Embedding privacy into the design of EHRs to enable multiple functionalities : Embedding privacy into the design of electronic health records to enable multiple functionalities

As noted, one of the most important features of the approach taken by Canada Health Infoway in the development of EHRs was the creation of a consistent architecture and standards for data collected across the country. [...] The EMR system is retained in a data centre that requires individuals to pass through multiple levels of security in order to access personal health information stored in the EMR; in addition, the system is built with the ability to monitor for access to servers in real time, and audit logs are maintained of all accesses to the EMR by physicians and staff. [...] For example, a 2007 survey jointly sponsored by Canada Health Infoway, Health Canada, and the Office of the Privacy Commissioner of Canada14 found that while awareness and support for EHRs was high and increasing,15 those who were opposed to the development of EHRs based their objections almost entirely on concerns about the ability of EHRs to protect the security and confidentiality of personal h [...] The principles of PbD, in conjunction with the Common Understandings, must form the foundation of the framework for research and health system uses of personal health information in the EHR context. [...] For example, an order was issued in the case of a hospital nurse who accessed a patient’s records and shared this information with the patient’s estranged husband, an employee of the hospital, despite the fact that the nurse was not providing care to the patient and the patient had specifically raised her privacy concerns to the hospital at the time of her admission.27 In a subsequent case involvi