Health data at risk of handing over Canadian people to US authorities, experts warned
According to a comment in the Canadian Medical Association Journal, the electronic health records of Canadian need more protection to prevent foreign institutions from reaching the patient’s data.
“Canadian privacy law is badly older,” Michael GIST, Professor of Law and Canada Research President said at Ottawa University in Internet and E-Commerce Act and co-writer. Commentary“Now we have been talking about decades since last major changes.”
Geist says that electronic medical record systems from clinics and hospitals – patients have personal health information – are often controlled by American companies. The data has been encrypted and stored mainly on the cloud server in Canada, but because they are owned by American companies, they are subject to American laws.
For example, Geist states, the US has clearly passed legal foreign use of data (Cloud) Act In 2018, which may force companies to disclose customers’ information for criminal investigation, even if it is stored outside the United States. The law allows for bilateral agreements with the US and other countries. Canada and the United States Starting conversation In 2022.
Companies have “Canadian laws that may say they have received to provide proper protection for that data,” GIST said. “But they may have our laws that can force them to disclose that information.”
Canadian laws, GIST, say, so far there is no way to answer it.
How health data can be used
The CMAJ commentary says “serious privacy, security and economic risks arise when companies from other countries use and use Canadian data.”
Among them, writers point to the potential use of that information for law enforcement monitoring, or demanding data by private companies to use data to earn money.
The health data is depth individual, and canada-American political stress is going on, anything can be vaarrri about where and how their information is stored and used, Lorian Hardcasal, Assistant Professor at Law Faculty and Coming School of Medicine at the University of Calgary.
Hardcasal said, “A captivating argument to say this is,” Okay, you know, we just need to store this information in Canada and do not have those behavior with American companies, “Hardcasal said.
Apart from the Cloud Act, there is another concern. Kisist is likely to benefit from the health data of Canadian people for foreign companies. With the growth of AI, GIST says that the data has become rapidly valuable – a tremendous pool of information that may be used to produce AI algorithms. (Cloud companies say that their customers control their own data.)
“We must be to benefit from him,” said GIST. “We must be the one who deserves proper privacy security.”
Dr. Dr., an assistant professor at the University of Toronto. Sheryl Spithoff says that these risks highlight how Canada’s privacy laws are low.
“This data is patient data. It is of patients. It should be used for reasons that are in their interests that bring them benefits, it does not harm.”
Technical companies respond
CMAJ commentary says three American cloud companies dominate: Google Cloud, Microsoft Azure and Amazon Web Services.
Google told CBC News that “Customer data belongs to our customers, not from Google Cloud.” It says, like many technical companies, it requests governments and courts to disclose customers’ information, usually as part of criminal investigation. The company says that it follows the “transparent, fair and intensive process” to respond. It was not particularly commenting on Canadian health data.
“Google provides a response on a case-by-mamla basis, taking into account various situations and informed by legal requirements, customer agreements and privacy policies,” it said.
“We are committed to protecting privacy while following the applied laws.”
Microsoft stated that in the second half of 2022, out of about 5,000 demands for “consumer data”, it received from US law enforcement, 53 warrants demanded material stored outside the US.
“Microsoft compliance team reviews the government’s demands for data to be valid for the requests, rejecting those who are not valid, and only provide data specified in the legal order.”
Amazon said that it does not disclose the information of customers in response to government demands unless we need to do so to follow the legally valid and binding order. ,
In a statement, a spokesperson of the Amazon web services wrote “No data requested for AWS, resulting in the US government’s enterprise or government material data was stored outside the US, as we started reporting statistical.”
Limits of Canada’s privacy laws
Privacy experts say that the failure of Canada’s privacy laws to keep pace with changing technology has put the country’s data sovereignty at risk.
The Geist says that the provincial laws and the strengthening of the federal individual information protection and the Electronic Document Act, known as Pipeda, can help create a railing against possible American data requests that reach Canada.
In his comment, Geist “said for a strong penalty for unauthorized disclosure of” consent and guidance without consent and guidance that foreign court orders related to Canadian data are inaccessible in Canada. “
Innovation, Science and Economic Development Canada says that the Pipa applies when transferring data across the border, but Geist says that the law itself is not strong enough.
The Geist also asks the country to develop a Canadian cloud server for health data, and to ensure that the data is hosted on the Canadian soil.
Health information generated by the health care system should remain in Canada and Canadian people should benefit, GIST said. He and his co-writer look at the capacity of the health AI algorithms developed by Canada companies in Canada, with strong security measures, “to support health care decisions” based on data representative of Canada’s population.
