Andre Picard, writing in the Globe and Mail on June 14, made a poignant plea for speeding up the move to electronic health records for all Canadians. He says:

Picard points out that medical records should be accessible to all health professionals we consult, from the pharmacist close to home through the emergency room at the other end of the country. And then he adds, in parentheses: “With the requisite protection of privacy, of course.”

And there’s the rub. Just what is the requisite protection of privacy, and how should it be implemented? For example, in British Columbia a few years ago there was a huge, and quite public to-do about the contracting out of the Medical Services Plan databases to a U.S. company, and the need to protect the information from unwarranted access through the Patriot Act. The B.C. Privacy Commissioner, David Loukidelis, played a very visible role in helping to achieve a reasonable understanding of what would be appropriate in this case. But it turned out that, a year after contracting out the information collection and management to EDS Advanced Solutions, an employee of the company spent several months improperly and repeatedly surfing the files of sixty-four individuals, including the file of a woman whose ex-husband had claimed he could find out where she lived, despite her efforts to keep her location secret. And the source of that information, apparently, was to be the employee who had been doing the surfing. As it happened, none of this had anything to do with access through the Patriot Act.

EDS performed an audit that revealed “some unexplained accesses”, and then claimed there had been no privacy violations because they found no evidence that the information had actually been disclosed to anyone! Furthermore, it took nine months before the woman who had complained received notification about what had actually happened and what lay behind her ex-husband’s claims that he could find her. Various safeguards were subsequently put in place, but one can’t help wondering how much “snooping” of electronic health records might take place without being detected, especially considering the access that vast numbers of employees of pharmacies, hospitals and physicians’ offices would have to such information.

Meanwhile, British Columbia has embarked on a major effort to digitize all medical records, including providing electronic medical records technology to groups of doctor’s offices, much along the lines advocated by Picard. Indeed, B.C. plans to be a leader in Canada in this area of moving from paper records to electronic ones. It is clear that such a project could have the effect of improving medical care enormously by integrating records so that each physician or nurse or pharmacist with whom we interact has access to an overview of our medical histories and records. Advantages may include the fact that tests don’t need to be repeated endlessly, that many errors can be avoided, and that some diagnoses can be made without requiring patients to travel long distances. All good. But since many people are quite concerned about preserving their medical privacy, there is a remaining worry revolving around how we are to ensure the protection of that privacy within the system, and the related autonomy and dignity of patients.

So the first questions are about who needs to have access to all this information, and how we can ensure that access is not granted beyond those groups, except under carefully monitored conditions. Secondly, we need to devise ways to ensure that the information is never used to the detriment of patients, that patients are fully informed at all stages, and that they are involved to whatever degree they wish to be in all decisions about their testing, their results and their treatment. All of these are standard issues in designing good medical care plans – it is just that some of them are more likely to lead to problems when medical records are computerized and networked.

The situation becomes more complicated when we add the more recent developments in genetic and genomic technologies, which will, if they haven’t already, expand not just the amount of information available about individuals, but also the kind of information that is gathered. Individuals who agree to the collection of information are usually assured that their privacy will be protected by secure coding of the information and other means. But to what extent are these measures monitored, and how easy or difficult is it for the codes to be cracked? Even if the coding is secure now, it may well be easy to decipher with new information technology methods.

To be sure, not everyone worries about the privacy implications of these technologies. There has been much discussion surrounding the sequencing of individual genomes, two of the most recent highly publicized examples being J. Craig Venter, former president of the Celera Corporation and James D. Watson, one of the scientists who formulated the double helix model for DNA. And amidst the excitement about these developments the likelihood increases that certain genetic information pertaining to individuals will become part of their medical records and, in due course, so will their entire genomes. No doubt for some purposes this is all to the good in the sense that more information about an individual may well make it possible to provide better care.

But what if making this information available leads to refusal of treatment for people with certain “genetic diseases” or various other forms of discrimination such as denial of insurance or employment? Or what if the individual simply wishes to keep certain matters about his genetic make-up private? Or what if he does not wish to know that he is at risk for a disease such as Alzheimer’s, which manifests itself later in life? Or what if someone’s records are retained and used at a later time in a non-secure environment? We must also remember that genetic information about a given individual tells us quite a bit about his or her family, which may expose many people to having their genetic information widely known, whether or not they have consented to such exposure.

In discussions about information technology and medicine, one commonly heard complaint is that privacy advocates are holding up progress by making it difficult to implement the obviously necessary computerization and integration of medical records. On the other side, one might argue that the focus on technology in this area carries with it the danger that privacy considerations will be relegated to the sidelines and may even come to be seen as insignificant. Unfortunately, a consequence of failing to respect privacy is that the dignity and autonomy of individuals is likely to be impaired. In that case, we will all pay the price.