By Annamarie A. Fuchs, Creator. Partners in Health | Conversations

“Technology does not run an enterprise, relationships do.”

Patricia Fripp

“I think it is time, and I believe it is beginning to happen, that the health sector begins to truly re-examine its relationship with information.”

Dr Ewan Affleck

In the mid 1980’s the idea of using computers to support clinical care in healthcare beyond mere word processing was taking hold. As a young, registered nurse, I was part of a committee exploring the use of bedside handheld devices that would eventually rely on bar codes on patient wrist bands, IV bags, and catheter bags to capture patient information. That project was ultimately shelved but before long, information systems were replacing paper requisitions and some hospitals were also beginning to implement electronic charting systems. Today, we have electronic medical records, electronic health records, and hundreds if not thousands of systems that both capture patient information and offer communication options most of us couldn’t have foreseen a generation ago. But along with the creation of these new tools was a growing recognition of the privacy implications, security, and risks associated with the collection, use, disclosure, and protection of vast amounts of patient information.

Fast forward 20 years. I was in a leadership position in a large health authority where we were preparing to launch a computer application that would supplement the electronic clinical patient record we relied on day-to-day. By this time, privacy legislation was in place across much of the world and completion of a Privacy Impact Assessment (PIA) was required before the implementation of any clinical information system. I knew about privacy legislation but like many people, I didn’t have a material sense of the oversight or management of privacy protection in healthcare. While I was writing the PIA, I was stunned at the expectations for compliance to processes that I not only didn’t understand, but many of which seemed almost ridiculous to me at the time. Until then, I had worked in a world where patient information was readily available to anyone who claimed to need it but with admittedly little oversight. These new rules were confusing at best. I completed the PIA and submitted it to the Office of the Information Privacy Commissioner for Alberta (OIPC). It was soon approved, and we were given the green light to proceed with implementation of the project.

In the years since the introduction of privacy legislation and policies that govern how we exchange information in healthcare, our collective efforts to secure patient information have grown. Integrated electronic patient information systems have evolved since those early days and pose tremendous opportunities for strengthening both efficiency and safety in healthcare. However, obstacles limiting appropriate and timely access to patient information have also emerged. Today we find ourselves entangled in legislation and policies that have not effectively evolved to accommodate the electronic information era and change is clearly necessary.

I recently had a conversation with a physician who is a leading advocate across Canada for this change. Dr. Ewan Affleck is a health informatician who maintains a part-time clinical practice and has spent twenty-five years involved in digital health information at almost every level including design, deployment, strategy, regulation, education, and governance. His current focus is on health information public policy. He would agree with me when I say that if our intention was to enable the use of technologies to facilitate excellent patient care, we’ve largely failed. Outdated and misaligned legislation and accompanying execution of policy are largely to blame for this failure alongside antiquated governance models that were clearly not designed for the digital age. And we have no excuse. These issues have been solved for decades in other industries.

In fact, Dr. Affleck has been known to declare when he lectures about health data governance in Canada, “If I kill a patient because I cannot access their health information, at least it will have been a private death.” Those may be considered passionate or even controversial words, but he is not incorrect.

Dr. Affleck, when we last spoke and you made that statement to emphasize a point with the group, what were you hoping to achieve?

Well, it’s interesting. I’ve used that phrase many times in the past 15 years or so and it resonates every time. I recognize it is potentially inflammatory – but it is intentionally so. Firstly, I want to preface my statement by explaining that I wholly uphold the foundational importance of protecting the privacy of personal health information. We can harm people by not protecting the sanctity of their information privacy.  However, my hope is to draw people’s attention to the fact that there is more than one way to harm patients through the misuse of their health information. We have been preoccupied as an industry with the confidentiality of individual’s personal health information, which is important. Yet curiously there is an almost complete absence of any public policy around the appropriate use of health information to assure the physical and mental wellbeing of patients. In other words, there is an absence of any obligation in the healthcare system to assure we do not harm the health of patients through the poor design or misuse of their information. Stated in another way there is a lack of policy obligating us to share and use information to improve patient and population health outcomes. So, I hope the statement shakes people up enough that they start seriously thinking about the policy environment we have created to support information systems. Frankly, we have no coherent and agreed upon policy standards that articulate our obligation to use technology to enable quality health services. We have invested in extensive digital health technologies and despite that, our supporting public policy has failed to uphold our basic obligation to quality health care.

When I talk to members of the public about their health information, almost 100% of them assume that all of their information is available and shared by all health professions when it is needed. But when I explain that a trip to the emergency department on the weekend is likely to remain unknown to their family physician in the same community unless they mention it, they’re stunned. We can’t seem to solve current issues with interoperability, but nevertheless, we keep adding more and more technology. We spend our time trying to decide who ‘owns’ the patient record instead of finding ways to make it as accessible as our own personal banking information at the Interac machine around the corner.

Agreed. There are manifold instances of stable and reliable interoperable platforms in other industries; the banking or Interac example is an excellent one. You ask why we haven’t built a similar system for healthcare? In my opinion, it’s largely because we have built or deployed health technologies into antiquated governance and policy models designed for the analog era that have remained fixed for generations. The public policy template for health information use is the custodial model. Every province or territory has a unique version of custodian-based health information legislation. The custodial model may have worked well in a paper-based health information system, but it demands the fragmentation of health information along health service lines. We deployed health information technology along these custodial lines, basically cementing in place the fragmentation of patient health information between each health service. This was and continues to be a costly, destructive and dangerous error.     

The path to interoperability lies in person-centric information architecture.  What do I mean by this? We all know patient-centricity is a common – and I would suggest abused term – in the health care industry. Person-centric health information implies that the individual has rights to, or control over their personal health information, which I believe through legal and ethical perspectives is supported in precedence. From an architectural standpoint person-centric health information is information that follows the individual through the entire course of their health experience, meaning from location to location, and service to service. To achieve this demands the standardization and alignment of health information governance, policy, technology and workflow across health services and jurisdictions, which is akin to achieving interoperability. Only by embracing person-centricity will we succeed in establishing health information interoperability.

My doctor gives me copies of everything whenever I have an appointment and discusses all results with me. I am so accustomed to her approach that I often forget that this isn’t the case everywhere.

The needle is moving slowly in the right direction. Many physicians are becoming much more comfortable sharing information with patients but not it’s certainly not a consistent practice. There are a growing number of patient portals being deployed in Canada, which is excellent, and in general governments and health authorities are promoting their use. However, we continue to struggle with discussions around ownership of information for a number of reasons. Firstly, health care providers are concerned about their obligations as custodians to honor personal health information privacy, so there is a disincentive to share data. Secondly most health care providers are unaware of the legal precedent set by the Supreme Court of Canada in 1992 that gives legal authority over the content of the health information to individuals. This second point raises the issue of a lack of effective training and education in professional schools to assure health care providers are digitally literate.

My sense is that at the end of the day, most physicians are growing weary of the demands expected of custodians. Those duties, processes, and regulations assigned to the role of custodian takes them away from what they entered the profession to do in the first place – to care for patients. This stress is likely contributing to burnout. A re-imagination of the public policy that frames health information use is long overdue, so that healthcare providers can get back to providing care, and individuals can have coherent access to their longitudinal health information.

So, who’s in charge? Who’s overseeing the disclosure, use, and protection of information to ensure that it is optimized in such a way that patients are not only protected but also given the care that they need based on the appropriate and timely sharing of that information?

That is a difficult question. There is a different answer depending on what property of health information you are considering. Certainly, Information Privacy Commissioners play an important role in ensuring the disclosure, use, and protection of information does not result in harm from breeches or misuse of personal health information. Governments play an important legislative and policy role, and professional regulators oversee the obligations of respective professions as it relates to their use of information. Where we fall down however is related to who or how we oversee the design and use of information to assure optimal patient and population outcomes. An example is assuring interoperability of digital health solutions; nobody seems to be in charge of this, meaning there is no public policy that obliges health information technology solutions to be interoperable. That’s shocking when you think about it, because we know a lack of interoperability fragments patient data and fragmented data compromises quality of care. The bottom line is that there isn’t a role, empowered by legislation, to oversee the sharing and use of patient information specifically to promote the health and wellness of patients, akin to the role of a privacy commissioner to protect their information. People should not be damaged because a healthcare provider can’t get access to the information needed to provide care.

In Alberta we don’t have far to look to see the tragic implications of information failure. Dave and Teri Price are wonderful, compassionate, and brilliant people whose insights in the face of profound personal tragedy should be shaping how we transform legislation in this province and across the country. As the Price’s suggest, the individuals involved in Greg’s care were not the problem. They were working in a deeply dysfunctional system that created a perfect storm of informational missteps that contributed to Greg’s death. The lessons from this case need to inform our approach to health information public policy. The problem we have with fragmented health information has a real impact on patients, populations and providers alike. Greg Price’s case is not unique, but we fail to examine on a systematic basis how frequently the miss-use of information is damaging Canadians. Why we are not examining or studying the impact of informational error on patient outcomes is a mystery to me.

If you could do one thing to help close these gaps so that we don’t continue to fail patients and providers, what would that be?

I am an eternal optimist. I am seeing great interest in recent years, more so since COVID, at almost every level of government, regulation, and education in transforming how we use and leverage health information for the public good. If I had to choose one thing that could be done that would help hasten this transformation, I would suggest that upgrading how the health workforce is trained and educated would be the priority. The role of health information and the centrality of its use to promote quality health services and programs to benefit individuals and populations is not addressed in health care training. The consequence is the perpetuation of fragmented and dangerous information practices. We need a health information literate workforce; curricular reform is urgently needed across all health professions.

If I could choose other interventions, I think there is an important place for the setting of evidence-based principles of health information design – a Charter as it were – that can be leveraged as a unifying vision that bridges jurisdictions, levels of government and health services, and promotes the creation and adoption of public policy that obligates interoperable and harmonized digital health solutions.

Lastly, I would concentrate on the replacement of the custodial model of health information oversight and replace it with a stewardship model that promotes the proactive design and use of health information for individual and public good.

There is so much more one could do.  But this would be a start.

So, are you suggesting we abandon current legislation, policy, and processes and create a ‘new Stewardship model for the digital age’ – one that places patients and their information as the key strategic enabler of excellent care as our highest priority?

No, we don’t need to abandon all legislation, policy and processes; public policy around health information privacy should be retained. Rather we need to sunset the custodial model or reinvent it in the form of a data stewardship framework that promotes the proactive sharing and use of health data for individual and public good. It then can stand in counterpoint to privacy policy in a manner that achieves a cooperative balance between obligations to protect and individual’s privacy while delivering quality care.

While you’ve mentioned that current system and legislative failures are hurting everyone including decision makers, do you think decision makers know what is needed? Are there other incentives or disincentives preventing decision makers from making the policy changes we know are needed?

I think there has been a degree of persistent myopia in our understanding of what the obstacle to optimized digital health informatics has been; our tradition has been to ascribe system shortfalls to technology issues. Again and again, we have tried to solve digital health information dysfunction by procuring more technology without identifying that the problem is in reality a people problem not a technology problem; the policy, governance and workflow that we deploy the technology, into is not designed to nourish it. If one drops amazing tools with incredible power to transform how we work into fragmented, unsupportive and hostile policy environments, what do we expect the outcome will be? Your investment will fail.

There are excellent examples in Canada, with limited scope, of person-centric digital solutions that consolidate patient information into one digital repository that follows the patient through their course of care. These instances demonstrate success because they have been accompanied by governance, policy, and workflow that is not hostile to person-centric information flow. However, the scale and spread of these best practices is limited by a lack of harmony in information policy and governance across custodians and jurisdictions.

So, where do we go from here?

I think it is time, and I believe it is beginning to happen, that the health sector begins to truly re-examine its relationship with information. We need to embrace health information theory and adopt principles of quality-based health information design that can unite all stakeholders and the public around a common commitment to data rich quality health programs and services. To do so demands a purposeful effort to promote digital data literacy for the workforce and the public.

One positive by-product of COVID has been an unprecedented interest in digital health in Canada. The sudden need to stand up virtualized services in March 2020 has led to an unprecedented focus on the value proposition of digital health. There seems to be an interest and willingness to re-examine our relationship with health information and how it is governed and managed that gives me optimism that significant advances in digital health optimization will be gained over the next five to ten years. Central to our success will be the capacity to cooperate across professions, services and jurisdictions on governance, policy and technology standardization. This will be most readily achieved if there is substantive and meaningful inclusion of patient representation in all system design and oversight.

Digital information technology is a ‘tool’ and an ‘enabler.’ It should not dictate health information flow, but should be adapted to information flow required to support quality health services. We need to adapt digital health technology to optimized digital health public policy. If we do not, we will continue to fail.

Concluding Thoughts

Our electronic health information is incredibly useful and when appropriately available, it empowers our providers to work with us to make critical and even life changing decisions. It can also be complex and inconsistently available, limited by both technological incoherence as well as legislation and regulation. How we optimize public policy to better support access to information may be the single most important advancement of the next decade and innovators like Dr. Affleck and others are committed to transforming the system.

However, there are opportunities for everyone to become informed and involved. If you are interested in learning more about this important topic and participating in the conversation, there are resources available and innovations that are underway.

  1. Dr. Affleck is a member of the Expert Advisory Group for the Pan Canadian Health Data Strategy ( ) which has been focusing on strengthening how we ensure “access to reliable, timely, and relevant health data to benefit people and health systems across Canada.” Keep an eye on the website; reports 1, 2, and 3 will be released soon.
  2. Dr. Affleck is chair of Alberta’s Virtual Care Working Group ( ). Since their inception in 2019, they have published a report entitled “Optimizing Virtual Care in Alberta which offers design principles based on “characteristics of an idealized virtual care system.”
  3. Greg’s Wings ( ) is a not-for-profit organization established by the Price family in honor of Greg Price who died when, as Dr. Affleck explains in this article, “the system created a perfect storm of informational missteps that contributed to Greg’s death.” Greg’s Wings is a grass roots movement of people who have launched a number of ground-breaking projects.
  4. The Imagine Citizen’s Network ( ) is an Alberta-based network of “people and community-oriented partners that offer us, as citizens, collaboration pathways to deliver person-centered care and whose vision is a health system intentionally designed in partnership between citizens and other stakeholders to achieve the best possible experiences and outcomes for all Albertans.” They have a “Citizens for Digital Health” initiative ( ) where Albertans can become engaged in understanding what matters by strengthening their digital health literacy as a means to help shape the future.
  5. In June 2021, Health Canada released a report entitled ‘Enhancing Equitable Access to Virtual Care in Canada: Principle-based Recommendations for Equity.’ Dr. Affleck also chaired the task team which was created under the Virtual Care Expert Working Group with a “mandate to develop a principle-based framework for equitable access to virtual care and to provide guidance and recommendations on the concrete actions that Federal, Provincial, and Territorial governments can take to ensure that virtual care promotes equity as a critical dimension of quality care.

At Partners in Health | Conversations we believe in the power of relationships, and we appreciate hearing from our readers. Let us know what you think and, if you have a story you’d like to share, let us know. We’d love to speak with you.

Leave a Reply