Progress in cancer prevention and treatment depends on the collection and analysis of reliable information about the incidence, risk factors, and progression of cancer in the Canadian population. Every jurisdiction in Canada has a public cancer registry, operated by a cancer agency or subsumed within another government department or ministry. (1) These registries contain comprehensive information about patients diagnosed with cancer, which are used for various analyses and reports. Those who operate cancer registries are responsible for maintaining data security and considering requests for access to information by various third party data users. Surveillance and research activities facilitated through cancer registries are recognized as having a compelling public health purpose, but they take place in a context that has become increasingly sensitive to the rights of individuals to protection of their personal information. Ensuring that personal privacy is adequately protected, while maximizing the use of relevant data for surveillance and research, is an important challenge.
This article provides a comprehensive overview of the legal and policy framework for the use of cancer patient information for surveillance and research purposes in Canada. It analyzes various sources of law applicable to cancer registries and to the use and disclosure of personal health information in this context, with a view to identifying key gaps and weaknesses and outlining potential reforms. The article is based on a report produced for the Canadian Partnership Against Cancer, an independent, federally-funded organization working on cancer control in Canada. The research conducted for that report built on earlier work carried out in 1999-2000 for the Canadian Coalition on Cancer Surveillance by researchers at the Health Law Institute, University of Alberta, and the Centre de recherche en droit public at the Universite de Montreal. (2) Though it took the 2000 Report as a starting point, the new report was written as an independent document. In updating the legislative review carried out in 2000, some significant changes have taken place, most notably the proliferation of statutes for the protection of personal information.
This article is divided into five parts: Part 1 provides an overview of public health surveillance and the legal framework within which surveillance and research take place. In Part 2, the legislative framework is analyzed in more detail, focusing on legislation that is directly relevant to the collection, use and disclosure of personal health information by cancer registries. The relevant types of legislation are summarized, and the legislative framework is compared to a set of recommended characteristics. The Appendix contains a Table of Legislation which sets out, for easy reference, the key pieces of legislation (statutes and regulations) relevant to cancer surveillance and the use of cancer data. Part 3 supplements the discussion of legislation in Part 2 with an outline of the policies and procedures of cancer agencies and other bodies that are relevant to use and disclosure of cancer data. Part 4 then provides an assessment of the strengths and weaknesses of the legal and policy framework, and highlights some issues that may require further attention. Finally, Part 5 outlines and discusses a range of tools to improve the legal and policy framework, such as model legislation or policies, best practices, and guidelines. The conclusion discusses priorities for action and potential areas of future work.
Part 1: Cancer Surveillance and its Legal Context
Health surveillance is one of six core functions of public health. (3) Surveillance may be defined as:
the tracking and forecasting of any health event or health
determinant through the continuous collection of high-quality data,
the integration, analysis and interpretation of those data into
surveillance products (for example reports, advisories, alerts, and
warnings), and the dissemination of those surveillance products to
those who need to know. …