Monitoring of Medical Assistance in Dying (MAID) Privacy Impact Assessment

Description of the Monitoring of the Medical Assistance in Dying (MAID) Program

Health Canada's End-of-Life Care Unit (EOCLU) under the Health Care Programs and Policy Directorate, Strategic Policy Branch is responsible for the monitoring and reporting activities related to MAID. Federal legislation and regulations require physicians, nurse practitioners and pharmacists to submit personal information related to themselves, and patients seeking MAID. Personal information is submitted through the Program's secure fax, via regular mail, through secure electronic transfer, or through a web-based application known as the Canadian MAID Data Collection Portal (MAID Portal). Health Canada has partnered with Statistics Canada to leverage its expertise and existing infrastructure, systems and technology for the secure storage and transmission of MAID-related data, and data processing activities.

Why was a Privacy Impact Assessment (PIA) completed?

It was determined, in consultation with the Health Canada/Public Health Agency of Canada Privacy Management Division (PMD), that the collection of data for the purposes of legislated reporting requirements for MAID necessitated the initiation of a Privacy Impact Assessment (PIA), as it met the following criteria:

• the monitoring and reporting on MAID is a new federal program, and although the personal information collected is not used for an administrative purpose or decision, a PIA is warranted given the high sensitivity of the information and the significant impact on the privacy of individuals.

Moreover, during public consultations on the pre-published version of the Regulations for the Monitoring of Medical Assistance in Dying: SOR/2018-166 (July 27 2018), Health Canada received feedback from three (3) provincial Offices of Privacy Commissioners, and the Office of the Privacy Commissioner of Canada. Concerns were considered in the development of this PIA, in particular, implementing robust measures to protect the security of the personal information and collecting only the minimum amount of identifiable information required for the monitoring of MAID.

More Information

This PIA focused on Health Canada's business processes and its handling of personal information to ensure compliance with the Privacy Act and associated Treasury Board privacy policies and directives. The PIA analysis of the risks reflects 10 universal privacy and fair information practice principles of the Canadian Standards Association's Model Code for the Protection of Personal Information.

The PIA recommended mitigation actions in the following risk areas:

• Limiting use, disclosure and retention of personal information with respect to requests for data by researchers
• Accuracy and integrity of multiple data sets
• Safeguarding personal information in using existing government electronic infrastructure and web-based platforms
• Openness and transparency on public-facing web sites about Health Canada's privacy policies and personal information handling practices