Taking too long? Close loading screen.

January 2, 2019by arma_admin

Privacy and Ethical Concerns in the Provision of E-Health Services

SAGESSE: JOURNAL OF CANADIAN RECORDS AND INFORMATION MANAGEMENT AN ARMA CANADA PUBLICATION
WINTER, 2019 VOLUME IV, ISSUE I  

 

PRIVACY AND ETHICAL CONCERNS IN THE PROVISION OF E-HEALTH SERVICES

BY MEAGAN COLLINS, NICOLE DORO, BEN ROBINSON, AND ARIEL STABLES-KENNEDY

 

INTRODUCTION

The development of the internet and the advancement of digital technologies have resulted in life-saving access to information, especially within the medical industry. Whereas, before the introduction of these technologies, individuals would need to visit a doctor’s office for their health-related questions, they can now consult resources themselves on the internet. A study showed that 83% of internet users around the world have searched for health information1. In 2012, the number of Canadians who regularly used the internet to search for medical and health- related information at home was over 65%, making it the sixth most common use of the internet in Canada2. Along with increased access to medical information, Information Communication Technology (ICT) is also an integral tool in the field of health services known throughout Canada as eHealth.

eHealth is defined as blending the internet, telecommunications, and information technology with medical services provision3. According to the Government of Canada, the incorporation of eHealth into the mainstream medical treatment framework has been a significant priority for Canada over the past 20 years4. Since 2010, Canada has budgeted $20 billion towards the creation of a national health infostructure allowing for advances in several aspects of healthcare service models5. Integrated technologies now allow patients to receive medical care through telemedicine applications, a major benefit for those who live in rural areas or who are homebound. It also provides a more convenient service model by allowing patients affected by rare medical disorders to receive service from distant specialists6. The recognized benefits of this system have resulted in 53% of Canadian primary-care physicians using some form of electric medical reporting technologies, up from 14% in 20007. While the improvements to medical services were widely accepted as significantly beneficial, eHealth adoption also allowed for many potential advances in Health Informatics (HI).

HI “involves the application of information technology to facilitate the creation and use of health-related data, information and knowledge8.” As well, HI serves two functions in the eHealth model. First, it is designed to improve the experience of clinical practitioners through information and knowledge management. Second, it has also helped to improve the accessibility of health information for caregivers, patients and the public9. This emphasis on HI and the resulting data collection within these medical services has led to an increase in concerns surrounding the ethics of data collection in this particularly sensitive field10.

This study aims to add to the international discussion by performing an ethical analysis of the data collection policies of Canadian live eHealth service providers and to what extent they conform to the Canadian Medical Association’s (CMA) Code of Ethics. In addressing this question, this paper will begin with a brief overview of related work in the field of data privacy pertaining to medical information to situate this study within the overall discourse on the topic.

Next, the reasoning for using the CMA’s Code of Ethics as an ethical framework and the general methodological approach will be further explained. After exploring the results of the examination of the Privacy Policies and Terms of Use agreements of several eHealth service providers, the discussion will focus on the efficacy of current policy provisions and potential future research areas within this topic.

 

LITERATURE REVIEW 

Research analyzing the ethics of the eHealth industry began to emerge in the early 2000s.

The early literature was primarily theoretical, mostly addressing the possible implications of eHealth services and technologies as an emerging trend within the field. The progression of work in this area has grown to include more practical analyses, in addition to the theoretical studies on eHealth, as concerns about privacy, data collection, equality and quality of medical care have become more prominent. Prior studies that address data collection can be organized into four main categories. This paper will provide some background on the literature that focused on:

  • the importance of protecting privacy and confidentiality in eHealth services as an ethical imperative for the industry;
  • the need to have ethical standards and frameworks in place to regulate the collection and use of data in eHealth services;
  • how the industry defines “health data” and how this impacts ethical data collection and use, and
  • the integration of eHealth data and social media
ETHICAL IMPERATIVE OF PRIVACY AND CONSENT

Early research looked at the integration of ICT in the health field and discussed the potential implications of these technologies for patient privacy and confidentiality. Dyer framed the need for privacy as a tenet of the ethical code of the American Medical Association and discussed the emergence of eHealth technology as a threat to the patient-physician bond, which shifted to a physician-customer model11. Following this concern, other scholars focused on the need for privacy in order to ensure patients trust and understand the health system that their physicians operate within in order to feel safe providing sensitive but accurate information12 13 14 15. Chaet et al. addressed a further complication of this issue in their discussion of the potential breach of patient privacy through the use of third-party platforms stating, “websites that offer health information may not actually be as anonymous as visitors think; they may leak information to third parties through code on a website or implanted on patients’ computers16.”

Research on this topic has often been split between a focus on the need for collected information to be de-identified for the purposes of protecting individual anonymity while also emphasizing the need for flexibility in data collection to allow for advanced analysis of sensitive information for the benefit of improving the service delivery of our universal healthcare system17. Other studies look at embedding privacy in the very design of these online platforms to ensure protection of patient privacy but also to manage the custody of data and consent18.

NEED FOR ETHICAL PROVISIONS AND REGULATION

Studies that focused specifically on the ethical imperative of privacy within the medical services field are often related to other studies that speak to the need for regulations or ethical codes to be embedded within the eHealth framework. Wadhwa and Wright specifically address the issue that the ethics of the medical industry have always been evolving, and the move towards an eHealth model is just another example of a period when society needs to update its ethical understandings of the practice for the digital age19. Soenens was among the earlier voices on this issue stating the importance of ensuring the tenets of the Hippocratic Oath remains ingrained in eHealth services20. Other literature in this area looks beyond system design to examine physicians themselves as important privacy actors. Derse and Miller argue that physicians should only use eHealth systems that are transparent about their privacy policies and meet acceptable ethical standards of patient confidentiality21.

Another branch of research looks at the role state regulators play in the eHealth system.

Studies conducted on this topic have sought to examine how state privacy regulations in the European Union (EU) and the United States (US) have been characterized as barriers to the continued success and advances of eHealth systems22. They have also addressed the lack of regulation and the power of third-party organizations to control the management of personal health data23. Additional studies have explored the ownership of patient data in third-party platforms and the effect this has on whether medical data can be used for informed improvements to the medical care system for the benefit of the overall public good, especially in countries with publicly funded healthcare like Canada24.

DEFINING HEALTH DATA AND SECURITIZATION

Along with analyzing medical data regulation, other studies addressed the secondary issue of how to understand and define personal health data from a regulatory perspective.

Kleinpeter highlights how recent digital devices enable the constant collection of personalized health data at an unprecedented level25. This type of collection makes it difficult for legislators to determine which types of data to regulate and how to regulate them. It would be important to make the distinction between data collected during an individual patient’s diagnosis versus anonymized data for the purpose of medical research. There may even be some types of patient data that should be legally prohibited to collect altogether.

Some critics have noted that the lack of clarity regarding ownership of this data makes it especially difficult to regulate ethically. For example, Lee noted that, “Unlike victims of breaches of financial data, to whom reparations can be made, victims of breaches of private health data cannot be ‘made whole’; information cannot be ‘taken back.’26

EHEALTH, SOCIAL MEDIA, AND MEDICAL ADVERTISING

The growth of social media platforms has become a more common theme within eHealth data discourse. As more social media components are added to eHealth services and patients are encouraged to engage, individuals are sharing their health stories and providing their medical data to commercial platforms more regularly. Even when these platforms are managed by public healthcare systems, this increased sharing of health information makes the privacy issues much more complicated. While taking a largely positive view of social media sites and eHealth services, Winkelstein also echoes some of this concern27. Other studies have specifically analyzed third-party platforms and discussed how the ethical gaps in their processes should be addressed28. The literature has also addressed situations where health data has been released with informed consent but is later provided to a third-party organization which combines that data with non-health-related data in order to be able to do targeted advertising based on a patient’s particular health conditions29.

This extensive body of work, along with the structured literature review performed by Khoja, Durrani and Nayani shows that ethical and legal issues within the field of eHealth studies are, and will likely continue to be a significant research area30. Up until now, this research has tended to focus on the United States, the United Kingdom and Europe and has been largely theoretical in nature, analyzing and critiquing the system as a whole rather than undertaking in- depth analyses of individual services. As such, this study provides a unique perspective on the ethical discourses in eHealth by focusing specifically on the data collection and terms of use practices of major eHealth services within the Canadian healthcare system.

 

THEORETICAL FRAMEWORK

The CMA Code of Ethics will serve as the ethical framework for this investigation of the chosen eHealth services. Specifically, the “Privacy and Confidentiality” codes from the CMA’s Code of Ethics were used to measure each platform on a pass-fail basis. This Code of Ethics was chosen as the framework because of its geographic and political relevance, as it “constitutes a compilation of provisions that can provide a common ethical framework for Canadian physicians31.” As physicians operating within the Canadian healthcare system are required to follow this code, it will be used as a framework to evaluate the recent evolution of this service model. As the CMA Code of Ethics was last updated in 2004 and deemed “still relevant” after a review in March of 2018, this study will include recommendations for future adaptation and revision32.

 

METHODS

Since the objective of this research is to evaluate eHealth services and their publicly available privacy policies, the researchers located the platforms through popular online search methods. All searches were performed through Google, as it is the most popular search engine among Canadians and as such, likely where users will turn for their online health information33. The search queries used to locate the eHealth platforms were “Canada online health chat,” “Canada telehealth services,” “Canada live health chat,” “virtual doctor Canada,” “online doctor Canada free,” and relevant hits that appeared within the first one to three pages were selected.

Only services that facilitated conversations (including chats or teleconferences) between trained healthcare providers, whether that was a doctor, Registered Nurse, or Registered Nurse Practitioner, were considered. Mental health helplines that featured live chats were also considered, as these platforms had similar capabilities for live chat and thus, have potential implications for the privacy of users’ personal health data. Ultimately, 18 platforms were chosen for consideration based on this search criteria: GOeVISIT, National Eating Disorder Information Centre (NEDIC), sexualhealthontario, Dialogue, Ontario Telemedicine Network (OTN), Livecare, Viva Care, Maple, Equinoxe LifeCare (EQ Care), YourDoctors.Online, Medicuro, Mental Health Helpline, youthspace.ca, Toronto Distress Centre Online Chat and Text Service (ONTX), Medeo, MDKonsult, Akira, and Ask The Doctor.

The chosen inclusion criteria allowed for both mobile applications and websites (which may license to third-party vendors) to be considered. Although technically the term “telehealth” encompasses both telephone calls as well as digital health services, telephone health services (i.e. voice calls) were excluded to narrow the scope of the project. Platforms that offered services such as video chats were included provided these services were not the sole eHealth service available on that platform. All chosen platforms had a live, online communication exchange component, whether via a pre-arranged appointment for a text conversation, a videoconference (ex. Maple) or by waiting in a queue for the next available professional (ex. youthspace.ca, Mental Health Helpline).

First, each service was examined to determine its funding model (private, public, or non- profit), if advertisements were used, if the patient was charged a fee for the service, or if the services were funded through the existing provincial healthcare system. Each service’s social media presence was also examined to determine whether they promoted their social media channels to users, required their users’ social media information or provided the option to sign-in to the service using existing social media accounts. Next, the accessibility of each platform’s privacy information was evaluated. The researchers took note of the presence (or lack thereof) of the Privacy Policy on the home page, and if the Privacy Policy or Terms of Use discussed how data were collected and used. The reading level of the Privacy Policy and the Terms of Use were also evaluated using the Flesch-Kincaid readability assessment embedded in Microsoft Word.

This reading test approximates a grade level required to understand a document, based on average sentence length and the average number of syllables per word. For example, a score of 8.0 implies that someone in 8th grade could understand the document34. Finally, each platform’s Privacy Policy was compared to each of the CMA’s “Privacy and Confidentiality” Codes to see if it was compliant35.

A potential source of error for this study is that the authors do not have authoritative documents for these organizations and services. For example, some services did not appear to have privacy documents, user agreements, or explicit methods of funding after extensive searching by the researchers, however, this does not mean that those documents do not exist; they are simply inaccessible to the public. The fact that the authors of this study who have significant training in digital literacy and researching suggests that these documents are also likely inaccessible to the general population using these services.

 

RESULTS

BUSINESS MODEL

As demonstrated in Figure 1, the majority of eHealth services were privately owned and operated (12). Beyond this, the other funding models included ownership by a non-profit organization receiving government funding (4) and publicly funded services (2).


Figure 1: Business models of the surveyed eHealth services

All of the publicly funded and non-profit eHealth services examined for this study were free to Canadian users. While some private eHealth services were free, most charged a fee for access to their product. Two models emerged: a pay-per-visit model and a membership-based model. The mean cost of accessing a pay-per-visit eHealth service was $42.89 Canadian dollars (CAD) while the median cost was $45 CAD. Alternatively, subscription-based models ranged from $15 CAD to $150 CAD per-month per-member.

Only two services, Livecare and Viva Care, both privately owned and operated, utilized advertisements.

USER DATA COLLECTION

Private eHealth services collected both active and passive data more frequently than public or non-profit eHealth services.

 

Figure 4: Frequency measurement of passively collected user data, grouped by business model.

 

Actively Collected User Data


Figure 5: Frequency measurement of actively collected user data, grouped by business model.

 

SOCIAL MEDIA

Only one service (YourDoctors.Online) allowed for sign-in through a third-party social media application. While the use of social media by these eHealth services could simply be viewed as a marketing or communication tactic, having users connect their social media accounts with these services may also present a further opportunity for data collection. One service directly requested social media information from users (GOeVisit) and two had an app available for download through a Google Play or an Apple account (Livecare and Maple) which would then be connected to other social media information (i.e. Google +).

Figure 6: Depth of social media engagement that services presented, grouped based on business model.

 

PRIVACY POLICY, TERMS OF USE, AND THE FLESCH-KINCAID READING LEVEL TEST

Seventy-two percent of the services had privacy policies that were accessible from the home page. Sexualhealthontario, MDKonsult, and Ask The Doctors had neither a Privacy Policy nor a Terms of Use agreement.

The measures of central tendency for the Privacy Policies and Terms of Use show that both provisions tended to be similarly difficult to read and were often written above a high school reading level. Privacy policy scores and measures of central tendencies were calculated based on the 14 services that had privacy policies. Sexualhealthontario, youthspace.ca, MDKonsult, and Ask The Doctor did not have privacy policies and thus were factored out.

Terms of Use scores and measures of central tendencies were calculated based on the 13 platforms that had Terms of Use agreements. Sexualhealthontario, Medicuro, Mental Health Helpline, MDKonsult, and Ask The Doctor did not have Terms of Use agreements.

One service, GOeVISIT, had some problematic data policies, such as the note that the service uses both FaceTime and Skype which are not bound by the Health Insurance Portability and Accountability Act (HIPAA) in the United States and that their data were stored by Rogers. This service did, however, make note that they employ a Privacy Officer. Whether or not the Privacy Officer offsets the possibility for data leakage is a point for ethical consideration.

Figure 7: The measures of central tendency for Privacy Policies and Terms of Use scored by the Flesch-Kincaid Reading Level Test.
Privacy Policy: Range = 8.6-18.6, median =15.1 and mean = 14.4; Terms of Use: range = 9.2- 17.9, median=14.7 and mean =15.4.

 

CANADIAN MEDICAL ASSOCIATION CODE OF ETHICS

In order to analyze compliance to the CMA’s Privacy Policy, the authors analyzed each service’s Privacy Policy and Terms of Use agreement to locate the following ethical code provisions (depicted in Figure 8): protection of personal health information, awareness of patient rights, avoidance of public discussion, disclosure of information to third parties only with consent, action to take steps to inform patients about responsibility to third parties, and providing patients with a copy of medical records upon request. Each item was coded as “one” if the provision was satisfied by the service or coded as “zero” if the provision was not met for any reason (either the item was not addressed in the Privacy Policy or Terms of Use Agreement or the documents were not accessible).

Figure 8: Figure 8: This chart delineates each service and its compliance or non-compliance with the CMA’s Ethical Codes relating to Privacy.
Mean CMA adherence = 4.17 provisions, Median= 5 provisions.

 

DISCUSSION

CMA’S PRIVACY AND CONFIDENTIALITY CODES

Of the 15 services surveyed which had an explicit privacy policy, six of these met the CMA’s provisions for Privacy and Confidentiality, while the remaining nine services had privacy statements that met at least half of the CMA provisions. It is important to note that when a service-provider’s policy did not make explicit mention of one of the CMA provisions, it was read as though the service provider was not abiding by the code. While the absence of a provision in the privacy policy does not necessarily mean that the service provider is not abiding by the CMA provisions, this absence is instructive. These policies tend to be quite lengthy and thorough, and so for the clarity of these policies all privacy measures taken ought to be stated explicitly.

As for adherence to specific CMA codes, the services that were examined had a policy that affirmed their general commitment to “Protect the personal health information of [their] patients36.” This code is quite general but the unanimous adherence suggest at the very least, a basic understanding and engagement with privacy concerns. Likewise, all but one service explicitly affirmed that they would only disclose personal information with consent or as required by law and would notify patients of any breaches.

The two codes which were most often unobserved (five of 15 services not mentioning them) were avoiding public discussion of sensitive information and providing patients with a copy of their medical record upon request. LiveCare (Private) and NEDIC (Non-Profit Organization) each failed to explicitly address three of the CMA’s six codes, the most of any of the services with available privacy policies. It is important to note that there seems to be little discernible difference between public or not-for-profit organizations and private companies when it comes to observance of the CMA’s Privacy and Confidentiality Codes.

BUSINESS MODEL

As with any organization, understanding the funding model is intrinsic to understanding how it functions. Our primary concern regarding the funding models was borne out of the popular internet maxim, “[i]f you are not paying for it, you’re not the customer; you’re the product being sold37.” Of particular concern was the issue that if there was not a clear revenue stream for a service, then perhaps the personal health data of users was at risk of being sold.

While a service may appear to be free for the user, there is the possibility that the owners of the applications may attempt to generate revenue in other ways that the consumer is implicated in but unaware of. Even for these ostensibly “free” private healthcare services, there must be some sort of revenue stream, and if there is no cost for the user, then it is possible the selling of user data could be a source of income. Leontiadis et al.38 found that 77% of the top free mobile applications were supported through targeted ads which required access to personal information, and that 94% of these applications also requested network access, which could potentially result in data being leaked. Since free applications tend to request more privacy permissions than paid applications, it is important to understand how the current advertisement model works.

Of the eHealth services that were surveyed, two were publicly funded, run directly by the Ontario government and offered free of charge (Ontario Mental Health Helpline and Sexual Health Ontario). In these situations, the funding models were quite clear. Beyond these publicly administered services, there were four services which were run by independent, not-for-profit organizations (NEDIC, Toronto Distress Centre, youthspace.ca and OTN). Of these four not-for- profits, OTN is the only one that is funded exclusively by the provincial government. The other three services are funded with a mix of grants (public and private), private donation, and corporate sponsorship including Dove, Bell Canada and RBC for NEDIC, Hydro One Inc. and TD Bank Group for the Toronto Distress Centre and Canada Post for youthspace.ca39 40 41.

The remaining 12 services surveyed were privately funded, for-profit organizations. Of these 12, seven of the services (Maple, EQ Care, YourDoctors.online, Medicuro, MDKonsult, Akira, Ask the Doctor) charged patients a clear fee for each consultation ranging between $15 and $150. Dialogue has a similar fee-based model except, in this case, the fees are paid by the employer. Similarly, the fees for Livecare and Medeo are paid by healthcare providers in order to have access to “resources and support to help [them] maximize revenue42.” Lastly, Viva Care and GOeVisit are private companies which provide service to any patients with provincial healthcare coverage. While there is no direct fee for Canadian residents to use GOeVisit, non- Canadians can also access the service for $49.95 per consultation43. Advertisements were relatively rare with only the privately-operated Livecare and Viva Care utilizing them.

While the presence of a clear revenue stream does not preclude the selling of a user data, a lack of evidence of fee or grant based revenue streams should raise a red flag.

ACCESSIBILITY OF PRIVACY INFORMATION

As previously mentioned, the protection of personally identifiable health-related information has traditionally been held to very high standards. There are strict regulations surrounding storing and keeping physical and digital health records by medical practitioners and the advent of new technologies like telehealth and eHealth present new challenges to sensitive health information and its protection. While the policies surrounding physical medical charts might be quite straightforward, things begin to get more complex with eHealth and the inclusion of video conference recordings or chat logs.

When dealing with any sensitive information, the disclosure of privacy policies is critical to the patient’s understanding of what will be done with their information. Having a Privacy Policy and Terms of Use document visible on the homepage of a website signals to the consumer that their privacy is being considered and that the service provider is aware of the serious responsibility that comes with access to such information. While simply having a Privacy Policy and Terms of Use document does not mean that data is necessarily being dealt with appropriately, it does reflect a certain level of awareness and sensitivity.

Of the 18 surveyed services, 12 had both a Privacy Policy and a Terms of Use document, two, Medicuro, Mental Health Helpline, had only a Privacy Policy, one, Youthspace.ca, had a Terms of Use and the remaining three, MDKonsult, askthedoctor, sexualhealthontario had neither. While the presence of one, either a Privacy Policy or a Terms of Use, may be sufficient to ensure patient privacy, services that lacked any visible policies whatsoever were quite concerning.

As stated above, Derse and Miller stressed the importance of physicians only engaging with eHealth services which had defined privacy policies in order to be sure that their patients’ information would remain confidential44. This recommendation for discretion over eHealth services applies to patients as well, since a number of eHealth services examined (namely MDKonsult, Ask the Doctor and sexualhealthontario), do not disclose what will be done with the patient’s information. It is important to note that publicly funded organizations are not necessarily more forthcoming about their data use compared to private organizations as sexualhealthontario, which is a provincial government program, and lacks a privacy policy entirely.

READING LEVEL OF THE PRIVACY POLICY AND TERMS OF USE

An important facet of ensuring privacy policies are accessible is the reading level of the Privacy Policy documents themselves. Having a Privacy Policy and Terms of Use that can be easily found on a service’s website will not be very helpful to users if the documents are full of legal jargon that they cannot understand. Of the documents available, both the mean and the median reading level hovered around grade 14-15 or second-third year of university. While 54% of Canadians between the ages of 25-64 have a post-secondary degree, and could presumably read at this level, a discernible portion of the population would still have difficulty trying to understand these policies45.

Without the ability to read and understand these documents it is difficult for individuals to make informed decisions about their healthcare and the use of their health data. This, of course, is assuming that individuals with a post-secondary education will make it to the privacy policy in the footer of these websites. Many of these sites have sleek and eye-catching designs which require the user to scroll past long pages outlining the benefits of their services, with videos that grab the user’s attention, in order to find the privacy policies at the bottom of the webpage.

SOCIAL MEDIA

The majority of the services that were surveyed have social media buttons linking to their various accounts. While the presence of these services on social media and their request (implied or explicit) for users to follow them is not problematic, the request for greater connection between the patient and the healthcare provider increases the amount of data that could possibly be breached.

This is especially pertinent for the services which explicitly involved third-party social media applications. YourDoctors.Online allowed for users to sign-in using an existing Facebook or Gmail account. This is problematic as it links the sensitive health data already held by YourDoctors.Online to further personally identifiable information. Similarly, both Livecare and Maple had apps downloadable through Google Play or Apple accounts again linking the existing data these services hold about a user to data from other online services. These two apps also present additional privacy concerns as they have access to information on your device including images, general storage, camera, and microphone which are implicated in gathering sensitive health information on the platform.

While it does not utilize social media specifically, GOeVisit facilitates its live consultations using Facetime or Skype. The involvement of these third parties is explained in their Privacy Policy which states:

…you assume all risks associated with disclosing your information through Skype™. You understand that, while Skype™ does not warrant that it complies with the HIPAA Security Rule, Skype™ does state that it uses well-known standards-based encryption algorithms to protect Skype™ users’ communications against unauthorized persons. You acknowledge that you have had the opportunity to review information about Skype™’s privacy, available here and its security, available here46.

While GOeVisit is compliant with each of the CMA’s six codes, sensitive health data could still be at risk when it comes into contact with third parties like Skype. Though companies like Skype use encryption, the fact that they are not in the business of securing health data specifically raises ethical concerns about the security of that data.

As more and more parties become involved in healthcare provision, the already complex issue of privacy in eHealth service becomes even more complicated. As seen above in the Skype statement, it is often assumed that the patient has taken the time to read the Privacy Policies and Terms of Use documents for the third parties involved in providing eHealth service, even if the links to these documents are not prominently displayed. Not only does a user have to locate and understand the service provider’s Privacy Policy and Terms of Use (if they are available), they must do the same for each of the third-party applications involved.

FURTHER RESEARCH

While this study was primarily limited to a Canadian context, eHealth services are becoming more popular around the world. Further research could compare the situation in Canada with eHealth service in other countries. Investigating the difference between eHealth service in a public healthcare setting like Canada and a private system like the United States would be of particular interest. Specifically, in countries with private healthcare systems, citizens who would otherwise have to pay for healthcare may be more likely to turn to a free healthcare application. Studying the data collection and privacy policies of popular eHealth applications in these countries would also be of interest.

Additionally, another direction for future research could include a study that is qualitative in nature which seeks to explore what users of these services understand as personal health data. Such a study could explore understandings of the confidentiality of sensitive health data through the lens of a post-privacy society where data sharing is more prevalent.

 

CONCLUSION

In investigating the data we collected on 18 live eHealth chat services hosted in Canada, we came to a number of conclusions about the state of privacy in Canadian eHealth service.

First, that eHealth platforms which had a public-facing Privacy Policy made at least some reference to the CMA’s Privacy and Confidentiality codes. These codes were just updated in 2018 and we believe that they are a helpful starting point for any eHealth services in Canada to begin addressing their Privacy Policies. As such, we recommend that existing and future eHealth service providers strive to meet each of the six codes if they do not already.

We were concerned about the possible sale of patient data by service-providers, and we were encouraged to find that each of the services that we researched had a clear funding model in place. Though this does not necessarily mean that patient data is well protected, we did not have any immediate concerns about the sale of data.

Perhaps the greatest barrier we identified for patients in understanding how their health data would be used was a lack of accessible privacy policies. We separated this notion of accessibility into two parts, the first being the presence of policy documents that can be found on the homepage of the website. While the majority of service-providers had both Privacy Policies and a Terms of Use documents that were easily accessible, it was concerning that three services had no public-facing policy documents whatsoever.

The second part of accessibility relates to reading levels required to read and comprehend these policies. The mean reading level required to read the policy documents accessed was between Grade 14-15 meaning that the roughly 46% of Canadians between the ages of 25-64 who do not have a postsecondary education may be unable to fully understand these documents. We recommend that organizations which are interested in having patients understand their privacy policies, ensure that they are written in plain language and easily understood.

Finally, the integration of social media applications and other third-party service- providers like Skype and Facetime into eHealth services raised ethical concerns for us. While eHealth providers in Canada are bound by strict regulations these third-parties do not necessarily have the same responsibilities. When third-party involvement is unavoidable, we recommend that the primary eHealth provider be as open as possible about privacy policies.

 

WORKS CITED

blue_beetle. 2010. “User-driven discontent.” MetaFilter. Accessed 2018 March. https://www.metafilter.com/95152/Userdrivendiscontent#3256046.
Boyer, C. 2012. “The Internet and Health: International Approaches to Evaluating the Quality of Web-Based Health Information. In C. George, D. Whitehouse, & P. Duquenoy, eHealth: Legal, Ethical and Governance Challenges.” 245-274. Berlin: Springer.
Canada’s Health Informatics Association. 2012. ” Health Informatics Professional Core Competencies.” Canada’s Health Informatics Association. November. https://digitalhealthcanada.com/wp-content/uploads/2017/03/Health-Informatics-Core- Compet.
Canadian Medical Association. 2018. CMA Policy: CMA Code of Ethics (Update 2004). March.
Accessed March 2018. https://www.cma.ca/Assets/assets- library/document/en/advocacy/policy- research/CMA_Policy_Code_of_ethics_of_the_Canadian_Medical_Association_Update_ 2004_PD04-06-e.pdf
Carey, M. 2001. “The Internet Healthcare Coalition: eHealth Ethics Initiative.” Journal of the American Dietetic Association 101(8), 878.
Chaet, D., R. Clearfield, J. E. Sabin, and K. Skimming. 2017. ” Ethical practice in Telehealth and Telemedicine.” Journal of General Internal Medicine, 32(10), October: 1136–1140.
Denecke, K., P. Bamidis, C. Bond, E. Gabarron, M. Househ, A. Lau, and M. Hansen. 2015. “Ethical Issues of Social Media Usage in Healthcare.” Yearbook of Medical Informatics, 10(1), 137-147.
Derse, A. R., and T. E. Miller. 2008. “Net Effect: Professional and Ethical Challenges of Medicine Online.” Cambridge Quarterly of Healthcare Ethics, 453-464.
Di lorio, C. T., and F Carinci. 2013. “Privacy and Health Care Information Systems: Where is the Balance?” In eHealth: Legal, Ethical and Governance Challenges, by C. George, D. Whitehouse and P. Duquenoy, 77-105. Berlin: Springer.
Distress Centres. 2016. “Distress Centres 2016 Annual Report.” Distress Centres. Accessed March 2018. https://static1.squarespace.com/static/5a03516264b05fad2cec401c/t/5a15e64871c10b644 b17793e/1511384651949/DC-Annual-Report-2016.pdf.
Dobby, Christine. 2013. “More than 90% of Canadians Can’t Get Enough of Google Poll.” Financial Post. January 07. Accessed 2018. http://business.financialpost.com/technology/more-than-90-of- canadians-cant-get – enough-of-google-poll.
Duquenoy, P., Mekawie, N. M., & Springett, M. 2012. “Patients, Trust and Ethics in Information Privacy eHealth.” In eHealth: Legal, Ethical and Governance Challenges, by C. George, Whitehouse and P. Duquenoy, 275-295. Berlin: Springer.
Dyer, K. A. 2001. “Ethical Challenges of Medicine and Health on the Internet: A Review.”
Journal of Medical Internet Research, April-June.
Eysenbach, G., G. Yihune, K. Lampe, P. Cross, and D. Brickley. 2000. “Quality management, certification and rating of health information on the Net with MedCERTAIN: using a medPICS/RDF/XML metadata structure for implementing eHealth ethics and creating and rating of health information on the Net…” Journal of Medical Internet Research, 2E1.
Fleming, D. A., K. E. Edison, and H Pak. 2009. “Telehealth ethics.” Telemedicine Journal and e- Health: The Official Journal of the American Telemedicine Association, 797-803.
Geangu, I. P., D. A. Gârdan, and O. A. Orzan. 2014. “Medical Services Consumer Protection in the Context of eHealth Development.” Contemporary Readings in Law and Social Justice 6 (1): 473-482.
GOeVisit. 2018. “How it Works.” Accessed March 2018. https://goevisit.com/how-it-works Government of Canada. 2010. “eHealth.” Government of Canada. August 9.
https://www.canada.ca/en/health-canada/services/health-care-system/ehealth.html Information and Communications Technology Council. 2009. “eHealth in Canada Current
Trends and Future Challenges.” Information and Communications Technology Council. April. https://www.ictcctic.ca/wp- content/uploads/2012/06/ICTC_eHealthSitAnalysis_EN_04-09.pdf.
Kaplan, B., and S Litewka. 2008. “Ethical challenges of telemedicine and telehealth.” Cambridge Quarterly of Healthcare Ethics, 401-416.
Khoja, S., H. Durrani, and P. F Nayani. 2012. “Scope of Policy Issues in eHealth: Results From a Structured Literature Review.” Journal of Medical Internet Research, E34.
Kleinpeter, E. 2017. “Four Ethical Issues of “E-Health”.” Irbm, 245-249.
Lee, L. M. 2017. “Ethics and subsequent use of electronic health record data.” Journal of Biomedical Informatics, 143-146.
Leontiadis, I., C. Efstratiou, M. Picone, and C Mascolo. 2012. “Don’t kill my ads! Balancing privacy in an ad-supported mobile application market.” 12th Workshop on Mobile Computing Systems & Applications. San Diego, CA: HotMobile ’12.
Liang, B., T. L. Mackey, and K. M. Lovett. 2011. ” eHealth Ethics: The Online Medical Marketplace and Emerging Ethical Issues. Ethics in Biology, Engineering and Medicine.” 253-265.
Livecare. 2018. ” Home.” https://www.livecare.ca/connect
Michalopoulos, S. 2016. “E-health and the ‘fine line’ of big data.” Euractiv. December 15. https://www.euractiv.com/section/health-consumers/news/special-report-e-health-and- the-fine-line-of-big-data/.
Microsoft. 2018. “Test your document’s readability.” Office Support. Accessed March 2018. https://support.office.com/en-us/article/Test-your-document-s-readability-85b4969e- e80a-4777-8dd3-f7fc3c8b3fd2# toc342546558
MyCare MedTech Inc. 2018. “Privacy Policy.” https://goevisit.com/privacy-policy NEDIC. 2014. “Funding and Community Partners.” http://nedic.ca/about/funding-and-community-partners.
NEED2. 2016. “Funders.” https://need2.ca/funders/.
Razmak, J., and C. H. Bélanger. 2017. “Comparing Canadian physicians and patients on their use of e-health tools.” Technology in Society, 102-112.
Rippen, H., and R. Ahmad. 2000. “e-Health Code of Ethics.” Journal of Medical Internet Research, April: E9.
Rodwin, M. A. 2010. “Patient data: property, privacy & the public interest.” American Journal of Law & Medicine, 586-618.
Samavi, R., and T. Topaloglou. 2008. “Designing Privacy-Aware Personal Health Record.” In ER Workshops, 12-21. Berlin, Heidelberg: Springer. Soenens, E. 2008. “Identity Management Systems in Healthcare: The Issue of Patient Identifiers.” IFIP AICT 298: The Future of Identity in the Information Society, 55-66.
StatCounter. 2018. “Search Engine Market Share in Canada.” March. http://gs.statcounter.com/search-engine-market-share/all/canada.
Statistics Canada. 2013. “Canadian Internet use survey, Internet use, by age group, Internet activity, sex, level of education and household income.” Statistics Canada. October 28. http://www5.statcan.gc.ca/cansim/a26?lang=eng&retrLang=eng&id=3580153&&pattern=&stByVal=1&p1=1&p2=31&tabMode=dataTable&csid=.
—. 2017. “Education in Canada: Key results from the 2016 Census.” Statistics Canada. from https://www.statcan.gc.ca/daily-quotidien/171129/dq171129a-eng.htm.
Wadhwa, K., and D. Wright. 2012. “eHealth:Frameworks for Assessing Ethical Impacts.” In eHealth: Legal, Ethical and Governance Challenges, by C. George, D. Whitehouse and Duquenoy, 183-210. Berlin: Springer.
Webster, P. C. 2010. “Canada’s ehealth software “Tower of Babel”.” Canadian Medical Association Journal, December 14.
Whitehouse, D., and P. Duquenoy. 2008. “Applied Ethics and eHealth: Principles, Identity, and RFID.” IFIP AICT 298: The Future of Identity in the Information Society, 43-55.
Winkelstein, P. 2012. “Medicine 2.0: Ethical Challenges of Social Media for the Health Profession.” In eHealth: Legal, Ethical and Governance Challenges, by C. George, D. Whitehouse and P. Duquenoy, 227-243. Berlin: Springer.
Geangu, P., D. A. Gârdan, and O. A. Orzan. 2014. “Medical Services Consumer Protection in the Context of eHealth Development.” Contemporary Readings in Law and Social Justice 6 (1): 473-482.
Statistics Canada. 2013. “Canadian Internet use survey, Internet use, by age group, Internet activity, sex, level of education and household income.” Statistics Canada. Accessed October 28. https://goo.gl/sbzMVZ.
Geangu, Gârdan, & Orzan, 2014, p.
Government of Canada. 2010. “eHealth.” Government of Canada. Accessed August 9.https://goo.gl/JFX5bS.
Webster, P. C. 2010. “Canada’s ehealth software “Tower of Babel”.” Canadian Medical Association Journal, 182 (18). Accessed March 2018. http://www.cmaj.ca/content/182/18/1945
Chaet, D., R. Clearfield, J. E. Sabin, and K. Skimming. 2017. ” Ethical practice in Telehealth and ”
Journal of General Internal Medicine, 32(10), October: 1136–1140.
Razmak, J., and C. H. Bélanger. 2017. “Comparing Canadian physicians and patients on their use of e-health tools.” Technology in Society Volume 51: 102-112.
Canada’s Health Informatics Association. 2012. ” Health Informatics Professional Core Competencies .” Canada’s Health Informatics Association. Accessed November 2018. https://digitalhealthcanada.com
Information and Communications Technology 2009. “eHealth in Canada Current Trends and Future Challenges.” Information and Communications Technology Council p. 5. Accessed April 2018. https://goo.gl/cGgg9q
Khoja, , H. Durrani, and P. F Nayani. 2012. “Scope of Policy Issues in eHealth: Results From a Structured Literature Review.” Journal of Medical Internet Research Volume 14, Issue 1 p.E34.
Dyer, K. A. 2001. “Ethical Challenges of Medicine and Health on the Internet: A Review.” Journal of Medical Internet Research 3(2) E23.
Duquenoy, P., Mekawie, N. M., & Springett, M. 2012. “Patients, Trust and Ethics in Information Privacy eHealth.” In eHealth: Legal, Ethical and Governance Challenges, by C. George, D. Whitehouse and P. Duquenoy, 275-295. Berlin: Townsend, A., Leese, J., Adam, P., McDonald, M., Li, L. C., Kerr, S., & Backman, C. L. (2015). “eHealth,
Participatory Medicine, and Ethical Care: A Focus Group Study of Patients’ and Health Care Providers’ Use of Health-Related Information.” Journal of Medical Internet Research, 17(6), e155.
Fleming, D. A., Edison H. A, and Pak, A. 2009. “Telehealth ethics.” Telemedicine Journal and e-Health, (15)8 p. 797-803.
Kaplan, B., and Litewka, S. 2008. “Ethical challenges of telemedicine and telehealth.” Cambridge Quarterly of Healthcare Ethics, (17), Issue 4 p. 401-416.
16 Chaet, et al. 2017. p.1136–1140.
Whitehouse, D., and P. Duquenoy. 2008. “Applied Ethics and eHealth: Principles, Identity, and RFID.” IFIP AICT 298: The Future of Identity in the Information Society, 43-55.
Samavi, R., and T. Topaloglou. 2008. “Designing Privacy-Aware Personal Health Record.” In ER Workshops, 12-Berlin, Heidelberg: Springer.
Wadhwa, K., and D. Wright. 2012. “eHealth:Frameworks for Assessing Ethical Impacts.” In eHealth: Legal, Ethical and Governance Challenges, by C. George, D. Whitehouse and P. Duquenoy, 183-210. Berlin: 20 Soenens, E. 2008. “Identity Management Systems in Healthcare: The Issue of Patient Identifiers.” IFIP AICT 298: The Future of Identity in the Information Society, 55-66.
Derse, A. R., and T. E. Miller. 2008. “Net Effect: Professional and Ethical Challenges of Medicine Online.”Cambridge Quarterly of Healthcare Ethics 17(4) 453-464.
Di lorio, C. T., and F. Carinci. 2013. “Privacy and Health Care Information Systems: Where is the Balance?” In eHealth: Legal, Ethical and Governance Challenges, by C. George, D. Whitehouse and P. Duquenoy, 77-105. Berlin: Springer.
Boyer, C. 2012. “The Internet and Health: International Approaches to Evaluating the Quality of Web-Based Health Information. In C. George, D. Whitehouse, & P. Duquenoy, eHealth: Legal, Ethical and Governance Challenges.” 245-274. Berlin:
Rodwin, M. A. 2010. “Patient data: property, privacy & the public interest.” American Journal of Law & Medicine, 586-618.
Kleinpeter, E. 2017. “Four Ethical Issues of “E-Health”.” IRBM, 38(5) 245-249.
Lee, L. M. 2017. “Ethics and subsequent use of electronic health record data.” Journal of Biomedical InformaticsVolume 71 143-146.
Winkelstein, P. 2012. “Medicine 2.0: Ethical Challenges of Social Media for the Health Profession.” In eHealth: Legal, Ethical and Governance Challenges, by C. George, D. Whitehouse and P. Duquenoy, 227-243. Berlin: Springer.
Liang, B., T. L. Mackey, and K. M. Lovett. 2011.” eHealth Ethics: The Online Medical Marketplace and
Emerging Ethical Issues. Ethics in Biology, Engineering and Medicine,p 253-265; Denecke, K., P. Bamidis, C. Bond, E. Gabarron, M. Househ, A. Lau, and M. Hansen. 2015. “Ethical Issues of Social Media Usage in Healthcare.” Yearbook of Medical Informatics, 10(1), p.137-147.
Michalopoulos, S. 2016. “E-health and the ‘fine line’ of big data.” Euractiv. Accessed March https://goo.gl/PrXN2X. 
Khoja et al. 2012.
Canadian Medical Association. 2018. CMA Policy: CMA Code of Ethics (Update 2004). March. Accessed March 2018. https://goo.gl/RBkrnS
Canadian Medical Association.
2018. “Search Engine Market Share in Canada.” Accessed March 2018. http://gs.statcounter.com/search-engine-market-share/all/canada.; Dobby, Christine. 2013. “More than 90% of Canadians Can’t Get Enough of Google: Poll.” Financial Post. January 07. Accessed 2018. https://goo.gl/HtgcP2 34 Microsoft. 2018. “Test your document’s readability.” Office Support. Accessed March 2018. https://goo.gl/AcPxro.
Canadian Medical Association.
2010. “User-driven discontent.” MetaFilter. (Blog comment). Accessed 2018 March. https://www.metafilter.com/95152/Userdriven-discontent#3256046.
Leontiadis, I., C. Efstratiou, M. Picone, and C Mascolo. 2012. “Don’t kill my ads! Balancing privacy in an ad-supported mobile application market.” 12th Workshop on Mobile Computing Systems & Applications. San Diego, CA: HotMobile ’12.
2018. “How it Works.” Accessed March 2018. https://goevisit.com/how-it-works.
Distress Centres. 2016. “Distress Centres 2016 Annual Report.” Distress Centres. Accessed March https://goo.gl/JiWKud.
2016. “Funders.” https://need2.ca/funders/.
2018. ” Home.” https://www.livecare.ca/connect.
Derse, A. R., and T. E. Miller. 2008. “Net Effect: Professional and Ethical Challenges of Medicine Online”. Cambridge Quarterly of Healthcare Ethics, 453-464.
Statistics Canada. 2017. “Education in Canada: Key results from the 2016 Census.” Statistics Canada. from https://www150.statcan.gc.ca/n1/daily-quotidien/171129/dq171129a-eng.htm
MyCare MedTech Inc. 2018. “Privacy Policy.” Accessed March 2018. https://goevisit.com/privacy-policy.