e-Health is what the BC government has named its project to create an integrated computer network for health information. e-Health is envisioned as a “distributed system” which means it has many component parts, all of which will ultimately be compatible (interoperable) so they can work together and information can flow throughout the whole system. The system will be province-wide, and one of the main purposes is to make patient information more available to more people in the health system. This includes people who will give you care and treatment, but also managers, bureaucrats and researchers.

While the Province says that patient privacy is of major importance, and that the system will have many privacy-protective features built in, including firewalls and role-based access, in fact it appears that the systems are being built before the privacy rules have been properly defined. This has raised very serious concerns among privacy advocates.

e-Health Act – The Legal Framework for e-Health in BC

In 2008, BC’s E-Health (Personal Information Access and Protection of Privacy) Act was enacted to support the development of the e-Health system.

Under the e-Health Act, the Minister can designate any health database in the public system as a Health Information Bank (a “HIB”) and require it to be filled with information from doctors, other health care providers, labs and others in the broader health care system. It is expected that each of the e-Health projects will be designated a HIB, and that the EHR system as a whole may also be designated a HIB.

A HIB can be created only for one or more of the following  purposes: to identify an individual who needs or is receiving health services; to provide or facilitate the provision of health services to a patient; to identify providers; for chronic disease management; to facilitate health insurance and billing; and for public health, planning, maintenance and research purposes. It is expected that HIBs will be designated with more than one purpose to enable the information in them to be used for purposes in addition to the provision of health care to the patient.

Under the e-Health Act, the administrator of the Health Information Bank is given the power to request any person to provide information or records containing personal health information to the HIB. The person must comply with the request, unless another law prohibits them from disclosing the information.

So, one of the major reasons for the legislation is to enable the government to create large data banks of health information about identifiable individuals, and to allow the Ministry to require personal health information to be disclosed to these data banks, except where disclosure is prohibited by law.

Disclosure Directives

The e-Health Act gives individuals a limited right to impose a ‘disclosure directive’ on their health information to limit to whom the information may be disclosed. Once your information is in your electronic health record, some parts of it can flow through the system, and be accessible to other HIBs, unless you use your right to put a disclosure directive on your personal health information.

A ‘disclosure directive’ is an instruction by you about whether or not your information can be disclosed, or to whom, or for what purpose, that is attached to your EHR file in a particular HIB. While this sounds like a positive step to protect patient privacy, what the law requires in order for individuals to put disclosure directives on their personal health information will probably result in very few individuals actually using this right.

The e-Health Act requires that the patient must make the disclosure directive in the way that is required by the order that established the particular HIB. So this means that the individual must find out what the order requires. The disclosure directive will not take effect until it is “activated” in the relevant HIB. It is not clear what “activated” means.

To find out what the order designating a HIB requires, the individual must find the order in the Gazette. When a HIB is designated, an announcement will be put into the Gazette, the government publication that announces new regulations, orders-in-council and other similar types of government business.  The Gazette is available online, and at public libraries. Critics point out that the Gazette virtually never comes to the notice of the average citizen, so that publishing the information in the Gazette is not the same thing as publicizing the information in the media. Rather, the information published in the Gazette is available for the citizen who knows to go looking for it and chooses to do so. The citizen must keep herself up to date on the orders which designate new health information banks, by ensuring that she regularly checks the Gazette.

In any event, the only parts of the e-Health Act not proclaimed in force in November 2008 were the sections relating to patient access to records in HIBs, and to patient rights to make disclosure directives. The disclosure directives sections are to come into force in June 2009. It is not clear when, if ever, the parts of the law giving patients a right to get access to their information in HIBs will be in force. Without a general right to get access to information in a HIB, you cannot be sure your information is held by that HIB.

It is difficult to know whether you should file a disclosure directive with a HIB if you don’t know whether your information is in the HIB or not.

And finally, the e-Health Act permits HIBs to be created that are exempt from disclosure directives, or that limit the types of disclosure directives that can apply or the classes of people that can make disclosure directives. So there is no guarantee that individuals will even have the right, in all cases, to make a disclosure directive.