RESUMEN
For decades, researchers have used linkable administrative health data for evaluating the health care system, subject to local privacy legislation. In Ontario, Canada, the relevant privacy legislation permits some organizations (prescribed entities) to conduct this kind of research but is silent on their ability to identify and contact individuals in those datasets. Following consultation with the Office of the Information and Privacy Commissioner of Ontario, we developed a pilot study to identify and contact by mail a sample of people at high risk for kidney failure within the next 2 years, based on laboratory and administrative data from provincial datasets held by ICES, to ensure they receive needed kidney care. Before proceeding, we conducted six focus groups to understand the acceptability to the public and people living with chronic kidney disease of direct mail outreach to people at high risk of developing kidney failure. While virtually all participants indicated they would likely participate in the study, most felt strongly that the message should come directly from their primary care provider or whoever ordered the laboratory tests, rather than from an unknown organization. If this is not possible, they felt the health care provider should be made aware of the concern related to their kidney health. Most agreed that, if health authorities could identify people at high risk of a treatable life-threatening illness if caught early enough, there is a social responsibility to notify people. While privacy laws allow for free flow of health information among health care providers who provide direct clinical care, the proposed case-finding and outreach falls outside that model. Enabling this kind of information flow will require greater clarity in existing laws or revisions to these laws. This also requires adequate notification and culture change for health care providers and the public around information uses and flows.
Asunto(s)
Insuficiencia Renal Crónica , Humanos , Proyectos Piloto , Insuficiencia Renal Crónica/diagnóstico , OntarioRESUMEN
OBJECTIVE: There has been a consistent concern about the inadvertent disclosure of personal information through peer-to-peer file sharing applications, such as Limewire and Morpheus. Examples of personal health and financial information being exposed have been published. We wanted to estimate the extent to which personal health information (PHI) is being disclosed in this way, and compare that to the extent of disclosure of personal financial information (PFI). DESIGN: After careful review and approval of our protocol by our institutional research ethics board, files were downloaded from peer-to-peer file sharing networks and manually analyzed for the presence of PHI and PFI. The geographic region of the IP addresses was determined, and classified as either USA or Canada. MEASUREMENT: We estimated the proportion of files that contain personal health and financial information for each region. We also estimated the proportion of search terms that return files with personal health and financial information. We ascertained and discuss the ethical issues related to this study. RESULTS: Approximately 0.4% of Canadian IP addresses had PHI, as did 0.5% of US IP addresses. There was more disclosure of financial information, at 1.7% of Canadian IP addresses and 4.7% of US IP addresses. An analysis of search terms used in these file sharing networks showed that a small percentage of the terms would return PHI and PFI files (ie, there are people successfully searching for PFI and PHI on the peer-to-peer file sharing networks). CONCLUSION: There is a real risk of inadvertent disclosure of PHI through peer-to-peer file sharing networks, although the risk is not as large as for PFI. Anyone keeping PHI on their computers should avoid installing file sharing applications on their computers, or if they have to use such tools, actively manage the risks of inadvertent disclosure of their, their family's, their clients', or patients' PHI.
