Blood, Sweat, and Megabytes

Blood, Sweat, and Megabytes

Smartphone apps, wearables, and medical monitoring systems provide individuals with insights into their health and fitness activities, but what are the data privacy trade-offs?
​Sarah Villeneuve
Policy Analyst
Stephanie Fielding
Policy & Research Analyst
November 12, 2019
Print Page

A number of devices have enabled the active and passive collection of an individual’s health and fitness data. Smartphone apps, wearables, and medical monitoring systems provide individuals with insights into their health and fitness activities, such as how many hours of sleep they got last night or how many calories they burned during their morning run. The ability for users to monitor their own health and fitness activities has created a growing demand for these devices. In many cases, the devices provide convenience for users by summarizing data about their well-being and creating personalized diet, fitness, or health regimes without the need for a personal trainer or a dietitian. However, the use of these devices is not without tradeoffs in relation to privacy and security. Recent investigative reports have shown that the organizations who own these devices not only collect an individual’s lifestyle, health, and fitness data, but may share or sell this information with third parties, such as insurance and pharmaceutical companies, often without the users’ informed consent.[1] [2] [3] In fact, the Health Insurance Portability and Accountability Act, a U.S. regulation that enforces patient-doctor confidentiality, does not apply to apps or wearable health and fitness devices, meaning any device that monitors and collects an individual’s data may share it.[4] This is important for Canadians who use wearables produced by U.S. companies, since the data being collected by these devices is typically transmitted to and stored in the U.S. Current health data protection regulations in Canada, such as Ontario’s PHIPA, allow residents’ data to be stored in the U.S.[5]

Share

"Many popular wearable fitness devices pose potential privacy and security risks, as user data is transmitted between the device and the app or to third parties with low levels of security, due to lack of encryption or anonymization."

Wearable Fitness Trackers

Fitness wearables, devices which are most popularly worn directly on the wrist, chest, or waist, collect a wide range of data related to a person’s activity and routine throughout their day, including steps, distance traveled, floors climbed, calories burned, active minutes, heart rate, and even specific exercises or activities.[6] Millions of wearable fitness trackers are sold in Canada each year.[7] In fact, one in five Canadians between the ages of 35 and 49 owns at least one wearable.[8] Most wearable fitness trackers have complementary smartphone apps that users can download and sync with their trackers to access a dashboard showing their activity and fitness data. Many popular wearable fitness devices pose potential privacy and security risks, as user data is transmitted between the device and the app or to third parties with low levels of security, due to lack of encryption or anonymization.[9] This includes personal information such as the user’s name, date of birth, gender, height, weight, email, geolocation, diet, and activities, as well as data about the devices connected to the wearable, such as the user’s phone’s serial number.

Fitbit is the most common brand of wearable fitness trackers purchased by Canadians.[10] Fitbit makes a range of wearable fitness bands, smartwatches, and accessories that use algorithms to identify physical motions that indicate activities. In order to use a Fitbit, users must download the Fitbit app on their smartphone or personal computer and create a Fitbit account. Registering for an account requires users to provide their name, date of birth, gender, height, weight, and phone number. Once the account has been created, users must connect their Fitbit device with their account to ensure data collected by the Fitbit device is synchronized with Fitbit’s app, allowing users to view their personal stats and historical trends. User can manually add activities or exercise shortcuts for specific activities. Fitbit devices that support the “SmartTrack” feature are able to automatically identify activities, such as walking, running, swimming, and outdoor biking. Once data has been synced to the app, it is transferred over an encrypted internet connection, and warehoused in Fitbit’s Cloud Service.[11] According to Fitbit’s privacy policy, the company will not share or sell user data with insurance companies and corporate wellness programs without users opting in; however, they do share data with third parties for IT and “customer service” purposes.[12] [13] In some cases, Fitbit has also shared activity, health, and geolocation data with authorities investigating criminal or illegal activities.[14]

Similar wearables include Samsung Galaxy Fit e and Huawei Band 3 Pro.

"In 2018, Strava’s heat maps revealed locations of secret military bases, due to a number of staff using the app to exercise."

Fitness apps

Fitness apps have become the most popular technological tool for people to manage their personal exercise activities and goals. A wide variety of fitness apps are available for users to download to individual smartphones, wearable fitness trackers, or computers, at low or no costs. Additionally, a number of smartphones now come with built-in health apps. Generally, fitness apps collect physical activity data, as well as information related to fitness goals. This data collection can be done actively (with the user indicating they are beginning a run), passively (for example, the continuous monitoring of heart rate), or manually (with the user manually logging the distance and pace of a run).

Strava is a popular fitness app that can be downloaded to smartphones and synced with wearable fitness trackers, such as Fitbits, to enable users to check their exercise performances and compare them with other users. Individuals must create an account in order to use the app, requiring them to provide personal information such as their name, birth date, and gender. Fitness data can be collected by Strava in three ways. The first relies on the user manually recording their activity in the app by keeping their phone on them while they exercise. Alternatively, users can instruct the app to “record” an exercise, and keep their phone on them while they run or bike. Thirdly, when Strava is synced with wearable fitness devices, activity data collected by the wearable will automatically be uploaded to the individual’s account.

Alongside collecting activity data, Strava uses real-time GPS data to create “heat maps” showing the paths of where its users run or cycle. Strava’s heat maps are essentially public visualizations of the location data of all its users. If a user does not want their location data to be shared with other users, they must change their privacy settings to protect their location data from being shared publicly.

Strava’s heat map function has come under scrutiny a number of times due to concerns over privacy and security. In 2018, Strava’s heat maps revealed locations of secret military bases, due to a number of staff using the app to exercise.[15] Critiques have also been made about the safety risks transparent location data poses to users, particularly women who run or cycle alone.[16] Similar apps include Endomondo and Runkeeper.

Wearable Health Devices

A new generation of wearable devices is on the rise, with a focus towards developing a more convenient and personalized experience for managing your health. Some notable examples include Bluetooth-enabled tampons,[17] Internet-enabled sex toys,[18] bra inserts that help detect breast cancer early,[19] and baby monitors.[20] Many of these devices collect personal health data from their users, some of which could present particularly sensitive privacy risks if this information were to be made public. Additionally, wearable health devices can be vulnerable to remote hacks and invasive data collection without the informed consent of the user.[21] 

Owlet, a wearable infant monitor in the form of a sock, monitors a baby’s heart rate and oxygen levels during sleep using a wireless pulse oximeter. Parents must download the Owlet app on their smartphone or Apple device and provide information about the child, including name, date of birth, gender, and weight. Parents can also provide information about any health conditions the child has. Through the app, parents are able to view and monitor their child’s sleep data. The app also sends alerts if their child’s vital signs are unusual, such as if the heart rate or oxygen levels are dangerously low or high. Data about the infant’s heart rate and oxygen levels are also collected by Owlet. Company policy says that they may use this data to research and develop future products, or to provide to third parties such as researchers or legal authorities.[22] Even when customers do not provide consent, the data collected from their device may still be used and shared with third party providers in an anonymized form.[23] 

"...there is a trend towards the “gamification” of health and well-being, with apps providing users with gentle nudges and incentives to adopt healthy behaviours."

Health and Well-Being Apps

The pervasiveness of smartphones has facilitated a new way for individuals to monitor and manage their personal health and well-being. Third-party apps focused on personal health and well-being are becoming increasingly popular. As of 2016, the number of health-related apps available on the Apple store exceeded 165,000.[24]  Alongside providing insight and guidance, speed, convenience, and affordability are major contributing factors to the popularity of these apps over traditional health and wellbeing services. Additionally, there is a trend towards the “gamification” of health and well-being, with apps providing users with gentle nudges and incentives to adopt healthy behaviours.[25] 

There are a variety of health and well-being apps, including nutrition and diet logs, female fertility tracking,[26] and mental health apps such as symptom trackers and guided meditation.[27] There is no standard form of data collection for health and wellbeing apps. For many dietary apps, such as Under Armour’s MyFitnessPal, users may have to manually input data about what they consumed throughout the day.[28]  However, some apps may collect data passively, such as information on frequency and duration of use, in-app activities, and preferences.

Flo is a women’s health app which supports users throughout their entire reproductive period, from the onset of menstruation to menopause. Similar apps include Clue and Eve. Flo includes a period tracker and ovulation calendar where users can record over 70 symptoms and activities, proactively flagging if a user should see a doctor.[29] This data is then used to provide users with precise cycle predictions based on Flo’s machine learning model. Flo is equipped with pregnancy and post-pregnancy modes to help users track their baby’s development and access health insights. Flow has 22 million monthly users across 200 countries.[30] Flo collects personal data such as name, email address, gender, date of birth, place of residence, and health data (body measurements and physical activity level). When in use, Flo automatically collects location device such as IP address, time zone, and mobile service provider information, which allows the company to infer the user’s general location. Flo also employs cookies and other tracking technologies to collect information about how individuals use the app, such as frequency of use and which features are used the most.[31] According to Flo’s privacy policy, a user’s exact age or data related to an individual’s health will never be shared with third parties. Flo may, however, share aggregated, anonymized information with partner organizations or research institutions. Flo retains users’ personal data as long as a user’s account remains active.

Headspace, a popular well-being and mental health app, guides users through meditation and mindfulness exercises.[32] Comparable apps include Calm and The Mindfulness App. Headspace includes hundreds of guided sessions tailored to decrease stress or anxiety, and increase sleep or focus. Users can sign up for a free trial to test out the app’s services before getting a paid subscription. To get started, users must provide their name, email address, and telephone number. If users choose to log in using Facebook, Headspace will collect their Facebook profile information, such as name, email address, and Facebook ID.[33] If registering for a student subscription, users will have to provide the name of their college or university and date of birth with Headspace’s third-party verification system.[34] Headspace passively collects device information, such as the type of device that is being used to access the app, operating system version, and system performance information. Headspace also employs tracking technologies, such as cookies, beacons, and scripts that recognize users’ devices — eliminating the need for users to continuously sign in, while also measuring how Headspace is used. If users join Headspace through a “community subscription” (provided by their place of work, educational institution, or organization), the date on which the individual last used the product and anonymized usage data will be provided to the subscription provider on an aggregated basis. Headspace may use users’ personal information to direct targeted advertisements, or provide it to third parties with complementary goods or services.[35] Users do have the ability to withdraw consent and request the deletion of personal information.

"Medical devices, such as continuous positive airway pressure machines (CPAPs), blood glucose monitors, and pacemakers, collect, transmit, and store user data in a cloud with varying levels of transmission security."

Medical Devices

Medical monitoring systems record and report on various medical conditions, such as sleep apnea, diabetes, and heart arrhythmias. Medical devices, such as continuous positive airway pressure machines (CPAPs), blood glucose monitors, and pacemakers, collect, transmit, and store user data in a cloud with varying levels of transmission security. In some cases, the data collected by these devices may be shared with third parties, including advertisers and insurance companies. There has been some tension over access to users’ personal health data via these devices. For example, while some CPAP companies allow users to see rudimentary data on the screen of their machine, such as average air pressure and use per night, most CPAP companies take a ‘walled garden’ approach by providing only healthcare providers with full access to user data and the ability to change device settings.[36] This approach is frustrating for medical device users, particularly those who lack adequate access to in-person medical care.

Dexcom, a continuous glucose monitor (CGM), is an increasingly popular medical device used by diabetics to monitor blood sugar. Dexcom automatically tracks glucose levels using a sensor embedded under the patient’s skin, typically on the patient’s stomach or arm. The data collected from the sensor is transmitted wirelessly in real-time to an app on the patient or caregiver’s smartphone or optional receiver.[37] Dexcom receives personal information that users provide, such as name, address, phone number, payment method, and health insurance provider, as well as glucose readings and usage information that is analyzed for business purposes.[38] Dexcom affords users with a number of benefits. Real-time monitoring can help users identify when their blood pressure is decreasing and alert users, allowing appropriate time for action to be taken to avoid low blood sugar.[39] However, users have limited control over the collection and sharing of personal health data.[40] 

While many CGMs, such as Dexcom, are sold directly to patients, those with extended health insurance may be able to claim the cost of the devices. However, health insurers that are covering the cost may request a month’s worth of data collected by the CGM.[41] People with diabetes are therefore faced with agreeing to the collection, sharing, and use of their health data unless they pay out-of-pocket or forego CGMs all together.[42] It’s unclear from available policy statements to what extent CGM providers share user data with third parties.

"In an effort to enhance and modernize public health care in Canada, several provinces and territories have been working towards the digitization and centralization of provincial public health records through the adoption of electronic medical records (EMRs)"

Healthcare

In Canada, healthcare is delivered through publicly-funded provincial and territorial systems. Under this system, all Canadian residents have access to basic medical services, without needing to pay out-of-pocket, including access to general practitioners, specialists, and emergency services. Provincial and territorial governments are responsible for managing, organizing, and delivering health care to residents in their jurisdiction with funding from the federal government.[43] 

In an effort to enhance and modernize public health care in Canada, several provinces and territories have been working towards the digitization and centralization of provincial public health records through the adoption of electronic medical records (EMRs). An EMR is a computer-based patient record system specific to a health clinic or organization, such as an individual’s general practitioner’s office or specialized clinic, that is used to document an individual’s health history and care.[44] EMRs contain personal information such as an individual’s name, age, address, and health card number, as well as medical information such as specialist reports, prescriptions, lab results, allergies, and intolerances.[45] EMR adoption varies widely by province. According to a 2016 survey, 85 percent of family doctors in Alberta have adopted EMR, 78 percent in Ontario, 60 percent in Quebec, and 36 percent in Newfoundland and Labrador.[46] However, it is reasonable to assume these numbers have increased in recent years as the overall adoption of technology has increased.

EMRs provide a number of benefits to health care providers and patients, by improving communication between care team members, increasing legibility of medical records, improving the recording of medication, and monitoring patient needs. For example, they could help doctors more easily identify which patients are over 50 and should schedule a colonoscopy.[47] EMRs vary considerably depending on the software used; therefore, records from one EMR system may not be readable on another.[48] However, where interoperable, EMRs allow doctors to share records with specialists, lab technicians, or hospitals where a patient is receiving care.[49] Examples of approved EMRs in Canada are Accuro and GlobeMed.

While the centralization and sharing of data provides a number of benefits, it also raises some concerns related to the privacy and security of patient health data. In February 2019, the Toronto Star reported that an EMR software provider in Ontario was collecting, anonymizing, and selling EMR data to IQVIA, a U.S.-based health information technology company. IQVIA then sells this data to organizations in the pharmaceutical industry, who are interested in using EMR data to track the use of their drugs, develop marketing strategies, and identify untapped markets.[50] In response to this story, Sarah Hutchison, the CEO of OntarioMD, a company that certifies and provides selection, implementation, and adoption support for EMRs in Ontario, stated that there is no evidence to suggest that an EMR provider is selling patient health data.[51]However, since the story broke in February 2019, the Office of the Information and Privacy Commissioner of Ontario has been investigating the sale of EMR data.[52] The selling of anonymized patient data presents a challenge to regulators, since once data is anonymized it is no longer considered ‘personal’ information and is not covered by privacy laws in Canada.[53] [54]

This is part of a series of articles exploring personal data collection practices in Canada. Check out our previous article ‘Data Never Sleeps’, exploring data collection practices in domestic spaces, and stay tuned for our next article on Traveling and Commuting.

Technology and policy related to this topic are constantly evolving. If you think we have missed something or see an error please contact Sarah Villeneuve (sarah.villeneuve@ryerson.ca). If you want to get involved in subsequent phases of this project, apply here.


[1] See Hilts, Andrew, Christopher Parson, and Jeffrey Knockel. “Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security.” The Citizen Lab and Open Effect, 2016. https://openeffect.ca/reports/Every_Step_You_Fake.pdf; O’Neil, Cathy. “Big Data Is Coming to Take Your Health Insurance.” Bloomberg Opinion, August 4, 2017. https://www.bloomberg.com/opinion/articles/2017-08-04/big-data-is-coming-to-take-your-health-insurance;  and Kravitz, Derek, and Marshall Allen. “Your Medical Devices Are Not Keeping Your Health Data to Themselves.” ProPublica, November 21, 2018. https://www.propublica.org/article/your-medical-devices-are-not-keeping-your-health-data-to-themselves.

[2] Hilts, Andrew, Christopher Parsons, and Jeffrey Knockel. “Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security.” Open Effect Report. Citizen Lab: Open Effect and the Citizen Lab, 2016. https://openeffect.ca/fitness-trackers/.

[3] Hilts, Andrew, Christopher Parsons, and Jeffrey Knockel. “Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security.” Open Effect Report. Citizen Lab: Open Effect and the Citizen Lab, 2016. https://openeffect.ca/fitness-trackers/.

[4] “Fitness and Health Apps May Be Sharing the Most Private Details about Your Life – MarketWatch.” Accessed October 18, 2019. https://www.marketwatch.com/story/fitness-and-health-apps-may-be-sharing-the-most-private-details-about-your-life-2019-02-26.

[5] VSee. “What You Need to Know About HIPAA and Canada Health Information Privacy,” January 20, 2017. https://vsee.com/blog/hipaa-canada-health-information-privacy/.

[6] Sarah Silbert. “What Exactly Can a Wearable Help You Track?” Lifewire. Accessed October 18, 2019. https://www.lifewire.com/what-wearables-can-track-4121040.

[7] Statista. 2019. “Fitness – Canada, Market Forecast.” Statistica. 2019. https://www.statista.com/outlook/313/108/fitness/canada.

[8] Bree, Rody-Mantha. 2016. “Gen X Loves Wearables, Tablets and Traditional TV.” November 9, 2016. http://mediaincanada.com/2016/11/09/gen-x-loves-wearables-tablets-and-traditional-tv-study/.

[9] Hilts, Andrew, Christopher Parson, and Jeffrey Knockel. “Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security.” ” The Citizen Lab and Open Effect, 2016. https://openeffect.ca/reports/Every_Step_You_Fake.pdf.

[10] Bree, Rody-Mantha. 2016. “Gen X Loves Wearables, Tablets and Traditional TV.” November 9, 2016. http://mediaincanada.com/2016/11/09/gen-x-loves-wearables-tablets-and-traditional-tv-study/.

[11] Cyr, Britt, Webb Horn, Daniela Miao, and Michael A. Specter. “Security Analysis of Wearable Fitness Devices ( Fitbit )”, 2014.

[12] Kravitz, Derek, and Marshall Allen. “Your Medical Devices Are Not Keeping Your Health Data to Themselves.” ProPublica, November 21, 2018. https://www.propublica.org/article/your-medical-devices-are-not-keeping-your-health-data-to-themselves.

[13] “Fitbit Group Health Direct Client Terms of Service.” Accessed October 18, 2019. https://www.fitbit.com/no/legal/corporate-wellness-terms.

[14] “Police Use Fitbit Data to Charge 90-Year-Old Man in Stepdaughter’s Killing – The New York Times.” Accessed October 18, 2019. https://www.nytimes.com/2018/10/03/us/fitbit-murder-arrest.html.

[15] See Tufekci, Zeynep. “The Latest Data Privacy Debacle – The New York Times.” The New York Times, January 30, 2018. https://www.nytimes.com/2018/01/30/opinion/strava-privacy.html; Hern, Alex. “Fitness Tracking App Strava Gives Away Location of Secret US Army Bases.” The Guardian, January 28, 2018. https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases; Malli, Nisa, Melinda Jacobs, and Sarah Villeneuve. “Intro to AI for Policymakers: Understanding the Shift.” The Brookfield Institute for Innovation and Entrepreneurship, March 30, 2018. https://brookfieldinstitute.ca/report/intro-to-ai-for-policymakers 

[16] Spinks, Rosie. “Using a Physical Fitness App Taught Me the Scary Truth about Why Privacy Settings Are a Feminist Issue.” Quartz, August 1, 2017. https://qz.com/1042852/using-a-fitness-app-taught-me-the-scary-truth-about-why-privacy-settings-are-a-feminist-issue/.

[17] Warren, Christina. “Smart Tampon Reminds You When It’s Time to Tug.” Mashable, May 17, 2016. https://mashable.com/2016/05/17/my-flow-smart-tampon/#3s04dyeZSmqB.

[18] Moz://a. “*Privacy Not Included: A Buyer’s Guide for Connected Products.” Moz://A. Accessed August 28, 2019. https://foundation.mozilla.org/en/privacynotincluded/categories/valentines-day/.

[19] “Cyrcadia Health | Early Detection Technology for Breast Cancer.” Accessed October 18, 2019. http://cyrcadiahealth.com/.

[20] Owlet Canada. “Canada Owlet Smart Sock – Baby Heart Rate & Oxygen Monitor | Owlet Care.” Accessed October 18, 2019. https://owletcare.ca/.

[21] Dreyfuss, Emily. “Don’t Get Your Valentine an Internet-Connected Sex Toy.” Wired, February 14, 2019. https://www.wired.com/story/internet-connected-sex-toys-security/.

[22] Owlet Canada. “Privacy.” Accessed October 18, 2019. https://owletcare.ca/pages/privacy.

[23] Owlet Canada. “Privacy.” Accessed October 18, 2019. https://owletcare.ca/pages/privacy.

[24] “Healthcare Apps Battle to Be Taken Seriously | Financial Times.” Accessed October 18, 2019. https://www.ft.com/content/ed3268f2-e620-11e5-a09b-1f8b0d268c39.

[25] “Healthcare Apps Battle to Be Taken Seriously | Financial Times.” Accessed October 18, 2019. https://www.ft.com/content/ed3268f2-e620-11e5-a09b-1f8b0d268c39.

[26] Flo.health – #1 mobile product for women’s health. “Flo – Ovulation Calendar, Period Tracker, and Pregnancy App.” Accessed October 18, 2019. https://flo.health/.

[27] Headspace. “Register with Headspace.” Accessed October 18, 2019. https://www.headspace.com.

[28] “Free Calorie Counter, Diet & Exercise Journal | MyFitnessPal.Com.” Accessed October 18, 2019. https://www.myfitnesspal.com/.

[29] “Flo Reaches 22M Monthly Active Users and Completes $12M Series A Extention Round.” Accessed October 18, 2019. https://flo.health/flo-health-inc/news/flo-reaches-22m-monthly-active-users.

[30] “Flo Reaches 22M Monthly Active Users and Completes $12M Series A Extention Round.” Accessed October 18, 2019. https://flo.health/flo-health-inc/news/flo-reaches-22m-monthly-active-users.

[31] Flo.health – #1 mobile product for women’s health. “Flo Privacy Policy.” Accessed October 18, 2019. https://flo.health/privacy-policy.

[32] “Meditation and Sleep Made Simple – Headspace.” Accessed October 18, 2019. https://www.headspace.com/.

[33] “Privacy Policy – Headspace.” Accessed October 18, 2019. https://www.headspace.com/privacy-policy.

[34] Headspace. “Student Discount Terms & Conditions.” Accessed October 18, 2019. https://www.headspace.com/student-discount-terms-and-conditions.

[35] “Privacy Policy – Headspace.” Accessed October 18, 2019. https://www.headspace.com/privacy-policy.

[36] “‘I’m Possibly Alive Because It Exists:’ Why Sleep Apnea Patients Rely on a CPAP Machine Hacker – VICE.” Accessed October 18, 2019. https://www.vice.com/en_us/article/xwjd4w/im-possibly-alive-because-it-exists-why-sleep-apnea-patients-rely-on-a-cpap-machine-hacker.

[37] cofa1. “What Is CGM.” Text. Dexcom, August 24, 2016. https://www.dexcom.com/en-CA/what-cgm.

[38] Dexcom. “Privacy Policy.” Text. Accessed October 18, 2019. https://www.dexcom.com/en-CA/linked/documentservice/PrivacyPolicy.

[39] Apr 04, Clare Hennig · CBC News · Posted:, and 2019 1:26 PM PT | Last Updated: April 7. “Blood Sugar Monitor Has ‘changed Standard of Care’ for Diabetes Patients — but Canada Isn’t Funding It | CBC News.” CBC, April 4, 2019. https://www.cbc.ca/news/canada/british-columbia/funding-for-continuous-glucose-monitor-bc-1.5084395.

[40] Britton, Katherine E., and Jennifer D. Britton-Colonnese. “Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.” Journal of Diabetes Science and Technology 11, no. 2 (February 13, 2017): 216–19. https://doi.org/10.1177/1932296816681585.

[41] Derek Kravitz, Marshall Allen. “Your Medical Devices Are Not Keeping Your Health Data to Themselves.” Text/html. ProPublica, November 21, 2018. https://www.propublica.org/article/your-medical-devices-are-not-keeping-your-health-data-to-themselves.

[42] Britton, Katherine E., and Jennifer D. Britton-Colonnese. “Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.” Journal of Diabetes Science and Technology 11, no. 2 (February 13, 2017): 216–19. https://doi.org/10.1177/1932296816681585.

[43] Canada, Health. “Canada’s Health Care System.” Education and awareness. aem, August 22, 2016. https://www.canada.ca/en/health-canada/services/canada-health-care-system.html.

[44] Admin, Nancy Marchioro. “Electronic Medical Records | Canada Health Infoway.” Accessed October 18, 2019. https://www.infoway-inforoute.ca/en/solutions/digital-health-foundation/electronic-medical-records.

[45] Admin, Nancy Marchioro. “EMRs Have Become Essential Tools for Physicians | Canada Health Infoway.” Accessed October 18, 2019. https://www.infoway-inforoute.ca/en/what-we-do/blog/5217-general/7696-emrs-have-become-essential-tools-for-physicians.

[46] “From Paper to Pixels: More Canadian Doctors Embracing Electronic Medical Records | CTV News.” Accessed October 18, 2019. https://www.ctvnews.ca/health/more-canadian-doctors-embracing-electronic-medical-records-1.2755721.

[47] “From Paper to Pixels: More Canadian Doctors Embracing Electronic Medical Records | CTV News.” Accessed October 18, 2019. https://www.ctvnews.ca/health/more-canadian-doctors-embracing-electronic-medical-records-1.2755721.

[48] Catherine Stinson. “Healthy Data: Policy Solutions and AI innovation in health | Mowat Centre.” Accessed October 18, 2019 https://munkschool.utoronto.ca/mowatcentre/wp-content/uploads/publications/179_healthy_data.pdf 

[49] Catherine Stinson. “Healthy Data: Policy Solutions and AI innovation in health | Mowat Centre.” Accessed October 18, 2019 https://munkschool.utoronto.ca/mowatcentre/wp-content/uploads/publications/179_healthy_data.pdf 

[50] “Medical-Record Software Companies Are Selling Your Health Data | The Star.” Accessed October 18, 2019. https://www.thestar.com/news/investigations/2019/02/20/medical-record-software-companies-are-selling-your-health-data.html.

 

[51] “OntarioMD Response to the Toronto Star Article Regarding Selling PHI.” Accessed October 18, 2019. https://www.ontariomd.ca/pages/ontariomd-response-to-the-toronto-star-article-regarding-selling-phi.aspx.

[52] thestar.com. “Privacy Commissioner to Investigate Sale of Health Data | The Star.” Accessed October 18, 2019. https://thestar.com/news/investigations/2019/02/21/privacy-commissioner-to-investigate-sale-of-health-data.html.

[53] thestar.com. “Privacy Commissioner to Investigate Sale of Health Data | The Star.” Accessed October 18, 2019. https://thestar.com/news/investigations/2019/02/21/privacy-commissioner-to-investigate-sale-of-health-data.html.

[54] Canada, Office of the Privacy Commissioner of. “Summary of Privacy Laws in Canada,” May 15, 2014. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/02_05_d_15/.

For media enquiries, please contact Coralie D’Souza, Director of Communications, Events + Community Relations at the Brookfield Institute for Innovation + Entrepreneurship.

​Sarah Villeneuve
Policy Analyst
Stephanie Fielding
Policy & Research Analyst
November 12, 2019
Print Page

Share