Ontario’s Information and Privacy Commissioner on Electronic Health Records

On Friday the Office of the Information and Privacy Commissioner, Ontario released the paper Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities – Win/Win authored by the Information and Privacy Commissioner of Ontario Dr. Ann Cavoukian and Richard C. Alvarez, President and CEO of Canada Health Infoway.

From the March 2, 2012 news release:

Research indicates that Canadians have a degree of comfort with using EHR information for such purposes, as long as privacy and security protections are in place. The paper underscores the need for transparency in the way EHR information is managed and safeguarded.

Privacy by Design - website screen shotCommissioner Cavoukian endorses the Privacy by Design (PbD) approach–setting up privacy measures into the front end of services dealing with electronic healthcare records so that privacy is “baked in” from the beginning to the end of all processes and lifecycle of the information–as a way of allowing us to have the advantages of electronic healthcare records (EHRs) but still have our privacy. She says:

By incorporating the principles of Privacy by Design into the EHR environment, you can accommodate both individual privacy and access to health information for purposes that benefit society as a whole, such as research purposes — a win-win scenario

I was fortunate to sit in on a well-attended talk Friday morning by Dr. Cavoukian on the subject of EHRs at the Toronto Board of Trade. Her talk was quite interesting, citing personal experiences with our healthcare system that have shaped her belief that we need a system of electronic health records to improve healthcare in our society.

You can see my notes from her talk with additional references over on my personal blog.


  1. The Commissioner is clearly right that it is strongly preferable to incorporate privacy principles into any information handling system from the beginning, rather than trying to retrofit privacy into an operating system that was not conceived with that goal in mind.

    That said, the diagram accompanying this post is of no more assistance in carrying out such a design than a mere list of factors would be. The relationship of the various ‘cogs’ is neither mechanical nor obvious, nor is their product for any particular system.

    So it’s a nice logo but it’s no part of an instruction manual.

  2. Yes, the graphic is part of a cute little visual display that incorporates some discussion video on the Privacy by Design website. I don’t think it actually acts as a framework though.