Steven Tam, General Counsel and Chief Privacy Officer for VCH, and Chair of the Clinical & Systems Transformation project’s Privacy Working Group.

Protecting the privacy of patient data in a clinical information system

Steven Tam takes privacy seriously. As General Counsel and Chief Privacy Officer for VCH, and chair of the Clinical & Systems Transformation project’s Privacy Working Group, it’s his job to balance the information needs of health care professionals, and the privacy of patient data.

“With the new clinical information system, we will be capturing more information in a single system than ever before,” says Steven. “More people will have access to more information about more individuals.

“I had a strong interest in CST because I saw an opportunity to do things better from the start with regard to privacy compliance. We’re designing the new system with privacy in mind, including the ability to have all of the data needed for auditing purposes. Auditing will be a lot better because we can look at who’s had access to charts.”

The Privacy Working Group is developing access models, which will ensure that only people who need to see a patient’s data to carry out their duties will have access to such personal information.

“I see this as an opportunity to establish provincial standards for access models and to create consistency across facilities regarding who has access to what kinds of information,” says Steven. “It forces us to step back and ask ourselves the questions, and to make deliberate decisions around what access a particular care provider should have. That’s one of the benefits that will come out of this.”

There won’t be a one-size-fits-all access model, because some agencies and departments have specific privacy requirements.

“Information about mental health, HIV, abortions, communicable diseases, etc. is treated more sensitively today,” confirms Steven. “We’re collaborating with several agencies, including Forensics, so we have to make decisions based on clinical needs about what information should be accessible outside of those circles.”

Making research and quality improvements also present a unique challenge.

“These are large data sets,” explains Steven, “so there potentially could be large disclosures of health information affecting thousands of people. We’re looking at the governance, the review and approval process, to reduce that risk.

“We’re also looking closely at what security is in place – technical solutions, firewalls, encryption and access models. The access model and the audit program are crucial to the security of patient data.”

Read more about privacy and security in the new clinical information system, including information about requests by the US government for personal information through the Patriot Act.

Background information

• Clinical & Systems Transformation (CST) is a joint initiative of VCH, PHSA and PHC, and one of the largest and most complex healthcare projects in Canada. It spans across several areas of the continuum of care including: acute care inpatient and outpatient units, ambulatory care and residential care. As well as creating consistent, leading practices, and a shared clinical information system, CST will deliver HIMSS Level 5 functionality.
• Clinical design teams, made up of hundreds of highly-skilled, multi-disciplinary professionals from across the three Health Organizations and Team IBM, started work on April 7, 2014. These teams are tasked with designing our future workflows, based on leading practices. In doing so they are defining the requirements for our new clinical information system.

Visit for more information and regular updates, and to submit suggestions for future articles. If you have questions or feedback, please email or contact Kelle Payne, CST Executive Director and Transformation Lead, VCH (Joint) at or Donna Stanton, CST Executive Director and Transformation Lead, VCH (Joint) at