The Supreme Court of Canada has ruled that tobacco giant Philip Morris cannot have access to individual patient files in its legal battle with the B.C. government.
B.C. is suing the company to recover the cost of treating patients who contract smoking-related diseases. It’s estimated that tobacco use kills 45,000 Canadians a year, with annual health costs approaching $7 billion.
The ruling turned on a legal technicality. The province argued it was suing on behalf of all British Columbians affected by tobacco, not any particular individual. On that basis, Philip Morris had no right to see individual patient files, even if they were anonymized. The court agreed.
That might settle this particular dispute, but the legal process that led up to the top court’s ruling reveals serious misunderstandings about what is required to protect patient privacy.
Both the B.C. Supreme Court and the B.C. Court of Appeal ruled in favour of the company. They did so on the ground that there would be no threat to personal privacy if the patient files were anonymized. (That means names and addresses are removed, along with personal health numbers.)
Specifically, the B.C. Supreme Court declared that “there is no evidence to explain how [anonymized patient files] could be linked to any named individual and therefore no evidence of possible invasion of privacy.”
This is not only wrong, it exhibits an alarming ignorance of the extent to which data-mining technology has increased in power and scope.
The first privacy act in Canada was passed in 1983. Over the intervening years, we have developed — knowingly in the case of public-sector files and unwittingly in the case of social media — huge databases.
Novel analytic techniques have been developed to extract personal information from these databases. This can be done by sophisticated file linking, even when some of the contents are anonymized.
In B.C., the Health Ministry prevents this kind of linking by storing patient records in four separate repositories — Pharmanet data, hospital records, physician billing claims, and patient names and addresses.
Some of these are innocuous. They either contain no medical information, such as the registry of names and addresses, or they do not identify individual patients.
However, if they are linked and combined with material culled from social media such as Facebook, it might be possible to discover patient identities.
And Philip Morris not only wanted all four databases, it wanted the files linked. Had the Supreme Court of Canada not struck down the lower-court rulings, patient privacy could have been seriously compromised.
The real question raised by this lawsuit is whether we are sufficiently alert to ongoing advances in information technology. Clearly, the lower courts were not. They applied what might be considered a man-in-the-street form of common sense. If the files are anonymized, no threat exists.
This situation cannot be permitted to continue. It is critical that officials in positions of authority, our judiciary included, be kept informed of what is happening in this field.
In addition, if our privacy is to be protected, it is vital that our legislation and privacy practices keep pace with these changes.
For there are huge commercial benefits in file-linking. Pharmaceutical companies, for instance, could identify not only patients, but also doctors who don’t prescribe their brands. It is well known that the industry goes to great lengths to market its products to individual physicians who might prefer a competitor’s medication.
For better or worse, this is the world we live in. And with ever-more-sophisticated data mining, the threats will increase.
The Philip Morris case was a wakeup call. If our privacy is to be protected, increasing vigilance will be required.
