As a lawyer, ones first instinct is often to find fault with regulators. eHealth, a great idea in concept, is still struggling to find a consistent approach to achieve its goals. However, while the latest issue involving eHealth and London, Ontario hospitals is playing out in the media, Ontario's Privacy Commissioner has advanced eHealth and maintained her reputation as a reasonable and common-sense Privacy Commissioner. The ability to outsource the handling personal health information outside of Canada has always been a dicey political topic. Rarely does anyone in the public eye want to stand up and say that it's okay for our most sensitive and personal information to cross the border into the United States, a country without comprehensive privacy laws. Ann Cavoukian has no such problem. London Health Sciences Centre and St. Joseph's Health Care had been negotiating an outsourcing deal with Cerner Corporation for quite a while when these negotiations became public largely through whistleblowers concerned about the deals impact on job and patient privacy. The deal between the hospitals and Cerner Corporation, a large U.S. service company with a solid reputation, is intended to provide sophisticated solutions to the hospitals while saving them hundreds of thousands of dollars a year. Politicians reacted to the news of the outsourcing deal by raising concerns about compromising the confidentiality and privacy of patients. Ann Cavioukian reacted by calmly putting Ontario's Personal Health Information Protection Act (PHIPA) against any legislative regime in the world and confidently proclaiming that Ontario has "perhaps the best [health information] privacy laws on the planet." Dr. Cavoukian continued her statement by pointing out that outsourcers face very strong restrictions when they are acting as agents for Ontario hospitals and other health information custodians. At law, health information custodians (HICs) are accountable for the personal health information they collect, so HICs are obligated under PHIPA to ensure any outsourcers and agents to whom they disclose or transfer personal health information are subject to very restrictive contractual provisions relating to the use, disclosure and security of such personal health information and audit rights to ensure compliance therewith. The impetus for Ann Cavoukian taking this position – a strong belief in the laws over which she presides and an appreciation that enforcing such laws does not necessitate the obstruction of commercial relationships that could provide hospitals better services and save hundreds of thousands of dollars, dollars which can be better spent providing health care, instead of hospital administration.
Read more detail on Recent Business Law Posts –
