JordonCooper Rotating Header Image

Mike Wallace

Column: Health Privacy Needs to Be a Priority

My column in Tuesday’s The StarPhoenix

Two seemingly unrelated stories that came out recently are more connected than we realize.

Bell’s Let’s Talk campaign hit full speed last week. The campaign is designed to raise awareness about mental health in Canada, and Feb. 12 brought a full-court press of media to raise awareness across the country.

And in a week when we were supposed to be more open than ever about mental illness, we also had the story about employees at the Regina Qu’Appelle Regional Health Authority (RQRHA) snooping into people’s confidential health records and in one case, altering information.

The reason Bell is trying to raise awareness about mental health is the stigma that’s still attached to it. Despite advocates such as the late journalist Mike Wallace and TSN host Michael Landsberg talking openly about their battles with depression, mental health conditions are something that many fear and others are reluctant to get treatment for.

The Mental Health Commission of Canada talks about stigma existing even among doctors – the same health professionals to whom sufferers are referred initially when they have problems. Progress is being made on removing the stigma, but there’s a long way to go. For those seeking treatment, it can be a daunting task and one that many people choose to do privately.

This is why the news out of Regina about health region staff and the privacy commissioner’s report about the medical record breaches are so discouraging.

In Saskatchewan, our health records are protected by the Health Information Privacy Act. HIPA’s stated goal is to improve the privacy of people’s health information while ensuring that enough is accessible to provide health services.

Yet at the RQRHA, there appeared to be a culture in some departments of looking at anyone’s health records.

As one staff member said during the investigation, “Everyone is doing it.”

Privacy commissioner Gary Dickson’s report calls out the Regina health authority but mentions other privacy breaches in health districts across the province. He refers to a “culture of entitlement” among employees of health regions who feel that they are allowed to look at anyone’s files.

So back to Bell’s Let’s Talk campaign. It encourages Canadians to speak out about mental illness, but then we learn that if we do seek help, it could be read and shared by those who have no right to see that information.

No wonder that Diane Aldridge, director of compliance for the privacy commission, told the CBC: “It’s about patient confidence, not only in the electronic health record but in the system itself.”

This isn’t just about mental health. It’s also about the loss of the confidence we all have when we go for treatment that our treatment will remain confidential.

The HIPA violations and Dickson’s report are serious enough that something needs to be done. Yet the report notes over and over that recommendations aren’t being followed. Over the decade that HIPA has been in place, not a single charge has been laid over a violation of it.

What’s the point of bringing in a privacy act if no one is going to enforce it or care? If we want to get serious about treatment of mental health or other illnesses that carry a stigma, then we need to get serious about protecting the records of people who need help.

It will take money to upgrade legacy computer networks and build the systems that are common among organizations that actually do protect our personal information. It will also take the political will to strongly punish those who break confidentiality agreements.

Dickson pointed out that the risk of job loss wasn’t enough to deter staff from snooping in and altering personal health records.

If firing or suspension isn’t working, perhaps it will take the year-long jail sentence for offenders that’s allowed in HIPA provisions.

It’s also going to take someone asking some really tough questions about why people who have no reason to access files are allowed to do it. Confidentiality is more than an agreement staff sign – and apparently ignore. It is protecting the information so that it can’t be viewed in the first place.

If the “trustees” of the system in our health regions can’t get this right, we need someone else to take leadership and ensure our personal information is safe.

Bell suggests Let’s Talk, but let’s also make sure that for those who want it to be, it’s a private conversation.

© Copyright (c) The StarPhoenix