The FAIR data principles \cite{wilkinson2016fair,force112014guiding} which have gained recognition
That is, we should be able to find out what data are available and access such data, which is a key stumbling block in the context of health data. The data accessed should be interoperable with other software systems, and data should be well described for it to be useful, i.e., resuable. These principles apply to data in public and private organizations.
While the private sector has some incentives to share data, such as corporate goodwill, they are under no obligations to do so. There are also barriers in access to health data in the Canada's public health care system--barriers in time, location and process. Changes to the law can address these barriers, both in the will to share and the timeliness of doing so.
Changes to the Law and Supporting Governance
In Canada, privacy and access to information laws do not require a private company to provide access to a consumer's information electronically, nor immediately. Useful explanations of terms used in the data are not required. Furthermore, current laws only require information to be provided directly to the consumer--not to third party such as a health agency or a primary care provider in accordance with the consumer's wishes.
Hence we recommend that laws and regulations include an obligation to share data electronically in a timely manner adhering to the FAIR data principles. We also recommend laws include the right of consumers to delegate their access to third parties, in a one-time or ongoing manner. The benefit of a legal obligation is that it removes the need to negotiate data sharing agreements because the custodian of the data will no longer have a mandate or burden to ensure that the receiver of information adheres to good practice or the law. Once the custodian is mandated to share, the onus falls upon the recipient and governing authorities.
The legal approach we have outlined requires the certification and accreditation of recipients and governance in the form of legally designated organizations, committees, roles and responsibilities. The government (or a delegate thereof) could as a clearinghouse for such access, so that private companies are not required to accept connections from too many requestors.
This approach also requires a trustworthy process for the consumer, custodian and delegated recipient to identify and authenticate each other in a trusted manner that prevents parties from receiving fraudulent information or mixing up the information from one patient with another with the same name.
Discussion and Conclusions