The US-based Electronic Privacy Information Centre and the UK-based Privacy International have released a comprehensive report on the state of privacy around the world. How solid are your privacy rights?

If you live in the US or UK you are in the same class as those living in Malaysia, Russia and China. People living in Greece, Romania (go figure, given where Romania was a couple of decades ago), and Canada fair the best, though Canada's ranking slipped two levels from "Significant protections and safeguards" to "Some safeguards but weakened protections". Among the other findings:

• The 2007 rankings indicate an overall worsening of privacy protection across the world, reflecting an increase in surveillance and a declining performance o privacy safeguards.
• Concern over immigration and border control dominated the world agenda in 2007. Countries have moved swiftly to implement database, identity and fingerprinting systems, often without regard to the privacy implications for their own citizens
• The 2007 rankings show an increasing trend amongst governments to archive data on the geographic, communications and financial records of all their citizens and residents. This trend leads to the conclusion that all citizens, regardless of legal status, are under suspicion.
• The privacy trends have been fueled by the emergence of a profitable surveillance industry dominated by global IT companies and the creation of numerous international treaties that frequently operate outside judicial or democratic processes.
• Despite political shifts in the US Congress, surveillance initiatives in the US continue to expand, affecting visitors and citizens alike.
• Surveillance initiatives initiated by Brussels have caused a substantial decline in privacy across Europe, eroding protections even in those countries that have shown a traditionally high regard for privacy.
• The privacy performance of older democracies in Europe is generally failing, while the performance of newer democracies is becoming generally stronger.
• The lowest ranking countries in the survey continue to be Malaysia, Russia and China. The highest-ranking countries in 2007 are Greece, Romania and Canada.
• The 2006 leader, Germany, slipped significantly in the 2007 rankings, dropping from 1st to 7th place behind Portugal and Slovenia.
• In terms of statutory protections and privacy enforcement, the US is the worst ranking country in the democratic world. In terms of overall privacy protection the United States has performed very poorly, being out-ranked by both India and the Philippines and falling into the "black" category, denoting endemic surveillance.
• The worst ranking EU country is the United Kingdom, which again fell into the "black" category along with Russia and Singapore. However for the first time Scotland has been given its own ranking score and performed significantly better than England & Wales.
• Argentina scored higher than 18 of the 27 EU countries.
• Australia ranks higher than Slovakia but lower than South Africa and New Zealand.

The study is well worth a look.

One of the business risks that come up time and time again in discussions about eHealth is the supply of people knowledgeable about both IT and health care. It seems that there are lots of one or the other, but few who understand both dimensions of a very complex business. Yet there is little effort being applied to increasing the pool of talent needed to address the demand for skilled human resources.

There are a number of university and college programs across the country (link here for a survey of HI programs across Canada published by the Waterloo Institute for Health Informatics Research (WIHIR), but they graduate relatively few health IT practitioners... certainly not enough to fill the demand.

COACH, Canada's Health Informatics Association, has recently published a list of core competencies needed by Health Informatics Professionals (unfortunately its only available to COACH members), but again, there is no strategy to provide educational opportunities for those who need it.

The Healthcare Information Management and Systems Society (HIMSS) has recently implemented a certification program (Certified Professional in Healthcare Information and Management Systems (CPHIMS)) that is taking us in the right direction.

The University of Waterloo's Health Informatics Bootcamp program developed and delivered by WIHIR is highly recommended because it addresses a critical need to quickly educate health care and IT professionals on the intricacies of health informatics.

If we are to succeed in driving out eHealth at the pace promoted by politicians and their instruments such as Canada Health Infoway (and other national equivalents), more investment is needed in the educational programs necessary to develop a competent health informatics workforce.

After a hiatus of a couple of months, I'm finally back to eHealthRisk. I have two announcements for those who are interested:

1. Starting today I have taken on the position of President of the Canadian Health Information Technology Trade Association (CHITTA), the health care division of the Information Technology Association of Canada (ITAC). This will get me back into the game following my year long sabbatical studying all dimensions of eHealth risk.
2. The Waterloo Institute for Health Informatics Research has posted the next series of eHealthRisk Workshops. New this year is the eHealth Information Security Workshop whose inaugural run will be from March 26 to 28, 2008 at the University of Waterloo.

And my New Year's resolution... To religiously apply myself to this eHealthRisk Blog.

Brendan

Canada Health Infoway, Health Canada and the Privacy Commissioner of Canada commissioned and have published a comprehensive survey of Canadian attitudes towards Electronic Health Records and Privacy titled Electronic Health Information and Privacy Survey: What Canadians Think - 2007.

From the Press Release:

Almost nine in 10 Canadians (88 per cent) support the development of EHRs -- a five per cent increase since 2003. Other findings include:

• 31 per cent of respondents reported they had experience with an electronic health record during an interaction with the health care system. When asked to how the EHR system compared to the paper system in terms of overall effectiveness for the health care system, an overwhelming majority (89 per cent) said the electronic system was better.
• 87 per cent of Canadians believe electronic health records will make diagnosis quicker and more accurate, while 82 per cent believe they will reduce prescription errors and 84 per cent would like to be able to access their own medical records online.
• Canadians want to ensure that privacy and security safeguards are in place to protect their health information. 77 per cent would like audit trails that document access to their health information. 74 per cent want strong penalties for unauthorized access. 66 per cent of Canadians want clear privacy policies to protect their health information. In the event of a security breach, 7 in 10 want to be informed and would like procedures in place to respond to such breaches.
• Those who have had experience with an electronic health record showed an even stronger support for privacy and security safeguards.
• A majority of Canadians (55 per cent) would like to be able to hide or mask sensitive information contained in their record.
• While the poll shows strong support (84 per cent) for using anonymous information from electronic records for health research, this support drops dramatically if personal details are not removed from the record (50 per cent).

Alberta's Privacy Commissioner, Frank Work, is the second Canadian privacy commissioner to demand the encryption of personal health information on laptop computers following the theft of four laptop computers from a Capital Health facility. From the OIPC press release:

"The investigation outlines the following steps that must be taken to protect health information stored on a mobile device in order to meet requirements of the HIA:

• There must be policies and procedures that users are aware of and educated on that guide proper use of the device,
• Reasonable steps must be taken to physically secure the device,
• There must be a business need to store health information on the device,
• The device must be password protected, and
• Health information stored on the device must be protected by properly implemented encryption."