In response to Dr. Spithoff's article, "Medical-record software companies are selling your health data" which appeared in The Toronto Star on February 20, 2019, I would like to clarify several points made in the article.
First, I want to be very clear: we have no evidence to suggest that physicians are selling personal health information.
Electronic Medical Records (EMRs) have become the standard of care used by a vast majority of the province's community physicians and nurse practitioners to provide patient care and manage their practices. Personalized patient data may be shared only for the purposes of providing care to patients within their circle of care. Physicians, as health information custodians, must comply with Ontario's Personal Health Information Protection Act (PHIPA), which includes keeping data secure and confidential at all times.
OntarioMD administered funding to physicians to adopt certified EMRs on behalf of the Ontario Ministry of Health and Long-Term Care until 2015. At the same time, OntarioMD has continued to lead a rigorous certification process and continuous monitoring of EMRs to ensure that they, first and foremost, meet the needs of physicians and their patients in providing care. EMR vendors are only paid by OntarioMD for development work that supports integration efforts in response to provincial priorities.
Privacy and the protection of patient data are integral standards for EMR certification. OntarioMD's requirements for certified EMR offerings do not allow for the sharing of patient data for purposes other than providing care or informing policy or research.
Our stringent requirements are for certified EMRs only, of which there are now 12 in the province. OntarioMD works closely with EMR vendors and their certified EMRs for ongoing compliance with our current specifications and other obligations. Physicians also inform us about any concerns they have with their EMR vendors as a second line of accountability.
There is no doubt that EMRs contain valuable data. That data is protected by physicians, by the rights of patients, the law and by the EMRs themselves. Companies may not extract data for secondary use without meeting all legal requirements, including the consent of physicians, and as applicable, patients. The secondary use of data is currently the subject of federal and recently-announced provincial consultations, and we expect there will be increasing clarity on the issue of appropriate access to, and use of, health data.
Sarah Hutchison
CEO, OntarioMD