Duties and responsibilities

Expectations of physicians in practice

Privacy: What the future holds

Originally published October 2013

The notion of privacy is continually evolving in keeping with technological advancements, human behaviour, society's values and expectations, and changes to legislation and regulations. While we cannot predict with certainty what the future holds for health information privacy, we can foresee some likely scenarios. One fact is certain: physicians play a key role in protecting patient health information in the eHealth environment, and this will not change. The issue for doctors will be to stay abreast of the changes, contribute to privacy advancements, and comply with existing and new rules and regulations. 

Mobile devices, digital communication, social media, patient portals, and other advancements have been discussed in this special edition, but their stories are just beginning. While many of these advances will assist doctors to provide better patient care, it will be important to "look before we leap" and exercise caution. Regardless of the technology, patients will expect the appropriate use and safekeeping of their personal health information.

Patients are also driving some of the increased use of information and communication technologies. For example, they are eager to leverage technology to better manage their healthcare. Whether it's scheduling medical appointments, monitoring their own blood pressure, or asking questions online, patients will continue to be motivated by the prospect of convenient access to medical care, the ability to obtain health information, and the promise of greater control over their own health. As these changes occur, technology must be leveraged to enhance protection from unauthorized or inappropriate use. Physicians will continue to be called upon to fulfill their privacy obligations.


Electronic prescribing or ePrescribing will have significant implications for the future. While this approach to prescribing will undoubtedly reduce costs, improve efficiency, and enhance patient safety, concerns about privacy remain. Patients may be worried about improper disclosure of their health condition or medication to other healthcare providers, employers, health insurers, and governments. Robust and transparent security measures will be required to overcome these concerns. Moreover, while many regulatory authorities and statutes continue to require a handwritten signature on the prescription issued, this requirement will likely change as electronic signature technology advances. Physicians will want to inform themselves about the ePrescribing rules in their jurisdiction and strictly follow them.

Data collection, access, and governance

Access to patient data has never been easier. This bodes well for research activities and should contribute to medical advancements. While digital technology will facilitate medical research, privacy requirements will remain just as important in research as in healthcare delivery. Protecting sensitive patient information from inappropriate use is of utmost importance. The de-identification of patient data or the encryption of all data holdings will remain critical. Physicians will also need to adhere to research ethics guidelines to protect the personal health information of patients whose involvement in research activities contributes to significant advancements.

While the secondary use of data can benefit research, health system planning, public health, clinical care, and quality and safety measurement, issues of consent and privacy will continue. Clarity as to what constitutes appropriate use, consent, and disclosure will be required. In clarifying usage, policy makers will need to strike an appropriate balance between the public good associated with the secondary use of data and society's demands for privacy.

The collection and use of large data sets, also known as "big data", also demands attention. Big data is being touted as beneficial for producing value in healthcare since more detailed and accurate information is available for use. Within institutions, big data can be used to obtain efficiencies and cost savings. For patients, the use of big data signals a shift away from "one size fits all" to a more personalized approach to care. While its advantages are clear, individuals may not be aware of implications associated with big data, particularly its potential use by government and commercial enterprise. Data privacy and security will remain key components of any big data discussion or solution, and physicians will have to ensure appropriate privacy practices are in place and only authorized personnel can access data.

The development of data governance frameworks will remain an area of focus in the future. The aim is one set of rules for an entire jurisdiction, with all healthcare providers having secure access to patient health information, as appropriate. Data governance frameworks will be important as Canada's uptake of telemedicine and telehealth continues. With data increasingly exchanged between providers in separate jurisdictions, policy makers and decision makers will want to think more virtually and less physically. Understandably, legislative measures generally align with jurisdictional boundaries — but in the virtual world and in the digital society, these physical boundaries are becoming less relevant.

Accountability and privacy rights

Physicians must protect their patients' health information, and a similar obligation exists for regulatory authorities, hospitals, and institutions to also protect the personal health information of physicians. Not unlike other patients, doctors want assurance that their personal health information will be protected from unwarranted public disclosure. The accountability of healthcare providers or healthcare systems should not void the privacy rights of providers. The CMPA has always maintained that regulatory authorities, hospitals, and health authorities can fulfill their responsibilities and public accountabilities without compromising the privacy of healthcare providers.

The capture of data can extend beyond personal health information, including practice-related information. The concept of performance profiling, or assessing the performance of a healthcare provider based on data captured related to patient outcomes, is possible. As provincial and territorial medical regulatory authorities (Colleges) gain access to electronic health records, physician performance results may be collected and reviewed. While performance assessment brings many potential benefits, it is important to establish clear rules of engagement and to address context to allow meaningful comparisons. The key to the acceptance of performance reporting will be transparency, as well as appropriate privacy considerations for patients and healthcare providers.

CMPA support

Privacy is in a constant state of evolution, responding to technological advancements and societal norms. While individuals will seek to control their personal health information, the obligations of physicians to safeguard patients' privacy and personal health information will evolve over time. These changes may be incremental and depend on society's tolerance thresholds and values. Emerging technological advances hold many promises for effective and safe healthcare delivery. Notwithstanding this, physicians and healthcare providers should continually consider the privacy and security risks involved in their use. At any time, members can contact the CMPA to obtain guidance and advice on issues of privacy and confidentiality. The CMPA can also direct members to other appropriate resources.

DISCLAIMER: The information contained in this learning material is for general educational purposes only and is not intended to provide specific professional medical or legal advice, nor to constitute a "standard of care" for Canadian healthcare professionals. The use of CMPA learning resources is subject to the foregoing as well as the CMPA's Terms of Use.