services would be included in the phrase "for the purpose of management of the health care system," and it is unclear what type of programs would be granted access through the regulations.

Section 30 of the bill provides a number of such broad, undefined exceptions to individual privacy rights. Although the general principles contained in section 12 indicate that only the minimum amount of information necessary shall be disclosed, it is uncertain on the surface of the bill how these protections will mesh with the balance of the legislation.

Similar to the minister's powers, under section 29 a health information custodian can disclose information to a hospital or a physician, for example, for the purpose of providing health care without the consent of that individual. This section again fails to recognize individual choice in the disclosure of information and that individual's right to withhold information and take responsibility for any withholding.

In addition to the powers of the minister and health information custodians to access and disclose information, the bill outlines a number of areas in which consent is deemed. For example, section 30(1)(c) allows a health information custodian to disclose information for health screening programs unless specifically directed otherwise, by either the client or the substitute decision-maker.

Similarly, section 29 of the bill allows facilities to assume a patient's consent to disclose his or her presence as a patient in the facility and his or her general health status. Such opt-out clauses do not satisfy the elements of consent as outlined in section 21.

Many of the PPAO's clients may be acutely ill, and even if they become aware of the negative-option consent provisions, may be unable to specifically express refusal. Further, as a result of their illness, they may not be able to understand the consequences or ramifications of consent at the time of admission. It is unreasonable to place the onus on the individual to initiate discussions and then express his or her feelings regarding disclosure of information in any circumstances.

As for our recommendations, the PPAO recommends that the very structure of the bill be revisited, with a consistent emphasis on consent-based disclosure. We recommend that the legislation require a positive act of consent prior to disclosures of any nature.

The definition of "consent," which is already outlined in section 21, and the limits on disclosure in section 12, are integral to the bill, laying the building blocks for privacy. However, there are too many exceptions, inconsistencies and unclear provisions to ensure that these concepts will read as a fundamental section in its interpretation. The PPAO recommends that the exceptions to consent-based disclosure be carefully articulated in the bill and the purposes of the exceptions be carefully defined.

The PPAO supports and encourages the use of a locked box system, a system that allows an individual the statutory right to block the transfer of any part of his or her personal health information. Such a mechanism resolves some of the concerns outlined above regarding disclosures which are not based on consent.

In addition, we recommend that forms which are executed consenting to the disclosure of information be standardized, as is done with the Mental Health Act in form 14. The consent forms must make clear the extent of the information being released by the individual, the purposes for which the information is being released and any limits or conditions on the disclosure, with an expiry date for the period that the release is valid for. There should also be a standardized method for withdrawing consent within the legislation.

Also fundamental to any information privacy legislation is reasonable access to one's own information. The proposed privacy legislation will replace sections of the Mental Health Act with respect to patient access to his or her clinical records. The current level of protection enjoyed by patients must be continued. There is a detailed list of the Mental Health Act provisions located in our written submission. I believe it's on page 5, for your reference.

Under the Mental Health Act, a facility must respond to a request to access a file within seven days. This bill allows the health care custodian 30 days to respond. Further, the health information custodian may delay a response for successive 30-day periods at his or her own discretion. We support the timelines that are currently available under the Mental Health Act.

The proposed legislation provides for a number of situations in which a health information custodian can refuse access to an individual's file. Under the Mental Health Act, only the Consent and Capacity Board has the authority to withhold a record, and then only when there is a demonstrable safety risk. Again, we would support provisions that reflect the MHA.

The PPAO also recommends that any person who is denied access to his or her own health information be given independent rights advice, with clear access to an appeal mechanism. We further recommend that the Consent and Capacity Board be given jurisdiction to review complaints under this particular section, as that board has particular expertise in the area of mental competency.

The right to examine one's own records may be further complicated by the potential to levy fees for access. The cost of fees may be preventive to our seriously mentally ill clients, as many are indigent and receive social assistance. In addition to costs that may be charged to simply view a record, costs may be charged to copy that record. The PPAO recommends that no new fees be instituted to view a record. We also recommend that there be a means of reducing or waiving photocopying costs in accordance with a financial means test where the cost acts as a barrier to access.

1030

The incorporation of the privacy commissioner as an oversight body represents a significant change in the enforcement structure of the bill. However, the proposed legislation stops short of providing the commissioner's office with sufficient powers to ensure compliance with the legislation. The PPAO recommends that the commissioner be given clear and full authority to conduct independent audits of the policies and procedures of all health information custodians. Power must be granted to allow full complaints investigations. Finally, the commissioner must have the power to enforce decisions and to compel compliance with the legislation.

The PPAO also recommends wide-based education to further promote compliance. Education programs will assist all people affected by the legislation, including health information custodians, health care workers, government and the general public, to obtain and understand their rights and responsibilities under the act.

In conclusion, the PPAO supports some of the steps taken to date with respect to this proposed legislation. A bill of this nature is long overdue and the momentum behind this draft document is encouraging. We support attempts to strengthen this document, to make the changes that are necessary while ensuring that the bill moves forward to completion.

Prior to making specific amendments to the bill, we ask that the committee take a step back from the individual provisions and review the proposed legislation as a whole. Section 12 outlines the guiding principles, the context against which all other parts of the bill are read and measured. These principles must inform the balance of the provisions to ensure consistency and clarity.

Further, if the purpose of this legislation is truly to protect individual privacy values, the bill must be revisited with a view to ensuring specific, informed and voluntary consent, as is outlined in section 21. The current bill falls short of this value by allowing broad, cryptic exceptions to consent-based disclosure and negative-option consent. This issue must be answered before the public and particularly the seriously mentally ill will have any confidence that the health care system truly protects individual information. Thank you.

The Chair: That leaves us about a minute and a half per caucus, so one question with preamble, two without. We'll start with the official opposition.

Mrs McLeod: How about half a preamble?

I very much appreciate your presentation, because you've very thoughtfully raised some issues that we need to think about.

I want to deal specifically with the lockbox. You haven't called it a lockbox in your presentation, but it's the ability of the individual patient to say whether or not the record will be disclosed or will be locked, or some part of it will be locked. You have said that in emergency situations, under the Health Care Consent Act, which I assume means competency-

Failure of sound system.

Mrs McLeod: -who the mental health professional believes is suicidal but who is obviously competent under the Health Care Consent Act and who, for all kinds of emotional reasons, is not prepared to let that professional release information. Would that constitute an emergency in which there should be an ability to share information without consent?

Ms Patton: If we're assuming she's competent and assuming that the substitute decision-maker isn't involved, I think that may be a circumstance where it may be appropriate. Again, just as a broad hypothetical, I can imagine that may be an issue. In that instance, however, the entry into the locked box would be written down, recorded by the physician, and the patient would be notified. So there may be circumstances like that when access can be gained, but if the patient disputes it later, then the doctor may have to answer to the circumstances in which-

Mrs McLeod: It actually wasn't hypothetical; it was a case I dealt with in my brief non-political life. It's one that really challenges me around the issue of the lockbox, which I believe in philosophically. I'd like to find a way to allow, in some cases like that, an element of protection, even though it might seem paternalistic.

Ms Patton: I agree that in some cases there should be some mechanism for opening that box, but I think ultimately it comes back to individual choice and an individual has the responsibility. If they choose not to provide history to their doctor, they're going to take responsibility for what happens as a result of that non-disclosure.

Ms Lankin: I want to follow up on that as well. I suppose that happens every day, that someone goes to a doctor and has a certain circumstance and the doctor attempts to take a history related to that and the individual chooses what information to share or not. You trust that as a relationship builds, an individual is going to make a decision as to what the doctor needs to know and/or what is in their best interests. It does seem awfully paternalistic in a day in which we're seeking out various kinds of complementary medicines, alternative medicines, that in this one type of health care under the health care system someone else determines what's best for you.

On the other hand-and let me throw another issue on the table-in this health care system, which is provided collectively through our tax dollars, we have a responsibility for efficient use of those dollars as well, and where counter-interdictions, for example, lack of information, where incorrect diagnoses based on lack of thorough review of a chart or a piece of information being withheld could lead to substantial complications and costs for the health care system, is that reasonable as well? I'm genuinely trying to get my head around this, because the individual privacy protection part of me says, absolutely, it should be my right to say what I want known and what I don't want known, but this is a system; it is not an individual contractual relationship between one person and a health care provider.

Ms Patton: You're right. I think it is a balancing act, but I think fundamental to the system has to be the individual control. My concern is that if we take that away, we have patients who aren't going to see their doctors and who aren't telling them that they have issues or a history that may impact, and then we end up with the same potential complications two years down the road if a client is withholding that information and not going in for treatment quickly and promptly. I think it has to come back to the individual choice.

Mr Wood: Would you support a provincial act that was substantially similar to the federal privacy act?

Ms Patton: The information I have regarding the federal act, I believe that we wouldn't support it.

Mr Wood: I'd like to ask you to briefly address the question of disclosure without consent for research purposes. We've heard that there are certain research projects, because of the smallness of the sample, that you either have to do without consent or you can't do them. If there were proper oversight, would you support some provision for research projects of that nature to be done?

Ms Patton: I think some provision may be appropriate. The inclusion of the ethics body was a significant step, but I think you may also add a layer and have the privacy commissioner review any proposals and ensure that all other steps have been taken before such a proposal goes forward.

The Chair: Thank you very much for making your presentation before us here today.

1040

CARP

The Chair: Our next presentation will be from the Canadian Association of Retired Persons. Good morning and welcome to the committee.

Mr Bill Gleberzon: Thank you very much for this opportunity to talk to the committee. We appreciate it very much. Very briefly, we now call ourselves Canada's Association for the Fifty-Plus. We've retired the word "retired" in our name, but CARP still remains.

Just to let you know very briefly, CARP represents the consumer and, I guess, patient and informal caregiver and non-professional point of view. We have some 236,000 members in Ontario and almost 400,000 across Canada. We're a non-profit organization and don't take money from any level of government for operating purposes.

To begin, Bill 159 is of great concern to 50-plus Ontarians because at one time or another they will make up the majority of people affected by the bill.

As we understand it, the previous Minister of Health, Elizabeth Witmer, justified Bill 159 on the grounds that it would improve the effective implementation of primary care reform, and we support that objective. However, if that justification is still valid, then CARP believes that Bill 159 as presently constituted strays far beyond its intended purpose.

CARP's position on Bill 159 is that it should be limited and restricted to provide the personal and health information to those professional health care workers involved in providing direct health care to the patient to whom the health information pertains, except in obvious and clearly stated emergencies. The patient or his or her family or substitute decision-maker must give explicit informed consent to share this information. Those professional health care workers who have legitimate access to this information must guarantee to keep it strictly confidential.

CARP recommends that a distinction between the personal information of a patient-that is, name, address, SIN and other personal vital information-and the patient's health information, such as the individual's physical, physiological and/or mental condition, must be made. This differentiation must be part of Bill 159 and applied to anyone who is not involved in the individual patient's health treatment or health care.

Integrated personal and health information should not be available to the Minister of Health, any bureaucrats, employers, insurance companies, researchers, marketers, fundraisers or any other individuals or groups not directly involved in the care or treatment of an individual's health. We're talking about both the personal and health-related information; that is, although health information may be made available, there is no need to link it to the patient's personal information.

As we understand it, OHIP already has the authority to access and investigate medical records of health care professionals that it reimburses for services. This is done to ensure that the services claimed to have been provided for reimbursement have indeed been provided. But this information is accessed for accountability purposes directed at the health care practitioner and not directly concerned with the personal and health information of the patient. In what other ways would having access to the personal information of patients assist the Minister of Health or any other politicians or bureaucrats in managing the health system in Ontario, as the act states?

Employers and insurance companies have no need for direct access to health records. Both require only the confirmation of a professional health care worker to confirm health status by employees or insured customers. Similarly, researchers have no need for personal information to undertake their health or epidemiological research. The bill does establish a protective system to ensure anonymity of subjects through the use of IDs that cannot be traced back to the individual. If researchers do require knowledge of a subject's personal information, the current practice should be retained whereby the researcher can request the custodian of the information to contact the subject either to have the subject contact the researcher or to obtain the subject's informed consent to have the personal information provided to the researcher.

The bill rightly prohibits marketers from obtaining personal information. It should extend this prohibition to fundraisers. We assume that fundraisers for health associations such as for the cancer society or the diabetes association are intended in this context. The decision to contribute money and/or time should be left to the voluntary discretion of the individual. However, the same system that is in operation for researchers could be put in place for fundraisers. Moreover, CARP would accept the idea of providing a patient with the option of deciding whether their name could be shared with an organization for fundraising purposes through an advance approval process that would include informed consent.

CARP recommends that the provincial government provide sufficient additional funding to institutions that need to establish the new position of custodian of information and the staff and equipment required to support this function.

CARP recommends that the information and privacy commission, which we understand are envisioned as two separate entities, should remain two distinct officials and positions, each with a distinct office and staff, in order to ensure that necessary checks and balances would be in effect between the two separate and potentially conflicting functions.

CARP believes that the patient is the owner of their own personal and health information; therefore, they should have easy access to this information whenever they request it. They should only be charged a minimal basic administrative fee, for example, to pay for photocopying etc, when they want to access their own information. This same principle should apply to substitute decision-makers.

If an individual can prove that the personal or health information in their record is incorrect, the incorrect information should be deleted and the correct information substituted immediately without any cost to the patient.

Finally, we assume, but we are requesting, that Bill 159 must be correlated with the federal government's Bill C-6 to ensure that there are no discrepancies or contradictions between the two bills.

Thank you very much.

The Chair: Thank you. That leaves us about three and a half minutes per caucus for questioning. This time we'll begin with Ms Lankin.

Ms Lankin: Thank you. As always, I appreciate the input of your organization.

One of the questions that I've been trying to get clearer answers to as time goes along-and the next presenters are CIHI so this is something maybe they can answer when they come-is we're being told by researchers that there is very important epidemiological research that does require identifiers for, perhaps, longitudinal studies. We've had a couple of examples but I don't have a clear grasp on it. I'm still looking for that lightning bolt that says, "Aha, we wouldn't have known this piece of information which is so critical to all our health if we hadn't been able to do this kind of research and had access to identifiable information."

If we get that example, as a reasonable person I'd think in some circumstances that's going to be OK, but there have to be a lot of safeguards. We're told that the safeguards that are in place now, and proposed by this bill, involve that kind of research being submitted to a reputable, designated ethics committee who bend over backwards to protect privacy and ensure anonymity unless there's no other way. Do you think your organization is comfortable that in the rare exceptions, if it can be proven that there's a need for identifiers for that kind of common-good epidemiological research, identifiers be used, or do you think it always has to come back to consent, no matter what?

Mr Gleberzon: At this point in time, as far as I know, it always has to come back. Ethics committees which already exist won't approve the use of private and personal information, and we stand by that principle. You could be right and the researchers could be right, but I think they have to make a better case than they have.

Ms Lankin: In the case of health systems management and the objection that you put forward, I think no one, when they use those words, is really talking about the fraud investigations and OHIP billings, or whatever; they're talking more systems management questions. For example, the cardiac care registry was established in Ontario because we had long waiting lists for heart surgeries and we wanted to better monitor and see what had happened, what the outcomes were, and make sure we had the resources in the right place, and as a result of that, we were able to bring down the waiting time for cardiac surgery. For someone who is prone to having a heart attack or may be having one, having access to that preventive surgery in advance is a really important thing. Is that a circumstance in which we can see that it is reasonable for the ministry, for management purposes, to have a group access personal and identifiable information?

Mr Gleberzon: Why couldn't they have that along with informed consent? If the patient has been registered, all you're talking about is another piece of paper for the patient to say, "Sure, I agree to this," and the principle is intact. As someone said before, you've got your balancing act where you balance the needs of the patient with the needs of the system. In the OHIP system, as we said, the right for OHIP to check records already exists.

Ms Lankin: Right.

Mr Gleberzon: This isn't done in order to second-guess the doctor entirely. If the doctor is proven to be fraudulent, that's another matter.

Ms Lankin: I think I'm still looking for that example that answers your question, "Why couldn't it be done through a consent?" Perhaps we got one partial answer from Cancer Care Ontario yesterday when they indicated that if anyone goes to one of their regional cancer centres, or Princess Margaret, that's part of that network, it's very easy. They control the issue of consent. They're hooked into that system. But you could be diagnosed with cancer through an outlying hospital or through a pathology report, through tests in your doctor's office, and unless there's a way for them to pick up and bring that person on to the network, they have to rely on the individual physicians to ask for consent to put that person on the network. People fall through the systems. Our information in terms of what kind of resources we need to be able to treat people is also lacking. Does that warrant worries about consent?

1050

Mr Gleberzon: If you followed that example, how would you know about the patient? The doctor would forward that information, so that would mean the doctor should also forward the consent. You're talking about a principle here.

Ms Lankin: Yes.

Mr Gleberzon: The issue is that no one can deny the need for the procedure immediately and as quickly as possible, there's no doubt about that, but we're talking about retaining the principle of privacy as well as ensuring that the system, which today, with modern technology, can be done very easily, is filling the immediate need as it arises.

Mr Wood: Would you be prepared to support a provincial act that was substantially similar to the federal act?

Mr Gleberzon: I have to admit we're just beginning to go through the federal act, so I can't answer that question right now. You can ask me in about a week's time and I can probably give you an answer on that.

Mr Wood: If you have a moment, please write the Minister of Health and tell him what your thoughts are on that.

Mr Gleberzon: Sure, I'd be happy to do that.

Mr Wood: I'd like to come back to the question of research for a moment. What we've heard is that there are certain kinds of research that effectively cannot be done if consent is required. They involve a very small sample of people who can't be found and so on. If you were satisfied that that position was right, and if there was proper oversight, would you be prepared to allow research in those circumstances, or would you be prepared to say the research should not be done?

Mr Gleberzon: I think the answer is that we'd have to see what the case is. I mean, we're talking about hypothetical-

Mr Wood: I've given you the case. If the alternative is we either allow it under proper supervision or the research isn't done, which side of that would you come down on?

Mr Gleberzon: You were saying that-

Mr Wood: I'm putting a tough question here, I know.

Mr Gleberzon: You are and that's fine; that's the way it should be. What I'm trying to envision is the type of research you're talking about where you have a very small sample of people. Are we talking about a case of some kind of potential epidemic and the people are unknown, or if we have an emergency situation?

Mr Wood: No, I wasn't really thinking about an emergency situation. I was thinking of a situation where you have, say, a fairly rare form of cancer so you have a very small sample and it's not practical to get consent. The issue is, do we insist upon consent and not do the research or, under proper supervision, do we do the research without consent?

Mr Gleberzon: I have to admit that's something I can't answer off the top of my head and I wouldn't want to, because it's part of this balancing act that has to be retained. The easy answer is, sure, go ahead and do the research because of the long-term benefits, but what are we going to be sacrificing on the other side? That may seem like an overly purist point of view, I admit that, but I think that's the kind of very pointed and clear thinking that has to go in before these kinds of decisions are made.

Mr Wood: I think you've framed the question very well. We invite you to give it some thought and pass your answer along to the Minister of Health.

Mr Gleberzon: Sure.

Mrs McLeod: Just before we leave this issue of informed consent, you mentioned registration. Are you advocating that patients could be asked whether they would want to sign a consent form for the sharing of their health information but on very clear and restricted terms that it would be with other health care providers, for example?

Mr Gleberzon: Sure.

Mrs McLeod: And have that as a matter of a patient's record so it's not a matter of contacting the individual?

Mr Gleberzon: If the patient owns the information-we would begin from that principle-then they have the right to determine who has access to it.

Mrs McLeod: So it's sort of a variation on a lockbox?

Mr Gleberzon: Yes.

Mrs McLeod: I wanted to ask you about the insurance issue. You've been very clear and very strong about the fact that any sharing of health care information, without consent-I assume that's the underlying premise there-should only be with health care providers, not with the Ministry of Health and not with insurers. The issues we hear, and that I suspect you do at CARP, are from private insurers who ask for consent, and their weapon is that if you don't give them consent to get your health records, you're not going to get the insurance anyway. So people feel as though it's not really consent that they're being given. First of all, is that a problem? Are you running into a lot of people who are being denied insurance because of access to health records? Is it fair, and are there ways we should be trying to deal with it, quite apart from the issue of sharing information without consent?

Mr Gleberzon: I have to say we have not gotten a lot of complaints about the particular issue of being forced to give consent. I think what you're touching on is a reality of life, and that leads to the larger issue of protection around informed consent. I suppose that in realistic terms, even though there may be all the protection in the world, pressure can still be brought to bear in many ways, and people buckle under and are afraid to complain because of the consequences. I'm not sure how you deal with that kind of issue when you're dealing with whatever the law says and whatever practice is being done. It's just one of those issues that might even defy any kind of legislation. The individual has to decide what kind of consequences they're prepared to take.

Mrs McLeod: Suppose our legislation had a lockbox, so that the individual denies consent to release at least some aspects of that health record. Now we get to the private sector, which is outside of that. They seek consent and get it, because otherwise you're not going to get the insurance. Should they have access to what an individual has put in their lockbox? Is that something the private sector has as a right to, or is their power to deny insurance just so powerful that they can basically get anything they want?

Mr Gleberzon: As I understand the way the system works now, they would go through the doctor or the health care professional to get confirmation of whatever the claim is. Why should that be changed?

Mrs McLeod: I was thinking of not so much the claim as actually applying to get insurance and whether they're being denied.

Mr Gleberzon: That's part of a larger issue too. In fact, I was talking to one of my colleagues today-he's retired-and he was telling me that one of the conditions of his work was that as senior management he had to get an annual medical checkup. He heard of cases of other people who found ways to kind of avoid that from happening for various reasons. That's informed consent, isn't it? But it's also a condition of employment.

Mrs McLeod: Exactly.

Mr Gleberzon: Those are the kinds of issues this bill should be grappling with. But how you grapple with them, I have to admit, is a very thorny question. When pressure is brought to bear and it affects your livelihood and those other issues, how do you deal with that in a realistic manner?

Mrs McLeod: Are there some things the private sector should not have the right to, nor the right to deny access to a certain-

Mr Gleberzon: In theory, yes, but how do you prevent that from happening?

Mrs McLeod: I agree.

The Chair: Thank you very much for coming before us today.

COLLEGE OF PHYSIOTHERAPISTS OF ONTARIO

The Chair: Our next presentation will be from the College of Physiotherapists of Ontario. Good morning and welcome to the committee.

Ms Jackie Schleifer Taylor: Good morning. My name is Jackie Schleifer Taylor, and I'm the president of the council of the College of Physiotherapists of Ontario. I have accompanying me Rod Hamilton, who is our director of policy and communications, and Richard Steinecke, who is our legal council.

I want to thank you for hearing us on this matter. In this brief presentation I will just outline who we are as a college, what our mandate is and the purpose of our visit here today, and highlight three areas of key concern that we would care to bring to your attention.

First, the College of Physiotherapists of Ontario is not an educational organization. It is a regulatory body created under Ontario's Regulated Heath Professions Act. Our primary role is to serve the public interest by carrying out the duties that the RHPA requires of us. These include registering physiotherapists for practice in Ontario, regulating physiotherapy practice by establishing professional conduct standards and investigating allegations of professional misconduct against members, and establishing quality-of-care programs to improve physiotherapy practice in Ontario.

1100

The college collects and uses health information for two purposes. It does so for investigations and as evidence in proceedings against physiotherapists who are alleged to have acted improperly. We also use health information to develop and maintain the programs that are required under the RHPA for the purposes of improving the quality of physiotherapy care in Ontario.

A key part of understanding the college's role is to realize that it does not use the patient health information it collects in the way that health care providers or funders do. We do not use health information to make or suggest treatments to patients. Instead, we use it as dictated by our governing statute, the RHPA.

In order to accomplish these statutory obligations, the RHPA gives the college the authority of a tribunal. As such, the college is empowered to investigate members and, where necessary, hold disciplinary hearings at which findings are made and penalties can be assessed. The investigation process requires the college to collect many types of evidence, including patient health information. Without the ability to use health information for this purpose, the college would not be able to determine whether physiotherapists who are alleged to have acted improperly have actually done so.

The RHPA also requires the college to develop quality assurance programs to improve the quality of physiotherapy practice. The program developed under this statutory obligation also uses patient health information to assess and improve the quality of physiotherapy care. Without the ability to use this health information for this purpose, the college would also not be able to provide the quality-improvement programs that are required by law.

The RHPA recognizes the sensitivity of patient health information as well as the college's need to use it in investigations and quality-improvement programs. The law contains strong protections to ensure that patient health information is not misused and that patient confidentiality is maintained.

The college has come before the standing committee on general government for two purposes. First, we're here to provide support for the general intent of the Personal Health Information Privacy Act. The college believes that clear rules are needed to govern the collection, use, retention, disclosure and disposition of personal health information. Consistency and clarity in the obligations of health information custodians in all these circumstances will serve the public of Ontario well. PHIPA will accomplish its purpose if it provides both the public and the agencies charged with protecting the public interest with the appropriate access provisions and confidentiality protections for health information.

The college is also here to note some potential problems with the act that may limit its potential to benefit the Ontario public. The college's concerns relate to seven key areas, which are outlined in our written submission. Of those, I will highlight three areas. They relate to the college's role as a health information custodian, legislative priority and the application of the PHIPA legislation.

With respect to the college's role as a health information custodian, the college understands the need for broad application of the Personal Health Information and Privacy Act and, on that basis, the need to designate the college as a health information custodian. However, it is very important that government recognize the statutory obligations that are placed upon the college and how these require us to use and protect health information in ways that are tailored to our public protection role. This concern is based upon two main considerations.

First, appropriate access and use protections for personal health information already exist in the Regulated Health Professions Act, RHPA. However, many of the confidentiality and use provisions in PHIPA are given priority over RHPA. We are concerned that unless the RHPA's use and confidentiality provisions have priority over the Personal Health Information Privacy Act, our ability to act in the public interest will be diminished. The statutory obligation that we have to regulate their members in the public interest requires that access and use of patient health information be governed by statutory provisions specifically devised for this purpose.

Second, we suggest that questions as to the appropriate application of PHIPA's provisions regarding use and access of patient health information have already been considered and decided upon. It is a clear policy decision by those who have developed PHIPA that special provisions should exist to ensure that for most agencies health information that is used in proceedings and for quality-of-care purposes is excluded from the access and use provisions of the act. However, this decision is not consistently applied to the college.

We have already indicated that our use of patient health information is as evidence in proceedings or for quality-improvement purposes. We also note that the college's use is already governed by the Regulated Health Professions Act. With this in mind, we believe it would be inconsistent for the access and use provisions in PHIPA to be applied to college activities. However, we note that while the college is exempted from some of the duties respecting access and use, some custodial obligations will still fall upon the college. To remedy this problem, the college suggests that upon proclamation, the existing regulation-making authority in PHIPA be used to ensure that PHIPA's obligations for health information custodians do not apply to the college in the performance of its statutory duties under RHPA.

Although the issue of legislative priority is somewhat illustrated by this first point, I would like to further expand on the second area of concern, legislative priority. The college believes that government has taken an important step in supporting the public protection role of regulatory agencies by recognizing that, in some cases, existing confidentiality protections in other legislation should have priority over PHIPA. It is clear that certain sections of the RHPA are given clear priority in this fashion. There are, however, other sections of the RHPA that the college uses, and these have not been given clear priority.

We would like to stress the point that the college's sole purpose for the collection of personal health information is to protect the public interest by regulating physiotherapists. We wish to remind the committee that the RHPA is intended to serve the very specific task of allowing us to regulate our members in the public interest. The RHPA's confidentiality provisions were specifically developed for this purpose. For the college to maintain its regulatory authority without challenges, the priority of the RHPA must remain clear.

If PHIPA imposes confidentiality protections on the college that are different from those currently existing in the RHPA, we believe it will impair our statutory duty to regulate health professions in the public interest. We suggest that paragraph 3 of subsection 11(2) of PHIPA be broadened to ensure that whenever there is a conflict between the RHPA and the Personal Health Information Privacy Act, then the RHPA provision takes precedence.

The third and final point relates to the application of the legislation. The college would like to express once again its approval of PHIPA's broad, underlying principle that access to and use of personal health information should be governed by statute. However, the college is concerned that in practice PHIPA does not completely fulfill this expectation. The college noted that commercial enterprises that collect and use substantial amounts of personal health information are not included within the definition of health information custodians, nor are such commercial enterprises governed by other statutes that clearly dictate the appropriate use of personal health information.

For example, in its role of protecting the public interest, the college has seen numerous circumstances where commercial organizations such as insurance companies collect and use personal health information. It is clear that such companies make legitimate use of this information for purposes such as assessing claims and researching actuarial trends. However, it is also clear that many patients are not aware of how information is obtained and used by these companies and are not able to access their information for the purposes of correcting errors or reviewing their health status. This lack of informed consent to the use of their health information and their inability to access it causes patients great concern and should be addressed using PHIPA's general principles.

If the health information that commercial agencies use was subject to the same protections with respect to use and access that PHIPA requires of other users of health information, patient concerns over the inappropriate use of their personal health information would be much diminished. So the college believes that the definition of "health information custodian" in section 2 of PHIPA should be expanded to include a specific clause that would capture those operations of commercial agencies that collect and use personal health information.

In summary, the College of Physiotherapists of Ontario firmly believes that if government wishes to maintain the role of the college in regulating physiotherapists in the public interest, our concerns about PHIPA's imposition of custodial duties on colleges and the questions about the priority of legislation should receive serious consideration.

I would like to close by expressing the college's sincere thanks for the opportunity to address the standing committee and have our concerns about PHIPA placed under consideration.

1110

The Chair: Thank you very much. That gives us about two minutes per caucus for questioning. We will start with the government.

Mr Wood: Do you have the power of subpoena?

Mr Richard Steinecke: Yes. Investigators do have the power to summons.

Mr Wood: In that case, I don't understand the problem with the application of PHIPA to you, over and above the RHPA.

Mr Steinecke: First of all, the college can only use the summons if it has initiated an investigation with reasonable and probable grounds. It has to know about the information first. Much of the college's finding out about the problem only occurs, for instance, after a mandatory report where a complaint has been made. So if the patient isn't aware, often this information comes to the attention of the college through colleagues and co-workers or employers. If they don't have the power to make a mandatory report, if they have some concerns that it may only be voluntary, then the college won't find out about this information and people will continue to practice without being investigated.

Mr Wood: If you received information that was credible, would that not give you grounds for a subpoena?

Mr Steinecke: Yes. But, first of all, can we get the information?

Mr Wood: If you've received information from co-workers-

Mr Steinecke: They won't necessarily be able to give it to us under PHIPA. Under PHIPA, first of all, it's optional whether they will give it to us. They may decide not to. They may decide it's in their best interests to let the person move on quietly somewhere else, to cause problems somewhere else without telling us, because then they can avoid a lawsuit.

Mr Wood: What I'm not grasping is how the application of PHIPA to what you do would prevent your doing what you do. If you have the power of subpoena, you can get the information without the consent of the patient.

Mr Steinecke: Only if we know about it first.

Mr Wood: You've got to have grounds for the subpoena, obviously.

Mr Steinecke: Yes.

Mr Wood: Surely you wouldn't seek information without grounds.

Mr Steinecke: Of course, but people won't bring it to the attention of the college because they will believe that PHIPA is a barrier, or they may decide they don't want to give information to the college, whereas now they have to tell us, because PHIPA overrides the duty to tell us about problems in confidence-sexual abuse, those kinds of things. We won't find out about it because they'll say, "PHIPA gives us a choice. We don't have to tell the college," or "We don't want to tell the college."

Mr Wood: I don't want to get into a lot of technical discussion today, because obviously time does not permit it. But I would be interested in your giving us a memo explaining why you think the duty to report is overridden by PHIPA. That would be an important item that would be helpful to us.

Mrs McLeod: We have had a lot of representation from the regulating colleges in terms of whether they should be excluded altogether or whether there should be some amendments to the act to deal with their ability to carry out their regulatory functions, so I'm not going to spend time questioning you about that.

I want to deal with the last section of your presentation, application of the legislation. First of all, it would be absolutely clear under this bill, even as it's drafted now, that physiotherapists who are practising in private clinics, which the majority are, would be covered as health care custodians and would be bound by all the conditions around protection of privacy information.

Have you been involved in the government's consultations on parallel privacy legislation affecting the private sector and, if so, have you made any representations?

Ms Schleifer Taylor: No.

Mrs McLeod: That's not something you've been involved with as a college. You spend quite a bit of time with your concern about the private sector institutions that do collect health information which aren't under Bill 159.

When it comes to the insurance companies, you talk about the lack of informed consent because people don't know how that information will be used. We do hear stories of things you would clearly like to prevent, both in terms of access to health information which perhaps not even insurance companies should have, and secondly, access to information with consent because the person has no alternative but to give consent if they want the service or the employment, and the selling of lists, once they get them, the selling of that kind of information.

Do you hear those kinds of stories? I'm wondering what underlies the emphasis you've put on this section of your presentation.

Mr Rod Hamilton: Our concerns are more generally around people's concerns that the information that the companies may have is not necessarily accurate and may not reflect their true health status. So it's concern around not only access but also ensuring that the information is accurate and having access to the ability to make corrections where necessary to that type of information.

Mrs McLeod: Are you suggesting that for there to be truly informed consent, there almost has to be a provision that the individual has seen the health record prior to it being released to a private company?

Mr Hamilton: I'm sorry, I don't quite understand your question.

Mrs McLeod: I'm wondering how you would provide for that kind of informed consent. The individual that signs that consent doesn't necessarily know what information is going to be provided. How do you make sure the consent is informed?

Mr Hamilton: I think that you have laid out the principles of consent fairly clearly in the act. If those are complied with, then I shouldn't think there would be a lot of difficulty. The important thing is making sure that those do apply to all instances where health information is transferred.

Ms Lankin: I want to follow up on Mr Wood's request for you to submit in writing something about the way in which you see this legislation overriding mandatory reporting. I've been having trouble understanding that as well, so I would appreciate that.

Let me ask you just one question on that subject, though. In section 29, which governs the disclosure of information, is it the overriding language that says a health information custodian "may" disclose? Is it the word "may" that concerns you, in that somehow the difference between "may disclose" in this legislation and "shall report" in your legislation-there's the conflict?

Mr Steinecke: Yes.

Ms Lankin: OK. We need to sort through that, but if that's a real issue, it's also an issue for child welfare legislation, reporting of abused children and things like that as well.

Mr Steinecke: Yes, but if you go back to section 11, which is the override provision, there is specific exemption for child and family services reports.

Ms Lankin: Maybe that's the answer, as opposed to a general exemption from the legislation.

I'm actually interested with respect to the definition of health information custodian. All of the other colleges in the federation have said, "Exempt us completely." You take a slightly different tack, in which you say, "In regulation, exempt us for those uses of the information that are statutorily set out, mandated for our organization." That's interesting. Could you, when you're putting together your information, look through the legislation and tell us what the difference would be? For what purposes or in what circumstances would you be a health information custodian and subject to this legislation, and then for what purposes would you not? That would be useful.

I'm also concerned about any approach that would simply give the RHPA primacy over this legislation where there are conflicts. Again, I would like to know the specific areas. It's sort of what we've already talked about, but if there are more, the specific areas where you think there are conflicts and where, if the committee were to address it, we could have the option of addressing it by specific mention in that section of the legislation.

My goal would be that anyone who reads the privacy legislation is going to know what their rights are and know when another act overrides it in what section, instead of having to go to four or five different pieces of legislation and work it out themselves. So if you could give us those examples of where the override is necessary, that would be helpful.

Mr Steinecke: Sure.

The Chair: Thank you very much for coming before us this morning.

1120

CANADIAN INSTITUTE FOR HEALTH INFORMATION

The Chair: Our final presentation of the morning will be from the Canadian Institute for Health Information. Good morning. Welcome to the committee.

Mr Richard Alvarez: Good morning. As the chief executive officer of the Canadian Institute for Health Information, or CIHI, which is a national organization located here in Ontario, I want to start by thanking the committee for the opportunity to appear before you today. I should add, we're very much in support of Bill 159.

Before we actually make our comments about the bill, perhaps you would permit me to say a few words about CIHI so that you can see why this bill and this issue of privacy is very important to us.

The institute itself was incorporated in December 1993 as a federally chartered, independent, not-for-profit organization, and was agreed to and incorporated by the federal and provincial ministers of health. It was set up with a mandate to do two things: to serve as a national mechanism to coordinate the development and maintenance of an integrated approach for Canada's health information system. By that we've taken the whole aspect as a mechanism of making sure that there are standards, whether they be data standards, financial and statistical standards, that sort of thing, because as you do efficiency analysis or effectiveness analysis, you want to make sure that you're comparing apples with apples.

The second aspect is a lot more straightforward. We are to provide and coordinate the provision of accurate and timely information, to establish a sound health policy, to improve the management of the health care system and to generate public awareness about factors that affect health.

Under the mandate, the institute conducts analyses of health data and issues health information and reports-we issued one last year, a very major annual report-that serve, we believe, the public interest. For example, we collect information from hospitals on patients being discharged. That information typically uses coded summaries of hospital stay information to report on causes of hospitalization, procedures done and length of stay.

You should note that our analysis of this data and application and then the application of cost data really form the basis of funding and the efficiency of hospitals here in Ontario.

The Canadian Organ Replacement Register tracks trends in renal dialysis and organ transplantation, including patient survival rates. A further example would be the Ontario Trauma Registry, which produces statistics on the causes of hospitalization for trauma which are used for planning trauma services and for developing injury prevention programs.

In conducting our work, let me assure the committee that we take the whole issue of privacy very seriously. At the outset we realized that our analysis, information and standards programs would only be successful if we had strong measures to protect the confidentiality and security of the personal health information that we hold. Notwithstanding the fact that CIHI was formed in 1993, it was really formed from two or three predecessor organizations that in fact had been in business for the last 15 years before we came into existence. Those predecessor organizations also had a strong culture of privacy protection. Over the last 20 years, as far as we can tell, there have been absolutely no confidentiality breaches.

In 1993 we put in place privacy principles based on the CSA model code to guide and govern our operations. Through agreements with provincial and territorial ministries of health, we also commit to abide by the relevant health and privacy legislation in the respective jurisdictions. Within this rather complex national framework, we have successfully self-regulated our health information practices.

Turning to our comments on Bill 159, while I have sat here this morning and understand the matters of concern being raised by other groups, I must tell the committee that CIHI is very encouraged by plans to put in place a health information privacy act here in Ontario. We believe this is a positive move and will set out a foundation for legislated authorities and clear rules for the protection of health information, which really don't exist today.

For us, Bill 159 will ensure that CIHI's activities are visibly subject to legislated rules, either as a custodian or in the service of a custodian. Having a clear framework of rules for the collection, use and disclosure of health information will be helpful for all who are entrusted with this sensitive information.

Frankly, CIHI looks forward to being identified as a custodian under the bill or through designation in the regulations as a person who maintains a repository for personal health information for data analysis and research. This would make us clearly subject to the oversight provisions of the law.

You should know that as a national organization, obviously we collect data from provinces and territories. At this time we have agreements with most ministries to abide by the legislation in their respective jurisdictions. Obviously, for example, Alberta data is subject to Alberta laws. While it might seem obvious in Bill 159, for clarity we would suggest that it applies only to health information about health services provided here in Ontario, so as not to be confused with the other data that we hold.

Bill 159 adopts the principles of only collecting the information necessary for the purposes intended and of limiting access to such information. Again, CIHI supports and already abides by such principles.

We strongly support and encourage the principles of notification and consent. Bill 159 also supports these principles, while recognizing that there are specific situations where consent is in fact not practical. It's important to recognize that, as secondary users of health information, CIHI has no direct contact with individuals and thus cannot obtain consent. In such situations notification is very appropriate.

As it stands, we know that the bill would authorize health information custodians in Ontario to disclose health information to secondary custodians for specified purposes. This will assist us in our mandate to support health systems management, planning and evaluation and to serve the public within a legislatively prescribed framework.

Bill 159 prescribes rules for research that must be adhered to by researchers requesting information from us. Currently, we have very strict rules regarding access to data from researchers.

We certainly welcome the clarity in the bill in those situations where CIHI provides information management services by way of an agreement. Bill 159 prescribes the content of the agreements related to disclosure and use of information without the individual's consent, as well as the security of the information.

As far as we can tell, the bill's provisions will increase transparency about our role in the health system. The public will be better informed about anticipated disclosures to CIHI and how to obtain more information about CIHI's information policies.

Finally, we welcome the designation of the Ontario Information and Privacy Commissioner's office as the experienced entity to perform the oversight function with respect to personal health information.

In closing, we realize there are many viewpoints on how health information should be protected. We believe Bill 159 provides a reasonable foundation for handling health information in Ontario. We see it as positive. We also expect that after this process the committee and the Legislature will refine the bill in light of both what they've heard and privacy considerations that we need for an effective and efficient health care system in this province. If the bill does not proceed, we will continue to self-regulate and to abide by applicable legislation.

Thank you for this opportunity. I have with me two colleagues, Joan Roch and Ed Chown, who work in the privacy secretariat which reports directly to me. We are available, obviously, to answer your questions.

The Chair: That leaves us three minutes for each caucus. This time we'll start with Mrs McLeod.

Mrs McLeod: You would obviously anticipate being named under the regulations, under section 213, as a health care custodian for the purposes of collecting data for research. Is there any advantage to being specifically named in the legislation as a health care custodian?

Mr Alvarez: What we're striving for is a lot more clarity and transparency in the whole aspect of privacy. Given the kind of job that we do, being named makes it very clear in terms of why we're being named and what our purpose is to the public and to all those we deal with.

Mrs McLeod: If Ontario legislation should not go ahead, you indicated you would then, of course, have to abide by existing legislation. One of the things you would have to abide by is the federal legislation, which does contain a form of lockbox. I'm wondering whether you see that as limiting your ability to do the kind of research and data analysis that you're now doing. You are starting to have some experience with three provinces that do have some form of a lockbox. Is that causing any problems or presenting any limitations for your work?

Mr Alvarez: Two questions, and the first question is Bill C-6. As we understand it, Bill C-6 applies to organizations engaged in commercial activities. We are not engaged in commercial activities.

Mrs McLeod: So you would be exempt under C-6.

Mr Alvarez: Having said that, we will abide by Bill C-6. The only one that gives us real problems is the aspect of patient consent, given that we are in the secondary data collection business. In terms of the lockbox, again, if that becomes pervasive, we will start to see fragmentation of the data, which will affect the integrity of the data and the quality of the studies that we do. That's a real concern with the lockbox, having understood quite clearly that an individual does have the right to say what should be in there and what shouldn't.

Mrs McLeod: Do you require names or can you work with health numbers and do the same analysis?

1130

Mr Alvarez: We have 14 national databases. Of the 14 national databases, generally, 13 of the 14 national databases contain such things as date of birth, postal code, gender and personal health number. None of them contains name or address. The only one that contains name and address is the organ replacement registry and the reason for that is that as we track individuals who have had transplants and they move from one province to the next, it's useful to have their names to basically follow them through, because by that stage their health care insurance number is not valid any more.

Mrs McLeod: But even without names you can't access that information if it's in a lockbox under the legislation currently in place in those three provinces?

Mr Alvarez: Correct.

Ms Lankin: Why in the organ transplant registry do you need to track the individual? What's the end information that you're looking for?

Mr Alvarez: Survival data. We're looking at the effectiveness of our procedures. We're looking to see basically kidney survival rates and some of the other organs, whether in fact they're improving, whether they're going down etc. That's basically the reason.

Ms Lankin: That's really valuable information. Why in that circumstance wouldn't we be able to ask the patient who has undergone the transplant if they would be willing to be part of the registry to be tracked for the kind of investigative work that's done?

Mr Alvarez: This is something that's historical. This database has been going on for quite a while. We've just done a complete review of all our policies and procedures and in fact are going back to our board and saying that's exactly what we should be doing, is consent.

We have got some of the specialists who are very concerned, given the few numbers that are done, that in fact patients don't agree with this and then that would lessen the value, if you like, of the research. As far as CIHI is concerned, we strongly believe that in those cases we do need consent. A good example would be that we're just in the process of developing a hip and knee joint replacement registry, again looking at the effectiveness of hips and knees and how long the first procedure lasts before the next one is put in. There, very strongly, we have a patient consent form that we will require prior to adding that to our data.

Ms Lankin: I got my new knee last September and I would be delighted to sign a consent form so you can add me to the registry.

I wanted to ask you a question about the interjurisdictional issue. That's interesting; we haven't heard that before. You suggest that Bill 159 should apply only to health information about health services provided in Ontario. Of course, the privacy of the information is about the information of the person, who may go from jurisdiction to jurisdiction. A patient chart may contain medical history of services that were provided in Alberta or BC and the person now lives in Ontario. It would be very hard for us to say to a practitioner that the rules only apply to those services that have been provided in Ontario, when it's the confidentiality of the patient's information. Could you rationalize those two?

Mr Alvarez: It's a tough one. What we are starting to see is very similar legislation starting to be developed across the country, as it relates in a lot of cases to Bill C-6. So while Ontario is probably the second or third province out, there are other legislation moves on the way to have a similar sort of legislation. We just don't see from a practical point of view how this legislation could, from a legal point of view, be valid outside Ontario. Having said that, we are encouraged to see that similar legislation is being developed across the country.

Ms Lankin: But surely this legislation governs the information of individual citizens in Ontario. It's a citizen's health information that's being protected by this legislation; it's not the health system's provision of services. The legislation would be dependent on where the person is resident, not where the procedure was done, I would think.

Mr Alvarez: That's right.

Ms Lankin: One last question then. You have indicated that right now in terms of your databases the organ transplant is the only one where you have names and you're looking at going to consent-based, like you will with the new hip and knee registry. That means there won't be any circumstances in which you're gathering information right now that requires names. I've been asking this question over and over for research, because I believe the work that you do, and ICES and others, is very important. Can you tell us of any examples of secondary use of this information that requires a name? Can you imagine a situation, a clear example, so the committee can understand why an exemption to consent-

Mr Alvarez: Other than the ones that I've told you about, where we're trying to track an individual who has moved from one province to the next and we lose track of the health care insurance number and we're trying to track the effectiveness of a particular procedure-

Ms Lankin: But you already said that could be done with consent, right? That's all I'm saying.

Mr Alvarez: Right. We do not see, without consent, with those sort of circumstances why we would need names.

Mr Wood: Would you agree that a lot of the medical research can be done with the consent of the patient, that you don't have to get data without their consent to do that research?

Mr Alvarez: I think the issue for the health system, given the pressures on them, is getting truly informed consent for secondary uses and research. That's a really tough one. If we're going to very specific aspects of names, then we really should try to get consent on those aspects.

Mr Wood: I was asking a slightly different question. There's a lot of research you can do where you can get a representative sample by getting the consent of the people whose data are being used. Is that not correct?

Mr Alvarez: There are two questions here again: one is getting the consent and the other is representative samples. We would have a problem with just representative samples with some of the work that we do.

Mr Wood: I gather, in essence, because you can't get a big enough sample.

Mr Alvarez: In a lot of cases we can't get a big enough sample; in other cases, when there are low-volume, high-cost procedures and this forms the basis of a major efficiency look at the health system and funding formulas, that could be really problematic, if you don't get your sample right or you exclude those particular cases.

Mr Wood: Would you agree with the proposition that information shouldn't be provided without consent where research can be done by getting consent?

Mr Alvarez: Yes, I do.

Mr Wood: Do you have a problem with the Information and Privacy Commissioner ultimately signing off on the ethics reviews?

Mr Alvarez: My only problem would be from an operational point of view. That would be my only problem. Right now, we do on occasion go to the privacy commissioner's office and seek her advice, but given the volume that's likely to come through, that could be problematic.

Mr Wood: There was one thing I didn't quite understand. You said you believed in notification rather than consent. If you can notify, why can't you get consent?

Mr Alvarez: I suppose the subtle difference for us is actually getting a patient to write a consent as opposed to notifying a patient of how their data is going to be used and how the data is going to flow, notwithstanding the fact that the data doesn't have names and addresses on it-so a sign that is posted, a form the patient sees, to say, "Your data will be sent to CIHI for these purposes."

Mr Wood: Suppose they don't want it sent.

Mr Alvarez: That's always a risk and problematic, because again it starts to fragment the database and stops some of the work that we do.

Mr Wood: Do you feel that I should be compelled to give my information to you? By the way, I might say that I would give it to you, but suppose I don't, for whatever reason. Do you feel I should be compelled to give data to you for research purposes?

Mr Alvarez: No, I don't think you should be compelled to give it to me.

Mr Wood: But you would agree there may be certain limited exceptions where we have to compel you, if we can't do the research. You would come down on the side of doing the research rather than not, if we have to do it by compelling people.

Mr Alvarez: In the business I am in, absolutely. Obviously there is a balance between an individual's right to privacy and the public good. We believe very much that the kind of business we are in and why we were set up by the Ministry of Health is an aspect of the public good. So that balance has to be found.

Mr Wood: But your principle, as I think I've heard it, is that you want to get consent where that's possible.

Mr Alvarez: Absolutely.

Mr Wood: Those are my questions.

The Chair: Thank you for taking the time to come before us this morning and making your presentation.

With that, unless there are any questions, the committee stands in recess until 1 o'clock.

The committee recessed from 1139 to 1300.

The Chair: We'll call the committee to order and continue our hearings on Bill 159.

COLLEGE OF DENTAL HYGIENISTS OF ONTARIO

The Chair: First up this afternoon is the College of Dental Hygienists. Good afternoon and welcome to the committee. Please proceed.

Ms Fran Richardson: Thank you very much, Mr Chair and members of the standing committee. My name is Fran Richardson and I'm the registrar for the College of Dental Hygienists of Ontario. With me is our legal counsel, Richard Steinecke, who will answer legal questions. I believe you've already met Mr Steinecke.

The college is pleased to have this opportunity to present before the standing committee on this very important piece of proposed legislation. Our college is one of the ones that was newly formed under the Regulated Health Professions Act and it regulates the 6,500 dental hygienists who practise in Ontario.

While we often think of dental hygienists as only working in dental offices, an increasing number of dental hygienists are now working in alternative areas or setting up their own practices. In particular, dental hygienists are treating underserviced segments of the population such as children, shut-ins, long-term-care residents, new Canadians and the homeless. In fact right now we have dental hygienists in Niagara who have a bus that goes out to the homeless, finds the homeless and treats them for their preventive care and gives them vouchers so they can get dental treatment. We also have a project that is being sponsored by our college in Windsor for the homeless, to get them into the academic teaching college there. So we've been working in that area.

The dental hygiene profession is a primary-care profession that sees patients directly. Consequently, it has its own standards of practice, its own code of ethics and independent professional obligations to its clients in the public interest.

Our college supports and affirms the position submitted by the Federation of Health Regulatory Colleges of Ontario that was presented to you yesterday. We're one of the signatories on that.

Our college understands the need for the enactment of privacy legislation and commends the Ontario government for championing patient rights. Dental hygienists are charged with the responsibility of creating original documentation and housing patient records. This may occur in either the public or private sector. The college accepts that the enactment of this privacy legislation will mean rewriting our own regulations, an activity that the college is very well prepared to do; that is, our records regulations.

The College of Dental Hygienists is providing the standing committee with a formal written submission and wishes to highlight three important points related to the bill.

First, the college is well aware that the mandate of all 21 health colleges is to govern the profession in the public interest. That public interest includes investigating complaints of professional misconduct, incidents of incompetence and, for us, concerns about the fitness of dental hygienists to safely practise the profession. Patient information, when used to carry out our mandate, is used only as evidence by the college in these proceedings and is not used in any other manner.

This bill, however, is written for custodians who use personal health information to treat patients. The bill does not always consider the special role and circumstances in which the health colleges operate. The college does not generate new personal health information. The college simply collects, as evidence, information that already exists. For example, the bill presumes that custodians will almost always obtain personal health information directly from the patient. Colleges, on the other hand, almost always obtain personal health information from the patient chart, often without the patient's knowledge. This information is used only for what it reveals about the dental hygienist's conduct and competence, not for what it indicates about the patient. In fact, the identity of the patient may be concealed. Colleges just don't fit in with the custodian approach taken in this bill. A couple of examples are on page 3 of our written submission.

Taking all this into account, our college is of the opinion that the regulated health colleges should be exempt from the role of custodian. The colleges do not use patient health information for treatment; they use charts as evidence.

Second, the concept of returning to an arbitrary age delineation for consent to treatment or for the disclosure of personal health information to a parent or guardian is baffling to our college, as it appears that the government is reversing its own policy. When the age restriction was eliminated in the Health Care Consent Act, the college applauded the move. Dental hygienists are the primary oral health professionals. They require the trust of their clients to effect meaningful treatment. Dental hygienists who have the trust of their clients prevent further disease that will ultimately reduce the strain on the health care budget. This is because our primary goal is prevention, not treatment.

A perfect example is dental hygiene's commitment to smoking cessation. A dental hygienist is able to tell, just by looking in the oral cavity, whether or not a person is smoking. Young people may routinely attend the dental hygienist for preventive assessments, fluoride treatments, sealants and mouth guard preparations. The dental hygienist can effectively intervene if the person has started tobacco use. But young people are not going to be honest if they know that their secret is going to be told to their parent or guardian. The 16-year-age delineation needs to be dropped and replaced with an assessment of the individual's maturity and competence of the client to decide.

Third, the Regulated Health Professions Act, the statute that governs all 21 health colleges, is a very complex piece of legislation. While there are several issues related to the Regulated Health Professions Act that may require strengthening, section 36 on confidentiality is not one of the problems. Section 36 is clear: confidentiality must be maintained in all cases. That section was well drafted and the colleges need no other piece of legislation to override such an important and salient component to their stated mandate to act in the public interest. The college recognizes the privacy legislation is intended to provide additional protection, but there is a very real possibility that by overriding the Regulated Health Professions Act, the exact opposite will occur.

For example, under the Regulated Health Professions Act the college has the right to inspect a dental hygienist's records to investigate whether a complaint or report of incompetence is valid. The wording of the bill suggests that disclosure to the college of personal health information is voluntary, at the discretion of the dental hygienist even. If the bill overrides the Regulated Health Professions Act, incompetent practitioners could try to refuse to provide access to their patients' charts. Surely that is not in the public interest.

To review the main points: the public will not be well served by making the regulated health colleges custodians of client charts. These charts are not created by the college and are used only as evidence. A delineated age of consent is counterproductive in health care. Competence to make a decision is far more relevant. The confidentiality and access provisions of the Regulated Health Professions Act should not be compromised or weakened by the privacy bill.

The college thanks the members of the committee for listening and respects that you have an enormous task in front of you.

The Chair: Thank you very much. That gives us about two and a half minutes per caucus. This time we'll start with Ms Lankin.

1310

Ms Lankin: On the last point you referred to, the primacy of the RHPA over the Personal Health Information Privacy Act, a number of the colleges have made that point. One of the questions I've been asking is if you would take the time to go through the legislation and give us the actual areas where you believe there is a conflict. One of the options, of course, is not simply to make RHPA paramount over the privacy act-I told you this before, didn't I? I just realized that you are here again-but to make the privacy act clear in those provisions, with the exception of the RHPA, so that it's spelled out with clarity, all contained within the privacy act, as opposed to simply deferring to another piece of legislation. If you could go through and give us that kind of detail, it is another option the committee may look at and it would be helpful to have your input on that.

Mr Wood: I'd like to get a clear focus on where you think PHIPA having primacy over the RHPA would create a problem for you. I heard that in the area of quality assurance. Are there other areas where you think that would create a problem?

Ms Richardson: I believe there are issues, especially in areas of mandatory reports, as in the example that was given previously; for instance, if we have a situation where theoretically a dental hygienist could refuse to submit some material because the wording is "may," and yet the college, under the RHPA, has the right to request that material.

Mr Steinecke: Yes. Another example would be in the area of investigations. First of all, as I mentioned earlier, you need to have the information to start an investigation. Secondly, even if you issue a summons, on occasion the summons isn't good enough because it allows the member to delay or even change the records. It happens rarely, but on occasion you need to obtain the chart before it has been altered, particularly in cases of dishonest billings or something like that.

Thirdly, there is a concern that the summons provision in the bill does not adequately deal with the investigative summons. The definition of "proceeding" in the bill does not clearly deal with the investigative summons. It deals with hearing summonses and it deal with investigative summonses in other contexts, but it doesn't deal with investigative summonses here. That's referred to in one of the recommendations, that it should refer to college summonses as well. That would be in the definition of "proceeding," which is recommendation number 5 in the paper.

Ms Richardson: Page 10.

Mr Steinecke: The other concern about summonses is that under 34(5) of the bill, if a practitioner believes the release of the information can be harmful to the patient, they can make a statement to this effect and there has to be an independent ruling on whether the information should be produced or not. Of course, in our context that could stymie an investigation because a person could say, "I don't think that this chart should be disclosed," and it's not clear, under the bill, who does the independent ruling. Is it the investigator who acts as a commissioner under the Public Inquiries Act provision or is it somebody else? So there are some drafting concerns even with respect to the summons provision.

Mrs McLeod: Thank you for your submission. I note that you have also referred to the issue of parental access. You've broadened my thinking about this whole issue because I think there was a sense that the two provisions in the bill which would allow somebody under the age of 16 to protect the privacy of their records when they sought treatment or in counselling covered the ground. You've obviously raised another issue that we need to look at, so I appreciate your doing that.

I am wishing, Mr Chair, there was a way that we could simply get Mr Jackson up here to deal with this issue of the mandatory reporting aspect quickly, because I've watched him react to this issue as if there isn't a problem that the colleges need to be worried about with this. But when I read the language of "may" rather than "shall," I can certainly see where the concern is coming from.

I think we need a response from the ministry to this issue now or at some future point. I would certainly hope that if there is reassurance to be provided around the mandatory reporting, that will given to all of the colleges. That's obviously an issue of concern, as it would be to all of us if that implication is in this legislation, because we don't want to do anything to interfere with mandatory reporting.

The other issue is the primacy issue and it's more a question than a comment. I'm rather inclined to be concerned about the privacy bill not having primacy over other acts because of the breadth of acts where you could be given access to health information. I just think it's too open. Obviously with the colleges, the regulatory powers of colleges need to be taken into consideration.

As Ms Lankin has said, let's assume that the health privacy act, in whatever form it emerges, has primacy over any other act, including your own. What needs to be in this bill in order to ensure that your regulatory powers are not interfered with? That may not be answerable this afternoon, but I think that would be an important question for us to have you address.

The Chair: Thank you very much for coming before us today. We appreciate your presentation.

Our next presenter will be Mr Marvin Siegel. Is Mr Siegel here? OK.

We've had a cancellation; the 1:30 slot has cancelled.

Just following up on Mrs McLeod's comments, and not to put you on the spot without any notice, Mr Jackson, I certainly give you the opportunity, recognizing we've got a few minutes, if you want to take up to five minutes to address the issue, and perhaps the folks from the college might like to stick around long enough-if you're so inclined.

Mr Phil Jackson: It will be a very brief answer. There is no intent to remove the mandatory reporting requirements to colleges as set out in the RHPA. One of the dilemmas when you're drafting a privacy statute is to not make it an offence for that disclosure to take place, which is why the language as drafted is permissive in the legislation. It would permit the disclosure to take place under another act and the legislation itself references where there is a requirement under another act.

Obviously this is an area where there's going to need to be more sit-downs and more work with the colleges just to ensure that there is absolute clarity on that. But there is certainly no intent in the drafting to remove the mandatory reporting requirement of the colleges or their ability to undertake investigations.

Mrs McLeod: If we were to amend the act in such a way that the privacy act was given primacy and there had to an exemption under the privacy act for any other act that was in conflict to prevail, would that language then be a concern for the colleges? In other words, if that language of "may disclose" was in the privacy act, the privacy act prevails, then the concern the colleges have been raising about how that might affect their mandatory reporting would be a legitimate concern, would it not?

Mr Jackson: I don't want to speak for the colleges in terms of the answer to it, because there are obligations that come with being called a health information custodian and there are requirements that would have to be put in place. To the extent that we need to go through the specifics of their briefs and also have the ability to access the answers to some of the specific questions that were asked by the committee, they will be very useful for us. We've had a range of meetings on a discussion paper, not on draft legislation, and now we're at the stage where the devil is in the details and the answers to the questions that were posed will be very useful for us because the feedback at the technician level has been solely on a concept document, not on legislation.

We would look forward to those answers. We'll be looking to be able to see the submissions that come in in detail, because it may be more than the "may" clause; it may also be the requirements that come with being a health information custodian.

Mrs McLeod: Exactly. One of the college's recommendations was that they not be defined as a health information custodian, which carries its own set of complications in terms of how their regulatory powers would then be affected under PHIPA.

The Chair: Thank you very much, Mr Jackson.

1320

MARVIN SIEGEL

The Chair: We are joined by Mr Siegel. Mr Siegel, if you'd like to come forward, thank you very much. I just wanted to put on the record, as I did yesterday afternoon-Mr Siegel, please don't read anything malevolent into this-one of the things we caution witnesses before committees who may not have appeared before is that while the MPPs may enjoy parliamentary privileges and certain protections pursuant to the Legislative Assembly Act, it's unclear whether or not these privileges and protections extend to witnesses who appear before committees. For example, it may very well be that testimony you have given or are about to give could be used against you in a legal proceeding. We caution witnesses to take this into consideration when making their comments. Now it's on the record, once every afternoon. With that, welcome to the committee. We have 10 minutes for your presentation.

Mr Marvin Siegel: I shall keep my eye on my watch, Mr Chairman. Thank you. I'm an almost-70-year-old widower who is the victim of a fraudulent doctor.

The Chair: You might want to sit, because Hansard has a hard time picking it up.

Mr Siegel: Do you have an objection if I stand?

The Chair: I don't, but if Hansard-as long as you speak clearly into the microphone.

Mr Siegel: I'm much more comfortable standing and speaking than I am sitting.

Very simply, I had vibrations about this particular psychiatrist. I searched out my own OHIP billing records, pursuant to section 38(2) of the Health Insurance Act, and found out that he was billing me fraudulently. I was a member of a bereavement group for only a short period of time as a result of the loss of my wife. This psychiatrist was billing me for much lengthier sessions than the group's were, and that's across the board with all the people, and, in addition thereto, he was billing me for specific two-and-a-half-hour sessions of individual in-patient psychotherapy that did not take place.

Very simply-and I realize I'm restricted in time, so I'm keeping my eye on my watch-I reported him to the Ministry of Health and I reported him to the College of Physicians and Surgeons. I took an endless amount of time to go through the process with the legislation that Ms Lankin was the sponsor of way back in 1991. The 120 days is a farce under that legislation, even for the simplest complaint. The college, notwithstanding the fact that they had from me very detailed listings of this doctor's billings from the Ministry of Health's provider services monitoring control, saw fit to dismiss my allegations against this doctor as billing disputes. I could see where uninsured services might end up in billing disputes, but insured services are not billing disputes; the billings are either honest or dishonest. I want to make this fast.

Very simply, I then, pursuant to Ms Lankin's legislation, brought an application for a review to the Health Professions Appeal and Review Board. That matter has been reserved in decision by that tribunal now for 15 months-not on the allegations of billing, because we withdrew those pursuant to the legislation at the Health Professions Appeal and Review Board, but on the basis that it would be redundant to have the Health Professions Appeal and Review Board return it to the college through complaints to refer to discipline when he was already going to be disciplined pursuant to the conviction under the Criminal Code.

This doctor was then suspended by the college, and he was convicted but did not go to jail. This is the area where we talk about records and personal information. I'm aware that the College of Physicians and Surgeons people are here; I know most of them. I know what their submission is going to be; I know what the submission is going to be from the point of view of others who are representing organizations. Simply this: this psychiatrist created charting that indicated that I was a heterosexual pedophile with regard to my own daughters and wrote medical reports to that effect. So when it came to the criminal proceedings, I put in a victim impact statement, which I'm advised is the first victim impact statement ever filed in a criminal proceeding with regard to a doctor who was convicted of fraud in his OHIP billing. That victim impact statement was presented by the College of Physicians and Surgeons to the discipline panel.

Very simply, I suggested to the counsel who acted for the college at that point in time, "Why don't you do the following, if you're going to ask for a suspension"-which they ultimately got. I searched out 47(2) under the Freedom of Information and Protection of Privacy Act, which is an issue before you, which I fully understand, and very simply I held off bringing my application because I don't anticipate being asked to become Chief Justice of the Supreme Court of Canada at this age, or Canadian ambassador to Israel, so a security check would be of no major importance to me.

But I stand before you with a health record at the Ministry of Health which is totally and utterly false that says I was an in-patient at a psychiatric facility. I have a letter from the solicitor of the hospital where this particular psychiatrist has privileges which clearly indicates, as I knew, that I have never been an in-patient on any service from that hospital, nor have I ever been an in- or out-patient at any psychiatric facility.

I suggested to the college, as I suggested to the assistant deputy minister of health, the general manager of OHIP, "Why don't you assist the public under 3(2) of Ms Lankin's act, objects of the college, in the code?" Section 3(1) is the objects; 3(2) says in carrying out the objects the college shall preserve and protect the public interest. I asked the Ministry of Health to advise the patients of this particular psychiatrist who have fraudulent records at the ministry of section 47(2) of the legislation and, in addition thereto, to tell them what to do and how they fill out the form and how they go about it. You know what's going on with that, with Cavoukian. I know you've had before you the other patients of Dr Scott, so I'm not going to repeat what you already know.

Very simply, the reports that indicate I'm a heterosexual pedophile, the charting that supports some of it, are at the College of Physicians and Surgeons; they're one custodian. It is now at the Health Professions Appeal and Review Board, and I will not mention names because of the fact there are civil proceedings pending. Very simply, there are mix-ups. You must look, in considering this bill, at the sections of the regulations under the Medicine Act with regard to professional misconduct, with regard to the issue of the capacity of a doctor to give out medical information about you, with or without your consent. You must look at the provisions of the Regulated Health Professions Act procedural code with regard to the capacity of the Health Professions Appeal and Review Board, that when they get documents from the college coming to them, they have the power to didact whatever becomes public-but how many people see those records?

In my own situation involving the hospital-the only hospital I could have been admitted to as an adult, because this is the only hospital where this psychiatrist had admitting privileges-very simply, they wrote to me and said, "The hospital, under the provisions of the Public Hospitals Act, is the custodian of all in- and out-patient records." They asked me post-fact for an authorization. When I sent them the authorization, they told me their cupboard was bare. I believe that was risk management with regard to their position or their own possible exposure under the Public Hospitals Act. That's another issue.

There are so many ways all this information can go. I have to go public with it in order to commence a civil action, which I've done. The health pro board has it, the college has it, and I just want to tell you one thing about the college. I will say one thing about the College of Physicians and Surgeons that is definitely in their favour. They go much further, under section 23, again of Ms Lankin's act, under the code, to make available to the public information that is not available from the other colleges. But when you make a complaint against a doctor, you must give them a consent on their form. They then write to the doctor for the charting. In my particular situation, with no disrespect to anyone, there was no clinical issue; the issue was credibility. I provided them with the authorization; they obtained charting from various doctors, because there happened to be four involved in the situation-one who very briefly treated a child.

They had never been asked this before, but I said, "How do I know that what they provided to me on the basis of my authorization is exactly the same as they provided to you on the basis of the authorization I gave you?" They'd never been asked this before. "Please make it available to me." From one of the doctors' charting, there were two additional pages that involved not only myself and other patients, but did not involve the child who this particular physician was treating, and said-this particular physician had nothing to do with me; he simply was treating the child. He wrote a report that went to the college that said, "Marvin Siegel is in crisis and he's going to break down any day of the week." Somehow it hasn't happened for almost six years since that doctor, who was not treating me, in whom I never confided, wrote that report. So these people can write anything, and in my situation-I appreciate I'm virtually running overtime-it's as follows: this particular physician, in order to destroy my credibility, in order to destroy my reputation, wrote charting and reports which were totally and utterly false. How do I get rid of them?

1330

I'm well familiar with McInerney and MacDonald in the Supreme Court of Canada, and I hope this bill does not knock out McInerney and MacDonald in the Supreme Court of Canada, which I assume some of you know of. It's the case that deals with charting. Has anyone got any questions on that one? I'll just assume you know what I'm talking about. McInerney and MacDonald provides for the patient's right to charts. The doctor can only refuse a chart on one of two bases: if, by getting the chart, the patient may be at some risk at his own hand, or if some third person may be at risk at the hand of the patient. But if that isn't the case, then if the doctor refuses a chart on one or the other of those two bases, or both, you can go to the superior court, which would exercise its superintending jurisdiction to decide whether the doctor's refusal should be upheld or he should be ordered to give you the documents. This particular doctor has never availed himself of that. The hospitals never provide additional charting.

There are various pieces of legislation you have to look at. You have to look at the regulations under the Medicine Act. I can recall when the omnibus bill was first passed-and I believe it has been incorporated into the Health Insurance Act now-there was a section, if my memory serves me, something around 26, that said, "When you receive an insured service, you are deemed to have authorized the release of your personal medical information for purposes of enforcement of the provisions of the act." What that means is as follows: another patient of the doctor brings some allegation against the doctor as to false billing. OHIP-Keith Mesham, OPP anti-racket squad, Ministry of Health, fraud investigation unit-now come in. They can look at my file. They can see that I'm being treated for HIV or AIDS or some other socially transmitted disease. Is the only protection I have if I pay a doctor directly? Is that is the only way I can protect my own personal health records? Is that the only way?

There are these various aspects of other pieces of legislation, and if I'm repeating stuff you've heard before, I'm terribly sorry. I've tried not to step on the toes of other custodians. I approach it strictly from how this situation has affected me. I have not yet applied. I've been in touch with Mr Baker, who acts for Dr Scott's patients, for Mr Murray and the others and Stanley Burke etc, who I understand have been before this panel.

I've basically run over my time. I could go on, but I'll be prepared to answer any questions you may have for me. But this bill has to be changed if not totally knocked out. It's totally and grossly unfair.

I might just put this to you as well. In my own investigation, what I've done is this-and I can produce this for you. Risk management is a very important issue in all areas of health care at the moment. I became aware of a form that was put out by an American organization called Dental Risk Management. That form is basically a whole file for a dentist on a patient, but the key parts of it that concerned me were that not only do you give the dentist a total dental history but you give him a total medical history that involves hepatitis from A to Z and everything possible, and you sign an authorization on the bottom that, for his purposes in knowing, you authorize him to get your records.

There's one I just want to tell you about, and Ms Lankin may remember this. In January 1996-if you'll indulge me just for a moment or two, please-there was an article, a Canadian Press wire service story, that I called the Canadian Press Ontario desk on, and found out it was Tom Blackwell, who used to be a Canadian Press reporter here at Queen's Park. He's now Southam News at Queen's Park, the last time I heard of him. Very simply, he wrote an article that went out on the wire service. I saw it in both the Toronto Star and the Toronto Globe and Mail. What it said was "General Practitioner Does Heart-Lung Transplant Surgery in Patient's Home." The headline is enough to make one think. It involved a doctor, if I recall correctly, in Brantford. He alleged that he performed these services in the patient's home with a local anaesthetic. I don't know if the local anaesthetic applied to the residence of the patient or if it applied to the portion of the corpus where the local anaesthetic was injected, but very simply, he did it to test the system.

Let's just look at this from the perspective of this patient. We know the system. I will say this-because you people legislate this province in terms of health insurance etc-the people at OHIP, at 2195 Yonge Street, from Arlene Heins down, and others, have been so fantastic to me in explaining to me how the systems work.

The doctor goes on his provider number; he bills against a patient's health number. Let's assume this man whom he billed the heart transplant to was a young man with a family, going to apply for insurance, putting on a mortgage, the whole scene. The only way the doctor who billed falsely for the heart-lung could have billed against him was on his health number. However he acquired it isn't the issue; he billed on his health number. When he admitted that he was only doing it to test the system and the money would be held by his solicitor to be paid back to the ministry if they requested it, was that false billing removed from that patient's health record? What if he didn't know and he made applications for insurance?

I've covered this extensively in my own victim impact statement, but subsequently it got into the very first victim impact statement-I appreciate I'm out of time, and I'm virtually finished-filed by the Ministry of Health, by Dr Steven Ingle, who was one of the medical consultants at provider services monitoring control in Kingston, at the criminal proceeding involving Dr Donald McDiarmid, who's before the discipline committee of the College of Physicians and Surgeons tomorrow on 51(1)(a), having been found guilty of an offence relative to suitability to practice. He deals with the impact on the system, the impact on other doctors and particularly the impact on patients.

How does a person know that a doctor puts in a false billing for you? If you apply for insurance and you don't know that that doctor put heart transplant surgery on your record, you are in theory making a false declaration on your application for insurance. And what a lot of people don't know is that downtown on University Avenue, not too far from us, there's a database that's run by all the insurance people, and if you make an application to company A and they turn you down, for whatever reason, company B can access that. What happens if he's involved in an accident? What happens if he dies and the insurer denies the wife, who may be the beneficiary and the executor of his estate, who has to then say, "Here's an authorization to search his health records"? "Oh, we're not going to honour that insurance policy, poor widow. Your husband made a false declaration on his application for the insurance. He didn't tell us about the heart-lung transplant surgery."

The Chair: Thank you, Mr Siegel. I did in fact indulge almost twice as much time because we had a cancellation in the slot after yours.

Mr Siegel: I picked the right slot.

The Chair: You certainly did. We appreciate your bringing this before us. It certainly raises issues that go beyond this bill.

Ms Lankin: I recognize there's no time to ask Mr Siegel questions. I would like to ask the Ministry of Health, if they're so inclined-it's just a request from a committee member-to assign someone to sit down with Mr Siegel and prepare a detailed summary of the various interactions he has had with these different pieces of legislation and their privacy protections so the committee could actually have a story template of what Mr Siegel has gone through and the various pieces of legislation that he is asking us to have consideration to as we're looking at this. I think it would be very hard for us as committee members to understand all that, but perhaps the ministry might be able to put it in a fashion that is usable for the committee.

Mr Wood: Perhaps I might be able to leave Mr Siegel with my card and he can contact us at our office-if you would, if you're so inclined. If you don't want to do that, of course, that's fine too. Perhaps I can leave you with my card. You can contact our office. Don't do it before tomorrow, because I'll have to tell them about this first.

Mr Siegel: I'll be busy attending the McDiarmid hearing at the college tomorrow, sir.

Mr Wood: We'll see what we can do to set something up for you.

Mr Siegel: Mr Chairman, may I have 30 more seconds, please?

The Chair: Thirty seconds.

Mr Siegel: Recently I had occasion to make a motion before the discipline panel of the College of Physicians and Surgeons on another doctor-not Dr McDiarmid or the one I was personally involved with. I have been called a vigilante with regard to health care, particularly the issues involving fraudulent doctors. I said to Dr Adams, the then, and still now, chair of the discipline committee of the College of Physicians and Surgeons, "Dr Adams, I've been accused of a lot of things, but I want to say one thing, and that is, I have a very, very wide acquaintanceship in the medical fraternity, a couple of doctors who I consider to be close personal friends. Most of the ones I know-virtually all of them-are honest, hard-working and, what I consider to be an achievement, everyday, in-and-out competent. But the sad side of the story is this: professionally I have acted for Mafiosi, one of whom is reported in the Supreme Court of Canada-the names aren't important. In my dealings with Mafiosi and criminals, many of them have been more honest in their personal interrelationship with me than some of the doctors with whom I've had professional dealings in the over five years since my wife died."

The Chair: Thank you, Mr Siegel. I appreciate your taking the time to come before the committee today.

1340

CANADIAN INSTITUTES OF HEALTH RESEARCH

The Chair: Our next presentation will be from the Canadian Institutes of Health Research. Good afternoon and welcome to the committee.

Ms Patricia Kosseim: Good afternoon. I am accompanied today by Matthew Furgiuele, a research officer from our ethics office at CIHR, and Dr Don Willison, an epidemiologist at McMaster University who has been intimately involved in many of our ongoing initiatives in the area of privacy and confidentiality of data. On behalf of the Canadian Institutes of Health Research, I would like to thank you for this opportunity to comment on Bill 159.

CIHR is Canada's leading health research agency, effective since June 7, 2000, that encourages interdisciplinary integrative health research pertaining to all aspects of health. The objective of CIHR is "to excel ... in the creation of new knowledge and its translation into improved health for Canadians, more effective health services and products and a strengthened Canadian health care system."

To fulfill this objective, CIHR is mandated by Parliament to, among other things, exercise leadership within the Canadian research community and foster collaboration with the provinces and with individuals and organizations in or outside Canada that have an interest in health or health research; promote, assist and undertake research that meets the highest international scientific standards of excellence and ethics; and foster the discussion of ethical issues and the application of ethical principles to health research.

It is in this spirit that we have come here today to offer our views on Bill 159 and, more specifically, its research provision at section 32.

We will begin by briefly describing some of CIHR's ongoing initiatives in the area of privacy and confidentiality of data, in order to frame the perspective which we bring to bear on this issue. We will then proceed to address two specific points in relation to the research provision at section 32; namely, the role of the research ethics boards and the need for harmonization of standards.

As you know, there is a compelling need to address real and legitimate public concerns for privacy and confidentiality of personal health information. As technology advances and the manipulation of data becomes increasingly sophisticated, policies and guidelines must evolve accordingly in order to ensure that appropriate safeguards are in place and that fundamental rights to privacy and confidentiality are respected.

There is also a compelling need for health researchers to access data at varying levels of potential identifiability in order to study fundamental questions in areas of biomedical research, clinical research, health services research and population health. The health of Canadians, the viability of their health care system and ultimately the state of their economy depend on it.

The governing council of CIHR identified very early on, as a top priority on their ethics agenda, the need to develop a balanced policy position that takes into account both the societal need to access data for health research purposes and the individual right to privacy and confidentiality. Part of the ongoing initiatives in support of this priority included the publication of a compendium of all Canadian legislation respecting the protection of personal information in health research, along with a soon-to-be-completed international supplement.

In June 2000 a workshop was held entitled Personal Health Information: Balancing Access and Privacy in Health Research, which was attended by 45 participants with a wide cross-section of experience and expertise. Among their recommendations was the need to catalyze dialogue and mutual understanding between policy-makers, legislators and the health research community.

In that vein, CIHR, in partnership with Health Canada and the Canadian Institute for Health Information, and with the collaboration of Industry Canada and the Office of the Privacy Commissioner of Canada, has prepared a series of Q&As on the application of the new federal act to health research. The aim of this initiative is to help inform health researchers of the potential implications of the federal act, apprise them of the issues and begin to engage them in the current debate.

In a parallel initiative, CIHR has struck a working group of health researchers to prepare a series of concrete case studies as a means of describing, in a language more familiar to them, why data is indispensable; how the data is actually collected, used and disclosed in practice; and in what form and whether and how consent is obtained. We hope this latter initiative will provide the evidence-based scenarios necessary to assist policy-makers, legislators and privacy commissioners in appreciating the inherent complexities of health research.

The need for these case studies was apparent when, last February 8, in response to a question by a member of this committee on the possible exception for epidemiological research, given the need to track individuals on a longitudinal basis in a manner that would not unduly bias results, the privacy commissioner answered, "It might be. I would have to say I've heard that argument made and I've heard a lot of anecdotal evidence that not having the full sample somehow badly skews epidemiological research. Not to say it is not out there, but I have not seen the persuasive evidence that this is in fact the case. I have not had somebody point to, `The following studies that were of real importance turned out to be badly flawed because ...,' for instance." It is hoped that the case studies currently under development will help advance this dialogue.

Finally, all the results of these ongoing initiatives will feed into the work of a soon-to-be-created CIHR task force on privacy and confidentiality of data. The mandate is to develop a CIHR policy position during the course of this year. The purpose of this presentation is not, by any means, to pre-empt the conclusions of the task force. Rather, we are here today to provide some interim comments during what is and continues to be a learning period for us all.

We now turn to our specific comments regarding section 32 of Bill 159. Subsection 32(1) provides that "A health information custodian may disclose personal health information to a researcher, being a person conducting a research project or program, only if a research ethics review body designated by regulation has approved the project or program in accordance with this section."

CIHR supports the requirement for prior ethics approval by a research ethics board or REB. REBs are indeed the appropriate oversight body for assessing the proposed collection, use and/or disclosure of personal information for health research purposes and determining the conditions under which it may be done. Independent, multidisciplinary REBs have been established at a local level in academic institutions across this country for several years now; in some cases, well over two decades. They embody a broad range of perspectives and an enormous wealth of hands-on experience in reviewing the ethical acceptability of research protocols. They are composed of at least two members with expertise in the area of the research under review, at least one member knowledgeable in ethics, at least one member knowledgeable in the relevant law and at least one community member.

REBs have acquired the degree of specialized knowledge necessary to understand the inherent complexity of research proposals involving various disciplines and to recognize and promote best practices as they begin to emerge. They are well immersed in the issues relating to both the protection of individual human subjects and the societal need for research. They are intimately familiar with the guiding ethical principles of the Tri-Council Policy Statement on Ethical Conduct for Research Involving Humans, published in August 1998 by the then Medical Research Council of Canada, since replaced by CIHR, the Social Sciences and Humanities Research Council and the Natural Sciences and Engineering Research Council.

1350

The ethical principles underpinning the tri-council policy statement are: respect for human dignity, respect for free and informed consent, respect for vulnerable persons, respect for privacy and confidentiality, respect for justice and inclusiveness, balancing of harms and benefits, minimization of harm and maximization of benefit.

REBs have unique experience, not only with each of these principles but also in applying them in a proportionate and flexible approach to achieve overall balance. REBs are specially placed to play both a review and an educational role. They review research protocols with the aim of determining their ethical acceptability from the point of view of the research subject. They also provide an ongoing consultative and educational function for the research community.

REBs, therefore, are a valuable resource and effective outreach tool. CIHR would encourage the drafters of Bill 159 to consider mechanisms, ab initio, of involving REBs in the process of implementing the bill. Rather than emit regulations that may or may not prove to be workable or feasible in practice, there may be ways of consulting REBs across the province as a means of informing that process in the early phases of the implementation of the bill.

This leads us to our second specific comment, which pertains to subsection 32(5) of Bill 159: "When determining whether to specify that a researcher is required to obtain the consent of the applicable individuals, a research ethics review body shall consider the matters that are prescribed by the regulations." In light of this broad wording and the possibility of regulations, we would like to emphasize the importance of living and evolving standards in harmony with other applicable standards in research ethics. The tri-council policy statement itself reflects a groundbreaking commitment to common ethical norms that transcend disciplinary boundaries across the social sciences and humanities, the natural sciences and engineering and the health sciences. They reflect shared fundamental values and equality of respect for the rights of human subjects, regardless of the researcher's discipline.

In 1998, when Quebec adopted its Plan Ministeriel en Éthique de la recherche et en intégrité scientifique, pursuant to article 21 of the civil code of Quebec, expressly recognized was the importance of harmonization with already-existing standards, including international ethical norms on research and scientific integrity and the tri-council policy statement.

Ongoing efforts continue, with a view to harmonizing or at least facilitating compliance with both tri-council requirements and the international harmonized conference good clinical practice guidelines for clinical trials. The latter guidelines were adopted by the therapeutic products program of Health Canada in September 1997 for the registration of pharmaceuticals for human use.

More recently, the presidents of the three federal granting councils, the then Deputy Minister of Health, David Dodge, and the president of the Royal College of Physicians and Surgeons recognized the need to fortify the legitimacy and support for REBs through some form of accreditation system by an independent, arm's-length body covering both public and private sectors. While the modalities for implementation may vary for different research communities, the need to afford all human subjects with the same level of protection regardless of the source of funding was recognized as a basic principle.

Finally, the challenge for harmonized research ethics standards is one that extends well beyond Canadian borders. There is a compelling and urgent need to provide a level of assurance comparable with international standards if collaborative research is to be fostered and encouraged. The trend, therefore, is clearly towards greater harmonization of standards and not the opposite.

Thank you for your attention. We'd be happy to address any questions you may have.

The Acting Chair (Mr Doug Galt): Thank you very much for the presentation. We have approximately six minutes left-two minutes per caucus-and I believe we start with the government side. Mr Wood.

Mr Wood: Do you have any problem with the concept of ultimate sign-off on research projects by the privacy commissioner, where personal health information is going to be disclosed?

Ms Kosseim: I think the point we're trying to bring forth is that the research ethics boards have the acquired specialization to deal with not only privacy and confidentiality but other important ethical norms that need to be considered in a balance. Ultimately, the idea of a privacy commissioner also providing ultimate sign-off is a matter of practical reality and whether the necessary mechanism can be put in place for a double sign-off. What the implications are is something that-

Mr Wood: I don't think it would be a double sign-off. Ultimately, somebody has to set the policy. The question is, is that a board set up under regulation or is that someone who has in effect been approved by the Legislature as a whole?

Ms Kosseim: I think the REB experience speaks for itself and that it's a valuable and certainly a rich resource and one this legislation has recognized, and we support that direction.

Mr Wood: You would resist the idea of the privacy commissioner signing off, would you?

Ms Kosseim: I don't think we would resist the idea. In fact, that is the situation in Quebec, where both REB approval and privacy commissioner approval are necessary. However, in Quebec the privacy commissioner's role is very defined, and it's coherent in both the public and private sectors according to the same criteria in both instances.

Mr Wood: I'm going to try to slip one more question in if I can. Sorry about this.

Ms Kosseim: I'll let my colleague.

Dr Don Willison: I wonder if I can pose a question: whether the government would be interested in the possibility of REBs submitting reports to the privacy commissioner, basically accountability statements of what they have done over the past quarter or year, the decisions that have been made and some sort of summary that would help in that way. My concern would be the capacity of the commissioner's office to handle the volume of work, because it is huge, and the expertise that would be required to be brought on board.

The Acting Chair: Thank you very much. I'm going to move on to the official opposition. Ms McLeod.

Mrs McLeod: First of all, is it possible for us to receive a copy of the questions and answers you have provided in terms of the impact of federal legislation on research?

Ms Kosseim: Certainly. They are intended to be published very soon. As soon as they are, in the next weeks or month, we will provide you and the members of this committee with a copy.

Mrs McLeod: I suspect I won't have time to return to that, so I'll wait for you-I just want to focus on an issue you raised that hasn't come up before, and that's the regulations to be prescribed regarding consent, subsection 32(5). It is odd to think about why the terms under which consent would be required aren't set out in legislation.

I'm not sure if you have seen the proposed amendment to that section from the Ontario privacy commissioner. If you haven't, may I just read you what she has recommended: "When determining whether to specify that a researcher is required to obtain the consent of the applicable individuals, a research ethics review body shall consider all the relevant circumstances, including whether, (a) it would be reasonable to require the researcher to obtain consent from the individuals; and (b) the personal health information will be used only for the purpose of linking or matching information and in a manner that conceals the identity of the individuals, that keeps identifiers of the individuals separate from the information or that deletes the identifiers from the information."

I know you don't have that in front of you, so it's hard to respond to it, but is your sense that that's the direction you think would provide that common standard across all the jurisdictions where they're conducting research in Canada?

Ms Kosseim: To be fair to your question, I would have to read more carefully and in more detail the extract you just read. I'll let my colleague supplement, but I would probably need to digest that more carefully.

Mrs McLeod: That's fair.

Dr Willison: At first blush, it's reasonable. Again, I would have to-

Mrs McLeod: Mr Chair, may I ask on behalf of the committee, as a point of information, whether we could ask for a response from the presenters subsequent to today's session as to whether that particular amendment would meet the concerns they've expressed?

Ms Kosseim: Certainly, we'd be pleased to.

The Acting Chair: We move on to Ms Lankin.

1400

Ms Lankin: I also look forward to hearing your comments on Ms Cavoukian's recommended amendments and receiving copies of the Q&As on the federal legislation. I hope the work you're doing on the case studies is work that will be finished expeditiously, as well.

Ms Kosseim: Yes.

Ms Lankin: It is my pet question to every research group that comes forward. Explain it to me. I'm very sympathetic to ensuring that we can continue to do good, quality research. I just don't want to give free rein in legislation, even to a research ethics board, to make those determinations where it's not necessary. I want to make it as narrow in scope as is practical. If you give us the information of where there is reasonable and necessary research going on that requires identifiers and of what nature and for what purpose, we'll grasp it. But nobody's putting those examples on the table. That's really important work, I think.

Ms Kosseim: That's exactly the purpose for the undertaking, They will be an incredibly valuable and insightful tool for discussion, analysis and dialogue, and we will be pleased, once again, to provide you with a copy of it when it's complete.

Ms Lankin: Do you have a timeline?

Ms Kosseim: We are hoping for a draft by the end of March, and we would not be averse to the idea of distributing a draft discussion.

Ms Lankin: I think that would be very helpful. I have no idea what timelines the committee and the government will be on with respect to this bill, but it's important to the bill.

Could you also provide us-I'm not sure that we've received it yet, but if we haven't-a copy of the tri-council policy? That would be helpful.

Yesterday we did receive a copy of a document entitled the Declaration of Helsinki. Could you tell us, in your view, what standards are contained in the Declaration of Helsinki, its commonality or not with the tri-council policy, and is it an appropriate standard? It was argued that it errs on the side of protecting privacy. More so than the tri-council policy or not?

Ms Kosseim: I believe the tri-council policy statement is founded fundamentally on international guidelines such as the Declaration of Helsinki. I believe also there are recent amendments to the Declaration of Helsinki that raise interesting issues that would have to be looked at in particular to see their impact and their implications. But certainly at its inception, the tri-council policy statement was founded on the principles of those international guidelines.

The Acting Chair: On behalf of the committee, we appreciate your presentation. However, we're missing two names, if you don't mind, the other two members of your delegation, if you'd read that into the record for us.

Mr Matthew Furgiuele: I'm Matthew Furgiuele, a research officer with the Canadian Institutes of Health Research.

Dr Willison: Don Willison, assistant professor in epidemiology and biostatistics at McMaster University in Hamilton.

The Acting Chair: Super. On behalf of the committee, thank you for your presentation.

Mrs McLeod: Mr Chair, I just expand on my earlier question. Ms Cavoukian had another proposed amendment which would involve a form of lockbox. That may be addressed by your Q&A on the federal legislation, but if you could also give us some idea of how that might affect your work.

AIDS COMMITTEE OF TORONTO

The Acting Chair: I now call the next delegation forward, the AIDS Committee of Toronto. Welcome. On behalf of the committee, we look forward to your presentation. As you begin, please state your name for the sake of the record.

Mr Lee Zaslofsky: My name is Lee Zaslofsky. I'm the advocacy and media relations coordinator for the AIDS Committee of Toronto, also known as ACT. I'm speaking today on behalf of ACT. My presentation won't be that lengthy. We're not a terribly legally sophisticated organization. We rely very much on the HIV/AIDS Legal Clinic of Ontario for information on this kind of detailed legislation.

The AIDS Committee of Toronto was founded in 1983 by members of Toronto's gay community who were concerned about what we now call AIDS. They recognized that it could be a long time before governments began to address this issue, which seemed to appear out of nowhere, and whose causes were a mystery. So they formed ACT to focus the community's energy as it dealt with the epidemic, to provide support to those who were ill, prevention information to those who were not and to advocate for government and private support for work in this area.

Since then ACT has grown to be the largest AIDS service organization in Canada, with a wide range of programs that try to address the increasingly complex challenges that the AIDS epidemic represents. We are proud that the support of the community is shown by the 300 members, 800 volunteers and about 25,000 donors who last year participated in our organization. Our approach is based on partnership with the communities we serve directly and partnership with other AIDS service organizations that serve communities we do not serve ourselves.

From the very beginning, when AIDS was called gay-related immune deficiency-if you remember GRID-the issue of privacy was a major challenge for everyone infected or affected by it. From the outset there was a heavy stigma attached to people living with AIDS that was compounded by the fact that in this country the first group that felt the force of the epidemic was the already-stigmatized gay male community.

In the succeeding years, ACT and the whole AIDS community have worked hard to ensure that Ontarians are better informed about the causes and nature of AIDS. This effort has had much success, but there is still, in much of the population, a powerful stigma associated with AIDS that makes it necessary for every person living with HIV/AIDS to be very concerned about privacy. It is absolutely essential that people living with HIV/AIDS keep as much control as possible over information about this serious health condition. Each individual must decide how much information should be shared and with whom.

The consequences of losing control over information about one's HIV status, as with some other health conditions, can be devastating and grossly unfair. People can lose their jobs, their housing, their relationships, even their lives, if the wrong people find out that they are HIV positive. Even the fear of losing that control can become a debilitating factor in people's lives. ACT's clients live with these challenges every day, challenges that come on top of the health issues that they must face.

That is why ACT was pleased that the government of Ontario was planning to propose legislation that, we hoped, would solve or ease many of the problems our clients face in relation to health information. A good law on this subject would be a major step forward in addressing some of the most difficult issues of HIV/AIDS and would reinforce Ontario's commitment to the privacy of HIV information as shown by the establishment of anonymous HIV testing clinics around the province.

Now the Minister of Health and Long-Term Care has presented Bill 159, the Personal Health Information Privacy Act, for consideration by the Legislature. We are pleased to have the opportunity to comment on it to this committee and we hope that you will give careful consideration to our concerns and those that others raise about this bill.

ACT joins with the HIV/AIDS Legal Clinic of Ontario, or HALCO, and other AIDS service organizations in urging you to recommend the withdrawal of the bill. Bill 159 does not adequately resolve the problems it was presumably designed to address. We agree with the Privacy Commissioner of Canada, Mr George Radwanski, who said to you recently, "As for Bill 159, I don't believe that a law that is so fundamentally flawed in virtually every provision can readily be fixed.... My suggestion would be to scrap it and start afresh in a new spirit."

If the government is not willing to adopt Mr Radwanski's, HALCO's and ACT's suggestion to withdraw Bill 159, ACT supports the recommendations contained in HALCO's brief. However, even with these amendments, the bill would represent a lost opportunity for Ontario to move to the forefront of those jurisdictions that care about the privacy rights of their citizens.

The Acting Chair: Thank you very much. We have about four minutes for each caucus, beginning with the official opposition.

Mrs McLeod: I appreciate your being here and adding to the testimony we received from the clinic yesterday.

One of the concerns that's raised is the breadth of access that this bill gives to, at this point, unidentified people, because of the regulatory power of the minister to expand the list of people who can be recipients of health care information and because of the ability of the minister to provide for direct disclosure. In the way the legislation is written, it's virtually whatever future ministers may decide. So whatever the intent of the current minister or ministry, the way the legislation is worded, there could be changes in the future that would raise concern. What alarm bells go off for you in that respect? What would be the fears of people living with HIV/AIDS in terms of their confidential health information falling into the "inappropriate or wrong hands?"

1410

Mr Zaslofsky: As you know, as I mentioned before, AIDS is heavily stigmatized in a lot of situations. Let me give you an example. Women are more and more becoming a group that is infected with HIV. It's still a very small group in this country compared to some other countries but it is growing and it's very alarming. Women face a lot of issues when they are confronted with having HIV: relations with their children must change; relations with their partner, their husband, could change drastically; relations with their own community could change.

We have worked with some women of Ethiopian background who have come to us and we said, "Why don't you go to someone closer to you in Scarborough?" They say, "No, we have to get out of that area because we might be seen going to ask for service. We are very afraid that if we reveal our status to our husbands, they will regard us as prostitutes," because of course it could never have come through them, "and they will abuse us and turn us out. Our community shuns people that are HIV positive, so we would be shunned. Our children would be taken away from us because we would be thought of as unfit mothers. So we come to an agency"-they call it a "white agency"-because, first of all, the service is going to be good because the white people get better service in our province, in their view, and, secondly, because it's out of their community.

When you look at the kind of fear that those women are experiencing just about revealing this to an AIDS service organization, you can multiply it when they have to consider, "Which doctor shall I go to? Shall it be the doctor that I go with my husband? I can't reveal it to my husband, so it can't be that doctor. What if I go to another doctor? Can I trust that doctor to keep this information? Can I trust him not to tell other people in my community?" All those concerns.

When you have a situation as envisaged by this legislation, which gives such broad license to collect information, to transfer information, and leaves it to regulation by the minister to decide who and when and how this shall be done, obviously the problems that these women and many others like them are suffering from are multiplied many times over.

I'll tell you what the net effect of it is: they don't go for service. They say, "I can't trust the system. So rather than work through the 15 different acts and regulations over this, I'll stay away." This happens a lot, with men, women and everyone else.

Mrs McLeod: Am I out of time?

The Acting Chair: Just very quickly.

Mrs McLeod: It may be an unfair question, so I may just leave it with you, but we're going to hear tomorrow from the police association. One of the things they will be telling us is that when a police officer has been bitten, when somebody has been sexually assaulted and I think there's another condition, there should be access to an individual's health records. Can you comment on that?

Mr Zaslofsky: Yes. That's just rubbish, I'm sorry to say, this "bitten" business. I don't know where this is coming from, that being bitten is a risk factor for contracting HIV. The way to avoid contracting HIV is to adopt safe practices. This applies to people who are having sex, people who are doing drugs, people who are in policing, in the helping professions, such as dentists, and so on. That's the way to counteract it, not to say the only thing that I should worry about is someone who is HIV positive biting me or doing something to me. If you rely on that kind of prevention, you're going to enhance the spread of HIV.

It's the wrong approach to say, "I was bitten. Please, I have to know whether the person was HIV positive." You have to take precautions to avoid risks at the outset in dealing with people. Police, of course, do this in many, many cases. They don't wait to see whether the person who is waiving a gun at them was licensed to have a gun before they do something. Of course, they have to take steps to deal with the risks that situation poses. They have to prepare for it and they have to deal with it at the time. That's what I would say is the-

The Acting Chair: Thank you. I think we should move on to Ms Lankin.

Mr Zaslofsky: Sorry to go so long.

The Acting Chair: It's OK.

Ms Lankin: I'm going to let you just continue on explaining your response, because the committee will hear these arguments made. In a former profession I was involved in, corrections, a lot of work went into developing universal precautions to put in place in correctional facilities. But at the time, it came out of a case such as this, and people raise issues of workers' rights. We heard it from one of the presenters from-I think it was Thunder Bay, or it might have been Algoma; I can't remember which-who talked about an orderly in the hospital and people demanding access to information about patient status.

Universal precautions is one thing. Are you arguing that if there is some kind of traumatic event, you're at a highway accident and you're exposed to bodily fluids, there is no access to records, or people should just be tested on their own? What's your answer to what will be proposed?

Mr Zaslofsky: Yes, people should be tested on their own, even if the person that has just bled upon you-and of course, that's not a risk in itself. You would have to have an open wound or something on your skin for their blood to mix with yours and so on. So there's a low risk in any case. But even if that risk were there, you would still say the way to deal with it is to look and see whether you actually caught the illness, not to look and see whether the person that you're dealing with had the illness. That's not the way to do it.

Ms Lankin: Thanks. I think that answers that.

I want to take this a step further, then, because I fully understand the case you're making and that others have made with respect to the lack of privacy protections in the legislation as drafted. Somewhere between there and what exists today, which has all of the concerns that you've mentioned that clients of yours express, it somehow works most of the time. We're getting more protocols in place, more sensitivity. Are there specifics in the way the world works today that need to be addressed, or is it simply that the legislation as it's proposed gives up many of the protections you think you've already put in place today?

Mr Zaslofsky: Yes, I think that's really the problem, that the legislation seems to be, if I may say so, very closely focused on what shall or shall not happen with these custodians of health information. The real problem is the information and the real problem with the information is the right that the person has to own it. I think the Ontario government has to recognize that right and has to proceed from that basis. I think this bill is going in the other direction and saying, "How shall we protect people that we define as custodians of health information from the various kinds of liability and inconvenience that may arise for them?"

I think there's too much of that in the act. Obviously, you have to consider it. There's too much of that and too little of saying, "What about people that are even now being deterred from seeking service and who worry about things like what the police association will say?" because it gives them the feeling that society may be moving in a direction where all this is going to be opened up to everybody. If something happens, let's find out if he's HIV positive. That would be a real catastrophe in the lives of many of the people in this province, not just for the individuals themselves but for their families and all the rest of it.

We're concerned about the trend this bill seems to manifest. We're very concerned that the Privacy Commissioner of Canada has such a low opinion of it and will say to Parliament, "I don't regard this as similar enough to federal legislation to recommend that you recognize it." I think that's very disturbing. For people who are sensitive about their privacy issues, that is very frightening.

The Acting Chair: We'll move on to the government side.

Mr Wood: Would ACT be satisfied if we passed an act substantially similar to the federal Privacy Act?

Mr Zaslofsky: No, I think we agree with the HALCO presentation that was made to you yesterday, in which-I forget the name of it, but there is a very good model for privacy legislation that came out, I believe in Minnesota, which would be much better than the Canadian act. The Canadian act is better than this one, so I'd rather have that standard than this one, but it too has its flaws. I'm sorry I'm not expert enough to explore that with you.

1420

Mr Wood: We've heard from some of the other submitters that there are some forms of research that basically cannot be done seeking consent. This is basically research where you have a small sample and it's not practical to research that topic and get consent.

If you are satisfied that those forms of research did exist-and that's an if you may not accept, but for the purpose of your answer I'm inviting you to accept that-

Mr Zaslofsky: Yes, I understand.

Mr Wood: If that's right, where would you come down? Would you come down on the side of not doing the research or doing it basically by taking the information without the consent of the patient?

Mr Zaslofsky: I think where we would come down is, don't do the research unless you can get the consent. But I think we also have to be creative and innovative and figure out how we can make it possible to gain informed consent for these things. I'm not familiar with the type of research you're referring to, but conceivably there could be ways developed to do that.

Mr Wood: But would I take it that your position is an absolute one; if you don't have consent, you should not do research?

Mr Zaslofsky: Yes, I think so. Our concern is that the information that relates to HIV, in particular, belongs to the person who has the HIV, and that should be the principle that you proceed on. You can't use something that somebody else owns unless you ask them.

Mr Wood: Those are my questions.

The Acting Chair: Thank you very much for your presentation. On behalf of the committee, we appreciate your presence and input.

Mr Zaslofsky: I appreciate the opportunity to speak to you. Thank you.

PRIVACY MANAGEMENT GROUP

The Acting Chair: Our next delegation to come forward is the Privacy Management Group. Would that delegation like to come forward? We understand you also have a PowerPoint presentation, and we think everything's set up to go.

Mr Christopher Comeau: However, it seems my laptop was damaged on the way here.

The Acting Chair: Oh, dear.

Mr Comeau: Perhaps we can get going. We've provided paper copies of the presentation and I can talk to them.

The Acting Chair: Certainly. Whenever you're ready you may start. As you do, please state both your names for the sake of the record. We have a total of 20 minutes. Use however much you want for presentation. The remaining time will be split between the three parties for question and statement purposes.

Ms Jeanne Bickle: My name is Jeanne Bickle. I'm an executive vice-president with the Privacy Management Group, and I just want to say thank you so much for the opportunity to be here. We value so much the fact that the Ontario Ministry of Health and Long-Term Care has initiated privacy legislation in the health care arena for this province. We applaud you.

Mr Comeau: I'm Christopher Comeau. I'm also an executive vice-president with Privacy Management Group. We're a Toronto-based corporation and specialists in the provision of privacy management solutions.

We've come this afternoon to talk to you specifically about issues of consent in privacy management and to give you additional comments on the legislation that's being proposed.

What we'd like to do is give you a relatively unique point of view on what the impact of having more extensive use of consent in the legislation might be, how that would play out with health care providers throughout and share with you sosme of the information that we've gleaned by being in this area over the last year or so. We'll probably support comments that you have, I would assume, already heard about flaws in the legislation and from other privacy leaders who feel that there is a need for an extensive rewrite of the legislation. That is our position as well.

I'd also like to give you some insight into what we feel are some important consent mechanisms that can make it possible to have more extensive use of consent and still have that as an achievable, manageable process in the provision of health care services.

If you just quickly slip to slide 2 in your decks, you'll notice that we have this quote that says, "A problem cannot be solved by considering it at the same level at which it was created," and in the last 12 months, by consulting extensively throughout industry, health care, finance and the various officers of privacy commissioners across the country, we found that there really is an extensive amount of miscommunication-or perhaps ill-perceived attitudes-about what consent impact there is in terms of trying to get consent from individuals and what is really required in order to institute privacy. So throughout this presentation I'm going to try and take it from a truly different point of view.

Slide 3, you see, is our main stance at PMG. Of course, we believe that privacy is a fundamental right of the individual and it's all about trust. It's about the trust that the nation has in its governors. It's about trust that the nation has in all manners of people who provide services, including health care, and we feel that in order to maintain that trust individuals need to have some measure of control. That control is provided at its finest when there is a consent mechanism in whatever service is being offered.

We feel that the legislation being proposed must not circumvent consent in order to achieve other expedience. Privacy enforcement demands that we have legislation of the nature or with the intent of truly protecting personal information. That legislation is vital. We believe that it needs to be written, but it needs to be written in the right way, and when it is put in place, there has to be an oversight body that will allow that to be enforced.

What we want to correct is the perception that confidentiality, in and of itself, as it is talked to in other legislation is sufficient for privacy. In the security arena-and my background is as a systems security person-we talk about confidentiality and the preventing of unauthorized people to see information. That is a vital component of privacy. But privacy is not about preventing people from seeing the information; it's about letting the right people see the right information at the right time, and a consent mechanism is essential for that.

We also want to talk about how consent is, in fact, manageable and indeed there is an electronic approach.

On slide 4 you see four key viewpoints, starting from the centre right. Essential to all of this are the patients-the people-and ultimately all of us are patients at one point or another. So this is about every single human being who will be impacted by this legislation, without exception, at some point in their life. These people want control because your personal information is the most intimate aspect that you have that you tend to share outwards with society.

On the left-hand side you see health care providers, who I believe are truly interested in protecting the trust that their patients have in them and safeguarding that intimacy, and they do need policies for privacy management. They need tools which perhaps, I must admit, they don't think they have right now but which I'm here to say are available. They need a governance process whereby they know that they're enforcing their own policies and that their tools are working for them.

At the head of the chart is government, of course. We're looking to you for the right legislation, the right leadership, the attitude that you are embracing the privacy of the citizens to make sure we continue to maintain that trust and that you provide some oversight mechanisms so we know and can truly believe that's the case.

At the bottom you see that industry is interested in this problem, because we're part of society and we believe that there are solutions. Some of us have taken ownership of this problem, or at least an intense interest in this problem, to come forward with realistic solutions.

So privacy to us is about the interaction between these four things. We have deeply discovered it's not about coming up with a simple answer. It's about coming up with something that truly deals with all four of those points of view simultaneously, with each person, each organization playing their own intimate role in the solution.

Slide 5: how do we go about getting consent in a dynamic, electronic world when what we have always done in the past was relatively calm? We got people to sign the bottoms of forms and documents, filed those consents in filing cabinets and occasionally looked back from time to time to see what they may have said. In an electronic world where we have actually stopped and counted the number of health care transactions going on-and of course as you would expect they're in the tens and hundreds of millions-how do we know we have consent for all of those processes? There has to be a process in itself for privacy management that is defined, and although it seems fairly simple on this slide, we've spent a lot of time talking to people about, would it or would it not work? We feel that it would.

There is a great need for education to talk about the things like the difference between confidentiality and privacy. There's a need to help people put standards and guidelines in place in their own internal governance systems so that it's a reliable, useful manageable way to achieve privacy.

The integration of consent into health care practices and into health care mechanisms is a technical challenge, but as you'll see, there are solutions available. What we have then is a privacy management solution that can actually be a bridge between infrastructure-processes that currently exist-and all manners of health care applications.

There will always be exceptions. There will always be unusual situations in which procedures have to be brought forward for the common good of society or for special protection of individuals in very exceptional circumstances where they may not be able to act well on their own behalf. I don't wish to address those types of exceptions during this, but I do wish to address the vast majority of health care services and transactions that could be addressed through an effective consent management system.

1430

In the next slide you see that there are benefits to consent. It's not perhaps the best approach to go out into the world and tell everyone that only because of legislation you are forced to do things a certain way, because, as you might expect, there would be some resistance. What we find is that when you go and ask somebody what it is they need, it makes your life so much simpler that it's very useful to operate in that way. When we have choice and consent as part of a mechanism to understand the needs and preferences of individuals, we actually make the complex more simple.

In the business world or in the financial approaches that various health care providers will look at, we know that having the trust of patients is going to make things better. It's a more useful and a more practical way to do business. We know that by having consent, you'll be able to share information in more ways, because you have permission to do so, and you can dynamically achieve benefits by that by cross-linking systems or having enterprise-wide solutions that may not be possible in other means. It just makes good economic sense to do it that way.

Finally-you see the bullet-we're able to take a whole new approach. We can actually provide patients with what it is they want in large measure as opposed to trying to convince them that what they want is what we have to offer. It's a fundamentally different point of view. I think it is human nature to embrace those things which are well intended for you and to resist the ones that are trying to be forced upon you. So in many ways the benefits reduce the complex to something more simple and more achievable. Our experience in the marketplace is that there are many organizations that see fundamental advantages to consulting with their clients, with their patients, about their personal needs, choices and preferences.

What is the consent process? You're looking now at slide number 7. Here we've had to break it down into a really totally new way of looking at it, and from a technology point of view we had to go and look at new technologies. A lot of people think a consent record is something you could put on a piece of paper, or create a very complex chart with columns and lines and rows that indicate all kinds of various options about consent. Well, consent depends an awful lot on the event for which you're going to ask it. We've found that the complexity of that situation does not suit the bingo-card approach, as I call it. We've had to go out and examine, and were lucky enough to find, in this case, that there exist some very useful types of mathematical tools, new algorithms, which allow consent to be created in new ways and to make it very dynamic.

Referring to this slide, the first process that any organization does when they're creating consent is to try to understand what options are available within what series of events. That's a business analysis process and it can be done. Then there has to be a mechanism by which individuals can register their consent, and that means we have to create what we call a pervasive environment. We have to provide it to them in every single way that they might want to do that. Whether it's on simple technology or more advanced technology, depending on the user, connected to a network or wireless, it doesn't matter; that's all achievable right now.

The third bullet, consent maps, is a technology that's now available where we can create a mathematical expression that represents a very complex consent matrix for one individual and reduce that from a technical point of view to a very tiny file that can be stored in a number of places, attached to a process or a document, or even given to the individual in certain circumstances. It just depends on what we want to do. Now we have a tool that exists, that's available, that allows us to move that consent wherever it needs to be, and we're away from these big databases and big charts and wondering what we're revealing simply by having a consent record in the first place. We now have this little, highly portable tool and it makes for a different way of looking at consent.

The fourth piece is that there has to be software available to all the providers of services who are holding personal information on behalf of the clients, who can put in these little plug-and-play software modules that will use these consent maps as the key to either allow a process to occur, because it has been consented to by the individual, or disallow the process because it has not, and provide a record by which the patient in this case could view what disclosures were made. It's a more granular approach.

Every one of the things I've talked to you about requires a different technology, with different roles by different people. That's why I mention this aspect of interaction between a number of parties in order to get a solution. If you think any one person is going to come up with the answer, what we've found is that that's just too hard to do. On the other hand, there is an easy way: by sharing the responsibilities.

On page 8 you see an electronic consent management approach that's broken down into some ordinary building blocks. By discussing this with some of the key privacy legislators and leaders, we found that this is a tool that is useful to various health care organizations-first, a clear methodology by which people can understand what privacy is, how to implement it, where the risks are, what risk management strategy to put in place, and come out with a plan. It's a process, but it's nice when there are templates and guidelines to guide you through it.

There needs to be an architecture, and I'll ask you to just look quickly at the centre of the slide that talks about the five key components of electronic privacy. All five of those components have to be provided separately, and you'll notice that security is only one of them. In the time I have available, I can't discuss that in any greater detail but there is a lot of complexity behind that itself and the flexibility that it brings to the solution. Then, of course, some software that can be deployed the way I said, and service providers who are interested in providing consent services to consumers and health care organizations. There are people out there who are willing to help you make it happen.

I'll just skip slide 9 because I don't believe it's in your deck at the moment.

Finally, let me sum up by saying that in a consent management operation we have government that's providing legislation, direction, oversight of its legislation and maintaining integrity and trust with its citizenry. We need this to happen. We need legislation to protect personal health care information.

Organizations themselves, the health care providers, then can go through all the things I've talked about in the last few minutes in terms of going through a process, embracing consent, realizing there's a way to do it, come up with a realistic, manageable, achievable plan-with a little effort, but it can be done-get some tools, put the tools in the right place, deploy the solution, and it can be managed.

Citizens, on the other hand, which is slide 11, are simply there through a variety of means to register their consent, to let us know what it is they agree to, to let us know what it is we can do to provide them with what it is they need and to view that process on an individual basis so they can exercise their rights.

In conclusion, slide number 12, what I want to re-emphasize here is the point that privacy is not fully addressed by confidentiality. It is a much more dynamic, much more intimate process than just that, although that is a part of it.

Control of personal information has to be in the hands of the patients, of the citizens, and the method by which that control is given to these people, to all of us, is by providing a consent mechanism. We believe the legislation has to be strengthened, has to be rewritten in such a way that consent is used extensively, as has been mentioned, I'm sure, by a number of other privacy leaders in this arena.

We believe there must be an oversight organization to provide governance and means by which all of this can occur. I've shown you in just a few minutes that there are structured methodologies available, that there are unique and different kinds of technologies, which may be what some people have thought of before, that make this manageable in terms of delivering a solution to health care providers so they can do their role in a consent management process.

Overall, I'm hoping this information will be useful to you as you continue to review this and that you will realize there are more options available and that we need stronger consent mechanisms in this legislation. Thank you.

The Acting Chair: We have approximately three minutes left, Ms Lankin, starting with you.

Ms Lankin: That's one minute for each caucus?

The Acting Chair: Approximately.

Ms Lankin: I appreciate your presentation. I don't really have any questions. I think you've presented a technology option to build in more consent. You've said that it is possible, technologically speaking. You may never have seen the silos of technology inside ministries of the Ontario government if you're suggesting that, but I'm sure that's true. I think part of what's not answered for the committee yet is that balance, those few exceptions that you didn't speak to where the common good, either in terms of management of the system or in terms of research information, needs to override the consent principle, and that's what I think we're struggling with.

Mr Comeau: We have looked at that in the delivery of a privacy management solution that included consent. In the initial design phase, where organizations are creating what we call a consent options matrix, those exceptions are identified as part of the things we know about how we have to do business. They are dealt with seamlessly and appropriately with the technology. However, it is fundamentally a human decision about what would be done in that case. So we record that decision and we act accordingly.

1440

Mr O'Toole: You have quite an interesting presentation. Part of my background was data security at one time in my life. I just have a couple of questions for clarification. On page 3, "The proposed legislation must not circumvent consent." I suspect we're hearing that consistently. What would you propose to do in a public sense if people deny consent? Let's say that something as small as 10% or 15% of the population, just out of peculiarity, denies consent, and you're trying to deliver a public policy area. That presents some challenging, as you called them, matrices of assumptions as well.

Then in a general, oblique sense, the whole idea of data mining, just a comment on that. Data by itself today is the power. The individual names and identities are kind of minor. If you can get some generic stuff-how old, where you shop and the kinds of things you're predisposed to do-that's marketing. That's already going on, actually. It's not invasion of privacy. How do you deal with this in this kind of complex matrix? Would it be purely in the health care provision mode or as a privacy thing? Could you produce data that told them most people over 40 sleep four hours a night or whatever?

Mr Comeau: What we have found by looking at the marketplace outside health care is-we have been approached as an organization with a certain mastery in this area-that those organizations feel they would have a tremendous market advantage by including a consent type of mechanism in their marketing pieces; ie, if they tailor their data-mining piece, not by what their marketers may have thought was the creation of a new and innovative product, but by actually asking their client about preference and about certain things, and then got that consent as part of being a responsible corporate citizen, if you will, that would give them a tremendous advantage in the marketplace. So they have their own spin on consent, and they like it.

Mr O'Toole: Yes, that would have to be defined.

The Acting Chair: We'll move on to the official opposition.

Mrs McLeod: Something you said almost in passing concerns me a bit, and that is, if I understood it correctly, that a non-electronic system makes a more informed consent very difficult to manage because of the dynamic conditions under which consent might be required. I guess the reason it concerns me is that I suspect we're a long way away from having fully electronic records in the health care field. How far away are we from having electronic records for, say, doctors' offices?

Mr Comeau: I don't really feel I'm an expert in commenting on that, but I do know there are some strong opinions within the ministry on when an electronic health record would be available. I do know there are certain subsets of a complete electronic record which are available now and that there are already millions of types of transactions which this would apply to today.

I do want to clarify that regardless of what electronic process may be available, the right answer is always the simplest one, and if a paper-based consent would be appropriate, I have no objection to that.

Mrs McLeod: I suppose there are some areas where it's absolutely reasonable to expect that consent could be given through electronic means and that by almost expecting or requiring that it would be possible to have stronger consent for things like research or fundraising, for example.

Mr Comeau: Right. The advantage of having an electronic consent mechanism is that now it can be vastly reused as an enforcement tool in any context in which it's appropriate, as opposed to a paper-based consent which is not an enforcement mechanism; it's really just an accountability process that you would refer to after the fact.

The Acting Chair: On behalf of the committee, thank you for your presentation and for providing us with some information.

BORDEN LADNER GERVAIS

The Acting Chair: Our next delegation is from Borden Ladner Gervais LLP. Come forward and state your names for the record.

The Chair: Good afternoon and welcome to the committee. Please proceed.

Ms Daphne Jarvis: Thank you.

Mr O'Toole: Mr Chair, they gave me the wrong book.

Mr Gerretsen: Maybe you've finally got the red book.

The Chair: You're rattling the deputants. John, gentlemen, please.

The floor is yours.

Ms Jarvis: Good afternoon. My name is Daphne Jarvis. I'm a partner with Borden Ladner Gervais. With me is my colleague, Jacinthe Boudreau, also with the firm.

Borden Ladner Gervais is a law firm in which a number of us, about 15 of us, specialize in health law and count among our clients, for example, the Health Care Insurance Reciprocal of Canada, to which we're lead defence counsel, which puts us in the position of defending medical malpractice law suits, including lawsuits where there may be issues of breach of confidentiality or, the reverse, that insufficient information was provided.

We also provide day-to-day counsel and advice to a huge range of health care providers, including public hospitals, psychiatric hospitals, children's mental health centres, community health centres, community care access centres, long-term-care facilities and, of course, individual health care providers: physicians, nurses etc.

Our expertise is derived from the fact that when health care providers are experiencing problems when it comes to information issues, they will come to us. Hence we have some insight into what the problems are.

We've presented numerous times at conferences and seminars on these issues. For example, here are some materials from a day-long conference we presented on Bill 159 just last month, in conjunction with the Ontario Hospital Association-just so you know our background and where we're coming from.

We've provided a written submission to you and thank you for the opportunity to be here today. Just in passing, I'm briefly going to highlight the things we like about this legislation. First of all, we like the fact that there is a bill before you. The list of institutions I've provided to you for which we've done work is wide and broad, and currently all governed under a hodgepodge of legislation, if any. It is often extremely difficult to provide consistent advice in those circumstances.

We are also very pleased to see the provisions with respect to protecting the confidentiality of quality-assurance information. In fact, our own Ontario Court of Appeal, in a case we've cited in our submission, has recently recognized the degree to which it is actually in the public interest to preserve the confidentiality of that information.

We're going to address a few areas where we think some amendments should be considered. The first two are somewhat related to each other, and that is with respect to the requirement for informed consent to youth disclosure of information and also with respect to the definition of capacity to provide an informed consent.

I think it's extremely important for you to gain some insight into the practical realities in an institution such as a public hospital in dealing with requests for release of information. In a health records department of a public hospital on any given day, there are dozens and dozens of requests that come in for release of information from the hospital's health records. For the most part, those requests are received in writing. It would be extremely rare that the individual whose information is contained in those records is actually sitting face to face with the person organizing the disclosure of those records. The records assembled in a hospital come from numerous health practitioners, a number of regulated health practitioners, not just physicians and nurses but social workers, OTs etc. The request is usually in writing indicating, "I, So-and-so, would like you to provide a copy of the health record in your institution to me," or, alternatively, to somebody else.

1450

I would like to contrast that with the concept of informed consent, which is a concept that has arisen and developed in the context of medical malpractice lawsuits which, over time, has developed a principle of what would an ordinary and reasonable patient want to know or need to know in order to provide true consent to an invasive procedure such as surgery on their body. The person who is advising them as to the risks, benefits, consequences of consenting or of not consenting is the person who will be engaging in that intrusive medical act and who is medically trained and can answer all questions as to what medical consequences there will be and won't be.

That concept of informed consent, in our view, very badly translates into consent for the purpose of collection, use and disclosure of information. There is not that interface, and to expect there to be such an interface between an individual and the health provider or institution is simply unreasonable and impractical, and it will result, we fear, in chaos. We've pointed out in our paper that there is no other provincial or federal legislation currently in force pertaining to personal information that specifies that a consent be informed in respect of it.

In summary, we've recommended that the requirement of an informed consent be removed from the legislation but remain-obviously there must be a consent, it must relate to the specific information, it must be given voluntary and not obtained through misrepresentation.

The same sort of concern arises with respect to the definition of "capacity," which requires that the individual who is consenting be capable of appreciating the reasonably foreseeable consequences of giving or withholding consent to the collection, use or disclosure of information. Again, how it is that it is perceived that the person who is making a disclosure decision would be able ascertain the capacity of a person to understand those things is beyond, we believe, the reasonable expectation on a health care custodian.

We realize that the bill enables there to be a presumption of capacity, but it also goes on to say, unless the health information custodian "has reasonable grounds to believe that the individual is incapable with respect to personal health information." We don't know what that means. We believe, for example, that it probably means that a health care custodian would be entitled to presume that a person over the age of 16 would have such capacity and that a person under the age of 16 may not have such capacity. But within the records themselves, there may be indications as to what the capacity of the person is. Does that mean you expect a health care technician in a hospital's health records department to read a record to try to gain an understanding as to what a person's capacity is? They may be looking at records that are years and years old, that do not reflect the current capacity of the patient who is requesting the information, and that is a person who has no insight, nor should we expect them to have insight, into what the reasonably foreseeable consequences are of the disclosure of those records. They may be for non-medical purposes or they may be for medical purposes. It may be for legal purposes, it may be for purposes of obtaining benefits etc.

It's simply unreasonable to expect, in a huge health records department of a hospital, that there are people there who can foresee consequences of whether the disclosure is made or not made and are able to assess whether or not there are reasonable grounds to believe that the person may not have that capacity. We would hope that it is not expected in that situation that the health records custodian be fixed with knowledge of what is actually contained in the records. That's unreasonable.

In our recommendation we would say that the definition of "capacity" should be revised to read, "An individual is capable with respect to personal health information if the individual is able to understand that the consent is for the collection, use or disclosure of personal health information."

I'm going to move on in our comments to subsection 29(1), which is the provision that permits disclosure of health information from one health provider to another without patient consent. I know there has been some discussion in the committee as to whether or not there ought to be a lockbox provision included in that paragraph. In our view, that is a policy decision and not a legal decision. We won't comment much further on it, but I did want to highlight two things for you.

I can certainly say that the ability for health providers to share information among each other is badly needed, particularly in this era where much of the health care delivery is collaborative these days, when we've got patients going from hospital to home, and a lot of things in between, and where organizations are banding together to provide a continuum of care. The fact that there may be two different corporate entities involved in the provision of that care should not be providing blockages to the ability to share information.

Again, just looking at the practical reality, I'm not sure how a lockbox provision could possibly function when you look at the amount of information that we're talking about. Let's use our example of a woman who in the past has had an abortion and who wishes to lock that information. That's not just information that is contained in a discrete health record that was made at the time the abortion occurred. It may be information that she has repeatedly disclosed over time to various health care providers as she is providing a medical history in other contexts. For someone to say to a health care provider such as a public hospital, "Please share my records to here, here and there as I direct but nothing with respect to that therapeutic abortion I had back in 1972," is going to impose on a public hospital a task that may be undoable and will inevitably, we believe, result in inadvertent disclosure of such information. It is probably preferable that the person simply have that in the back of her mind as she is making disclosure decisions and have the information disclosed to her personally first.

You may be aware through the newspapers of the recent completion of an inquest in Kitchener, Ontario, into the death of a gentleman by the name of Bill Luft, who, suffering from a mental disorder, murdered his wife and four young children and then killed himself. In that inquest there was evidence heard from physicians who were involved with Mr Luft at various stages, who were unaware of the involvement of other physicians either concurrently or in the very recent past. Bill Luft had essentially imposed a lockbox on his physicians, indicating that he did not wish there to be information-sharing about his mental illness between them.

In that case, you should be aware that the jury made the following recommendation. They said, "Bill 159 is currently before the Legislature and addresses the access of patient information between physicians. We would like to recommend that this aspect of the bill be encouraged. This would allow for better care given to the patient by knowing some of the past illnesses that have occurred and ensure that another provider is not duplicating care."

You might want to note that in that case the lockbox imposed by Bill Luft did not simply pose a risk to the quality of health care that he received and the risk to him; it also, in retrospect, might have posed a risk, may have been a contributing factor to the clear risk it posed to his family.

1500

On that section, we would point out that there is a need to broaden the ability to share information from one health care provider to another to include not just a health care custodian, but employees or medical staff appointed within a health care custodian. Often it's unreasonable in our view to expect the communication always to go through hospital administration. There is often a need for caregiver-to-caregiver communication directly.

I'm going to move on to the provision which relates to controlled disclosure, what we've called "Controlled Disclosure in Public Interest," which includes the ability to provide information to police who are in the course of an investigation or who are pondering an investigation, or where there is a present or ongoing risk to an individual's safety. I have to tell you that this area is one in which our legal advice is sought probably right up there with consent to treatment issues. It's a very frequent legal issue and it very badly needs clear language brought to it that will permit health care providers and the police to very clearly understand where the lines are drawn.

The ability to disclose information where there is a present or ongoing risk to an individual is not new. That has always been part of our common law and, really, all that the act is doing is codifying it and making it clear that it applies across the board. There is a provision which allows for a disclosure of information where the health information custodian suspects on reasonable grounds that an offence may have been committed. Again, if this provision is going to stand, we point out that it needs to be dropped down a bit so that it would permit disclosure, not just from a health care custodian but an employee of the health care custodian or a person on staff of the health care custodian. Often these situations, again, are face-to-face situations between a health care practitioner and a police officer, and they need to make snap decisions.

We realize this is a policy issue and we don't take a particular position as to how free-flowing the information ought to be between health care practitioners and the state in that sense, other than to stress it needs to be made very, very clear. You need to be aware of some of the examples that we face that are happening day to day in real life that are throwing these problems up to health care providers. It's not just freewheeling police officers strolling through hospitals looking for health care information.

We've had cases lately in Toronto where there is gang violence happening, where teenaged kids walk or stumble into the emergency department of a hospital. They come by cab or their mother drives them. In one case in particular I can tell you a kid had been clearly kneecapped. He'd had a gun put to his knees and he'd been kneecapped. His instruction to the hospital was, "Do not tell anybody that I am here. I do not wish the police to know of my presence and I refuse to authorize you to disclose anything to police officers." There happened to be a police officer present in the department for another reason who the cab driver saw, and the cab driver disclosed to the police officer the presence of this individual in the hospital.

It was agonizing, the pressure that was brought to bear on health care practitioners to provide further information to the police as to who this kid was, where he'd come from, where he'd been, what he was saying as to what had happened, who was with him-all of these things. You need to consider whether the police did not have a very good point when they said, "Come on. This is very serious. We need to know this stuff." Because for all we know-you don't know this, the hospital doesn't know, but what the police know is that there may be other gang members who are poised to come into the hospital to finish off the job.

We have incidences of domestic violence. We have women who will come into the emergency department clearly with a stab wound, with a shot wound, with tire tracks on their bodies, who say, "Please, I don't want anybody to know." They may be unconscious. There may be a desire to call the police to let them know they have an unconscious person who has clearly been assaulted. Who is their substitute decision-maker? The husband who is standing in the emergency department saying, "Oh, well, she fell down the stairs."

Again, it's a policy issue. Do you wish to restrict the ability of health care providers to bring those sorts of situations to the attention of the police in the absence of patient consent? You've got to give really clear thought to that.

It's also important for you to bear in mind that it's not the answer, it cannot simply be the answer, to say that this is information that is disclosable after some sort of court process, once there's a search warrant or there's been some sort of court review or judicial review that authorizes the disclosure of that information to the police. Often, it is an emergency and often the information that the police are wanting is not something that is in a paper record; it's not something physical that they can seize by way of a search warrant. A search warrant does not authorize people to speak to a police officer; it authorizes police officers to gather physical things. This legislation, Bill 159, clearly indicates that personal health information is governed by this legislation whether it's recorded or unrecorded. That's why. Because you need to know and need to understand that a lot of this information resides in the minds of the health care providers, in their memories and what they've seen and what they've heard, and it's not necessarily immediately recorded nor is it necessarily ever recorded into a hard document that can be seized.

Often the ability to subpoena someone or summons someone to witness is relevant to a court proceeding that may not happen for years down the road and the information is required much prior to that, so you need to bear those considerations in mind as well.

I'll move on to one of the other authorized disclosures, which is to-

The Chair: I should point out, actually, we've gone a bit over time already, so perhaps summary comments in the last minute or two?

Ms Jarvis: It's a related comment with respect to disclosure to children's aid societies. The provision would appear to permit disclosure to a children's aid society so that it can carry out its statutory functions, which are quite broad. We'd point out to you that that appears to contrast significantly with relatively new legislation brought through under the Child and Family Services Act, which does impose a court-supervised process for disclosure of information from a health care provider to a children's aid society.

As a matter of interest, the Luft inquest jury was asked to comment on to what extent there should be free flow of information from health care providers to a children's aid society, and they chose not to make the same recommendation as they did with respect to free flow of information between health care providers. I thought you'd be interested to know that. Again, we take no particular position, but we simply urge that some clarity be brought to permit health care providers to know to what extent they are free to disclose information to a children's aid society, absent some sort of court process or consent, and absent an immediate concern about suspected child abuse.

The last thing we would address is in the paper and I won't bother orally addressing it. It's a fairly minor point.

The Chair: Thank very much. We appreciate your detailed presentation and your taking time to come before us today.

Ms Lankin: I'm wondering if there is a mechanism by which, if over the next two days there are any cancellations that we're aware of and should the will of the committee agree with my suggestion-we invite these presenters back. It's a very unique and different perspective that's been offered that the committee hasn't heard before. I would really appreciate the opportunity to both put some questions myself and hear other committee members' questions. They may not be available, but-

The Chair: As you know, the Chair is in the hands of the committee members. We, in fact, have some time because of an earlier cancellation. I am always loath to treat different presenters differently, but having said that-

Ms Lankin: What time is available right now?

The Chair: We have eight minutes available right now. If you'd like, we can split that between the three caucuses.

Ms Lankin: If there's general agreement around the room, I'd appreciate it. I think there is.

The Chair: Seeing that there is, the rotation this time would start with the government members, first Mr Wood and then Mr O'Toole.

Mr Wood: I'd like to ask you a couple of questions about the removing of "informed" from "informed consent." I gather that no other Canadian act takes that approach; no other Canadian act that's been passed requires informed consent.

Ms Jarvis: Not that I'm aware of.

1510

Mr Wood: I gather the CSA guidelines don't require that, or do you know that?

Ms Jarvis: I don't know.

Ms Jacinthe Boudreau: Are you talking about the schedule to the federal act?

Mr Wood: Yes.

Ms Boudreau: It does not require informed consent. No, it does not. I refer you to our material, section 4.3 of the schedule, which you can read later on.

Ms Jarvis: It requires knowledge and consent, which is different from informed consent. We need to be clear. We're not saying there shouldn't be a requirement that there's consent.

Mr Wood: The guidelines require knowledge and consent.

Ms Jarvis: Knowledge and consent.

Ms Boudreau: It's knowledge of how the information will be used by the body collecting the information, but it's very different from the requirements of Bill 159, which sets out detailed requirements for the informed consent, where the person must be knowledgeable of the foreseeable consequences of consenting.

Mr Wood: Are you aware of any foreign jurisdiction that uses informed consent?

Ms Boudreau: Personally, I'm not.

Ms Jarvis: I don't know.

Mr O'Toole: I'm quite intrigued by the legal entanglement here, and I mean that in a complimentary sense. Two points, if I may, Mr Chair. Informed consent-and it's a reasonable, foreseeable consequence, that sort of definition. I don't know how you'd pin that down in a health care sense. If somebody's going into some kind of exploratory surgery, what is informed consent in that case? Can you define that somehow? "You're possibly going to die"-is that general enough?

Ms Jarvis: If I'm considering to have my gall bladder removed, my surgeon is required to obtain my informed consent and that includes that my surgeon is required to tell me what the risks and benefits are, including reasonably foreseeable risks of having the surgery. He might have to tell me that the gall bladder could rupture and you could end up with a bad infection and you might even die. He or she may also have to tell me what the consequences are if I don't consent. "If you do not consent to this surgery then you are going to get progressively sicker and it may be that we'll never be able to make you well." That's all well and fine, and the surgeon is required to answer whatever further questions I have. That's what an informed consent is: how I can tell you what the foreseeable consequences are if I refuse to disclose your health record to you or to give it to this gentleman over here whom you've authorized me to give it to. I may know that your purpose is because he's your new family doctor and he needs the information, but how I can tell you what the consequences are to you if you don't provide me with that consent etc, I don't know; it's not practical.

Mr Gerretsen: Just following up on that point and also the definition and presumption of "capacity," I take it that your basic point is that it sets out a criteria in the act that makes it look as if a certain criteria has been met when there's really no way the other person can know whether that's so or not.

Ms Jarvis: For the most part. If it's my psychiatrist and I talking about, "How much do you want to tell your children?" that's doable, but it's the very rare case where it's actually going to be possible.

Mr Gerretsen: I guess the way I look at it is that if a layperson were to read these various sections, you would get the impression everything is protected therein, when in actual fact that may not be the case at all. That's sort of my interpretation of it. Is that correct?

Ms Jarvis: I see your point and, yes, that's one possible interpretation.

Ms Lankin: I truly appreciate the work that you've put into this presentation. Your comments with respect to areas of informed consent and presumption of capacity just blew me out of the water, I have to tell you. You get used to the lingo and don't think beyond and just have an assumption that, of course, those would be the standards that we would impose on this legislation.

One question on informed consent: given that in the circumstances you set out it would not be practical that a person could give the foreseeable consequences, would that person potentially have liability? As a health information custodian who has sought consent and has passed on information perhaps to a third party and that's an insurer, and the third party cancels the individual's insurance policy and that was not explained as a foreseeable outcome of that giving of consent, could there be a liability back to the individual?

Ms Jarvis: Of course there are liability concerns, yes.

Ms Lankin: Just a comment. The other issue on controlled disclosure and public interest is really interesting, but I want to focus on the sharing of information between health providers and the Luft jury recommendations. I think it's very important you drew that to our attention. One of the things the committee is grappling with is the whole balance between the individual's control of their own private health information, that basic human right, and a whole range of other issues. What's in the best interests of the individual? There's a paternalistic aspect to that. You've drawn in, with the Luft recommendations, what's in the best interests of the family. Are there not other mechanisms of danger or immediate danger to self or others that would have resolved the circumstance in terms of the Luft case without saying that therefore you couldn't conceive of anything like a lock box?

Ms Jarvis: It's important to understand that the Luft jury was not saying they felt that would have prevented those deaths-

Ms Lankin: I realize that.

Ms Jarvis: -but they saw it as an issue.

The problem is that it's the putting together of all the information which allows risks to be assessed. So you can't say, "I think because there's a risk I need to see this information." Without that information no one even perceives that there is a risk.

Ms Lankin: A very good point. I wish we had more time, but I appreciate the Chair's indulgence.

The Chair: Thank you very much for the very detailed presentation you brought to us today.

ONTARIO PHYSIOTHERAPY ASSOCIATION

The Chair: Our next presentation will be from the Ontario Physiotherapy Association. Good afternoon and welcome to the committee.

Ms Caroline Gill: Mr Chairman and members of the committee, my name is Caroline Gill. I'm a registered practising physiotherapist and also a member of the board of directors of the Ontario Physiotherapy Association, the OPA. With me today is Signe Holstein, the executive director of the OPA.

Over the past 10 years, the OPA and our 4,000-plus members have not only seen but have also been part of significant changes in health care delivery in this province. Ten years ago, 80% of our members worked in publicly funded health care. Today it's about a 50-50 split: 50% public and 50% private. We see the trend to privately funded care continuing in Ontario. I remind you that there has not been an OHIP licence granted to a physiotherapy clinic since 1967 and our OHIP pool is capped. So when people need community-based physiotherapy, those who can afford it will understandably go to private clinics rather than brave the long waiting lists or the long drive to an OHIP clinic.

Physiotherapists have a unique perspective on our health care system. We experience at first hand the trend away from OHIP services and the implications of the growth of privately funded health care. That's why perhaps you can appreciate physiotherapists get a little frustrated at talk, such as around the last federal election, about resisting a two-tier health care system. We already have a two-tier system and it's growing by leaps and bounds.

Because of cutbacks, hospitals are releasing patients into the community with unprecedented levels of acuity, but public funding for community care has not kept up. So patients who have the resources to do so will naturally go into the privately funded community stream. More people are paying for their post-surgery physiotherapy, post-cardiac rehab, post-motor vehicle accident recovery using Visa, MasterCard or third party insurance coverage than ever before. This has significant implications for patient records and is a large part of the reason we are here today.

Our fundamental issue with Bill 159 is that it's based on the assumption of a publicly funded health care system. That assumption, as I've said, is passé. We understand this bill is likely to die on the order paper. We think that's a good thing and we hope this committee's work will provide the context for a new bill that is actually in tune with the current realities of our health care system.

1520

Allow me to address some specifics. Physiotherapists are very active in a variety of health care delivery teams and in numerous care settings. We have primary access. Patients do not need a doctor's referral to see a physiotherapist. Having said that, I must tell you that almost 80% of our patients come to us via a physician's referral. The relevant point here is that interprofessional access to and exchange of health record information is absolutely essential if patients are to obtain quick and appropriate treatment.

Lifestyle information can be particularly sensitive and patients can be especially reticent to impart it if there's any risk of disclosure, yet we need that information in order to assess and treat appropriately. It's an issue for all patients. It's often a big issue for teenagers who are concerned about lifestyle information being disclosed to parents, guardians or others. That's why we're worried, as we say in our written submission, about the chilling potential of clause 42(2)(a), which could force practitioners to disclose that kind of information.

What you may not be aware of is the health record custodian role played by physiotherapists in private practice, nursing homes, home care, industry or corporate care and a range of institutional care venues. Patients share not only medical information but considerable lifestyle information with their physiotherapist in order to obtain appropriate assessment and treatment.

OPA believes personally identifiable health information should be used only to advance the quality of patient care. OPA believes that the assurance of privacy and confidentiality of health records is crucial to the physiotherapist-patient relationship. OPA also believes that access to personally identifiable health information for other applications, such as research, government planning or hospital fundraising, should be restricted, if not prohibited altogether. Information that identifies a patient should be released to third parties only in the most exceptional of circumstances.

The OPA supports the goals of Bill 159, but, from our perspective, some of the flaws in this proposed legislation have to do with the fact that it has been drafted without a full appreciation of the radically changed care delivery environment that's out there today. Less and less health care is delivered solely through hospitals or solely through physicians. On a rehabilitation team, most of the professionals are increasingly privately, not publicly, funded. Nursing homes are privately owned and operated. Home care delivery has been privatized, and there is a growing trend to close or downsize publicly funded physiotherapy departments within hospitals in favour of private clinics in those same hospitals. We call this "private clinics in public hospitals."

What is also important to understand in the context of Bill 159 is the recent expansion of foreign ownership, particularly in the rehabilitation sector. Over the past few years a few foreign-owned corporations have moved aggressively to acquire OHIP and private physiotherapy clinics. So now one has to factor in the likelihood of health care records of Ontario residents being held in or transmitted to the US head office beyond the jurisdiction of any Ontario legislation.

We know. Our members now work for and report to foreign owners, or at least to those who report to foreign owners. What we ask you to consider is the Latin question, "Quis custodis custodes?" or "Who will watch the watchers?"

The provisions in this bill about information custodians are fine in a world of manual records, centralized and publicly funded health care delivery and domestic ownership. They are less relevant or enforceable in a world of electronic storage and transmission and in clinical environments that are increasingly private and controlled by foreigners.

Even encrypted health information can be violated by a custodian who shares their "public key" with a shareholder by simply downloading files to a laptop. Try and stop that when you do not have an audit trail that permits easy discovery of the privacy and access breach, or when the trail leads outside of Canada.

We are not being alarmists. We are gravely concerned about the security of personal health information when one considers the rapid and apparently unnoticed or unchallenged growth of private and foreign ownership in important components of the health care delivery system.

Recent experience just down the street from us today illustrates that privately owned clinics sometimes get into financial trouble and that owners of privately funded clinics sometimes engage in questionable conduct. Is this a trustworthy environment for sensitive health records information? We assert that Bill 159 is largely blind to those kinds of vulnerabilities.

Bill 159 should not be reviewed and considered solely within the context of shifting from a paper-based health record, one stored in the bowels of a hospital, to an electronic record to be stored digitally and safeguarded within a public institution. Bill 159 should not be reviewed with a belief that technology can solve privacy and access concerns.

The OPA would ask this committee to be the first to begin an earnest discussion of important considerations such as the security of health information within the reality of health care delivery in Ontario. The reality is that we function in a two-tiered system. About a third of all health care expenditures are made by individuals or private organizations and, as I said earlier, 50% of physiotherapists now practise in private clinics rather than in public institutions. Another reality is that care is delivered by considerably more practitioners than physicians or nurses and in a range of settings beyond a hospital or doctor's office.

If the review does not take place within the realities of the new care delivery paradigm, then this legislation will be largely irrelevant in protecting the privacy rights of Ontario residents and health care consumers. It will take a very strong ethics review body, a body with real teeth and a body with a sophisticated understanding of both the limits of technology and the diverse environments in which the custodians will operate.

Physiotherapists know from their own education and practices that prevention is the most effective health care remedy. What we are asking of this committee today is to be sure Bill 159 is able to anticipate and prevent breaches to privacy, in addition to being able to punish those responsible for any breaches after the fact.

Is a fine of up to $50,000 for an individual or up to $500,000 for a corporation a sufficient deterrent? How much would a non-resident pharmaceutical or insurance or medical devices company pay for an up-to-date, market-specific and accurate database that personally identifiable health care information would create? Maybe a lot more than the maximum fine.

OPA is concerned that this bill apparently emphasizes access to health records over protecting patient privacy. Section 2 of Bill 159 has a long list of persons, programs or organizations who qualify as health information custodians. We believe as a principle that other than those who are directly involved with patient care, personally identifiable patient information should not be accessible by third parties, except in specific and exceptional circumstances that are mandated by legislation, and only then with informed patient consent. This would go a long way to making it easier to enforce access limitations and make it easier to audit access.

1530

Third party access should only be permitted in the most exceptional of circumstances and only after proof is provided that the required information does not already exist in other forms or from other sources. The OPA has concerns about the sweeping circumstances in which information obtained from a health record can be disseminated without consent from the patient. The provisions, as written in Bill 159, have the potential to violate the necessary confidentiality of patient-provider relationships and patient privacy.

The OPA agrees that health information should not be distributed unless knowingly authorized by the patient and that those who receive such information must take all reasonable measures to safeguard it effectively. However, the bill unnecessarily expands the instances in which personal health information may be disclosed without that person's consent.

For example, subsection 26(5) permits a health information custodian "that is a facility or organization that provides health care to use or disclose the individual's name and address for the purpose of fundraising activities without the patient's informed consent." OPA finds that to be a remarkable provision. It could lead to health information being used for a range of commercial purposes such as direct mail and market surveys.

Further, section 27 outlines other instances in which health information custodians may provide patient information without patient consent; they are both dangerously broad and vague. Some of these are to government for the purpose of "planning or delivering programs or services of the custodian, allocating resources to any of them, evaluating or monitoring any of them or detecting, monitoring or preventing fraud related to any of them"; or for a research project or program.

We are also concerned that personally identifiable information could be used and disclosed to the Ministry of Health and Long-Term Care for planning purposes under clause 27(e) or for research purposes under clause 27(i).

In our view, the legislation should explicitly state that identifying health information will not be disclosed if anonymous information is equally available. If personally identifiable information is legitimately required, the proposed research ethics body should adjudicate the request for information.

We suggest that focusing on technology-related solutions to safeguard access and privacy is not enough. OPA suggests there is a need for a front-end information process that includes the following: requiring data gatherers to specify the purpose for data collection; limiting the data collection; limiting the use of data collected; ensuring openness and transparency; allowing for individual right of access and correction; ensuring data quality and security; and creating independent oversight.

Another issue is that Bill 159 will have paramountcy over the RHPA. Our concern is that this could lead to conflicting or inconsistent provisions under the two legislative regimes, with regulated practitioners caught in the middle.

The OPA supports the stated goals of Bill 159. Patient care and protection of privacy are a major preoccupation for health care practitioners. We put the challenge to you as policy-makers to not proceed with Bill 159 unless you are satisfied it answers the question, "Quis custodis custodes?" That question cannot be answered fully if health care policy continues to be made with blinders on as to the realities of a progressively privately funded and foreign-owned health care delivery system. That's the real test for Bill 159.

Thank you for this opportunity to outline our concerns regarding 159. The OPA looks forward to continuing a dialogue with the committee and the Ministry of Health and Long-Term Care on implementation of the bill.

We'd be happy to respond to questions.

The Chair: Thank you. That leaves us only about three minutes for questioning, so I'll give the time to the next party in rotation, which is Ms Lankin of the NDP.

Ms Lankin: Thank you very much. I appreciate the presentation. I think the points that you make around the organization of health care in Ontario today and the reality of the public-private delivery systems are important for us to consider.

I understand your general principles with respect to the bill, that it needs to be reoriented around patient confidentiality and not help custodian ease or management issues. But reading the bill, it would seem to me that most of the circumstances in which your members provide health services in the privately paid-for system would or could still be captured under this bill. They're regulated health practitioners so they come under the definition there. They're operating in places that could be independent health facilities, under that legislation, or could be designated under regulation within this legislation. Am I missing something? Is there a segment of the operation or the provision of those services that is completely apart from the purview of this legislation and therefore private personal health information wouldn't be governed?

Ms Signe Holstein: I think you're correct in that certainly they're still covered under the Regulated Health Professions Act, but there's a lot of health information held in privately owned, privately run, privately managed institutions-not institutions but non-institutions, and that's one of the problems.

Ms Lankin: Have you looked at the definition, for example, of "health care custodian," which really presents a lot of the responsibility and onus of the bill, and can you give us examples where there's an operation that would not be covered?

Ms Holstein: I honestly can't at this point, but I'd be more than happy to go back and try and find-

Ms Lankin: That would help, because one of the things the bill also does is provide the opportunity through regulation to designate certain things. We may need to look to that. But I suspect, through various mechanisms-independent health facilities, the health care practitioner, provision of health care-there are a lot of definitions there, and when you put them all together it may be that they're covered, or I may be wrong. We need to know that, I think.

Ms Holstein: I have to say I didn't really look at it in that specific an example, so I will do so.

Ms Lankin: Maybe you could look at it and also consult with the ministry and provide that response to the committee.

Ms Holstein: I'd be pleased to.

The Chair: Thank you very much for coming before us this afternoon.

CANADIAN MENTAL HEALTH ASSOCIATION, ONTARIO DIVISION

The Chair: The next presentation will be from the Canadian Mental Health Association, Ontario division. Good afternoon and welcome to the committee.

Ms Patricia Bregman: Good afternoon. I have two colleagues joining me. It's nice to be back.

I should tell you that we will have a more formal written submission tomorrow but we thought, in the meantime, there are actually some articles in here that you might find enlightening that relate to this. We added a little bit about stress reduction and exercise, so if I see you cracking your jaws, I know you're reading our material and trying to relax a little while you're sitting here.

On my right is Dr Barbara Everett, who is the new chief executive officer of the Canadian Mental Health Association, Ontario division. She has a clinical background, so she will be doing a piece at the very end about some clinical issues. I think she would also be happy to answer questions that you may have as they relate to mental health information in a more clinical setting. To my left is Omar Odeh, who joined us a week ago as the manager of our knowledge enhancement centre.

1540

I'm going to do the primary part of our presentation. It's going to be somewhat different than what you've seen and, I hope, helpful.

I want to start by thanking the committee for once again adopting what was a very effective process for Bill 68. Those of you who were part of that process may not be aware, but we've been on record as saying that we found that process led to much better legislation. It was a really good process and, Mr Chair, we appreciate the contribution you made to that process. We hope that this process again-

Interjections.

The Chair: Let me just say thank you. One takes one's compliments where one can find them.

Ms Bregman: And to the rest of the committee. It relates to what the main part of our presentation will be at the end, which is a somewhat innovative recommendation about next steps that we hope you will take seriously as a solution to how we get this legislation to become good legislation, and that you'll take it in the same guise in which I think this committee has been working. I think all three parties deserve credit for really focusing on health information legislation as being important and something that we need to have happen in Ontario. Work needs to be done on it, but that having been said, we want to come here with some proposed solutions, not only in content, which we're not going to go into a lot of great detail on, but in process.

I also want to say at the outset-and I don't usually start with personal things-that you should know that I'm one of the few survivors of the Krever commission. I was the policy research analyst for the commission in 1978 to 1980 before I went to law school, and I'm probably one of the five people, in addition to Juta Auksi, who also worked for the commission, who actually sat through every single day of the investigative hearings and read every single file seized. So I come at this with that history. In 1990 I went to the Ministry of Health and spent two years working on a previous incarnation of this legislation and as counsel to the freedom-of-information office. So I truly appreciate how far this has come in actually showing up as legislation.

I remember why we didn't have legislation, which is that the idea of patients having access to records was considered over the line; it wasn't going to happen. I think we're starting from a premise of appreciating the fact we've gotten here and I think it's important to keep that in mind during our presentation.

There are four points, before I get to our proposed solution, I think we want to highlight as being of some concern, although I think remedial. One is the notion that legislation needs to cover more than simply the health setting. I understand the rationale is that this legislation is limited to the health setting and you're going to have other legislation that will later cover the rest of the employment setting, the insurance setting. To be honest, that was the argument made when the Freedom of Information and Protection of Privacy Act was passed and that was the reason that health information was not put into FIPPA at the time.

While I certainly think you have all of the best intentions in the world, I think it would be really tragic if people's health information outside the health sector remained vulnerable. What you may end up with is the patchwork you're trying to avoid, and I thought I could give you an example of what the problem is. This came not just from the patient but from the health care people in employment settings and insurance who presented to Krever. This is not a new problem. It comes because people are required to disclose significant information outside of the health setting to get benefits. It happens more and more that you need it to get your drugs.

If you want a drug plan, your employer is likely going to administer that plan and you're telling your employer, "I have this problem." If you have a mental illness and you've got schizophrenia-you were really sick, you're taking your medication, you're able to return to work-you have to disclose a lot of information to your long-term disability insurer, who will talk about return to work; to your employer, who will need to accommodate you in the workplace. It's important that people feel able to disclose that information.

What has happened in the past, and continues to happen, is that information is protected when the doctor has it. You consent to disclose it and that's the end of protection. There's more than one instance where an employee benefits coordinator, who may be a clerk in an office, has mentioned to your colleague that you having mental illness. We know what the stigma of mental illness is about. I think the government, and we thank them for this, is funding a whole project in the northeast mental health implementation project about removing stigma. That one disclosure may ruin that person's employment relationship for good. It may cause them to lose a job or to lose a benefit or to lose housing. It's something people will worry about. We don't want people being afraid to go back to work or apply for a drug benefit simply because, having disclosed that information, there is no current remedy. There is nothing that person can do. There is no law that prevents that disclosure right now.

Similarly, within the insurance industry-and for those who haven't read the Krever report, I will tell you that the insurance industry and lawyers were the biggest offenders in terms of inappropriate disclosure. You disclose information to your insurer every single day, and every single one of us does it: when you get a mortgage, when you apply for a car loan. There's no law that stops them from disclosing that to whomever they want. They may say they're not going to do it, but there is currently on the books no legal protection.

The same problem of patchwork and no protection that this legislation is addressing exists outside the health sector. I can't urge you strongly enough to reconsider expanding it. If you subsequently put privacy legislation in place, great, you can do what you're doing with this legislation and say, "We'll repeal it, we'll amend it." But if there were one issue that I really think is critical, that's one.

The second one, which I know you've also heard a lot about, is the removal of the lockbox provisions. A lockbox provision was put in in previous versions. It's a matter of control. It's part of the culture of, "We control the disclosure of our information."

I've read all of the Hansards for this committee because I wanted to see what people were talking about, and I've seen the justification. Often it's, "If you don't do that, we'll have to retest somebody," or "We'll have to do the X-ray again," or the lab test. I agree with you: inefficient. But I guess what I want to bring you back to are two things. I don't know anybody, myself included, who wants to do a test again, and I find it hard to imagine that somebody would not consent to that disclosure. Whether it's a lab test or an X-ray, I don't have trouble saying, "You can disclose that," and people will consent. Nobody wants to do it.

What you have to remember is that much of the health information is not that lab test and that objective data; it is the subjective data that doctors write down. I'll give you an example. This came to us from a doctor during Krever's commission who said, "I have a request from a patient to disclose information. I don't want to," because what it said was that this patient went to see her doctor and the doctor wrote down, "The husband had called me and said that he didn't like having sex with his wife, and I can see why: she's big, fat and smelly." That's the kind of information that's in records. That's number one, very subjective. Not everybody needs to know that. Why should I as a patient be subject to that kind of disclosure? The second is the assumption that it's all accurate and good information. There is inaccurate information in these records that may be perpetuated because the patient doesn't know it's being disclosed and doesn't know it's there. I would think we would want the best quality information disclosed.

Again, I strongly urge you to look at reconsidering putting in some level of control back to the patient to say there's certain information that you just-if you're an in-patient in a psychs unit, why does your whole record have to go to the ophthalmology unit when you get your eyes tested? That's what can and likely will happen, because nobody else but you, the patient, really has the interest in sifting through the piles of records to decide what goes and what doesn't go.

I think you're really running a risk of jeopardizing health care and not improving it. That's why we distributed the Network magazine. There are a couple of articles in there about the links between physical and mental health. If you read the article by the woman who was mauled by a bear, it's really quite interesting, her experience as she went from dealing with the health profession as a medical problem to dealing with them as a mental health problem and the way in which people looked at her differently. We know that having a mental health history changes the way the medical profession perceives you. So I again would strongly urge you to look at that as a change to the legislation.

The third area that we wanted to raise is patient access. I do commend the government for putting patient access and informed consent in. It's an enormous improvement. This is a tiny change-and I actually mentioned it to Gilbert Sharpe outside-and it may just be a drafting thing. As I read the legislation, you not only have to pay to have your information photocopied; you actually have to pay to ask to see it and you have to pay if they show it to you, even if they don't photocopy it. I can't think of a bigger barrier to access, and I think you've got some internal inconsistencies. If you're giving informed consent, that assumes you see what you're consenting to. As I read the legislation, a health care provider could say, "I want you to consent, but you're going to have to pay me to do it."

1550

I'd really urge you to go back and look at those provisions again. I think it's reasonable to put in regulations to deal with photocopy charges. You may even have an argument to be made that where somebody repeatedly requests records that are hard to find, that aren't related to care, you may want to look at some way of controlling that. But for the standard requests when you go to the doctor to have it up front that you've got to shell out money, it just seems to me unfair and somewhat an unreasonable provision. Ironically, all of this is about moving into the electronic age, where information is going to be available like that, free of charge, cheap. That's the one provision I would urge you to look at.

Before I turn it over to Dr Everett, the recommendation and proposal we have: we've got as a starting point legislation that I think has a good foundation. It's hard to understand, and I'm sure you've heard that a lot. I've got a lot of experience. I couldn't tell you how this all works. But I think we can come up with a process that will allow you to achieve what you want, involve the stakeholders and move quickly.

Our proposal is that instead of just having the committee sit down with this, you throw the stakeholders who are prepared to put aside ideological battles into a room for a short period of time, time-limited, a week or two weeks, and what you walk in with is you all agree that you're going to walk in and the goal is to come out with legislation, to come out with a consensus where possible, and if there's a disagreement you put it aside and you can deal with it later. What you would come out with at the end of the week is, where it's just a language thing, you get the language fixed; where there may be consensus that the policy needs to change-and I think there are some areas-you recommend to the government, "Here's the policy." What you can then do is really narrow it down to one or two issues where you may not have consensus, and then we come back to you on second reading with that discussion.

But my guess is we're prepared certainly to go on those terms and say that what we want is to come out with good legislation. We don't want to go and argue at great lengths about a whole range of things; we're prepared to put those arguments aside. And I think other stakeholders might be prepared to do it. You would benefit from the fact that we have the grassroots experience. We know from our constituents, the people we deal with, what they want to know. The question I get is, "Will the legislation apply to X?" If we can sit in a room with the people drafting it and the committee and policy-makers, I actually think we could fix probably two thirds to 80% of what's here without going through a very long process.

At the end of the day we may still say we don't like some of it, but I think Bill 68 worked because people were willing to put aside ideology to the point of trying to improve the legislation. If we can arrive at that, we're putting it forward as a suggestion and we're certainly willing to come and do what we can to assist you in achieving that goal in a short time frame and time-limited so it doesn't go on forever, rather than the consultations where you're going to be having every stakeholder at your ear telling you, "We want you to do this." Let us try and negotiate some of the differences away and see if we can come up with some consensus and then come back to you, be part of the process.

I'm going to turn it over to Dr Everett for her comments on the clinical side and to help you understand a little bit more on the mental health perspective.

Dr Barbara Everett: I won't take a lot of your time. I'm neither a legislator nor a lawyer; I'm a clinician. We're very straightforward: we want things to be made better, not worse. We want them to work for us on a day-to-day basis.

Legislation is a blunt instrument, as you're aware, in that it is incapable of predicting the exigencies and nuances of everyday lives and all the various and sundry iterations that occur at the front line as you interface with your clients.

Just a word of caution and thought: certainly in mental health, and I'm sure in other particular health care areas, but in ours especially, we are the holders of secrets. We hear the things that people want no one to know, and we can only be helpful if people feel free to tell us these secrets. One breach ruins a life. You can have your children taken away from you, you can lose your work. One breach, and it may not even be public; it's just one thing that's whispered from one person to another because they weren't careful enough. I just want to leave you with that thought: the importance of the retention of people's control over their own information in our field is life-saving.

The Chair: That leaves us about two minutes.

Ms Bregman: We probably can't get questions.

The Chair: I think this time I'll give it to the government. Mr Wood, if you have any questions?

Mr Wood: Would you be satisfied if we passed an act that was substantially similar to the federal act?

Ms Bregman: I think we would want to look at it. If it's close, there are some changes we might like to see. We have not seen it. CMHA has not taken a position on it so I can only tell you personally. I think it would not be a bad start for information protection. I know that's the goal.

Mr Wood: In what sort of areas would you anticipate asking for change from the federal?

Ms Bregman: To be honest, I don't want to give you something off the top of my head. I could come back to you with that if it would be helpful.

Mr Wood: You might want to pass that along to the committee and to the minister.

Ms Bregman: Sure.

Mr Wood: On the issue of informed consent, are you aware of any other jurisdiction that has informed consent in their law?

Ms Bregman: It's controversial. I actually think it's implied in everything. I think if you did not include informed consent you would probably have a charter challenge. Because I'm involved in advising on a registry, I talk to the people who do the research side, for example, and there is a consensus that you should have informed consent as an ethical standard. I could go back and look at whether other legislation specifically puts it in; I've got a compendium. But I would strongly urge you and I don't see how you can do anything other than informed consent if you truly want to say that this is control and ownership of information. I think it's implied by common law, whether it's in the statute or not. If you move to take it out, I think you would have really serious concerns raised by a number of people around the table.

Mr Wood: The vast majority of consents are not informed consents. If I'm talking about across the whole spectrum of consents, the vast majority are not informed consents.

Ms Bregman: But by common law, you can't really consent if it's not an informed consent. This is something that a common law-I'm a lawyer by training. It's got to be an informed consent or it's not considered to be a valid consent in law. It may not be in practice, but that's something we argue about a lot, about how you improve it and make it an informed consent. There is no reason you can't get informed consent. It provides no barrier to proper disclosure of information. I think it goes back to the issue of trust. If you want people to feel confident in giving information, you've got to have informed consent. There's something about the term "consent in law" that implies that it is informed. I'd be interested in seeing anything that tells me that it's not.

Mr Wood: Surely that's not the case. "Informed consent" has a very specific meaning with respect to medical consent. Most consents are not informed consents by that standard. Most consents given in law are not informed consents in that sense.

Ms Bregman: I'd be interested in seeing somebody who signs a contract that they wouldn't consider informed consent. I don't have the legal research in front of me but I'd be shocked if you could go into a court and say that you can give a consent without being fully informed and that it's a valid consent. I'd be very surprised if that stood up.

The Chair: Loath as I am to break up a debate between lawyers on a legal point, thank you very much for appearing before our hearings on this bill. I'm sure the ministry staff will take your offer to heart. Thank you for the time you've put into this presentation.

Mrs McLeod: Mr Chairman, could I ask a question?

The Chair: You sure can.

Mrs McLeod: We've had a number of presenters today who have expressed a concern about the silence of this legislation in relationship to the private sector, to the employer, to the insurance company. My question is-and I should probably know the answer but I'm not sure I do-if we proceed with Bill 159 and it's silent on the private sector aspects-our bill would have primacy over the federal legislation for the public sector, but does Bill C-6, the federal legislation, still come into effect as of next January for health information handled by the private sector for commercial purposes?

The Chair: Let's have the researcher get you an informed answer on that question.

Ms Lankin: Or a knowledgeable answer.

1600

ELECTRONIC CHILD HEALTH NETWORK

The Chair: Our next presentation will be from the electronic Child Health Network. Good afternoon. Please proceed.

Mr Andrew Szende: My name is Andrew Szende and I am the CEO of the electronic Child Health Network, or eCHN for short. I'll be using eCHN a number of times in my remarks. I am here to support the need for legislation that recognizes the existence of and the need for integrated electronic health records.

Just to give you a little bit of background about eCHN, eCHN is the offspring of the Child Health Network for the Greater Toronto Area, a unique linkage among hospitals and other providers of health care to infants and children. The Child Health Network was developed under the leadership of the Hospital for Sick Children. Its goal is to increase the coordination and quality of children's health care across the entire continuum of care, from home care to doctor's office to community hospital to children's hospital. In addition, it was the goal of the Child Health Network to reduce duplication and to ensure maximum efficiency while delivering care of uniformly high quality.

This is where electronic transmission and storage of health information comes into the picture. If we want children to move seamlessly through the health care system from one provider to another, then it is obvious that the information must follow the patient. Until eCHN came along, there was no way for this to happen. As anyone who has sought care at more than one hospital will know, the right hand rarely knows what the left hand is doing. You can walk down University Avenue and visit Mount Sinai Hospital one day and the Toronto General Hospital the next day, but there is no way for your health information to move from one site to another unless you carry the sheets of paper with you.

The electronic Child Health Network was established to change all that. It is a unique and pioneering endeavour that has attracted attention from around the world and its success depends on a public and governmental understanding of the extraordinary importance of the safe, effective storage of electronic health information. The development of eCHN began four years ago as a partnership of the Hospital for Sick Children, St Joseph's Health Centre in Toronto, the Rouge Valley Health System, Orillia Soldiers' Memorial Hospital and St Elizabeth Health Care, which is a home care provider.

We have developed a system which integrates electronically the patient charts of the various newborn and pediatric services in the greater Toronto area. Any child who is seen by health care providers at more than one location can have an integrated chart from all the different locations, with all their different information systems, available in a single view on a computer screen. Furthermore, this can happen even though each of the participating institutions has completely different computer systems.

Consider the example of a child who is taken to the Centenary site of the Rouge Valley Health System in the east end of Toronto or to St Joseph's Health Centre in the west end of Toronto. After performing some laboratory and/or radiology tests, the doctors and the family decide to transfer the child to the Hospital for Sick Children. The health care providers at Sick Kids can see the results of previous laboratory and radiology tests that were performed at Rouge Valley or at St Joseph's. If necessary, the charts may be called up while the child is in transit. Not only that, but the child's pediatrician can see the child's chart as new data is added at Sick Kids.

After a while, the child is transferred back to Rouge Valley or to St Joseph's. Now the health care providers at both hospitals can see the operative notes, the discharge summaries and the results of further tests from any one of those sites. In addition, the family pediatrician can call up these same charts on a computer monitor in his office and can continue to monitor the child's progress and explain to the family exactly what is going on.

If the child requires rehabilitation or treatment for a chronic condition, he or she may be transferred to the Bloorview MacMillan Centre. Again, the health care providers there can see the integrated chart from the different information systems at any or all of the other sites. If necessary, consultations can take place among all the different health care providers at the different sites and the family pediatrician, all of whom could see the same integrated records at the same time. If the child requires further care at home, perhaps from a nurse provided by Saint Elizabeth Health Care, the integrated health chart is available to her too.

I would like to emphasize that this is not just a dream; this is reality: eCHN is the most advanced integrated electronic health record system in Canada today. We keep working on it; we keep trying to expand and improve it every day.

Here is what we do currently. The data in the integrated chart travels through a private, point-to-point, fibre optic network. It is not part of the Internet. It goes from one or more information systems at each hospital to the server that integrates the data for the hospitals, and then to the monitor where the doctor, nurse or other health care provider can see the single integrated chart. It is up to each hospital to decide which doctors and nurses may look at the integrated charts. This is the same way hospitals currently administer both electronic and paper charts. Once a health care provider is identified, he or she is given a user name and password for eCHN only. No one else can get to see the data in an integrated chart. No hospital administrators or registration clerks get to see anything, because they do not have the passwords. Those who do have passwords can sign in and call up any chart. However, they may look only at their own patients' charts. This is similar to what happens with paper charts. The difference is that it is much easier for their colleagues, their administrators or the parents of the children to discover if they have looked at a chart without having a good reason for so doing.

We keep a complete audit of every chart in our system. We are using the most up-to-date electronic systems available to protect our patients' privacy. Our health care providers currently have access to about 70,000 children's electronic charts. If any parent or administrator wishes to do a spot check to find out who has been looking at a particular chart, he or she can request one readily. This way it is possible to monitor who has looked at a child's record. Any user found looking at a chart without permission could be held accountable. This privacy protection significantly exceeds any privacy protection ever offered by traditional paper charts.

There are many other advantages to having an integrated electronic health record. Paper charts can and do get lost. Furthermore, they can be in only one place at one time. It is much less likely that an electronic chart will be lost or misplaced the way paper charts are sometimes lost or misplaced.

Unlike the situation with paper charts, it is impossible for an unauthorized user to sneak into the system to snoop at a child's chart without being detected. Only authorized users get access to the charts. If they sign in, the audit trail tells us which charts they have looked at. If a user signs in but does not use the system, the system will automatically log him or her out. This protects us from the possibility of someone sitting down and accessing files from a terminal that was abandoned by another user. When a user stops or logs off, all previous pages that had been downloaded to that terminal are purged from that terminal. Again, it is difficult for someone to come along and look at pages that may have been called up by a previous user. If that were to happen, the person who signed in with his or her password can be held accountable. Again, this is more secure than the current paper system.

We make available this integrated chart only if the parents have signed an explicit consent form at each institution. If the parents do not give consent at any institution, the data from that institution will not be included in the integrated chart. We at eCHN have done everything humanly and technologically possible to protect the privacy of the individual child and to make available more information in a more timely fashion to the health care providers who need that information. We believe this electronic system saves unnecessary duplication and improves the quality of health care in Ontario. The eCHN system ensures that when your child requires health care, all relevant information is available wherever the care may be provided.

To conclude, I would like to emphasize that we at eCHN are using the most sophisticated technology to integrate various existing electronic records, such as X-rays, laboratory results and discharge summaries within individual hospitals into eCHN's integrated electronic chart. The health of children will be improved if we can provide an integrated health record that is available to those health care providers chosen by the child or the family, regardless of where the pieces of the record originated. This is why there is an urgent need for legislation that recognizes the existence of and the need for integrated electronic health records.

1610

The Chair: That leaves us a little over two and a half minutes per caucus for questioning. This time we'll start the rotation with Mrs McLeod.

Mrs McLeod: Thank you for your presentation. I appreciate it's not a dream but a reality for a fairly small targeted group of individuals being served right now. Does it extend beyond the initial groups that were involved in your pilot?

Mr Szende: It extends to only one new institution that we've added recently, and that is the Bloorview MacMillan Centre. So it's the first five that I mentioned, plus Bloorview MacMillan.

Mrs McLeod: The limitations in terms of expanding it are directly related to the infrastructure that's needed because it is a private point-to-point system?

Mr Szende: It is. There are some challenges. We are working with a number of other hospitals within the GTA. At the moment, we are looking at some of the larger hospitals that are considering joining the network. Two are Sunnybrook and Women's, and Credit Valley. Some of the others are trying to work this into their strategic plan because they do have to make some internal changes to join.

Mrs McLeod: Does it require a dedicated information manager to enter the data?

Mr Szende: No, it doesn't. The system takes the data from whatever information systems an individual organization may have and simply copies the data. The data gets fed into a server, but the data continues to reside in the originating hospital. It continues to be owned by and controlled by that hospital, updated by that hospital. The updating simply happens automatically as ongoing downloading.

Mrs McLeod: Is there time for another question?

The Chair: Very briefly.

Mrs McLeod: Very briefly? I don't know that the answer can be.

The last sentence of your brief: what in Bill 159 either helps or potentially hinders the work that you're doing?

Mr Szende: Basically, we can continue to do what we are doing with or without 159. The reason we decided we wanted to come and speak to you today was simply to illustrate a living lab of how electronic health records can be used to serve the system and how you can deal with issues as they come along with policies that protect the privacy of the individual.

One other thing, and this may come out later: if you don't allow people to share the information that they have, in the way that we don't think that we can, it simply means that some doctors, when they're looking at a patient's chart, will not have all the information they could possibly have on that patient and therefore the decisions that will be made may not be as good as they may otherwise be.

Ms Lankin: It's terrific to see you back here again. I remember the beginning of this project and its hopes-and others, not the same, but I'm thinking southwestern Ontario, the University Hospital-based network in the greater London area. I think what's interesting is you've started from the premise that consent is required. In effect, you've allowed the parents and the families in the circumstance to lockbox an institution if they choose to.

If you translate this into the larger systems issues that we're looking at and this bill, which allows for the transfer of information between health practitioners, and you take it the step that we're all envisioning of some kind of smart card technology where your health record is on a chip and you're carrying it around, the concept of being able to have filing cabinets of either institutional visits or type-of-practitioner visits and being able to close some of those drawers at the appropriate time, on one level it seems reasonable in terms of personal control of information. From a systems management point of view, which you've had a lot of experience with over the years, it's contrary to what we're trying to get to in terms of efficiency, best utilization, best health outcomes etc.

Do you have any comments on that in your experience with allowing a lockbox in your own system?

Mr Szende: I think that we are using the lockbox and I don't see anything wrong with it, simply because of the different levels of security that are needed for different parts of the system.

One approach to this might be to build in various levels of security, which is quite possible. The technology allows it with the technology that we use and that other people use. You can invent as many levels of security as you wish so that you make available certain types of data to certain people, and less and less, depending on how sensitive the information is. Maybe some data don't get made available to anybody at all. I guess the important thing to consider here is that the technology will allow you to do it almost any way you like.

Ms Lankin: I wanted to ask one other question that shifts-

The Chair: Very, very quickly.

Ms Lankin: OK. What you're doing is really interesting. We would like to know if it's successful. We would like to know what the health outcomes are for the patients who are in there. We'd like to know what the cost efficiencies, the management efficiencies are to the system. We'd like to know if it's a cost-effective technology because we want to export it through health economic development measures.

Obviously, research has to be done. Researchers will tell us perhaps they need identifiers to follow those people through. Is that a reasonable proposition for the system, that we should have access to that, or should we have to ask those families for their consent for that information to be viewed for research purposes?

Mr Szende: My view on that would be that it would be reasonable to use that information in an anonymized form. I certainly would not recommend using any of this information in a way that the patient could be identified for research purposes. We are deliberately not making any of this available for research purposes to anybody; it's strictly a clinical tool at the moment. But if it gets scaled to a larger population, then it becomes of value to researchers. I'd put very strict policies around who you would give it to and under what circumstances, but certainly not in an identifiable form.

Mr Wood: How do you maintain the clinical integrity of the chart if some information is not on it?

Mr Szende: When people log on, we have two warnings for clinicians. One is a reminder about their confidentiality responsibilities as physicians or nurses and the other is that we warn them that this is not a complete chart. This deals with some of the sensitive information that is not there. Rather than flagging that some information is not here, which is sort of indicating there's some information here that you probably would want to know but it's so sensitive that we won't let you see it, we simply offer this general warning to people that this is a partial record. It covers the four areas that I mentioned. If you need further information, then you have to dig further to paper records or by inquiring to specific departments of hospitals. We are particularly concerned, obviously, about things like psychiatric information, which is not included.

Mr Wood: Mr O'Toole wants to ask some questions. I'd like you to try, in 30 seconds, to describe the benefits that have been identified to the patients to date from this system.

Mr Szende: The benefits are simply that the decisions that are made by the clinicians take into account more information than would be the case without it.

Mr O'Toole: Informed consent is the repeated question this afternoon. I'm wondering, in a very lay sense, if I bring one of my children into the hospital that's attached to this system-of course I want the X-rays and the tests done. It goes down the stream and into the system. How does the parent, custodian, whatever, stay informed about this new scientific thing that we decided here in Toronto? Do you understand? The informed part means you have to tell them all the possible outcomes, or if you don't do the following, these are the possible downsides, risks. That becomes an onerous burden, that informed consent. If you could just comment on that. You do have informed consent, you say?

Mr Szende: Yes.

Mr O'Toole: I'd like you to describe that in a policy, because I don't understand it. I find it almost ambiguous. It's a conundrum. Do you understand?

1620

Mr Szende: I agree.

Mr O'Toole: If I knew, then why am I asking? If I was a parent, I'd say yes. Do you understand that? I want the child to live.

One thing is, how do I know who's using what system where? You said you have a user ID number at the end. They log on, they key in a patient record number or whatever it is.

The Chair: I think you're already up to about four questions implicit in there, Mr O'Toole. If he could respond, we're already over the time.

Mr O'Toole: It's an ID issue, really.

Mr Szende: First of all, as far as consent is concerned, we have a little brochure that describes what eCHN is. The registration clerk gives that to each parent to read when they first come into the hospital, and then there is a form that they sign. We have given questions and answers to the registration clerks to try to explain what this is for. I've heard some of your previous conversation. I don't know to what extent that message actually gets through to people as to what this is for, but we hope that it does.

We explicitly explain that the information for eCHN will be made available to the clinicians at the eCHN member institutions. So when people consent, that's what they're consenting to. At the other end, when a clinician calls up a record, he or she simply logs in and calls up the records that are available on his or her patients.

Mr O'Toole: Thank you. I appreciate the system, by the way.

The Chair: And we appreciate your coming before us here this afternoon and making your presentation.

Mr Szende: Thank you very much.

ONTARIO AIDS NETWORK

The Chair: Our next presentation will be from the Ontario AIDS Network. Good afternoon and welcome to the committee.

Mr Stephen Squibb: Good afternoon and thank you very much. I'm Steve Squibb from the Ontario AIDS Network. We appreciate the opportunity to speak before you today.

The Ontario AIDS Network is the provincial association of 52 not-for-profit AIDS service organizations, or ASOs, and a network of people living with HIV/AIDS from all across Ontario. It's estimated at the end of 1999 there were approximately 20,000 people across Ontario living with HIV/AIDS, and new infections are increasing at an alarming rate. I guess that right now there are probably in excess of 21,000 people living with HIV across Ontario.

Our member ASOs provide a wide range of services including care, treatment, treatment information and support services for PHAs. In addition, the ASOs are the cornerstone of the public HIV/AIDS information awareness and prevention programs across the province. We are also committed to advocating for appropriate polity and legislation that will protect the rights of PHAs and their families, and will ensure that they have equal access to state-of-the-art care, treatment, support and all health and social services.

Much of what we'd hoped to present to you today has already been very well articulated by people with appropriate legal expertise. In order to avoid duplication and to save time, our submission is very brief and is based on the experience of our members and PHAs gained over the past 20 years or so observing and experiencing the stigma and discrimination which accompanies HIV/AIDS. It's our intention with this submission to support the more detailed analyses and recommendations that have already been submitted to you, including those by Ontario's privacy commissioner, the Privacy Commissioner of Canada and the HIV and AIDS Legal Clinic Ontario.

The HIV/AIDS community recognized long ago in the struggle to address the discrimination, stigma and social injustices faced by PHAs that our present laws don't provide adequate protection of personal health information. Much of that stigma, discrimination and social injustice is caused by inappropriate access and/or disclosure of our health information to and by people without our express consent. These are also perpetuated by our lack of appropriate mechanisms to stop and to seek redress for these violations and breaches, and to gain access to our own personal health information records and correct any inaccurate information that may exist in those records.

The key areas of concern that we'd like to see in health information privacy legislation in Ontario have not been adequately addressed, we believe, by the proposed Bill 159. Those which we believe may arise if the proposed bill is passed into legislation are as follows.

The law needs to recognize that we each are owners of our personal health information, not the government and not any other party who may come to be in possession of any part of it; our right to control access to and disclosure of our own personal health information; our right to access and to correct our personal health information records without being frustrated by unreasonable barriers or costs; our need for an effective and easily accessible means to remedy any violation of our privacy rights or breaches of confidentiality.

The impacts we see on those most vulnerable: in a just society, the concerns of the most vulnerable are more important than money or cost savings. We believe that most people in Ontario are concerned with protecting the privacy and confidentiality of their own personal health information and that they alone have the right to decide who may have access to it and for what purposes.

However, the sensitivity of personal health information is probably felt most profoundly by those who have seen or experienced how their health status can be used against them. PHAs and their families are among those who are most likely at highest risk of adverse effects from violations of their right to control access to information about themselves and their health status.

In the early days of AIDS, we know it was commonplace for PHAs to be placed in isolation in hospitals and subjected to insensitive and sometimes inhumane treatment. Often people were denied appropriate care and treatment. Caregivers wouldn't even enter rooms to deliver food or to clean them. We saw and heard of people being abandoned by friends and family, fired from jobs, refused medical care, denied housing and other services. We still all hear of these and worse things happening in other parts of the world and some people assume it doesn't happen back home here in Ontario. But evidence of this fear and stigmatization and the adverse effects on the lives of PHAs still exists right here.

Our members still talk today of their daily efforts to advocate on behalf of PHAs or counsel PHAs who are facing evictions or unjustified lack of access to housing. Others are facing hostile work environments or fear that potential employers will deny them access to employment or fear that if they attempt to return to work when they are able, they will face unjust termination of employment and loss of benefits.

In some areas of the province today, PHAs receiving home care and requiring blood tests are being charged to have blood drawn in the home and transported to labs, even though non-PHAs get the service free. This is clearly discrimination based on ignorance and flies in the face of universal precautions widely accepted as the standard when dealing with blood products, whether or not they are known to contain infectious agents.

We hear from many of our ASOs that some PHAs will only access HIV/AIDS-related services in communities other than their own in order to protect their anonymity. Some PHAs have their prescriptions filled outside of their own communities for fear that staff at their local drugstore will learn of their status and divulge the information to others in the community. We've probably all heard of cases, some of which have been documented in the media, of children with HIV/AIDS or children living with family members who are infected who are harassed at school and refused admittance to school or daycare.

I can tell you from my own personal experience that for many years after I was relatively sure that I was HIV-positive, I didn't get tested for fear that the information would get into the wrong hands and would be used against me. I was afraid that I might lose my job or that my children would be afraid of me or afraid for me, that they would be teased or ostracized by their peers. I was afraid that my friends and family might judge me immoral or careless and turn against me, afraid that my career and my ability to support my family would suffer if I couldn't take business trips outside of Canada.

If people don't feel that they have control of their own health information, they are less likely to get tested and to seek treatment. And if they do seek treatment, they may be reluctant to participate in research programs unless they can have absolute assurance and control of who can access their information and for what purpose. This affects the well-being of our entire community, not just those individuals who are PHAs.

This was recognized many years ago in Ontario when anonymous testing was introduced. This was successful in encouraging many people to test in order to help our education and prevention efforts. But what is the use of anonymous testing if we can't get anonymous care and treatment and we can't control access to our own health information? Without this trust, people are reluctant to test or to access care and treatment.

1630

HIV/AIDS isn't the only stigmatized disease and it's not the only health condition which would give rise to an individual's concern to protect the privacy and confidentiality of their personal health information. Anybody with a potentially life-threatening or debilitating disease would quite naturally want to protect that information from falling into the hands of unscrupulous employers concerned only with how long they can work you before you go on disability or concerned about their insurance premiums if you're on disability for a protracted period of time, or from other private sector recipients of their health information who may wish to sell or trade or make use of it with some profit in mind.

They would also want to protect themselves and their families from the kinds of discrimination and social injustices experienced by many who are perceived to have a highly contagious disease, or one that can be acquired through some behaviour which others might link with a lifestyle judged inappropriate.

In conclusion, as we stated in our introduction, we support recommendations previously submitted to you. Most specifically, we support the following recommendations which we've paraphrased here from the submission to these proceedings by the HIV and AIDS Legal Clinic Ontario, which we believe would address our concerns.

(1) Abandon Bill 159 in favour of a general personal health privacy legislation that will cover the public and private sectors.

(2) Use as a template for a general personal health privacy legislation the model draft legislation created by Professors Lawrence Gostin and James Hodge of Georgetown University Law Center.

Thank you once again for this opportunity to bring our concerns to you today.

The Chair: Thank you very much. That leaves us about two minutes for questioning from each caucus. This time we will begin with Ms Lankin.

Ms Lankin: In listening to your presentation, I'm struck by how far we've come and how far we have yet to go. I was thinking about how in 1992 we didn't even have practical practice standards for dealing with patients with HIV/AIDS and the whole anonymous testing, and now coming to terms with these issues of privacy and understanding the impact that it has.

As an aside, I had a very close friend who died of the disease who refused to get tested. This was just prior to anonymous testing coming into the province. Those are real life consequences.

One of the things you've stressed that we've not talked about a lot is the issue of penalties if privacy is violated. I recognize that part of your presentation goes to the whole issue in the sense of a lockbox. We're grappling with that and it's very difficult. But even today there are rules, there are guidelines, there are professional college ethics about how information is to be controlled, and yet there is no effective mechanism when there is a breach of that. Have you given some thought to what it means to have an effective and accessible mechanism to remedy breaches?

Mr Squibb: Yes. In fact, the brief you've already received from the HIV legal counsel of Ontario covers that fairly well and has some very specific recommendations around that. Some of the things they identify are where people are being charged to access their records, if they can access them at all. Often they are still being denied access even though they've spent an awful lot of money trying to access them. I think there was an article in the Toronto Star today about some poor man who has managed to access his record and find incorrect information. After spending $14,000 on legal costs, he hasn't been able to get the government to authorize the changes to that information. That's really what it means.

Very often people who may have been at high risk for catching HIV or AIDS because of their socio-economic circumstances can't afford to pay anything to get access to records or to access a process that might achieve some redress. Very often, after people become infected and sick they lose a lot of their social and economic status and are facing the same barriers.

Mr Wood: We've heard earlier from some of the presenters that there are certain kinds of research that, because of the small sample size, you can't do by way of getting permission. For the purpose of your answer, I'd invite you to accept that as a fact, even though you might not feel that way. But if we reach the point where we've satisfied that was the case, do you think we should say we will, for that purpose, permit access to those records, or would you stand on the view that if the person doesn't consent, the information shouldn't be used? That has the effect, of course, of we've either got to say we will allow some limited access with proper supervision and oversight and so on, or we've got to say that research can't be done in Ontario. If you get to that point, which side of that question would you come down on?

Mr Squibb: I will take your word for that because I'm not a researcher.

Mr Wood: We don't necessarily agree with that either, but for the purposes of your answer I'd invite you to accept that premise: we've reached the point where we find that to be the case; which side of that rather difficult question would you come down on?

Mr Squibb: I would say that in providing informed consent for the use of my information I would want to have been made aware that it may be used for research, and if it's not research that I can be made aware of today, that at least such research would be done in an anonymous way that I couldn't be personally identified from use of that information for those research purposes. I also would take comfort knowing that there are rules and regulations and ethical standards that researchers have to abide by and that if somebody does inappropriately access or use my information or divulge that information I have some mechanism for redress.

Mr Wood: Thank you. Those are my questions.

Mrs McLeod: I take very strongly from your brief that if we can't fix Bill 159 it would be better not have Bill 159 with things like directed disclosures, which would really fundamentally challenge the confidence in the confidentiality.

We heard earlier today that in the Krever commission testimony the biggest offenders of inappropriate disclosure were insurance companies. As you've noted, insurance companies and employers aren't addressed in this bill. If we don't proceed with Bill 159, if we don't have Ontario legislation, the federal legislation for health information comes into effect as of January 1. Would that legislation provide significant protection in the areas that are of greatest concern, perhaps the greatest concern, to people living with HIV/AIDS in the sense that it would deal with the private sector employers and insurers?

Mr Squibb: You've got me at a disadvantage here because I'm not intimately familiar with the federal legislation, and people with HIV and AIDS and the HIV community are anxious to have Ontario have personal health information legislation in place. The issue really is that this bill only covers the health care sector and doesn't include the private sector and so, in effect, we'll have different legislation that applies to different people.

Mrs McLeod: That's fair enough. I guess the concern we're repeatedly hearing is the fact that this legislation shouldn't go ahead without there being legislation that applies to the private sector as well, because of the potential violations and misuse of health information in the private sector. That's a dilemma we face, knowing we want legislation but we don't have the companion piece.

Mr Squibb: Right.

The Chair: Thank you very much for coming before us here today.

SCHIZOPHRENIA SOCIETY OF ONTARIO

The Chair: Our next presentation will be from the Schizophrenia Society of Ontario. Good afternoon and welcome to the committee. Please proceed.

Ms Janice Wiggins: Good afternoon. Thank you, Mr Chair and members of the committee. My name is Janice Wiggins and I'm executive director of the Schizophrenia Society of Ontario. As you know, we are a non-profit, charitable organization comprised mainly of volunteers. We are the only province-wide, family-based organization dealing with persons with schizophrenia and their families. I'm here today of course to talk about Bill 159, and we specifically have three significant issues that I'd like to take you through today.

The first one is ensuring that family members who act as substitute decision-makers have ease of access to information. It is imperative that substitute decision-makers acting for incapable persons are able to access information in a comprehensive and timely manner. This provision is found in section VIII of the bill and appears to cover this particular matter. SSO recommends, however, that the words "substitute decision-maker" appear in this section and in appropriate paragraphs throughout Bill 159 for greater clarification. You can find it obviously in the bill in the front pages, in the explanation, where the words are explicit: "substitute decision-maker." However, our organization is very used to dealing with those words and the recommendation from us is to include them where appropriate.

1640

Second, ensuring that information that now moves only between schedule 1 psychiatric facilities can be shared between institutions and community programs: it will be imperative so that this continuum of care is established and very consistent. That is, personal health information must be provided to a health information custodian in order to continue the best possible treatment for the individual. You will find this in subsection 46(1) of the first reading.

Third, avoiding multiple proceedings with respect to persons with schizophrenia and personal health information: for example, the one proceeding under the Health Care Consent Act, heard by the Consent and Capacity Board, on the question of capacity to consent to treatment and personal health information disclosure is very appropriate, we felt, to consolidate it in one spot.

On a related point, SSO agrees the jurisdiction over records should not be divided; that is, the psychiatric records are dealt with through the Consent and Capacity Board. We support legislation that designates the Consent and Capacity Board as the body that deals with issues relating to the release of health records.

While my presentation today is very brief, we certainly welcome the opportunity to comment on Bill 159. We appreciate its complexity and offer our collective expertise in any further consultation and development of legislation.

I want to thank you very much for your attention today and I would welcome any questions.

The Chair: That certainly affords us lots of time for questions, over four minutes each, and this time we'll begin with the government.

Mr Wood: I thought it was a very clear presentation and very helpful to us. We have no questions, but thank you very much for coming.

Mrs McLeod: Janice, you've addressed primarily the substitute decision-maker with some comfort around the provisions that are provided for access to information if you're clearly the substitute decision-maker. Do you see problems with having a lockbox on information for people who are capable of giving consent to control of their own health information?

Ms Wiggins: The lockbox has been a long-debated issue and at this time I really don't have a comment upon it.

Mrs McLeod: Let me take a situation that I raised in the Legislature. An individual with schizophrenia recognizes the diagnosis of paranoid schizophrenia. He had committed a violent act and has at this point in time spent more time in jails than he has spent in hospitals, repeatedly being put on a bus, having been discharged from either his jail or his hospital setting, and with no kinds of supports at all. I know the primary reason why that happens is because there just aren't supports there, but are there transfer-of-information issues that would prevent that individual from getting the help or the support if it was available?

Ms Wiggins: Yes, I think that has been a very significant difficulty. We've heard from parts of the province where the information is not transferred at all and not in a timely manner if it is done in fact. A concern of course we have is that the most immediate form of treatment is available so that the person's condition does not continue to deteriorate, nor are they, as you've put it, put on a bus and shipped outside the community where they might indeed be residing.

Mrs McLeod: I struggle with this, and we've had another incident in northwestern Ontario, as I'm sure you're aware. It would not in that situation have been appropriate for the police officers to have been provided with that individual's health information-I don't think so.

Ms Wiggins: No.

Mrs McLeod: But in the interests of public safety, do you see overrides to that protection of the confidentiality of the information?

Ms Wiggins: Actually, there's a very fine and delicate balance between the public's safety and the individual's safety. To this particular juncture, I don't see a way around the information-perhaps on a very limited basis, again, dealing with the police information. I'm certainly not suggesting that we open up all records to everybody and anybody who might be in a position of authority, but wanting to recognize instances where it's very necessary to do so.

Ms Lankin: I recall, Janice, the discussions through Brian's Law around the provision and creation of CTOs that compelled sharing of information in order for a CTO to be an effective tool in the community. Of course, the concern raised at that point in time was that this information was being compelled to be shared with organizations that were not covered under any kind of privacy legislation, and in some cases they would now be and in some cases perhaps they won't be. There are individuals who will be drawn into that CTO world who will be covered in the little inadequate clause we put in that bill, but who will not be covered under this. Does that pose a problem? How do you see the facilitating flow of information but with protection of where that information goes and how it's utilized?

Ms Wiggins: From my reading of Bill 159, I understand there are protections in place, there are appeal mechanisms in place. It certainly goes without saying that there could stand to be some tightening up of it, to make sure that only those people who are authorized and health care custodians have the transfer of information, and of course that it is with the informed consent of the individual or the person who is a substitute decision-maker.

Ms Lankin: I've not looked at this so I don't know the answer but have you looked at whether or not those people who are brought into the circle of shared information under a community treatment order would become recipients as defined under this legislation and therefore governed by the provisions here?

Ms Wiggins: Again, through the reading and translation that we've been able to do, it does appear that they would be protected under this particular piece of legislation.

Ms Lankin: I want to come back to the provision of lockbox. I understand that you don't want to comment on it as a concept, but with the client group you deal with-individual patients and their families-one of the things we know and have heard about is the nature of the disease, where people for periods of time are capable of making treatment decisions and other decisions and at other points in time are found to be incapable of making those sorts of decisions.

The concept of rapidly changing conditions of capacity I think challenges us with respect to how people give direction about informed consent or knowledgeable consent for disclosure. Have you given any thought to whether there are issues? I'm thinking now from the point of view of families who come to us and tell us often that the law is such a barrier to get the help they need for their family members in this circumstance. Can you see any problems that we're creating in this bill with respect to that issue of changing capacity and consent for disclosure?

Ms Wiggins: I don't see any at the current time, given the interpretation of the law as it stands right now. Again, as we've emphasized today, with access to timely information, you're quite right that the condition of the individual changes rapidly. Schizophrenia is a chronic illness. Sometimes a person is capable, sometimes they're incapable. There do seem to be protections under the provision for the Consent and Capacity Board. To my understanding, within a week's time, a Consent and Capacity Board hearing will be held. So at this particular stage, I would suggest that the legislation covers that issue as well.

Ms Lankin: Great.

The Chair: Thank you very much for coming before us this afternoon.

CLEMENT BABB

The Chair: Our next presenter will be Mr Clement Babb. Good afternoon and welcome to the committee.

Mr Clement Babb: My name is Clement Babb. I live in Burlington and I appear here as a private citizen. I am quite worried about Bill 159 because of the flawed record of the present government in maintaining privacy. I'll mention two things which I think I regard as merely slips; perhaps anyone could make these two mistakes.

First of all, a few years ago, the Minister of Health had to resign because a staff member released information about a doctor's salary. Again, I think this was not a deliberate thing; perhaps a slip. Also, I'm worried because last year young offenders were named in public. Probably this was just a mistake but not something that should have been done, and we would not like to have that done more.

There are two perhaps more serious flaws, and that has to do with this: information thought to be private by ordinary people who had accounts with the Province of Ontario Savings Office was released to a major firm for polling purposes-I think this is a terrible thing to do-and records from the Ministry of Transportation were released to another private firm, to me flaunting any reasonable sense of propriety.

1650

I'm worried that once the bill is enacted as law, it can be circumvented by the adoption of regulations that we, the people, will not know about. I'm worried in general because I don't want anyone messing unnecessarily with my health records or those of my wife, son and daughter. To me, far too much emphasis is being placed on something magical called a database and that extensive and intensive information is absolutely essential for research. Lots of information doesn't necessarily have to be used for much research. And I don't have too much faith in a wide variety of agencies to whom private health information might go. I would like to strike the phrase I've used here, "charitable agencies," and simply say, for example, the many university-based departments and think-tanks dealing with health, health care and health administration.

In conclusion, I appreciate the chance to express my views. It's been a sobering experience for me to see the terrific contributions that others have made to your difficult job.

The Chair: If you wish, you've left us time for questioning. We've got just under two minutes per caucus. I'll start off with the official opposition.

Mr Gerretsen: You've probably put in layman's terminology what many people feel about this kind of legislation in general and how people are concerned about having their information shared with individuals or organizations and other people who doubt, perhaps, their knowledge. Was there anything in particular about the legislation that's being proposed here that you have any major concerns about?

Mr Babb: Specifically, I am not really equipped to handle the terrifically complex stuff that's in here. As I came on the GO train, I thought of this very question to myself and was a little bit hesitant to keep coming because I wasn't able to do the proper analysis of the legislation.

Mr Gerretsen: It's certainly important that individuals like yourself come forward and express their views on a piece of legislation like this. I know there are many different groups that look at it from different perspectives, but it's always interesting to hear an individual's viewpoint as well. I, on behalf of my caucus, thank you for coming here today.

Ms Lankin: Equally, let me say that it is appreciated. Most people are not going to have an in-depth knowledge of this bill and even members of this committee are still trying to figure out an in-depth knowledge. What's important is that, as elected representatives of the people, we know what people's concerns are, we know what their worries are, we know what they want the bill to do. Then we get the advice from the experts and try and put that together to achieve the goals of the public.

I share a concern that you've identified, that much of the bill could be circumvented by changes in regulation. There's got to be a way that we can make it more transparent. Health information privacy is something that is obviously of key importance to people. We've got to make the bill spell out more what people's rights are and what they can expect, and take some of that stuff out of regulation. I think that's a really key point.

The other question I wanted to ask you is, I've been struck, going through this process, how we're focused on what doctors and hospitals and nurses and other health care practitioners and long-term-care facilities do with our information. We have very high expectations of them. But I hadn't thought often before how we sign away all sorts of rights to information to insurance companies to get our insurance, or to employers. We do it, yet we hold one sector up to this high standard and over here we don't. Now we're even passing needed laws to be even better in this sector, but this other sector is out.

One of the things that's been said to this committee is, "Rewrite this bill and talk about the individual and their personal health information, irrespective of what sector it is in and what the rules around consent and disclosure would be." Could you tell us what you think about that? Do you ever think about your health information that's in an insurance company and expect that they give it the same privacy as your doctor or not, or do you want to be able to?

Mr Babb: Insurance companies worry me. It has been in the back of my mind for some time that they get access to records; polling companies and so forth, the same. I have no real problem with OHIP as an insurer having information under substantial safeguards. I worry about, and something about this was mentioned, foreign-based companies whose scruples may be better or worse than ours.

I don't know. Just in general, it bothers me that insurance companies or some other private agency can get information relative to health, and then apply this to some other sphere. I'm not sure that I answered your question adequately.

Ms Lankin: No, it does. I think it's a genuine concern that we all have and we don't know much about. The committee's got to figure out whether we can deal with this here or not. Thank you.

Mr Wood: We've heard earlier that for the purposes of research, there are some specialized areas of research that you can't do by getting consent. So they either have to access the database without consent to do some of this specialized research, or they can't do it. For the purpose of your answer, consider that to be right. We haven't concluded for sure it is, and you may not have concluded that either. But suppose we reach the conclusion that that's the case. If we're going to release it, it would be under the supervision of an ethics committee, maybe under the supervision of the privacy commissioner. So there'd be oversight as to what's done, if it was going to be released. If you or we got to the point where we either had to say you can do this specialized research, and this information is released without consent under supervision, or we're just going to say you can't do that kind of research in Ontario, which side of that decision would you come down on?

Mr Babb: I think I would come down on the side of not doing the research at all. I have a feeling, and I have to say this is just a feeling, that much research that is done can be done by other means than what you are describing, because if something is very important to be done, then the researchers could design their research to get around the constraint that you've brought up.

Mr Wood: I think that's a very fair comment. The problem is, if we reach the point where we conclude that there's some research that they really can't do without access to those data-certainly your point is right: a lot of it can be; no question about that. But if we get to the point where there is some research that can't be, what do you think we should do: say, "No, sorry, folks, you can't do it," or, "Yes, under supervision, you can do it"?

Mr Babb: I'd say don't do it. I just want to expand. One thing that bothers me is the fact that research institutions, in medical research or health administration or pharmacology etc, are really steeped in and financed by a lot of private companies, in addition to government money. In one instance I wanted a person to come to Burlington from a health administration department in a university. He wouldn't come because he was really compromised by the fact that he was the point man for grants coming from private companies. So he wouldn't compromise himself to do that. I don't blame him. I just think it's a fact of life. I'm not absolutely certain on that.

The Chair: Thank you, Mr Babb. I appreciate you taking the time to do what very few individuals do: come before us here to today. We appreciate your input.

Mr Babb: Thank you very much for having me.

1700

ONTARIO OCCUPATIONAL HEALTH NURSES ASSOCIATION

The Chair: Our next presentation will be from the Ontario Occupational Health Nurses Association. Good afternoon and welcome to the committee.

Mr Brian Verrall: Thank you very much. My name is Brian Verrall. I'm a former chair of the association and I'm now the executive director. I'd like to thank you for having us here. I'd like to commend everybody on the committee for, if nothing else, their fortitude with the information that is passing through.

The Ontario Occupational Health Nurses Association thanks the Ministry of Health for the opportunity to present and respond to Bill 159. We, as an organization, represent over 1,100 nurses in Ontario who are responsible for occupational health and safety programs in varied and numerous workplaces in both the public and private sectors. The health and safety of our workers are paramount, and confidentiality of medical information is critical.

In its previous submissions to the Ministry of Health on July 31, 1996, February 1998 and October 2000, the Ontario Occupational Health Nurses Association expressed its points of view regarding personal health information legislation and made certain recommendations. The association commends the Ministry of Health for taking into consideration many of its recommendations.

A tenet of occupational health nursing is confidentiality. In fact, in our scope of practice and code of ethics it's stipulated, "It is understood that the occupational health nurse protects the rights to privacy of the client and confidentiality as required by law and professional standards."

As health care practitioners and health information custodians defined in the Regulated Health Professions Act, occupational health nurses are bound by rules of confidentiality. Medical information must be properly disclosed, ie, informed consent or required by law. Otherwise occupational health nurses can be disciplined by their regulatory body, the Ontario College of Nurses, for breaching confidentiality, thus resulting in possible loss of their licence and, therefore, their livelihood.

The Ontario Occupational Health Nurses Assocation, in its last correspondence to the Ministry of Health in October 2000, was concerned with the ministry's statement, "Personal health information related to an individual collected for the purpose of labour negotiation or employment of individuals" would not be covered under the privacy legislation, and requested that the implications of this statement be considered and amended. The Ontario Occupational Health Nurses Association, in reviewing Bill 159, does not see an amendment.

Under part II, subclauses 7(d)(i) through (iii), on page 13, the association notes that the act does not apply to "personal health information relating to an individual that is collected or created for the purpose of a proceeding or anticipated proceeding relating to labour relations ... negotiations or anticipated negotiations relating to labour relations affecting the individual or to the employment of the individual, or meetings, consultations, discussions or communications about labour relations or employment-related matters in which the individual has an interest."

Occupational health nurses are often privy to very personal and highly confidential information that is voluntarily relayed by clients during routine employment health assessments. Although we, as occupational health nurses, do not elicit or expect to be provided with the extent of information, we are nonetheless bound by strict rules of confidentiality once that information is learned. It is not uncommon for the occupational health nurse to be asked by their employer for medical information. Some employers view access to medical information, including the employment health assessment, as an expectation of regular business practice.

A significant professional and ethical struggle then ensues between the employer and the occupational health nurse, who must by law maintain the client's medical information in strictest confidence. Termination of occupational health nurses' employment for their refusal to release confidential medical information for legitimate reasons has sadly occurred far too often.

It is our association's view that information collected for employment purposes must be protected by legislation in the employment setting. It appears that the proposed legislation would permit disclosure of information collected for purposes of employment and labour relations. The Ontario Occupational Health Nurses Association therefore cannot support Bill 159 in its entirety without amendment, and it strongly urges the Ministry of Health to consider and review the implications of part II, subclauses 7(d)(i) though (iii).

Legislation must protect individuals' concerns and rights to privacy of health information held by employers. Effective occupational health is predicated on complete and reliable medical health histories where clients must be able to trust that their medical records will be kept in strict confidence. Without this assurance and trust, clients will not be forthcoming about their true health status, which in turn may affect their health and safety and that of their fellow workers in the workplace.

The Department of Health and Human Services in the US Congress passed regulations on December 20, 2000, that protected the privacy of health records. Provisions in the regulations included barring employers from receiving "protected health information," protecting against unauthorized use of medical records for employment purposes and establishing a firewall between an employer's manager and health care division. The Ontario Occupational Health Nurses Association requests that the Ministry of Labour consider the adoption of these items from the recent US regulations.

The proposed legislation should encompass confidentiality of all health information, including employment health screening programs. The Ontario Occupational Health Nurses Association wishes to emphasize that personal health information related to an individual collected for employment and labour relations must not be omitted in Bill 159.

Thank you once again for giving us the opportunity to comment and contribute to the proposed legislation. The association welcomes continued dialogue and would be happy to meet with representatives from the ministry for further discussion regarding this issue. Thank you.

The Chair: That leaves us with just over three minutes per caucus for questions. We'll start with Ms Lankin.

Ms Lankin: I appreciate the recommendations you're making. One of the things the committee is grappling with is whether this legislation should affect all health information or whether it should affect the health sector. It's now written to affect the health sector. Your petition is for us to look at protecting health information irrespective of where it is.

I come from a labour relations background, from a union negotiator position. I recognize fully the points you're raising and I think these standards that have been discussed in the past through the US Congress are a very good place for us to look if the government chooses to look at the broader issue.

I'm going to ask you for a moment to suppose-we're still dealing with the health sector-that we're unable to take on the job of looking at health information irrespective of where it lay. When I saw the provisions in the act, the exemptions around labour relations and negotiations, the red flag went up and I asked what it's about.

Think of a circumstance where there's a grievance arbitration going on. Perhaps the issue is abuse of sick time, and the records, not personal health information in the nurses' records but the attendance records, the reason for illnesses, those sorts of things, our personal health information, are gathered by the employer. It's for the purpose of a labour relations exercise. And the third one I think of is an employee relations committee circumstance.

When you go to the table as a union and you're attempting to negotiate on behalf of your members an increase in benefit plans and/or particular protections or changes in the health and safety provisions in the workplace, you want to look to incident rates of certain things. You want to gather data on how many people have had back accidents. You want to be able to talk about that at the table. In a way, it means looking at absentee files, looking at workers' compensation files; it doesn't mean talking about the individual at the table.

Is there a legitimate role for exempting some of that information being collected and used solely for the purposes of negotiations or employee relations or labour relations meetings?

Mr Verrall: Going back to Mr Wood's question that he's asked three or four people today about doing without research, I think the information can be used, but if we put it in a scenario about the honourable member Frances Lankin and her attendance in the House, she should be dismissed for irregular attendance and not necessarily for a sickness absence. As soon as management says to the employee, "We're going to reprimand you because you're off sick too much," it puts a whole new sickness attitude into the frame of the individual.

1710

Ms Lankin: That may have been a bad example. Think of the negotiations. I'm talking about dismissal for sickness, but think of the negotiations around benefit plans or whatever. I'm just trying to find whether there are some circumstances where the collection of this information is valid to both parties in a workplace to have access to discuss.

Mr Verrall: It's certainly very valid. I think it's very useful. In my other life I'm also a researcher and I can understand the need for this information, but I can also understand the need for confidentiality. That information can be used without identifying the individual. It's done every day and it can continue to be so.

Mr Wood: I was actually going to spare you the research question but since you have had a bit of experience in the field and you heard the question I asked earlier-

Mr Verrall: I'd like you to repeat it, though.

Mr Wood: If we reach the conclusion that there are certain kinds of research that have to be done without consent, because of a small sample or for whatever reason, we are going to have to decide either that we're going to authorize that by law so the research can be done, or we're going to have to decide that it can't be done in Ontario and say, "Sorry folks, that kind of research can't be done in Ontario." If we reach that point, do you think we should come down on the side of permitting the research, with proper supervision and review, or do you think we should say, "No, that research can't be done in Ontario"?

Mr Verrall: In my opinion, I think the research should be done provided there are safeguards in place; that there is an ethics committee which would eliminate taking body samples or whatever, to do research without consent; and that there is a committee involved to make sure that no one can be identified. This type of research is being done every day, and we can find out who will benefit from whatever we're looking at without identifying who that person is. So I think, yes, we have to do it.

Mr Wood: What do you think about the necessity of oversight by some public official like the Information and Privacy Commissioner, for example? Do you think that's needed for the ethics committees?

Mr Verrall: I think ethics committees have to be made up of a good cross-section. We take it back to the business world where you have a board of directors; many times people will have an outside or a public member. I think the more people we get on an ethics committee from various organizations and walks of life, the better that ethics committee will be.

Mr Wood: What do you think about some public official having the final sign-off on research?

Mr Verrall: Absolutely not. It has to be a committee decision.

Mr Wood: You don't see a role, for example, for the Information and Privacy Commissioner in that?

Mr Verrall: I do not. I think it must be a commission. I think one person, depending on how he or she feels that day, could make the wrong decision.

Mr Wood: My last comment, which is not a question, actually, is, you make some interesting points here that may or may not be dealt with in this particular bill, but if they aren't, we would invite you to stay tuned and continue to make your submissions on those points, which are important points to be considered regardless of whether or not we're able to address them.

Mr Verrall: I can assure you we will be there.

Mrs McLeod: I was interested in your reference to the Department of Health and Human Services of the US Congress and their resolution. Do you know how they would define "protected health information" in terms of information that's barred from employers receiving it?

Mr Verrall: I can't specify that. I found this on the Web just recently and I threw it in there because I know it is legislation that has just been enacted. I've also been chair of the American association, and I realize it's not Canadian to be American, but I think there's certainly a lot of things we can glean from what they've done. You would certainly have to look at the political scientists to interpret any bill from either side of the border.

Mrs McLeod: Have you had a chance to look at the federal legislation as it applies to private sectors?

Mr Verrall: No, I haven't. We deal basically with the Ministry of Labour in our job and this is a periphery thing once we get into medical confidentiality. I'm not aware of the labour.

Mrs McLeod: I'd be really interested, if you have an opportunity to look at it at some point, as to whether or not it would in any way deal with the situation of employers having access inappropriately to confidential health information. Obviously one of the concerns we are hearing repeatedly is the concern that the legislation before us today doesn't deal with employers or with the insurance situation. Do you think there is some health information that should be denied to employers, or to insurers for that matter, in such a way that, even with consent, that information cannot be required as a condition of employment?

Mr Verrall: I believe there is information that, if given to the employer-and the employer, being an individual, is not capable of interpreting that information-can be detrimental both to the company and to the employee.

Mrs McLeod: How do we protect the employee, the potential employee, given the fact that all of the efforts of the legislation are to deal with the issue of access to information without consent? But the employee can be in a vulnerable position where they feel as though they have no choice but to give consent. Do we need to protect that situation in our legislation as well?

Mr Verrall: I think precedent has been set with the Ministry of Labour in their act respecting silica asbestos and some of the other designated substances. At one time, before the last two or three governments, you were required to have a medical if you worked underground in the mines. That request was for a pulmonary function test and a chest X-ray. That was a requirement that you must have in order to maintain your ticket, so to speak. The information was between you and a physician, and the physician was requested and required by law to state that you were fit to work, period. So the message would go, "The honourable member Lyn McLeod is fit to sit in Parliament," period. That's it. You could have all kinds of physical and mental problems, but as long as it doesn't relate to your ability to do the job as outlined, then it's really superfluous information.

Mrs McLeod: We don't have that protection in Ontario law now.

Mr Verrall: The Occupational Health and Safety Act does state that if you're working with some of these chemicals, you do require a fit-to-work statement from a physician, so it would come back that the individual is fit to work with asbestos silica, isocyanates, lead, many of the designated substances.

The Chair: Thank you very much for coming before us here today.

ROYAL COLLEGE OF DENTAL SURGEONS OF ONTARIO

The Chair: Our final presentation of the day is the Royal College of Dental Surgeons of Ontario. Good afternoon and welcome to the committee.

Mr Irwin Fefergrad: My name is Irwin Fefergrad. I am the registrar of the Royal College of Dental Surgeons of Ontario. I'm joined by Peggi Mace, who is the senior manager of communications. I'm grateful for the opportunity to speak with you and perhaps help you wade through some of the difficult portions of this legislation.

I thought it might be important to outline to you who we are and what is a college. We are a college that has been in existence for 133 years. As a college, our responsibility is essentially to regulate the profession of dentistry. We're not an association, which means we do not represent the dentists. We essentially are here to protect the public interest. The Regulated Health Professions Act in fact empowers us to do so, and that is a fundamental, basic requirement and responsibility that we have to the public of Ontario, to protect their interests as a college.

We're not an educational facility. We don't create medical records or offer any health care treatment. Essentially, what we are is a body that's been empowered by the Legislature to have delegated powers and delegated authorities. The Legislature has decided that it wishes us, the college, to carry out functions that might otherwise be carried out perhaps by the state, perhaps by the police. But in its wisdom, the Legislature has said, "We are content to delegate the responsibility that we might otherwise have to you as a college."

I'd like to outline for you some of the items that we deal with with respect to protecting the public interest so that you have a concept of what colleges do, and particularly our college.

The regulations provide that it is professional misconduct if there are billing falsifications, billing for services not rendered, offences of a sexual nature to a patient, rendering unnecessary services, prescribing drugs for improper purposes, breaching confidentiality of a patient, abusing a patient, failing to comply with an order of the college or of a court, charging excessive fees, false advertising, rendering services which are considered to be below the standard of practice, and breaching other laws relevant to the provision of dental care to the public. That's just some examples. So you can essentially see that the scope of authority which the Legislature has given to the college as a self-regulator is quite vast and quite expansive in order to carry out our mandate of protecting the public interest.

In fact, the Legislature has gone further. The Legislature has said that in order for us to continue to protect the public interest, we must also have certain powers and authority to fulfill our mandate. Consequently, the Regulated Health Professions Act gives us that power, and these powers include the power of subpoena, the power to investigate, the power to issue a warrant, essentially, and many investigative tools that one might think an enforcement agency might have.

1720

But it's more than that. In addition to the investigative powers, the Legislature has set up, through self-regulation, a tribunal system. Self-regulation means that our dentists who have breached the statute appear before a court: a self-regulated court, but a court nonetheless. That court has been given huge powers and authority to discipline our members, and by our members, I mean our dentists. They include a very court-like type of authority and powers such as suspending a certificate to practice; revoking a certificate; publication of the name of the dentist and results of what transpired during the hearing-in fact, the hearings are open and available to the public, just like a court, and there are full transcripts available; fines up to $35,000 under the statute, payable to the province of Ontario, Minister of Finance; costs; remedial courses; supervision, which are essentially probationary types of orders; terms and conditions on a member's certificate-you can't treat children for a period of time until you satisfy probationary terms, for example; and, in the case of sexual abuse, requiring the dentist to, by order, fund a therapy program for the victim.

All of these types of remedies are determined by a panel, by a tribunal, following a formal hearing. As you can see, the structure of the statute gives the college the self-regulatory authority not only to investigate, but also to discipline. That's what self-regulation is really all about. As you can see, the remedies are very, very serious. The powers to investigate are very, very serious. Normally, this would not be delegated to a self-regulatory body, but it is in the case of dentists and 20 other health care colleges.

The current statute, the Regulated Health Professions Act, has been around for some seven years or so and is currently under review. The Minister of Health has sought advice-the previous and current ministers-from HPRAC, the advisory council. Essentially, what HPRAC is doing is receiving submissions. It is receiving submissions from stakeholders. It has met for numerous hours with colleges. It has met with different associations. What it is asking is, has self-regulation worked? How can it be improved? What are the ways that, in the interest of protecting the public of Ontario, the statute can be addressed? Given our experience of the last seven years, what are some of the changes that could be brought in?

It seems to me and to our college that because we're in a timely process of reviewing self-regulation and the powers that the Legislature has given, it makes a lot of sense that the purposes-which we support, frankly-that are set out in PHIPA, very important principles, be folded into one consistent statute, especially when that statute now is under review. I don't come before you advocating for any group. I'm not here speaking for the dentists. I'm not here speaking for any self-interest group. I'm here speaking for the public of Ontario. What worries me as the chief regulator for the dentists, for the public of Ontario, is that there are conflicting sections, good as it is intended, in the PHIPA legislation which will interrupt and will harm the process of self-regulation. What will happen is that the ability of colleges which have been given the authority to self-regulate-and in our case, it's been 133 years-will be impeded. The public will not be protected.

I'd like to give you some examples. I know you're dealing with a very, very difficult concept. I know you're trying to essentially service many, many areas in dealing with the legislation, but I'm going to suggest to you that you ought to consider taking the principles that you have in PHIPA and addressing that in the context of self-regulation, because otherwise there will be some problems. Let me give you two or three examples that might assist by way of illustration.

PHIPA proposes that there will be provisions allowing amendments to health records. Our members, our dentists, by and large, are very law-abiding. We're not speaking of those. We're speaking of those who come before us in our process. It's not unusual, in those cases that come before us, to have a billing record altered. It may be, for example, that a patient and a dentist wish to collude. "Hey, Doc, I'm going to be laid off or my job is terminated next week. Can you backdate all the services you've got to perform for me and my family so I'm covered under the policy while I'm still working?" And the doctor says, "Sure, I'll do that."

The college gets wind of it. The insurance company typically would do some investigation and would inform the registrar-me, in this case. I'm faced with this dilemma: essentially the primary pieces of evidence we have, in a very formal legal process that we have, are the charts and records of the practitioner. That's essential for us. Under PHIPA, there is an ability for the dentist to say, "Gee, I made a mistake. Sorry, I'd like to amend that," or for the patient to say, "I agree with him. Yes, there is a mistake."

I'll give you a few other examples that I think could happen. These are not outrageous examples.

What I worry about is the case of a dentist who has breached a sacred trust-being able to bill an insurance company, being able to get paid from an insurance company, is a fundamental trust, and we're here as a college to ensure that that trust in fact continues. Our job is to stop that activity, for a bunch of reasons: to say to the public out there, "We're here to protect you"; to say that we don't condone any activity that smacks of any kind of fraud. But how do we do that in the face of an ability of the primary piece of evidence to be presented to a committee to say, "We erred. There was a mistake"? The burden of proof then becomes very difficult for us to discharge. As I am sure you are all aware, especially the lawyers around the table, the Divisional Court and Court of Appeal have said, "Because self-regulation challenges the right of somebody to earn a livelihood, the burden of proof is very, very close to the criminal law burden of proof-beyond reasonable doubt." We will have trouble to establish and discharge that burden.

I worry about being able to do that. I also worry about the consequences. It means that the ability to collude or the ability to use a very important vehicle that should be in legislation-allowing patients to have access to records, allowing patients to change records in circumstances that warrant it-will in fact frustrate self-regulation if the provisions aren't put together and aren't made consistent in the Regulated Health Professions Act.

There are lots of other examples that I could get into. I'd like to take it a step further and look at the situation where the custodian decides, for whatever reason under the statute, that the custodian won't amend. There are provisions to go to the commissioner. I can tell you that there are also-and there have been discussions in the health care sector-numerous ways to drive a truck through the PHIPA legislation so that people who are errant, people who need to come and be made accountable for their actions-dentists, in our case-will be able to parade through Divisional Court, will be able to take the procedures you've got here that are intended to give to Ontarians what they really should have, but yet frustrate a discipline process. So there is that conundrum.

I want to suggest to you that if HPRAC and this committee were able to meet and talk and able to dialogue-we'd even help you-there are ways to draft, through the RHPA, the appropriate protection so that self-regulation isn't jeopardized and that the purposes of PHIPA will be incorporated. It won't be in PHIPA. It will be in other legislation that Legislatures and numerous governments have decided makes sense and has been in place for many years.

1730

One or two other examples to show you why I'm a little nervous about PHIPA being in isolation of the RHPA, the Regulated Health Professions Act.

One of the provisions is that before one can use or disclose personal health information, a health information custodian-in our case that's the college, some staff person-shall take steps that are reasonable to ensure that the information is "accurate, complete and not misleading." That is not our job. Ladies and gentlemen, we are investigators.

If you take us outside of the RHPA-let's look at the criminal justice system-can you imagine if you gave the police double and triple responsibility, if you said to the police, "Your job is not only to investigate, not only to present as objectively as you can the fruits of your investigation, but you also must make a determination whether what you have gleaned out of the records is accurate"? My God, just think of the potential abuses. Think of the arguments around potential bias. The RHPA is a brilliant piece of legislation. It is very specific in saying what the particular job descriptions are. Our job is not to do that. That's the job that the Legislature for many years has given to a tribunal, a trier of fact.

For example, how is an investigator supposed to determine if there is forgery on a bill? How is an investigator supposed to determine whether a particular radiograph applies to one patient or another? That's not the job of the investigator. The job of the investigator is to receive the complaint and, as objectively as possible, collect all the information and present it to a tribunal, to a statutory committee that the Legislature has set up. It is that committee's responsibility, that committee's duty under the act, to make the judicial determination. That's what the Legislature has set up.

What I worry about is that I can see a situation where we receive information of perhaps falsifying a record, of perhaps a dentist forging a patient's signature on a consent. Who knows? Then we're into a whole debate as to, is it a forgery or isn't it? I come back to the original principles. Why am I here? I am here to protect the public interest of Ontario. How does that accomplish that? I want to suggest to you that it doesn't. In fact, with the best of intentions, it will frustrate that, and I worry about that.

It's not only the Legislature; it's not only the statute. Courts have been on the colleges' backs now for years. Those of you who have read decisions will know the courts have said, "Be very careful how you investigate, because if you screw up on your investigation by demonstrating some bias, then we will throw out the fruits of that investigation, whatever it is all about." So the very section, subsection 24(2) of PHIPA, that establishes the responsibility of the custodian to verify accuracy, to verify complete information and non-misleading information, flies in the face of what the Legislature has set up-it's contradictory-and what the courts have said. I would imagine that many defence lawyers would love to leave this section in, because it presents defences that now don't exist, and I worry about that.

I have a note here that says "Wrap up." I guess I'd better get there.

I want to take some questions from you. I'll stop there. There are many other examples.

I just want to conclude by saying you have an HPRAC, a minister's advisory council, that has been set up and set up for the purposes of advising the minister as to how to make the RHPA even better. By the way, the RHPA, as some of you around this table will know better than I do, took 10 years to come into actual enactment.

Ms Lankin: And eight Ministers of Health.

Mr Fefergrad: Do I hear a former Minister of Health over there?

It was a very detailed study and a brilliant piece of legislation that came in, and we now have several years of experience with it and we're analyzing it.

My submission in conclusion is, let HPRAC do its work. This legislation is important. The principles are important. Let's try to work together and try to bring those principles into the RHPA.

The Chair: Thank you very much. We've got just over four minutes per caucus. We'll start with the government.

Mr Wood: This is going to be a comment, not so much a question, or I guess an invitation. I think it might be helpful, at least to me and perhaps to the committee as a whole, if you were to consider that we might in fact have PHIPA override the RHPA. Let's assume that we're going to reject your recommendation 2 and that we are going to do that.

Mr Fefergrad: It wouldn't be first time I've been rejected; it's all right.

Mr Wood: It's happened to me lots of times, so don't worry. If we did that, what sort of alterations would we have to make to Bill 159 or whatever act we ultimately put through in order to accommodate some of the concerns you've raised? You may not want to respond to that now. You may want to think about that and just give us a memo which could be put into the ministry and to the committee, or you may want to offer some comment now; I don't know.

Mr Fefergrad: I can give you a memo and I can tell you that this college is committed to work with whatever group is necessary to accomplish the ends of PHIPA. I have to tell you, the lawyer part of me says, in reading PHIPA, it can't be done. You cannot carve out pieces and amend PHIPA and make it work when you've got the RHPA.

I can tell you that you will be faced with a situation that will have Walkerton pale by comparison. You've got not only our college; you've got every person out in Ontario who depends on and who trusts self-regulation. I think the way to accomplish the ends of PHIPA is really to take a statute that we have experience with and look at it and try to accomplish within that statute what the goals and purposes are to PHIPA. I don't believe it can be done through PHIPA, although I'm very happy to look at the legislation again and try to work with it.

We tried. The federation, as you may know, sat around the table. It's very difficult to take one piece of legislation that is geared for a specific purpose and make it overriding to another piece of legislation that is intended to protect the public of Ontario, and then say, "How can we remake PHIPA? How can we take in a hem here and pull the sleeve in over there and tighten the waistline in over here? Will that work?" Ontarians deserve better than patchwork. Don't do it.

Mr O'Toole: I just had a quick question. This may be right off the wall, but it's the last part of the day. In all cases where self-regulation seems to have primacy, and I respect that self-regulatory framework, where does the interest of the consumer, in this case the patient, come in and their right to appeal or have access?

Mr Fefergrad: That's not an off-the-wall question; that is actually what we are all about. A patient who complains is a party to our proceeding. That's what the structure of the act is. When a patient writes a letter, calls the registrar, sends an e-mail, sends a fax, writes on the back of an envelope, has an issue-and if English isn't the first language, we'll get some help-our duty, our responsibility, is to investigate each and every complaint.

We have no authority, and that's why the act is so good, as a college to say, "We don't like this complaint," or, "We don't think this one makes any sense." Our job is to do an investigation, keep the complainant informed and bring it to the statutory committee. I have no authority whatsoever to take a complaint and tear it up. The complainant is not only involved in the process, but in the event the complainant is not satisfied with the decision of the complaints committee, the complainant has a right of review to the Health Professions Appeal and Review Board and is a party to that proceeding.

I urge you again: the act is a very cleverly thought-out statute. It took a lot of courage to come into being and it's working. Your question is not at all off the wall. Our responsibility is to see to it that complainants are in fact kept informed of the complaints process, and they are. If we don't do our job, we should be taken down to account by HPRAC.

Mr O'Toole: Who watches the watcher? Isn't that the original question?

Mrs McLeod: I don't want to oversimplify just because it's the end of the day. First of all, I'm convinced. We've heard it from I think almost all, not 23 of them yet, but a lot of the regulatory colleges.

Ms Lankin: The rest are coming.

Mr Fefergrad: We all have a share.

Mrs McLeod: I don't need any more convincing we've got to deal with a problem of the lack of consistency between-

Mr Fefergrad: You know what's strange, at the risk of interrupting you? We haven't conspired; we've come here independently.

Mrs McLeod: If you haven't, please do.

Mr Fefergrad: And imagine if we had.

1740

Mrs McLeod: I think where you've left us with this presentation is that the HPRAC legislation is good legislation, that we do need health privacy legislation nonetheless, and that we need to make sure that the two things are consistent and that it's a very difficult task to do.

Mr Fefergrad: Yes.

Mrs McLeod: Let me take a shot at it, without attempting to oversimplify. We take the colleges out as health information custodians. At this point, I believe-I may be persuaded otherwise-that health privacy legislation should have primacy and that there should be exclusions written into the health privacy legislation where other acts are to supersede it. So we take the colleges out as health information custodians, and then we write in a specific exclusion under the health privacy legislation to recognize the primacy of HPRAC in terms of the regulatory responsibilities of the colleges. Why wouldn't that deal with the problem?

Mr Fefergrad: That might. It's late for me too, actually. Could I give some thought to it and perhaps reduce some thinking to a memo? That might work.

Mrs McLeod: Thank you. Then I guess my second question, if I'm not erring on the side of oversimplifying everything-

Mr Fefergrad: No, it's great for me. I understand it.

Mrs McLeod: You've said we need health privacy legislation. What gaps need to be addressed by having health privacy legislation that goes beyond what the regulated health professionals are putting into practice now?

Mr Fefergrad: That's a big one. Do you mean in terms of our mandate as a college?

Mrs McLeod: No. I think the regulated professions under HPRAC are doing a good job, and the way in which the health professions are dealing with their responsibilities is-the review is going to identify some areas where there need to be improvement etc, but by and large you don't hear huge numbers of complaints. So where are the gaps, in your view, that lead you to say that we need to have consistent standards and rules? Is it for the various custodians, those who are recipients of health care information, that have dealings with individuals in health care settings and aren't one of the regulated health professionals or health providers? Is that one of the places where we need to get consistency?

Mr Fefergrad: It's one of the areas; it's not the only one. That's actually a very complex question. I'm not ducking it, but I'd love to have some time to think about it and not just wing it. Will that be all right?

Mrs McLeod: Sure, I appreciate that. The reason I pose it is not in any sort of rhetorical way. It's because I think we're all really struggling with the sheer complexity of this legislation.

There is a default position, and the default position is to simply stay with HPRAC Ontario and the federal legislation in terms of the commercial sector takes over, and what else do we need? It's an issue that we're really struggling with right now: what do we have to do to get really good health privacy legislation in Ontario, and what is it we're trying to achieve in doing that?

Mr Fefergrad: With your permission, it's a very complex question. I wouldn't mind taking some time and reducing it to a memo, if that's agreeable to the Chair.

Mrs McLeod: I would appreciate that very much. Thank you.

Mr Fefergrad: I'll do that, then.

The Chair: We'll move now to the NDP. Ms Lankin.

Ms Lankin: In 1991 and 1992, I used to lose a lot of sleep to nightmares about the RHPA, whether it was, like, monster-controlled acts or scary scopes of practice or whatever. I'm having flashbacks. In these last couple of days, it's sort of like, oh, God, here we go again.

I think Mrs McLeod summed up where I'm getting to my thinking. As a general principle, I believe that whatever privacy information legislation we end up with needs to have supremacy. There should not be whole acts that are exempted and given primacy over it. But where there are absolute conflicts-and that's what you keep saying: where there are conflicts, we can't live with that-identify them, and we can amend this legislation to give RHPA primacy in that area, as opposed to exempting the whole regime.

That may not be satisfactory, but I think it's what Mr Wood was getting at and it's what Mrs McLeod has asked you for. We've asked, so you know, a number of the colleges to put their minds to that, so there perhaps is a coordinated, dare I say colluded, response that might come forth.

Second, you should know we've also asked that HPRAC be contacted and that HPRAC not delay in any way the review they're doing. But this is a significant issue, and perhaps they should be also turning their mind to this and advising the committee. The ministry has also, if this sets your mind at rest, testified before us-just a five-minute interlude today-in response to a number of the colleges' submissions that certainly none of the fears you raise are their intent. So I think there's a willingness to work through this.

The questions is how we best do it. What you've been asked for would be very helpful to the committee, and once we determine our recommendation back to the ministry about the scope of the legislation and the direction we want to go, it would facilitate our committee's suggestions to the ministry about how they handle what is obviously an issue that's got to be dealt with. I think we're all convinced of that.

Mr Fefergrad: I'm delighted to take a shot at it if it helps you.

Ms Lankin: I appreciate that.

The Chair: Thank you very much. We appreciate your taking the time to come before us this afternoon.

There being nothing else before the committee, we stand adjourned until 9 o'clock tomorrow morning.

The committee adjourned at 1746.