Tag Archives: unani

“…About Your PHR”: A Response

A little over a month ago a post, written by Michael Martineau and Michael Power, was published on this blog (as well as Dot Indicia and ITWorldCanada) entitled “Dear McGill University Health Centre … About Your PHR”.  Shortly after it appeared, the authors were contacted by Philippe Panzini, Chief Technology Officer at MEDICAL.MD EHR INC., the company which developed and operates  unani.  Mr. Panzini  responded with the following letter and we think it merits publication – if only to indicate that the company does indeed take privacy and security very seriously. We weren’t expecting this and Mr. Panzini is to be commended not only for the letter but also the indicated actions.

Dear sirs,

We, Medical.MD EHR INC, would like to extend to you our appreciation for taking the time to look at Unani in detail, and to write this informative letter. As you may know, we are the developers and distributors of Unani as well as the website managers for http://www.unani.ca.

We have put great care into the conception of Unani, and we will continue to do so for the entire lifespan of this service. The core concept of Unani being a PHR designed with the needs of the public in mind, our priorities are entirely governed by the goal of meeting our users’ expectations.

We took note of the comments raised in your letter, which was posted on March 24 and 26, 2010 on various websites, and further to such letter, we have decided to implement certain changes in our next releases of Unani, which should be available to the public starting a few days from now. In particular, we will take additional steps to ensure that our Privacy Policy is easily accessible to any person visiting our website.

With respect to our hosting services, we have entered into written agreements with reputable IT suppliers, which contain confidentiality provisions and provisions to ensure that the information collected via Unani is used solely for performing the hosting contracts.

In particular, we have entered into an agreement with a Canadian IT supplier to host and support Unani by the end of this year, in the Province of Québec and in the rest of Canada.
The information relating to Canadian users will be collected and held on servers located in Canada.

Unani will continue to operate as a world-wide service provider, using various hosting facilities throughout the world, in accordance with the applicable legislation. Before releasing our users’ information to any foreign suppliers, we will ensure that such information will receive an equivalent protection as that granted under Canadian privacy laws.

Until the services of our Canadian IT supplier are made available later this year, all accounts of Unani users, regardless of their geographical origin, will be hosted by a well-known, reputable  IT facility located in the Republic of Ireland. Once the Canadian hosting platform is available, all existing and future accounts belonging to Canadian residents will be hosted by the Canadian service, on Canadian territory. The migration of the existing Canadian residents’ accounts will be done transparently, and no trace will remain on the foreign hosting service.

In addition, we would like to share with you the following details regarding Unani:

  • Through a very simple, two-click procedure, our users can delete their account, and all of their data, without any backup copy being kept by us. Deleted accounts are no-longer recognized by our system.
  • Unless otherwise indicated in our Privacy Policy, we do not hold any information about our users that has not been provided to us by our users themselves.
  • To further improve on the confidentiality of data storage, we keep in separate databases the users’ demographic information, from their medical data. Both databases being encrypted.
  • We regularly retain the services of an independent security firm to audit our source code and to conduct database penetration tests.

We hope you will find these precisions satisfactory, and we invite you to maintain your interest in Unani. This project has only begun, and we are planning the release of many exciting features for our users in the course of the upcoming months.

For any additional enquiries, please do not hesitate to contact our Privacy Officer at the following address :
Medical.MD EHR Inc. 1035 Laurier Avenue West, Suite 100, Montreal, QC  H2V 2L1, Canada

Kind regards

Philippe Panzini
Chief Technology Officer

Dear McGill University Health Centre … About your PHR

Michael Martineau, an eHealth consultant and commentator, and Michael Power, a Toronto-based lawyer and noted privacy expert, teamed to write this joint blog post.

North Americans appear ready to interact electronically with their healthcare providers and take a more active role in managing their own health care.   A much talked about tool in this regard is the Personal Health Record (“PHR”). While there is considerable debate about what constitutes a PHR and how best to capture public interest in using a PHR, there seems to be a growing consensus that the privacy of personal health information is a key concern that must be addressed if PHRs are to gain widespread adoption.   “Whether PHRs are developed by the private or public sector, the Commissioners call on all developers to ensure that the applications meet the relevant laws and reflect privacy best practices.”[1]

After months of testing, the McGill University Health Centre (MUHC) recently announced the public launch of unani, “an integrated Wellness Platform” that provides users with the means to “manage and store your personal health information in complete security, from anywhere in the world.”   Given our respective areas of expertise and interests, we were interested to hear about this new, Canadian-based service, and immediately went to unani.ca to check out this new service, including their privacy policy. After discussing what we found, at Michael Power’s suggestion, we decided to present our initial reaction in the form of a letter.

Dear McGill University Health Centre,

We see you’ve begun to offer “Unani” to the world. At this point it appears to be offered to people in Canada and the United States. This web-based “Personal Health Record” is an interesting development and McGill University Health Centre is to be commended for offering it. But, since you’re asking us to store our families’ personal health information “in the cloud”, we’re sure you can appreciate our interest in understanding what you do to protect the privacy and security of that information.

We were interested in the fact that we had to start the registration process in order to view your privacy policy – we would have expected to see a public link to it readily available on your home page. Oh well. We started to register and found it in a corner on your Terms of Use page. Now in keeping with the concepts of openness and transparency, we would have expected a fairly comprehensive statement. Boy, were we surprised.

You were kind enough to tell us the “purposes of collection”:

Information will generally be collected from Individuals through the various forms such as enrolment or account opening forms which, when produced by the Company, shall indicate the purposes of the information collection. The sole objective of the information collected from the Individuals will be to provide the products or services requested and to respond to their needs or the Company’s needs for the duration of their relation with the Company.

We didn’t see any other purposes disclosed to us. We would have thought you might use the information to operate and improve the site. Maybe there aren’t any other purposes but we would have liked you to say something to that effect. And what exactly are the “Company’s “needs” in that last sentence there?

We would have liked some statement as to who actually owns the information we put into your system. In Canada, from case law in the 1990s, the provider owns the record and the patient owns the information. We would have liked some statement that the user, and the user alone, controls the data; that Unani won’t sell, rent or otherwise share the data, even in de-identified form (since re-identification seems to be happening more and more these days) and that the user can delete their information at any time and it will be removed from your servers. We didn’t see anything like that in your Terms of Use or Privacy Statement. If Google Health can put a statement somewhat like that in their Privacy Policy, why can’t you?

Speaking of which, who really is accountable for the protection of our health data? Is it McGill or your IT partners? Is it stored only in Quebec or are the servers located somewhere else? Is there a backup somewhere else? Your privacy statement doesn’t really tell us that.

To be fair, you do say our information will be held “only as long as necessary for the fulfillment of the purposes for which it was collected” and that it will “be destroyed in accordance with the law and Company’s guidelines with respect to the retention of files.” By the way, could you give us a sense of what those Company’s Guidelines are?

And about security – all we got was a statement of “appropriate safeguards”. Now we’re not looking for specific information – the bad guys read these statements too – but a little more detail would be nice. For example, do you restrict access to the information to individuals for particular purposes (e.g. future site development, support) and are those individuals subject to confidentiality obligations? Also, how do you secure our communication with you? Do you protect it through the use of encryption, such as the Secure Sockets Layer (SSL) protocol?

Now access is an important privacy principle and we see you talk about it:

The Company shall respond to an Individual’s request for information within a reasonable time. In addition, the fee charge for processing the request shall also be reasonable.

Wait a minute, here. It’s our data! What other data do you have that we might want to access? And you’re going to charge us a fee for it?

We see that you do address complaints and we appreciate you having that section. You say if we want to make a complaint concerning Unani’s protection of our personal health information, we can contact your Privacy Officer. That’s ok, but what if we’re not satisfied with the outcome of that conversation? Who can we go to? People like us, who aren’t from Quebec, might not know. It would be nice if you could, at least, point us to the web site of the Commission d’accès à l’information du Quebec.

In short, your privacy statement looks like something generic that could be used by any business in Quebec and wasn’t written specifically with your site or our personal health information in mind. That really doesn’t give us any confidence in sharing our health data with you. If PHRs are really going to work we’d appreciate a little more evidence of some thought put into the privacy management of your site.

Yours sincerely,
Michael Martineau – eHealthMusings

Michael Power – dot-indicia

[1] “The Promise of Personal Health Records”, Resolution of Canada’s Privacy Commissioners and Privacy Enforcement Officials, September 9-10, 2009, St. John’s, Newfoundland and Labrador