Thursday, 22 October 2015


- October 16, 2015 -  Selling/Trading/Bartering
- October 15, 2015  -  Translink
- October 10, 2015 -   B.C Services Card
- October 9, 2015 -  I've Returned

This site talks about patients privacy rights (or the lack thereof) in the medical field primarily in British Columbia, Canada. However, after reading/hearing about the issues, out-of-province Canadians have told me that they were going to look into the situation in their own province and, in some cases, visitors to Canada have said that they would look into the situation in their country.

To Contact Christy Clark:
E-mail –
Phone – 250-387-1715
or 604-660-2421 and they will put you through to her office toll-free
TDD – 604-775-0303
Elsewhere in B.C.:
Phone – 1-800-663-7867
TDD – 1-800-661-8773
Mailing Address: PO Box 9041
Victoria, BC
V8W 9E1

Sample Letter:

To promote openness, transparency, accountability and protection of rights we demand that:
(1) The Freedom of Information and Protection of Privacy Act (FOIPPA) be changed so that information may be collected, used and shared only with PATIENT CONSENT.
(2) The public be entitled to know SPECIFICALLY to whom we are consenting to share our information and how much information we are consenting to share. (Specifically means are they computer companies, janitors, food services companies, volunteers, etc., why do they need to access medical information, how much can they access, and is access limited to certain people in the company).
(3) The public be involved in the decision-making regarding the provincial and national medical databases being created; that our written consent be required before putting any information in the databases; that we have the right to say “NO” to putting our information in the databases.
(4) The public be given information on the new committee set up to look into privacy issues in the health sector.
(5) Privacy audits be conducted by an independent organization to ensure compliance by the health sector and the results made public.
We also suggest that one committee be set up to design forms, processes, procedures in the health sector to reduce costs, increase compliance with the law and accountability, and use of best practice techniques, as opposed to the current system where each health authority, and in some cases each hospital/clinic, prepares its own.

Yours truly,

Please cc Adrian Dix, NDP Leader at'm assuming this is still valid but their website doesn't provide an email address. Or phone 604-430-8600 or 1-888-868-3637

Also please cc anyone else you think appropriate.
I would appreciate a copy of your letter e-mailed to me at, and/or please tell me the names of anyone else you think should be cc'd.

Friday, 16 October 2015

3. New Postings

MAKE THIS AN ELECTION ISSUE - Tell the politicians that you won't vote for them unless they give you back your rights, unless they tell you with whom they share your information  and under what circumstances, unless they ask your consent to share your information.... see rest of goals under sample letter to Christy Clark or on the home page. 

- October 16, 2015 -  Selling/Trading/Bartering
- October 15, 2015  -  Translink
- October 10, 2015 -   B.C. Services Card
- October 9, 2015 -     I've Returned

 October 16, 2015


Are the politicians selling/trading/bartering (it's all the same thing) us?  Are we a product, a commodity, to be sold?   

In B.C. researchers (whoever they are because we're not told), claim that privacy laws make it difficult to access patient information.  “Instead of asking why should we open things up, what we really want to ask is, why shouldn’t we?” observed Margaret MacDiarmid, Minister of Labour, Citizens’ Services and Open Government (1). You'll find this statement particularly interesting when you read future post “Our Information Is Not Protected” (the privacy/firing scandal).

Point 1 – That should be the purpose of privacy laws, to make our information difficult to access.   

Point 2 -  Evidence proves that our information is, in fact, not protected (2).  Apparently the problem, for researchers, is that the information is not linked so they have to go to different databases.  And they want to track us.  All without OUR explicit consent and knowledge.

Richard Rosenberg, professor emeritus in computer science at the University of B.C. and a spokesman for the B.C. Civil Liberties Association, said patients should have the right to determine whether their medical records can be used for research.  “The argument shouldn’t be that because we’re doing good work, we should have access to whatever we want.” (1)                                                                                                                                 
Point 3 – Are they all doing good work?   We don't know because we don't know who THEY are or what THEY are doing.  Many research/pharmaceutical/biotechnology firms, etc. have been charged for various crimes. (17, 18, 19, 23 – I could not find any Canadian charges against pharmaceuticals – interesting!!)  And the government has been caught experimenting on Aboriginal children and adults (3, 4), and giving permission for experimentation on psychiatric patients and others (9, 10, 11, 12, 13).  This information never comes to light until many years later, if at all, because the government hides the information.   An article written by Les Perreaux and Sandra Rubin states:
             “The courts may be the final barrier to protect Canadians from unfettered genetic experimentation as scientists abandon public interest research in favour of corporate funding and ambitious, cutting-edge science, lawyers heard yesterday”.                   

            “The independent scientist who conducts research for the public good 'barely   exists any more,' according to one leading expert on technology and public policy”.                                                                                                                                                                                                  'They get up and talk as if they are neutral.  But they almost always have some share in the company or some self-interested gain for their work,” said Philip Bereano, a professor from the University of Washington in Seattle. (5)  Also, read future post “Follow the Money”.
Iceland and Newfoundland provide an example of how your information can be sold/traded/bartered.  In Iceland, the most famous example, a single company, deCode Genetics landed a monopoly on the national genome after acquiring exclusive access to the national health data base.  ...The fundamentals of genetics are still being debated, questions such as whether companies should be allowed to patent human genes.

An article in the Financial Post states:  “...which makes Newfoundland something of a motherlode to the drug development industry.  Indeed, despite the fact that modern genetics is still in its infancy, the race to exploit Newfoundlanders' genetic heritage has become so intense that some groups have been accused of “helicopter genetics” - basically, rushing in, grabbing a few blood samples, then jetting off to file the necessary patents.  There is now a growing belief among political leaders of the province that Newfoundlanders should maintain control over their unique genome.  But the politicians are faced with a tough dilemma:  How do you build a wall without scaring off the wealthy customers?  It is “becoming an increasingly treacherous debate about ethics and profit”. (6)  

There is a story about Henrietta Lacks, a woman from Baltimore, who, 60 years ago had her cancer cells taken without consent (isn't that called theft? And unethical?).  Those cells (called HeLa) were used in the biotech industry and helped create medical treatments.  “Neither she nor her family ever shared in the 'untold riches' but they recently gained 'some control over scientists access to the cells' DNA code.”  “Since DNA is inherited, information from her DNA could be used to make predictions about the disease risk and other traits of her modern-day descendants.“  “The main issue was the privacy concern and what information in the future might be revealed,' “David Lacks Jr. said in a news conference.”  “In the past the Lacks family had been left in the dark about research stemming from HeLa cells.” (7) 
So, is your DNA, and other body parts (fluids, etc.) and information, being sold/traded/bartered?  Are the politicians encouraging companies to locate in BC in exchange for our personal information?  Is the government and their lackeys (for example, the corporations that run the hospitals, the universities) outright selling it?  When you donate blood, are they taking a sample and putting it in a DNA data bank for use by all of THEM.  "The Province had commenced programs and financing to attract major drug companies to British Columbia," the notice said. "Also, the Liberal Party was receiving significant contributions from these drug companies.  And I wouldn't be surprised to find that the politicians are lining their pockets in other ways by selling/trading/bartering us. (16)

And what about all the other increasing amounts of information that is being collected on us.  The government calls it an “'e-government' strategy – a comprehensive identity management system meant to facilitate online access to government services and the integration of databases that contain citizen’s personal information.” (20)  'Crime and convenience are the ways these things are always sold', Mr. Gogolek said.  'They were using that with the fraud argument, but now it's being portrayed as some kind of convenience card.' (21)  What you end up with is one card with ALL your personal information, accessible to almost anyone who has your card number.  The government can't/won't protect it.  If it is in a database it is accessible (ask anyone who works in information technology, ie computers).  But now THEY don't have to try to access different databases, it's one stop shopping for all your information.  A hacker just has to hack one database, a government employee just has to access one database.  If the government says your information is protected, ask them to prove it because there is a load of evidence to show they DON'T protect our information (see my past/future posts, The Tyee, newspapers...)  You might also want to read Orwell's book called1984 (I'm sure it's at the public libraries). 
Do they even want it protected?  If it is discovered that a company/individual has your personal information, the politicians can hide the fact that it has been sold/traded/bartered by saying that it has been stolen.  After all, it isn't as if we are dealing with honest, ethical, caring people.

When the LNG doesn't provide the big tax flow the politicians promised, they have another source to generate income. (14)  The government will cover up the loss of projected revenue by selling more of us (our information, our DNA, etc). 

In fact, the government “was actively discussing selling patient health information to private companies”, around 2012.  (8)  But why else would they be collecting a treasure trove of information?  (1)  I have also been told that, although the BC Hospital Act prescribes keeping patient information for 10 years, there is a BC directive that all hospital records be kept indefinitely.  (from email) Is this true?  Well, unlike anywhere else, B.C. has digitalized records of every prescription filled by a pharmacist since 1995, all doctor billings, hospital admissions and treatments from the same period, and results of all blood tests done since 2002. (1)  And some information has been kept since 1985 (see post “I've Returned).

This may also be a case where the government is already selling/trading/bartering us because “...policy trumped the law and government could do what it wants even if it breaches the law and legislation."  (22)  And, " doesn't matter what the legislation says, we have government policy; that it's unfortunate that we don't follow the law but that we plan on changing the legislation at some point so that we will, so it's ok for now." (22) (see future post “Our Information is Not Protected”)

The law that allows the medical business to steal from us is immoral and unethical.  It is legalized theft but theft nonetheless when you take from people without their explicit consent, and in most cases, without their knowledge.      

As Micheal Vonn, of the BCCLA (British Columbia Civil Liberties Association), says:

                                     “It's not a conspiracy, it's a business plan!”.

1.  Plan to unlock B.C.'s trove of medical data raises privacy concerns. Rod Mickleburgh, 18 Apr 2012, The Globe and Mail                                                                                                                                     

2.  Past posts such as Auditor General – PARIS report 5/24/2011, Privacy Breaches 6/6/2011 and future post “Our Information Is Not Protected”                                                                              

3.  Aboriginal children used in medical tests, commissioner says, Darryl Dyck/Canadian Press, 31 Jul 2013, CBC News                                                                                                                     

4.  Hungry aboriginal people used in bureaucrats' experiments, The Canadian Press, 16 Jul 2013, CBC News                                                                                                                                                           

5.  Courts protect public against scientific “elite', 14 Aug 2001, National  Post                                              

6.  Newfoundland a motherlode for geneticists, 24 Jun 2000, Financial Post                                

7.  Family of Henrietta Lacks, Baltimore woman whose cells were taken without consent, wins recognition for immortal cells, 08 Aug 2013, Malcolm Ritter, Associated Press, National Post.     

8.  At Time of Firings, Health Ministry Discussed Selling Patient Data, 20 Mar 2015, Andrew MacLeod,                                                                                                                                              

9.  Mind-Control Part 1:  Canadian and U.S. Survivors Seek Justice, Arlene Tyner, March-April 2000 issue (Vol. 7 No. 3), Probe                                                                                                                 

10.  The McGill mind behind 'soft torture', 23 Nov 2005, National Post                                                   

11. CIA Activities in Canada (see the section on Project MKULTRA), Wikipedia                                 

12.  MK-UlTRAViolence, 06 Sept 2012, The McGill Daily                                                               

13.  Donald Ewen Cameron, Wikipedia                                                                                                     

14.  Premier's LNG Dreams Given Reality Check By Japanese Expert, Geoff Dembicki, 30 Jun 2014,                                                                                                                                                      

16.  Health Worker fired to Protect Liberal Donors, Suit Alleges – Andrew MacLeod, 07 May 2013,

17.  List of the largest pharmaceutical settlements, wiki

18.  GlaxoSmithKline to pay $3 billion healthcare fraud settlement, U.S. Says, Tiffany Hsu, 02 Jul 2012, Los Angeles Times

19.  Nuremberg Trials:  Big Pharma's Crimes Against Humanity, Gabriel Donohoe, 18 Oct 2008, Natural News

20.  Privacy groups demand halt to BC ID Card roll-out. 08 Feb 2013, BC Freedom of Information and Privacy Association (FIPA)

21.  Critics worry ID, Compass cards could be linked, Gordon Hoekstra, 2013/08/16, Vancouver Sun (a paper I do not buy)

22.  Emails Shed Light on Origins of Health Ministry Probe, Firings – Andrew MacLeod, 21 Oct 2014,

23.  Big Pharma behaving badly:  A timeline of settlements, 05 Oct 2010, Fierce Pharma

October 15, 2015 


“The possibility of linking TransLink's new Compass card to the province's new identification card raises significant privacy concerns and the possibility that transit users could be tracked by authorities, say privacy advocates.” (1)
“The idea of linking or combining the cards is laid out in a B.C. Government white paper for the new ID card program and in the Transportation Ministry's technology plan for 2012-13 to 2014-15.  The technology plan notes the ministry is working with TransLink and other transportation providers to “identify opportunities” to link their card functions with B.C.'s identity management program or add new functions.”
...the white paper says the B.C. Services identification card could “replace or augment” bus passes and credit cards, becoming a key part of a digital wallet.” (1)

Currently, the Translink information will not be linked (at least not when I left BC) but, no doubt, it will once the new Translink system has been operating for a while.  Then all the information they have been collecting will be linked and you probably won't even hear about it.  If the government wants to know where you were yesterday, all they have to do is check the database. “You will be able to create a picture of their daily commute, bus routes they take, times they tend to do things,” said Josh Paterson of BCCLA. (2)  And, in many instances, you would even be able to draw conclusions as to what stores/homes they visit.  Very useful if you are a thief, marketer, politician/toady or for a variety of other people/organizations.

”'I don't expect my bus pass to track me,' said Vincent Gogolek, executive director of the B.C. Freedom of Information and Privacy Association.”(1)
“Gogolek said the concern over adding the functions of the Compass and the ID card is part of a general concern that compiling or linking personal information creates digital personas that are susceptible to identity theft and allows people's movements to be tracked.' (1)
'The province's privacy commissioner has already raised concerns over the new ID card and its intended expanding uses, including flagging the need for greater encryption of digital personal information of British Columbians held and used by the government.  The B.C. Government's intention is that as the identity program develops, other government services will be accessed online and in person using the card. (1)

I asked a bus driver if I could get a compass card, put money on it by paying cash, without providing any personal information.  She said that I could register it through the internet and I explained that I did not want to register it, that I did not want to be tracked.  She then went into this long talk about how we are already tracked in ways we don't know about so why worry about Translink tracking us.  That is as illogical as saying that a person/organization steals from you so everyone should be able to steal from you.  I repeated my question and she said that there were something like 57 ways to pay and they reduced it to six.  I repeated my question.  She finally said she did not know if you could pay in cash but apparently she knew all the other ways you could pay.  I phoned Translink and I was told that you could get a compass card, put money on it by paying cash, without providing any personal information.  If your card is stolen then you lose the money on it so, if you choose to pay in cash, either be very careful with your card or don't put a lot of money on it at any one time.  However, I expect the card can still be tracked (no doubt, it will have a number or some other identifier) but they won't have your name and other information although they may be able to link it to your picture on a bus/skytrain and through facial recognition technology. (3)

If you pay in cash, and don't use a compass card, then you will have to pay twice if you transfer from a bus to another bus or skytrain and vice versa.  Translink said that they failed to take cash fares into consideration and now it would be too expensive to change.  Just think, all those people working on this project for, no doubt, huge amounts of money and they failed to consider something so obvious and basic.  Or, was it intentional to get people to get a compass card so they can be tracked?
Your provincial identification will be available to so many people and businesses/organizations that, in effect, everyone will have it.  So, if they want your information, they won't have to try to find your care card number, they will just access your provincial identification number which will be on file.

There are other reasons for collecting the information.  They and their friends will know more about you than you know about yourself.  If you think putting your information on social media is bad, this is worse.  At least with social media you decide what information you provide, if any.  On the government database you won't have a choice.  Doctors, other people in the government, teachers, etc. can write what they want about you.  Will a potential employer have your information, will your bank, insurance company, etc.?  Just think about all the people you would not like to have access to all your information.  Identity theft is very likely (see future post “Our Information is Not Protected”).  It will put your safety in jeopardy - do you live alone, are you older or disabled, do you have money, are you female?  If the politicians and their lackeys say your information is protected ask them to prove it, starting with listing the names of organizations, people in the organizations, other people, who will have access to your information (physical access, not just legal access, because the government has very “creative” definitions for the term access) and under what circumstances.  Then ask them to prove, and continue to prove, that no one else has access (Remember, the word of a politician, and their toadies, isn't worth a damn).  If the politicians/lackeys can't/won't provide this information, then they are lying to you.   Until such time as the politicians prove to us what they are doing with our information, who has access, under what circumstances, who benefits, who loses, anything is possible.  One thing I know, the politicians, their toadies and friends aren't doing this for us.  If they were they would have asked us and they wouldn't have to hide what they are doing.  I do believe that they and their friends will reap the rewards and we will pay the cost – in so many ways.                                                                                                                      
                                                                                                                                                  I thought the following was a very good comment from Mr. Nagotco:
            “The fact that a certain behavior is common does not negate its being corrupt. Indeed, as is true for government abuses generally, those in power rely on the willingness of citizens to be trained to view corrupt acts as so common that they become inured, numb, to its wrongfulness. Once a corrupt practice is sufficiently perceived as commonplace, then it is transformed in people's minds from something objectionable into something acceptable.
            Indeed, many people believe it demonstrates their worldly sophistication to express indifference toward bad behavior by powerful actors on the ground that it is so prevalent. This cynicism 'oh, don't be naive: this is done all the time' is precisely what enables such destructive behavior to thrive unchallenged.” (2)
When people tell me “this is done all the time” I just say “that doesn't make it right” and/or “then it's time to stop it”.

October 10, 2015

B.C. Services Card 

“British Columbia has one of the most valuable reservoirs of health-care data in the world (bolding mine)  ... Unlike anywhere else, B.C. has digitalized records of every prescription filled by a pharmacist since 1995, all doctor billings, hospital admissions and treatments from the same period, and results of all blood tests done since 2002” (1).  So, why have they been collecting all this information without our knowledge, much less our permission?? 

The politicians are now connecting our driver's license with our medical records and making it our provincial identification.  And this is only the beginning of the linking of all your personal information to this one card.  In other words, everything about you will be accessible by one card and one number and everyone to whom you show your provincial ID will know the number to use to access your information (legally or otherwise).  They say that you have a choice to “upgrade” your license or not until 2018, at which time you lose the right to choose.  An “upgrade” for whom?  It certainly isn't an upgrade for the patients whose information will now become more accessible.  How is this “smart”?  Although I expect this will be an “upgrade” to all the people in the government, the researchers (many, no doubt, from multinational pharmaceutical companies) plus suppliers and everyone else who accesses our information, but not an upgrade for the patients.  What is the purpose except to link all your information to one central database available to all the low-life's (see future post – our information is not protected). 

Acronyms:  FIPA - B.C. Freedom of Information and Privacy Association –

                    BCCLA – BC Civil Liberties Association –

                    ICM – Integrated Case Management


“..., those tasked with protecting the privacy of British Columbians say the new cards are a form of surveillance and will centralize personal data in a way that makes it attractive to hackers.”

   'When you have that much information stored or linked together, it becomes much more valuable for criminals to attack,' “said Vincent Gogolek, executive director of the B.C. Freedom of Information and Privacy Association.” (3)
   And it's not only outside criminals but those inside the government (see future post “Our Information Is Not Protected).

“In a
statement released today, Information and Privacy Commissioner Elizabeth Denham pointed to a number of shortcomings with the plan, and called for a halt to any further expansion of the Services Card without extensive public consultations on the risks and benefits of data linkage. And while they agree with the pause, the BCCLA and FIPA say that it will take more than a public consultation to fix what’s really broken in the government’s plan.”
"This government has got to come clean on the card before we are all forced to use it," said Micheal Vonn, BCCLA Policy Director. "British Columbians have been provided almost no real information about it, and the Commissioner herself says she was only given an 'abbreviated time for review' of the program.” (4)

The ICM debacle also raises serious concerns over other government IT and identity management projects like the new B.C. Services Card, set to launch in mid-February (2013). “If we’re seeing this level of mismanagement with the ICM, not to mention other government IT programs like JUSTIN and BCeSIS, it’s a pretty safe bet we will see more of the same with the new ID cards. It’s time for a public inquiry into data linkage systems across government before more money is wasted and personal information is compromised.” (5)

See FIPA's 2010 report on Integrated Case Management, "Culture of Care or Culture of Surveillance?" 

“In a legal ruling that cuts to the core of medical privacy in the age of the genome, a woman who nearly died in a Calgary house fire and is suing the landlords for negligence has been ordered to undergo testing for Huntington's disease, because if she has it, she may be entitled to less compensation.” 

“Critics worry that the precedent of forced testing will enable insurance companies and employers to discriminate against people who are merely at risk of genetic illnesses like Huntington's, and they call Canada an outlier in the developed world because it lacks formal legislative protection for genetic information.” (7) 

Another article states “ ...authorities are deliberating whether to allow the Chinese company to buy Complete Genomics of California, a major U.S. Sequencing company.”     ..but the deal has officials there fretting over both the security of genetic data and national security.”

  “ ...Because the technologies involved “have national security implications related to bioweapons...”.  (6)  Is your information being used to create bioweapons.  We have no idea who is using our information or how it is being used so anything is possible.  The point is that WE should know where our information is going and how it is being used.  

- “Heightened national security concerns, the growing business appetite for personal information and technological advances are all potent – and growing – threats to privacy rights,” said Stoddart (privacy commissioner) in a news release. 

When I was in BC, I was asked many times, by banks, etc. for my care card number for “identification”.  I gave it on one occasion, after being assured that they did not enter it into their system (for whatever that's worth).  I later decided it would be wiser not to give it again.  In the future post “Our Information Is Not Protected” you will read how our medical information is being shared “without authorization” (illegally), with our identifying number attached and you will understand how the care card number, or B.C. Services card number, can be used to identify you and your medical information.  

Your provincial identification will be available to so many people and businesses/organizations that, in effect, everyone will have it.  So, if they want your information, they won't have to try to find your care card number or search through numerous databases, they will have your B.C. Services card number. 

(1)   Plan to unlock B.C.'s trove of medical data raises privacy concerns, Rod Mickleburgh, 2012/04/18, Globe & Mail

(2)  Security concerns, technological advances threaten privacy. Joan Delaney, 07 Jan 2008, The Epoch Times

(3)  B.C.'s new identity cards raise host of privacy concerns, critics say, Luke Simcoe, Metro, 2013/01/09

(4)  Privacy Groups demand halt to BC ID Card roll-out, FIPA, 2013/02/08

(5)  Report finds B.C. Government's $182 million Integrated Case Management system plagued with “fundamental deficiencies”, FIPA, 2013/01/25

(6)  Why China is a genetic powerhouse with a problem, Carolynn Abraham and Carolynne Wheeler, The Globe and Mail, 2012/12/15

(7) Court orders woman who almost died in fire to undergo tests to prove symptoms not linked to genetic disease, Joseph Brean, 26 Sep 2013, National Post 

October 9, 2015

I've Returned

I had to take a break due to illness (see future post – my story) and moving to a province that is much less of a surveillance state.  As often happens, things take longer than expected but I learned more.  Unfortunately, most of it isn't good.

I moved to a province where (in no particular order):

1.  there are no cameras in the streets or on the buses

2.  no retention of medical information over seven years; BC has retained medical information since 1995, so 20 years and counting (5).  In some cases they have data from 1985 (see #10), so 30 years and counting

3.  there is no BC Services Card where all your information is linked (to be used for many purposes I'm sure the people of BC haven't heard about)

4.  no MSP, much less one where the “storage, handling and administration” of our personal medical records is handled by an American company, subject to the US Patriot Act and other US laws (4)

5.  no Translink compass card on the buses (3)

6.  Use of facial recognition technology limited to driver's license (6)

7.  no smart meter or, as some people refer to it, the stupid meter

8.  As far as I know they have not taken away our right to determine who has access to our body parts and information

9.  As far as I know, they do not track children (see The Children, June 17, 2011)

10. As far as I know, they do not track everything else on people. 
            For example (from The Children – June 17, 2011), in BC  “HELP partner, Population Data BC, offers the research community access to one of the world’s largest collections of health care, health services and population health care data; “Population Data BC offers qualified researchers access to a rich source of linkable, person specific, but de-identified data on British Columbia’s four million residents, in many cases from 1985 forward. Current data holdings include health care and health service records, population and demographic data and occupational data.  This post also identifies all the other information these “people” want and, as for, de-identified, I believe that lie has been laid to rest (See future posts “Our Information Is Not Protected” and “Anonymous”).

11.  No automated license plate recognition technology (ALPR system) as far as I know (1)(2)(7)

12.  No Gag laws (see posting “Gag Law”, May 12, 2013)

Look at the amount of information BC is collecting vs another province and BC plans to collect a lot more, such as Translink's Compass card (2).  In other words big brother/sister has a MUCH smaller footprint in another province and the citizens have more privacy, more rights.
When you look at the list of ways the people in BC are being tracked and information collected you have to come to the conclusion that this information, and our body parts, are being sold/traded/bartered (see future post “sold/traded/bartered). 

* (see next three of my posts “Selling/Trading/Bartering”, “Smart Carecard”, “Translink”).
(1) Former solicitor general applauds license plate privacy report – Andrew MacLeod, 23 Nov 2012, The Hook
(2) Police use of licence plate scans breaks privacy law:  commissioner, Andrew MacLeod, 15 Nov 2012, The Hook                                                                                                                                                                               (3)  Critics worry ID, Compass cards could be linked, Gordon Hoekstra, 15 Aug 2013, Vancouver Sun
(4)  100+ reasons the BC Liberals must go, No Strings Attached : Laila Yuile on politics and life in B.C.
(5)  Plan to unlock B.C.'s trove of medical data raises privacy concerns, Rod Mickleburgh, 18 Apr 2012, The Globe and Mail
(6)  Investigation Into The Use Of Facial Recognition Technology By The Insurance Corporation of BC, 16 Feb, 2012, The Office of the Privacy Commissioner
(7)  We Know Where You Drove Last Night:  Police, Andrew MacLeod, 16 Nov 2012,
(8)  Powerful new card to replace B.C. Care Card, The Canadian Press, 08 Jan 2013, CBC News
(9)  Privacy concerns raised over Translink's new fare card, 18 Jan 2013, CBC News

May 12, 2013


I would normally be starting to hand out information in front of St. Paul's at this time. But I can't because the politicians have decided that anyone, who spends even $1, actually I believe that is even a penny (there are still some in use) can be fined if they do so without registering with them. The politicians want to know who we are, who we support and that goes into their computer system (and is shared with everyone). The BCCLA (B.C. Civil Liberties Association) has taken the issue to court, but that will probably take years. So, the politicians get to shut up a lot of people so it will be mostly the voices of the politicians that are heard (brain-washing as I see it).

People like me, on the front lines, regularly threatened for exercising our democratic rights, aren't going to give out our name and contact information. But I can write on the blog as this doesn't cost anything and because I am an individual.

April 25, 2013


You may wish to go to the following websites to read the rest of the articles and for information on a documentary showing in the Lower Mainland on

"Whipped:  The Secret World of Party Discipline" Thu/Fri/Sun – source:
Screenings: Thursday, April 25 (7:00 pm), UBC, Buchanan Building, Room A103;
Friday, April 26 (7:00 pm) The Vic Theatre 808 Douglas Street, Victoria;
Sunday, April 28 (7:00 pm) Alice MacKay Room, Library Square Conference Centre 350 West Georgia St. – See 'Whipped,' Sean Holman's Expose on Slavish Politicians by David Beers, April 22, 2013. After you read David Beers article and/or see the documentary you may want to ask yourself what the MLA's do for us – the people. We pay them wages, expenses, golden pension plans but for what?? They don't represent us, only their party.

Sean Holman says "Are we happy with a political system where most MLAs only have a say in secret? Are we happy with a political system where MLAs are often unable to tell voters when they disagree with their party? Are we happy with a political system where government has the power to get whatever it wants in the legislature?
"Because that's the system we've got." …... -The Georgia Straight – Sean Holman documentary exposes how political parties keep MLAs in line – by Charlie Smith – April 24, 2013.
David Chudnovsky said “They sent us here to govern, and we don’t,” the MLA said. “Everybody who works here knows that the real governing takes place in the premier’s office with a few handpicked friends and advisers.” …....

And you wonder how the politicians (and their friends) can steal your democracy, your rights. It is obviously very easy. Who is going to stop them. – Whipped: The Secret World of Party Discipline – by Sean Holman. He said: “In fact, I've discovered, out of the 32,328 votes cast between June 2001 and April 2012, just 80 or 0.25 percent were cast by MLAs voting against their own party.
That means a party with a majority can essentially do whatever it wants in the legislature -- so much so that the last time a government bill was defeated was 1953, the same year Joseph Stalin died. But those numbers also suggest, as one former MLA told me, "There's got to be times -- random chance if nothing else -- that some of us actually disagree with what we're voting on."

April 15, 2013


Why don't the politicians support a Whistleblowers Protection Act. Because the misconduct, bad policies, corruption, etc. the whistleblowers report would include the politician's. Politicians don't want people making the politicians accountability, they want to shut them up.
People in the medical business might speak up if they weren't afraid of losing their jobs.

To learn more about whistleblowers see website

April 14, 2013

Fixing the Medical System

Do you think the politicians will ever “fix” the medical system. I don't. What would they have to blackmail us with. If you don't support the oil and gas drilling we won't have money for hospitals and education. If you don't support the olympics we won't have money for hospitals and education. If you don't support the HST we won't have money for hospitals and education. If you don't support__ __ __ (fill in the blanks) we won't have money for hospitals and education.

April 13, 2013

Auditor General John Doyle

Mr. Doyle I am truly sorry that a man of your calibre as a human being is leaving but I wish you the very best in Australia. I hope that you won't run into the same difficulties, as you have here, in doing your job in an ethical, responsible, moral manner.

This, unfortunately, is what happens, when a good person gets into the government and works “for the people”. The dirty (is there any other kind?) politicians get rid of them. The politicians want immoral people, people who work for the politicians, covering up what they do, or at the very least, not exposing it. That's why politics has such an ugly reputation – because the good people never last.

But I am grateful for people like Mr. Doyle, the auditor general, who show us that decent, ethical people do get into government, and, although they don't last long, they can accomplish a lot of good things during the time they have.

Source: No extension. B.C. NDP want auditor general decision reconsidered – Metro, January 11, 2013

April 12, 2013
Children Hurt, Dying In Care of Politicians

This is a very, very serious problem that I have been reading about for some time, from different sources. Mary Ellen Turpond-Lafond, one of the rare people working in government who actually work for the people, has been fighting to protect the children. She is the B.C.'s representative for children and youth. The children in the care of the “government” (the politicians), in a democracy it would be considered “our care”, are dying or being injured in truly disturbing numbers. She has been battling the politicians. The politicians either don't care, or are incompetent, about protecting these children. But the politicians want us to vote for them so they can continue to let these children be harmed or die. THESE ARE CHILDREN. But I guess spending time at photo-ops, or trying to cover up their latest scandal or spending money on advertisements is more important. And I don't think one party is any better than another.

I wonder how long Mary Ellen Turpond-Lafond will remain employed by the politicians (see next blog).

April 11, 2013

Not Voting

I don't vote anymore. The politicians lie, steal, kill and destroy our democracy and rights. Then they ask us to vote for them so they can continue to do the same. I finally realized that this was a really stupid thing to be doing. Why would I dignify people who steal from everyone, but in particular, the vulnerable, the newborn babies, the sick and put them in harm's way, by voting for them. These are people who, when you demand that your right to privacy be respected, simply take away your rights; no vote, no discussion, not even a notification to the public, just hide it in a bill with a lot of other things (see prior post).

I was taught, from the time I was a child, that you don't pick on the vulnerable, those weaker, smaller than you but those seem to be the prime target of politicians.

We hear about scandal after scandal. The politicians and their friends looking after themselves at the expense of the people. And you know that for every scandal we hear about there are many, many more that they have managed to hide, to cover up. I now believe that politicians are the bottom of the human race, the garbage. Mind you, they have a lot of company down there. And I think all political parties, run by politicians, are the same bottom feeders.

People have said that if you don't vote horrible things will happen, that you will get the people you deserve, etc. I've noticed that horrible things happen when I do vote and I don't get the people I deserve whether I vote or not. The politicians, the medical system, the police all collect information on law-abiding, and many of them vulnerable, people but we aren't allowed to even know why and who it is being shared with

I've heard people say that you should vote even if you ”spoil” the ballot . I tried that one year. What I noticed was that little or no mention was made of the number of spoiled ballots but everyone talked, and tracked how many people didn't vote. Of course, they like to say that people don't vote because they are lazy, apathetic, not interested. It sounds a lot better than saying that people don't vote because they are so disgusted with, so repulsed by the dirty excuses for human beings called politicians.

As the number of people who vote continue to drop, there is now a suggestion that people should be forced to vote. I once said that I would agree to that if they put “none of the above on the ballot”. But then I realized that forcing people to vote in a so-called “democracy” is an oxymoron. What is democratic about it? You take away people's right to choose whether they want to vote or whether they want to protest by not voting. Of course, with online voting possible, it would allow the politicians to screw the numbers. But forcing people to vote would make it appear that the people supported politicians.

The politicians are people for whom I have such contempt. They are the people that I try to ignore, or work around. Every time I have contact with them I find out that another right I am suppose to have is just writing on a piece of paper, like them useless (at best).

Politicians like to say they are the “servants of the people” or “public servants”.  But when a political party and the politicians get “elected” they are said to be “in power”.  And evidence shows that 99.9% of the time, it is the politicians who have the “power”, not the people (the HST being one of the rare exceptions). We are the servants of the politicians.

In a democracy politicians are suppose to be accountable to the people. They are suppose to answer the questions of the people honestly and openly. But these politicians are people who do everything they can to avoid being accountable, avoid transparency, just read any paper, online or otherwise. Just ask a question and try to get a real answer, not some con.

But, for those planning to vote, and even those not planning to vote, ask you local politician some of the following questions:

1. Why did they take away our right to privacy in the medical system?
2. Why are hospitals refusing to state, specifically, who has access to medical records?
3. Why do we not have a “right” to know who has access to our personal information?
4. What information will (is) go to the provincial medical database and who will have access and how much?
5. Ask about the committee set up to look into privacy issues in the health sector? Does it still exist? Who was/is on the committee? How would we contact them?

Ask them to prove anything they say. And be sure to record anything they say because they lie.

September 25, 2012

Bill 35 – Pharmaceutical Services Act

Collection, use and disclosure of personal information

22  (1) The minister may collect personal information under this Act for one or more of the following purposes:
(c) for a prescribed purpose.

(2) The minister may use and disclose, inside Canada, personal information collected under subsection (1) for one or more of the following purposes:
(i) to conduct or facilitate research into health issues;
(k) for a prescribed purpose.

(3) The minister may disclose, outside Canada, personal information collected under subsection (1) for one or both of the following purposes:
(a) to conduct or facilitate research into health issues;
This act gives the government and their friends the right to use our information without our knowledge, must less our consent.

How will it be used? We don't know. For example, as Vincent Gogolek of FIPA states, a prescribed purpose “could be anything”. He also believes that we should have the right to say NO to having our information shared even anonymously. So, in essence the politicians have given themselves, and their friends, the legal right to do whatever they want with our personal/medical information as opposed to doing it illegally as they have in the past.

Personally, if they want my information, I want to answers to questions such as (for starters) who they are (name of research organization), I want to know what type of research they are doing, I want to know if it is being done outside Canada, if it is being done anonymously, how the information is being protected (with proof). If they want my information they should be required to set up a webpage providing this information. Then I can decide if my information is being shared appropriately. I want them to be transparent so they can be held accountable. They don't want to be transparent, and therefore accountable, which proves I do have reason to be concerned. Also I want to know what money, or other form of gain, is being exchanged, who pays and who receives.

I would also like more details. The Act is vague (do you know what it means to you?) and if the politicians can't provide more specifics about what they mean then they don't know what they are doing or they are trying to hide what they are doing.

Even the privacy commissioner Elizabeth Denham states: “In Bill 35, I have a concern about the broad and unfocused authority for the minister to collect and share personal health information under that act,” she said. Again, it appears the politicians have ignored the privacy commissioner when implementing this act. It appears that, as usual, the privacy commissioner wasn't even consulted.

According to the Vancouver Sun (a paper I never buy) “Hansen says sufficient safeguards are already in place to assure both the anonymity of records and to ensure they will only be released to responsible researchers.” We are not given the opportunity to determine if these researchers are responsible, only the politicians do that and we know how ethical they are. Also, see my next blog about the latest scandal on patient information being shared, apparently illegally, with researchers (which contradicts Colin Hansen's statement of safeguards). As usual the politicians will ignore the evidence that our information is NOT being protected and just tell you what they want you to believe (brainwashing).

Our information can now go into other countries. What information is going into other countries? Whose laws apply to our information in this other country? Can our information be accessed under the U.S. Patriot Act (I really don't believe that all the information shared will be anonymous now any more than it has in the past).

The politicians would have you believe that all researchers are ethical, and moral but they are not. I don't think that anyone who takes my information without my personal knowledge and consent has any ethics, morals or integrity. And pharmacetical companies, one of (if not the) main funder of researchers, have been charged and convicted numerous times for various illegal acts. Not all research benefits society. In fact, some of it harms society.

Information has been shared with researchers in the past and is supposedly done so under specific circumstances. But as shown in the past, for example the Auditor General's audit of the Vancouver Coastal Health database and the recent scandal, the rules aren't followed. The hospitals just give the information and nothing is done to ensure that the information is properly used or protected. There are words on paper and there is reality.

Colin Hansen has been pushing to give our information to researchers while he was in the Liberal government and even now that he has left. I will be interested to hear where he gets his next job or directorship.

Again, if they have to take OUR information without our knowledge/consent, if they have to hide what they are doing with OUR information, then they are doing something wrong, something they don't want you to know about.


- Bill 35 – Pharmacetical Services Act
- FIPA – Piecemeal Repeal of FIPPA? - June 1, 2012
- The Hook – Drug Bill Includes Personal Information Grab: Advocate – Andrew MacLeod, April 30, 2012
- Vancouver Sun, Craig McInnes, May 3, 2012

September 24, 2012
What/Who are they selling

There was an article in The Province (not a paper I buy) on Aug. 12, 2012. The article was by Geoff Plant, chairman of Providence Health Care, which operates St. Paul's and other hospitals/clinics. I don't know if this article was paid for by the taxpayers, but that's another issue.

In the article G. Plant extols the virtues of St. Paul's (a very one-sided view) but what interested me was the statement that St. Paul's brings in research dollars of $43 million from outside sources annually. So, what are the research companies buying --- us?
Is St. Paul's selling us?? We, of course, are not allowed to know.

Geoff Plant is a former liberal attorney general and teaches at UBC (who is involved in research with St. Paul's). Interesting how it's all connected by the same people.

But, it keeps coming back to the same issue. If everything is above-board, honest, ethical, moral, then why won't they tell us who they are sharing our information with (names of companies/individuals and under what circumstances); why do they hide this information?
No transparency, no accountability. 

July 20, 2012

Police and Privacy

A little over a year ago the BC Civil Liberties Association raised the issue of the police database (called PRIME-BC) collecting information on law-abiding citizens (1). They state “that as many as 85% of British Columbia's adult population have “master name records” in the PRIME-BC police database”. The Solicitor General was asked to investigate. According to the BCCLA, they have received no additional information. The Solicitor General's office has not responded to my email.
The Privacy Commissioners office is “examining the issue of employment-related criminal records checks” and the report is, apparently, due out this month. This is a very narrow focus and does not answer the broader questions.

My questions are:
1. Why are the police collecting information on law-abiding citizens and under what circumstances is it being collected?
2. How is this information being used?
3. With whom is it being shared?
4. How long is it kept?

Apparently, no government office thinks we have the right to answers.

It was pointed out to me that the records of a criminal are legally required to be deleted after a certain period of time. A law-abiding citizen, apparently, has no such right and, it appears, records may be kept indefinitely.

Apparently the database includes “negative police contact” which, I understand, includes being a witness to a crime, or “residents of a building in which crime was occurring in a different unit, and if you refuse to answer their questions you are listed as “uncooperative”. Personally, I would rather be listed as “uncooperative” than provide personal information (it does depend on the situation). At least I know that all they have to enter in the database & share is “uncooperative”. When I have answers to the questions above I will reconsider my willingness to “cooperate”. Until then, as far as I am concerned, they don't deserve my cooperation.

The next two blogs will show how this may become an issue with medical information.

(1) BCCLA – - More than eight out of every 10 BC adults in police database, March 22, 2011 (topic: police accountability) –
FIPA – – Information and Privacy Commissioner announces investigation of
BC's PRIME police database – March 29, 2011
Vancouver Sun – Are you in the police bad book? March 29, 2011 

July 21, 2012

Medical information shared with U.S.
CBC News, September 9, 2011, By Sarah Bridge – Canadians with mental illnesses denied U.S. Entry – Data entered into national police database accessible to American authorities: WikiLeaks
Police had been called to a woman's home because she attempted suicide with a pill overdose (she had been battling chronic pain, anxiety, & depression for years). This was 4 years prior to 2011. There were no charges as it was not a criminal matter but a medical emergency. Suicide (actual or attempted) is not illegal in Canada or the U.S. But when she went to the U.S border in 2011 she was denied access because the U.S. had the “dated” police information (it did not report her mental health recovery). More than a dozen others have reported similar stories about being refused entry to the U.S. because their records of mental illness was shared with the U.S. Department of Homeland Security.
So far, the RCMP hasn’t provided the office (The Toronto Psychatric Advocate Office) with clear answers about how or why police records of non-violent mental health incidents are passed across the border.”
According to diplomatic cables released earlier this year by WikiLeaks, any information entered into the national Canadian Police Information Centre (CPIC) database is accessible to American authorities.”
Stanley Stylianos, program manager for the Psychiatric Patient Advocate Office says his organization is trying to get this information not included in CPIC. “Once that information gets into the American system, you can’t control it,” he says.
You may or may not agree whether the information should be included in CPRIC. I personally don't see any reason why it should be. But that is another issue to be debated.
My questions are:
1. Why do people have to go to a foreign country to find out that this information is being shared, or find out from Wiki-leaks or from brave people, like the lady in this article, who must share very personal information to raise awareness. People make plans and travel to a foreign border, usually with friends and/or family, only to find out they can't cross a border. Their travel plans are ruined and how do they explain to family/friends what is extremely personal information, and perhaps no longer even relevant. What happens when you fly to a country, for example, France? After you have flown across the Atlantic, do they force you to get on another flight home, after all your flight/hotel, etc. expenses have been paid? Or is this an issue strictly with the U.S.? The point is that OUR GOVERNMENT should be telling its citizens that this information is being shared and what to do about it.
2. “Brad Benson from the U.S. Department of Homeland Security says medical records aren't shared between countries.” Yet, while I have been in front of St. Paul's, several people, with AIDS, have told me about being refused entry to the U.S. And one person said no one but his doctor knew about his condition. So, if people with certain medical conditions are not allowed in the U.S., how does the U.S. know who they are? (Note: the restriction on people with AIDS entering the U.S. has been recently reversed but this does not change the question).
3. Who else has access to CPIC?
The lady did get entry to the U.S. but first “she had to submit her medical records to the U.S. And get clearance from a Homeland Security-approved doctor in Toronto, who charged her $250 for the service.”
And the U.S. has been continually complaining that they don't get enough of our personal information.
PRIME-BC and CPIC are different databases but are they linked?; 
Does the U.S. and others have access to PRIME-BC as it does CPIC?

July 21, 2012

U.S. Will be allowed to share border data about Canadians
A new binational privacy charter will allow the U.S. to share information about Canadians, collected at the border, with other countries. “The U.S. won't have to explicitly tell Canada about its plan to pass along the personal information in most cases.” “But the U.S. can only do so in accordance with U.S. law and relevant international agreements and arrangements.”
In the absence of such "international agreements and arrangements," the U.S. must inform Canada prior to the transfer, or as soon as possible after the transfer in the case of urgent circumstances.”
Emily Gilbert, director of the Canadian studies program at the University of Toronto, raised questions:
1. "When somebody is a person of interest in the United States, but is a Canadian, what does that mean?" "And then what does it mean if that information is then being sent to the European Union or somewhere else?"
2. it is unclear how the distinct constitutional and legal frameworks of the two countries are going to be maintained in the context of cross-border information sharing.
3. where will data collected under the border processes be physically stored and who will have access to it.
4. regarding the principles of "effective remedies before a fair and objective authority" when a person's privacy has been breached”,” who would fulfil the role of authority and whether the body's rulings could be appealed.”
Some points to consider:
1. Note that the U.S. Is only required to inform Canada when sharing Canadian information, not get permission.
2. Also, as usual, so many questions and no answers; questions that should have been resolved before signing an agreement.
3. Do they only collect the information when you physically go to the border and what information is collected?
4. What do they do with all the other information they have access to on Canadian citizens who never enter the U.S.?
5. What are the U.S. laws (today, bearing in mind they can change tomorrow), what are the international agreements and arrangements? It's very convenient to throw around the words “laws, agreements, arrangements” but what are they? What information can be collected, under what circumstances, who has access, etc. We are told none of this.
5. Canadians have never been consulted as to whether they agree with this sharing of personal information.
6. To again quote Stanley Stylianos (see prior post), “Once that information gets into the American system, you can’t control it,” And this would be made worse when it is shared around the world. The U.S. shares it with, for example, Iraq, Iraq shares it with (fill in country), who shares it with (fill in country), who shares it with (whoever). At what point does it enter the hands of the marketing companies, the U.S. military (who had already started an illegal DNA database on its own citizens – see prior post).
7. We have already seen that the hospitals can't/won't protect the information in its database. So it is highly unlikely that the information will stay confidential once it starts entering even more databases.
From the Globe & Mail's comment section:
1. andhalamadola.
How does this privacy charter take precendece over our own Citizens Charter?
2. SlipperySlope: The Harper government, selling our privacy, to the highest bidder.
3. Scared Monkey: Oxymoron of the day, "Share/ private confidential" information. Wow!
4. Richard Roskell: It is SUCH an honour to have personal information about Canadians shared with and administered by the USA, for use as they see fit. All the sucking up that our governments do with America is really starting to pay off!
5. Chris in Ottawa: Harper should be tried for treason at some point. The only jurisdiction that should be allowed to share information on Canadians derived from Canadian sources should be Canada and that should only be done under the umbrella of international agreements that protect privacy. I have no confidence at all that the Americans will not abuse this!
6. Mr.Helpful
Why is it called a privacy charter when it is the opposite of privacy.
Responses: OldBear: Read 1984, it's called Doublespeak. Wren10: "marketing", "re-branding", "spin".  
Now, even more Canadians are planning to never enter the U.S. again. But is that enough?

Calgary Herald – by the Canadian Press – U.S. Will be allowed to share Canadian border into under new privacy charter – 6/28/12
Global News – U.S. Will be allowed to share Canadian border info under new privacy charter – Jim Bronskill – The Canadian Press - 6/28/12
International Trade E Newsletter Content – Toronto Star – 6/29/12
CBC News – U.S. Can share Canadian border info under privacy deal – The Canadian Press – 6/28/12
The Globe & Mail - U.S. Will be allowed to share Canadian border info under new privacy charter – Jim Bronskill - 6/29/12

June 30, 2012  
Hospital Employee's Union – Contracting Out

According to Hospital Employee's Union (HEU) website “a plan by Lower Mainland health authorities to contract out all medical transcription services threatens to put the confidentiality and accuracy of patient records at risk. On Thursday, health authorities issued a request for proposals to contract out the work of more than 130 medical transcriptionists who work out of three hubs located in Vancouver, New Westminster and Abbotsford. HEU secretary-business manager Bonnie Pearson says the move will transfer control over the accuracy and confidentiality of sensitive patient records to a private contractor. “Health authorities have a responsibility to both patients and physicians to maintain close control over highly sensitive patient records,” says Pearson. “This ill-thought out move by health employers comes with an unacceptably high degree of risk.” Medical transcriptionists are responsible for transcribing physicians’ voice-recorded dictation of surgical procedures, consultations, patient histories, laboratory and diagnostic test results, and various reports.”
I have never had any indication that HEU gives a damn about patient privacy (this is a generalized statement about the organization as I believe there are some individuals who do care). HEU is the organization that made sure their employee's privacy was protected but not the patients. I also don't recall them starting a “campaign” when the politicians and their friends took away patient rights to their own medical information. Nor do I recall hearing a peep out of them while, for over 10 years, the DNA of babies was being stored by a private contractor and shared without parent knowledge or consent; in fact, some of these HEU members would have been among the people who conveniently all decided that “the parents wouldn't be interested”in knowing what was happening to their baby's blood. Etc. I only hear about their “concern” for patients when HEU jobs/working conditions are involved.
And to suggest that patient records are confidential, when so much evidence indicates otherwise, is just incredible hypocrisy. But, like the politicians and corporations that run the hospitals, they figure that if tell say it often enough people will believe it or, at least, they won't have to explain why it isn't confidential (I would like to see their evidence that patient records are protected, not just hear the spin). I believe HEU really only cares about the jobs/working conditions of its members and the privacy angle is simply a means to that end.
Having said that, if what they say is true in terms of contracting out medical transciption it probably will worsen an already bad situation. I was told that the contract will go to Accenture (I don't know if this is true), a US corporation which means it is subject to the US Patriot Act. This would be the Accenture that, I understand, did not have its contract renewed with BC Hydro.
I heard there will be a documentary on CTV on Sunday night. It will be interesting to see how much of it is about the patients and their loss of rights and privacy vs HEU and their self-interest.

 June 29, 2012
Collecting New Information through Validation Process

This blog is about privacy but not necessarily hospitals but I thought it might be useful information.

I recently phoned to cancel my utilities with Accenture/hydro and Terasen/Fortis. I was asked for information to validate that I was who I said I was which I think is good. However, both companies asked me for my date of birth. I was fairly sure that I had never given it. When I asked I was told that they were now collecting this information. So, a few problems:

1. Collecting new information is not the same as validating information. In fact, I would think that it would be illegal to collect information in, what seems to me to be, a very devious manner.
2. I asked why they wanted this information and they refused to say. Under the Privacy Act, when you collect information you are required to state why you need it. But then the politicians and their friends do tend to ignore the Privacy Act except when it comes to spin.
3. The information they had on me was obviously good enough all these years.
Everyone wants your date of birth these days. Presumably this has to do with linking computer information. Is this information being shared? I thought the information held on you was suppose to be private so why do they want it?

September 22, 2011

Theme Comments
When I am in front of St. Paul's I get some comments that run in themes. It's as if some people get together and decide to make very similar comments all within a few days. The latest theme is “You can't complain because it's free”. The following are some of the “passer-by” comments and my comments are in brackets.

It's free (no, the citizens pay for it)
They pay for it (assume she meant the politicians and no, we pay for it), but it comes from out taxes (which we pay)
They need it to pay for health-care (That would imply that they are selling our information which, I understand, is illegal)
Isn't it great that in Canada you can complain about something that's free (it isn't free).

If one takes that line of thinking that it's free then we can't complain if the roads are not repaired because their “free”; we cannot complain if the fire department does not go to fires because their “free”; we cannot complain if water doesn't flow through pipes and through our taps because it's “free”, and so on.

Then again maybe I'm wrong, maybe our health-care is free. Maybe we don't pay a dime towards our health-care. In which case, would someone please explain why we pay taxes? Where does the money go? Who does pay for our health-care? Do the medical people work for free?

Then again, maybe I'm right and this is the best excuse “they” can come up with for illegally sharing our information and destroying our rights.
Here's another comment that was quite bizarre (well, more bizarre than usual). A woman told me she worked in the pharmacy area of the hospital, that she had noticed changes over the last two years and wasn't that enough for my purposes. I asked her what changes had occurred and could she prove it. She refused to answer either question. It's like being given a blank piece of paper and having someone tell you there is writing on the paper so isn't that good enough. Presumably, she operates on the premise that she said it therefore it is. Isn't that a god complex?​

September 21, 2011

Privacy Commissioner
I understand the BC privacy commissioner is reviewing BC Hydro's privacy protection (or lack thereof) regarding the information the smart meters will be collecting.(Metro, 7/29/11). I'm sure she will find that everything is just fine. That seems to be the privacy commissioner's job.

Because I try to protect my privacy rights, I have filed a few privacy complaints with both the provincial and federal privacy commissioner's office. Even when I have been absolutely right – NOTHING CHANGES. Even when the privacy commissioner quotes a specific act or law that has been violated/broken – NOTHING CHANGES. Even when the privacy commissioner's office recommends that the organization/company make changes – NOTHING CHANGES.

So, I consider the privacy commissioner essentially useless to normal people. However, it seems that they are an invaluable asset to the government and organizations/companies. When a person complains to a ministry or other organization/company, that ministry or other organization/company just tells that person that if they are not happy then that person can take the matter to the privacy commissioner, knowing full well NOTHING WILL CHANGE. It's the equivalent of telling someone to file their complaint in file 13 (for those of you not familiar with the term, that's the garbage can where things are dumped, never to be seen again). It seems to be a very comfortable diversionary tactic.

In fact, I strongly suspect that the government set up the privacy commissioner's office just for this purpose.

So sad, I had such hopes for it. Instead, it seems to be just another government organization wasting taxpayer money.

June 17, 2011

The Children (bold and italics are mine)

An organization called Kids First Canada has been raising awareness of the violation of children and parent privacy rights. Information is collected and linked, from preconception to adulthood, on your children and family (in fact, it appears that the information will be collected from preconception to death). Twenty-four pages of information, on each child entering school, has been collected by the Ministry of Education using a personal education number (PEN). This information was linked to HELP (Human Early Learning Partnership). HELP is a government funded research consortium of universities. According to HELP's, and associates, websites, it links the child's information to their family data such as medical, birth, death, hospital, perinatal, mental health, census, pharmaceutical, school achievement, daycare, children in province's care, stress, injury and Workers compensation board. This list is expected to increase; for example, HELP wants access to our personal income tax data, patterns of employment, time use, etc. Note that this is not information that is shared that can never be tracked back to you; it can be tracked back to you.
I understand that this is part of the Integrated Management System (see prior blog). This means that there will be thousands of access points to this information.

Until 2010 this information was collected and linked without parents consent. In 2010 this was changed from no consent to passive consent, in other words you have to sign a paper that says you don't want you child's information collected/shared? What if the paper gets lost, or you are busy and forget, or don't read very well, or don't understand what you read, etc. The schools say they will explain it to parents but I suspect they will not explain all the negatives to collecting/sharing your child's information (as much a time as knowledge issue). If your child's personal information ends up in the database all HELP has to say is that “they didn't receive a signed paper”. It would be hard to prove them wrong. On the on the hand, if they must have a signed paper before collecting/sharing the information then they would have to have the paper on file to prove they received it.
Kids First Canada are asking that written parental consent be required and all information collected without parents permission be destroyed.

Some concerns:
- information is being collected without the consent of parents
- information used for purposes not identified
- “HELP has stated in media and elsewhere that names and addresses are not used. However, given that HELP obtains Personal Identification Numbers, medical numbers and postal codes, etc. names and addresses would not be needed to individually identify a person or a family.” (1)
- “Judging from the types of data being collected -i.e. perinatal records, hospital records, census, etc. - parents' and mothers' personal records are also linked.” (1)
- “with increased use of electronic testing in school, children's personal beliefs, plans, opinions and experiences expressed in writing could potentially be linked.” (1)
- Will this pigeon-hole the kids, i.e. are they compliant, do they fit certain peoples expectations, are they “different”, etc.?
- Commercialization - HELP and its group has funding from organizations like the Canadian Institutes for Health Research whose mission is to “work with all partners in a concerted effort to move research from an academic setting to the marketplace”. Also from the CIHR website “CIHR is committed to facilitating the commercialization of health research in Canada in support of its overall mandate.”
- “The public has not consented to this collection of data or its use”.(1)
- Cost – we are paying a lot of money for these people to take our information and use it as they choose, sharing with those they choose, without our knowledge or consent
- The “rules” can change tomorrow without our knowledge, much less our consent.
- Security – The government has shown repeatedly that it cannot, and will not, protect the information in its care.

Just think when your children/grandchildren, nieces/nephews grow up, all their personal information will be available at the press of a button by probably just about anyone (banks, insurance companies, employers, future spouses/friends, universities, and so on). Did your children misbehave in school, did they get along with other kids, were they slow starters in school, did they have any medical issues, what is their family background, were there family problems, etc.

As Kids First Canada say “ Our children are not resources to be mined through schools at huge public expense while many parents struggle to pay for basics”. And neither are we adults.

It is not a question of whether all this information, linked to each person, will be “accessed” but how fast. We were told our medical information was confidential, to be shared only with those directly involved in our medical care, only to find out that it is shared with doctors, hospitals, clinics, pharmacies, their suppliers, researchers (and apparently lots of other people/organizations – who go to the “business office” and plug their computers into the database); and that information is now going to be linked to government ministries and I am sure the list will expand; all without our consent (and in most cases – our knowledge). The government just took the information. And once it's “out there”, it's “out there”. You don't get it back. The people who have this information will know more about you, and your family, than you know about yourself and your family; and they will use it for their own gain.

Some other databases they could link with include the police database. Apparently they've been keeping information even on law-abiding citizens (2). And, of course, the Smart Meter. Just think of the information those graphs would provide – the time you get up, the time you go to bed, whether you work out of home, if you go out in the evening and which nights, if you go on holidays and when, have family/friends over for the holidays, and much more.

And, as has been shown, once the government has your information, they can change the rules (laws) at anytime, without consulting us – unless we make that illegal. If you want our personal information, get our written permission.

We have a right to privacy. We have a right to control our own personal information. The politicians, and their friends, are repeatedly violating that right.

Here is some additional information from HELP, Population Data BC's and Edudata Canada's websites:

HELP'S website states “HELP's leading edge research has resulted in British Columbia being the first and only jurisdiction in the world to monitor the development of young children as they enter kindergarten at a population level.” - versus person-specific?????

“Researcher access to data will be approved by the Data Steward for a holding using a harmonized Research Agreement process through Population Data BC. Named programmers have access to Identifiers to perform linkages on intake only. Content Data are stored on a separate server, and are accessed by named programmers to perform Research Extracts as defined through a Research Agreement. In no cases are Content Data and Identifiers brought back together. This separation of information safeguards the privacy of personal information. “ (HELP)

If you have all the personal information of an individual, I doubt it would take much to “connect the dots”. A person lives in a particular postal code, has x number family members, is x age, etc. And, as Kids First say: “this is a false assurance of privacy as names are not needed when personal numbers are used.” Plus, there will be numerous “links” to all these other databases, and the more links, the greater the likelihood that this “separate server” with all your information,with your identifier number, will be accessed. How hard would it be to track, or intercept, a link? We also know that government people have accessed individual's information in violation of the law when it suited their agenda (The Veteran's affair for example) The Data Stewards are the government ministries and public agencies (but they don't seem to list them all), nor are the agreements shown.

As noted above in one sentence they say that “separation of data safeguards ...your privacy” then later admits that your data isn't safe by saying “Risk of exposure is significantly lower than that of most Data Providers as we separate Identifiers from Content Data”. So, they do admit that there is a risk of exposure, they just don't say how high a risk (and I'd want proof, not just words). By the way, HELP is looking for a part-time privacy officer whose duties will involve “addressing breach response management” - application deadline – April 19, 2011. Nothing like being prepared with the right excuse to explain why your very personal, confidential, information was shared with the world.

“HELP partner, Population Data BC, offers the research community access to one of the world’s largest collections of health care, health services and population health care data; “Population Data BC offers qualified researchers access to a rich source of linkable, person specific, but de-identified data on British Columbia’s four million residents, in many cases from 1985 forward. Current data holdings include health care and health service records, population and demographic data and occupational data. Population Data BC continues to expand its data holdings and is working to bring in datasets from education, early childhood development, work place, and the environment”. Who are these researchers? Are they people from supplier/pharmaceutical/other businesses (many foreign companies subject to the Patriot Act) and how is the information being used?
“The Canadian Education Data Network (Edudata Canada) is developing user-friendly educational research databases from British Columbia and elsewhere. The mission is to create an infrastructure that makes K-12 education data available to researchers, policy makers and other qualified individuals and organizations, subject to privacy and confidentiality guidelines”. Now they say that in addition to sharing with researchers, they will also share with government & “others”. Also, when they say education data it sounds like they are sharing school grades when, in fact, it includes much more.
How can we monitor Population Data BC's use of the data to ensure it is being used as contractually agreed upon?
All usage of the data will be regulated by an Information Sharing Agreement with the data provider which will outline how the provider can monitor the use of the data on an individual basis. This will include regular reports and is outlined further in Population Data BC's Audit Policy. Again this tells us absolutely nothing since we won't know what is in the contract, how they are being monitored or if Population Data BC is upfront about any violations. And no mention of independent audits. In fact, their audit policy is not on their website. And, as we know from the Auditor General's audit of the hospital database, the data provider wasn't monitoring the use/disposal of the data they had shared, so why would we believe that hundreds or thousands of other data providers will monitor the data they share..
CYDTRU – Child and Youth Developmental Trajectories Research Unit - “an emerging research unit within HELP is developing a program of research that will track children's development over time” “...utilizing linkable health, child development (school readiness), education, community resource and socio-demographic data. These databases will enable research projects that can trace individual developmental trajectories (anonymized) from conception to high school leaving, across various facets of the health, social and educational systems for all children in B.C." “CYDTRU researchers are working in collaboration to identify and create additional data sets that will enhance the current stock of trajectories data... - develop and expand the number of population-based person-specific databases and to conduct research projects.” In other words, they are planning to collect even more information on us. As long as there are links back to the person it is not anonymous.
“The BCLHD (BC Linked Health Database) infrastructure brings together person-specific, population-based, longitudinal* data across a broad range of health and societal factors from the late 1980s onwards. The BCLD is one of only a small number of resources in the world where longitudinal research on an entire population can be conducted”. I guess other countries respect their peoples privacy, their peoples rights. Also note that they say entire population, not just children.
For more information you can contact,,; www.edudata,,

* a longitudinal study is a correlational research study that involves repeated observations of the same items over long periods of time – often decades. Longitudinal studies track the same people. - Wikipedia

(1) Kids First Canada
(2) Office of the Information & Privacy Commissioner for BC (OIPC), March 25, 2011, Commissioner Shares BC Civil Liberties Concerns Over Information In Police Database

June 16, 2011


In BC, a lawsuit is now underway, after it was discovered that about 800,000 newborn blood samples, together with names and birth dates, had been stored on information cards since 1999, in a storage facility operated by a private contractor; and the blood samples had been shared with researchers - WITHOUT THE PARENTS KNOWLEDGE, MUCH LESS THEIR CONSENT. (1)

1. This is, in fact, a DNA database. “DNA is your personal signature, and it uniquely identifies us” (Jennifer Puck, University of California, San Francisco) (5)
2. These spots are being shared with researchers, without the parents knowing who the researchers are, who they work for, what kind of research they are doing, to whom they subcontract, etc.
3. Bill 11, passed in May 4, 2010, gives the Minister of Health power to collect, gather, use and share personal information without any notice to or consent from affected individuals.. In other words, your personal information can be shared with governmental and law enforcement agencies, without notice or consent. The B.C. Civil Liberties Association (BCCLA) is trying to have this reversed. (7)
4. The information may be used to discriminate against the individuals by employers, banks, insurance companies, your child's future spouse, etc. “You could make inferences about their future health, about their future behaviour, and if you got samples from their parents or a DNA databank, you can make inferences about family relationships.” (4)
5. The DNA also provides information on other family members (8)
6. The researchers/private companies may manipulate, alter or splice the DNA. (3)
7. The amount of information that can be obtained from DNA is expected to increase (8)
8. The genetic information could be used for unethical purposes such as human cloning,etc.(5)
9. De-identified blood samples are linked to personal information and you can trace the link. The blood samples are stored with a code number in one place that can be easily matched to names stored in another place. (4)
10. The blood samples and other information could be accessed by pharmaceutical and biotechnology companies, commercial companies who might bias or manipulate research findings. (10)
11. “The dark side is the commercial value of the human body. If the nature of the specifics of a given individual is available to the people searching for organ matches, the finding of a match might be someone who is not dead. Yet. (Ultra Bob) (5)
12. How securely is access controlled or is it like our hospitals, where audits have shown that almost anyone could access information. It has also been suggested that there isn't any system, no matter how good, that can't be abused and “once it's out there, it's out there” (10) And it's not just hackers that are a concern but employees with, for example, a flashdrive which can be put into a database to download information.
13. Conflict of interest - “...Just look at the conflict of interest statement in any pharmacogenomics journal today and you will find that the head of each of the major studies and a select group of investigators, funded by public tax payers money from NIH, and YOUR DNA, are going to make huge profits from royalties and huge salaries these physicians-researchers earn because they control proprietary samples that are otherwise hard to come by. Just by tying a SNP to a treatment outcome or diagnostic outcome, there are big profits in the healthcare business to be made; with no real innovation! Hence, one wonders about the real motivation underlying collection of blood samples with consent and especially without consent - a cure or a profit!” (11)
14. Ownership - Who owns the specimens and anything created from the specimens. (10)
15. Cost – It apparently costs quite a lot to store the blood samples in the right climatic environment. Is this how you want our health care dollars spent? (3)

Medical people certainly had lots of opportunity to tell people and ask for their consent. They verbally explained why the “heel prick” (taking a newborn's blood) was important for testing for diseases, they handed out pamphlets, and there was a website. But apparently not one person in the medical field, in over 800,000 births, mentioned that the children's blood was being stored indefinitely and used by others. Apparently no one in the medical field thought people would be interested in knowing the bloodspots were being stored and shared (or so they say), despite the fact that this had become an issue worldwide. (2)

In 2002, the public forced South Carolina to pass a law regulating the collection, storage, and use of blood samples. (9)
In Texas a lawsuit was settled when the state agreed to destroy the stored blood spots. New legislation requires parental consent and allows parents to opt out and all projects must also be published on the agency’s newborn screening website. However, a second lawsuit has been filed because they (the plaintiffs) had not been told, during the first lawsuit, despite asking numerous times, that the blood spots had been sold, traded and bartered. (13)
Blood spot samples apparently were also sent to the U.S. Department of Defense and Homeland Security. The U.S. Department of Defense, who were using the blood samples to build an international database, reportedly destroyed the samples (of course, you never really know, do you???). (13)(6)

A Dublin hospital has stored the DNA of all the people born in the country since 1984, creating a database. This was done without the individual's or parents knowledge, and apparently in contravention of the law; and despite having an ethics committee. (14)

Now that this issue about the children's blood spots has been brought into the open by the public, the BC Newborn Screenings Program has a notification on its website regarding storage. But, of course, it only mentions the positive and not the negative aspects of storing the blood samples. It allows parents to fill out and submit a form requesting the destruction of the blood spot (opt out), as opposed to being asked for their written permission to store/use the blood spot (opt in). It seems that the blood spot cannot be stored unless the parent agrees to it being used by others.
What happens if your form gets "lost". The medical/researcher people could say they never received it. It would be hard to prove them wrong. On the other hand, if they must have a signed paper before storing/sharing the blood samples/name/DOB then they would have to have the paper on file to prove they have a legal right to store/share the blood samples.

So what happens to everyone else's health samples. For example, when you go for a physical or an operation and blood/tissue samples are taken, are they being stored somewhere? What else has the medical/political people decided we don't need to know.

Some comments that I thought were particularly interesting:
Researcher | 10:11 a.m. Feb. 9, 2010
“I have worked in research for over 10 years. My job is to make sure that everyone obeys the law. When it comes to human research, the law is designed to protect the people who are the subject of research. Blood and tissue samples are your property even after they have been removed from your body, and researcher(s) can only do with them what they have gained your legal consent to do. That is the issue here. These researcher(s) do not have legal consent to do what they are doing. So many researchers feel like this is a hindrance. They would prefer to just be able to do whatever they want. They all think that what they are doing is for the greater good. If it is going to produce valuable results, it can and should be done legally. If you don't think these regulations are necessary, do an internet search on the Nuremberg Code, the Tuskeegee experiment, etc. Whether you care what happens to your child's samples or not, it is in everyone's best interest that researchers are forced to be accountable for what they do, and gain the proper consent. “(5) In BC, the politicians have taken the right to give legal consent, to decide what happens to your body parts, from you and given it to themselves.

"It's fine and good to say these can't be identified, but how real is that?" said Hank Greely, a Stanford University bioethicist. "Just because you don't have a name or Social Security number doesn't mean you can't identify it. Once we start using DNA for more and more things like regular medical records, somebody could do a cross-check and say whose blood it is." (12)
One: Telling people that their biospecimens are retained and used for important research, that strict privacy and confidentiality protections are in place, and that “we’re good stewards” of the biospecimens without providing accessible, clear information about those policies, fails to meet even minimum standards of transparency.
Two: Failure to acknowledge that public attitudes and values about consent, genetic research, and privacy/confidentiality may conflict with those of researchers and policymakers can lead to pubic distrust of biospecimen research and impede important research.
Three: Genuine public engagement in developing policies for biobanking initiatives takes time and resources. But the payoff – trust in the research enterprise and willingness to provide biospecimens – is worth the effort. (9)


1. The Globe & Mail, May 11, 2010, Jane Armstrong, Vancouver Parent Challenges Unauthorized Archiving Of Infant's Genetic Blueprint
2. CBC News, May 12, 2010, Scott Applewhite, Storing B.C. Babies' blood violates privacy: group
3. Infowars Ireland, February 8, 2010, Newborns' DNA Routinely Harvested For Government Bio Banks
4. In the Media, February 26, 2009, Barbara Sowell, DNA Testing Without Parental Consent?
5. Deseret News, February 8, 2010, Lauran Neergaard, Blood tests of newborns stirring major ethics debate
6. American-Statesman, May 10,2010, Mary Ann Roser, State agency swaps babies' blood for supplies
7. British Columbia Civil Liberties Association, May 12, 2010, New law may create largest DNA database in Canada
8. Statement of Claim filed with the Supreme Court of Canada, May 14, 2010, British Columbia Civil Liberties Association website
9. The Hastings Centre Report, September 8, 2009, Karen J. Maschke, Disputes over Research with Residual Newborn Screening Blood Specimens
10. Exploring existing and deliberated community perspectives of newborn screening: informing the development of state and national policy standards in newborn screening and the use of dried blood spots; Ian Muchamore, Luke Morphett and Kristine Barlow-Stewart, December 13, 2006
11. The Scientist – Magazine of the Life Sciences, December 23, 2009, Consent issues nix blood samples, Anonymous poster - Non-Profit banking of DNA from blood for Profit
12. Washington Post, June 30, 2009, Rob Stein, Newborns' Blood Samples Are Used for Research Without Parents' Consent
13. Infowars Ireland, NaturalNews, February 20, 2010, Ethan A. Huff, Texas ordered to destroy five million blood samples illegally taken from babies without consent
14. Sunday Times, December 27, 2009, TJ McIntyre, “Is Temple Street Hospital Holding A De Facto National DNA Database

June 15, 2011


The government wants to share our information with social media groups like Facebook. Let me tell you a bit about the ethics of Facebook. Apparently they are “profiling” (I don't know what else you would call it) people who don't even have an account with them and who do not knowingly use their site.
I received some emails from Facebook wanting to know if I wanted to be someone's “friend”. I am trying to figure out how Facebook gets my email address. The people I spoke with said they never gave it to Facebook; one said Facebook “just went in and took it” (whatever that means).
But on the last email, Facebook also listed other people that I know (interestingly, I never received a “do you want to be their friend on Facebook” email for some). I call that profiling, tracking people you communicate with. I am not registered with them and do not knowingly use their site but still they collect information on me. And obviously Facebook benefits from this information (and whoever they share it with) or they wouldn't be collecting it.
In a letter (regarding another privacy complaint) on the Office of the Privacy Commissioner of Canada website (OPC to CIPPIC – under Commissioners Findings – PIPEDA 2009) it states “On the issue of retaining non-user's email addresses, Facebook confirmed it does not use email addresses to track the success of its invitation feature. In fact, it states that it does not keep a specific list of such addresses for its own use.” It appears that Facebook lied to the Privacy Commissioner.
I filed a complaint with the federal Privacy Commissioner's office in May of 2010. The Privacy Commissioner's office is “negotiating” with Facebook. I have asked the Privacy Commissioner's Office not to negotiate away any more of my rights.
Facebook has had a number of privacy issues, yet the government wants to share with Facebook our personal, confidential information. This would give Facebook even more information for their profiling and, quite possibly, the government will get more information on us, such as of list of the people with whom we communicate.

June 14, 2011

Integrated Case Management (ICM)

This is some additional information regarding ICM.

My blog of April 12, 2009 mentions a project called the Information Access Layer, which includes electronic health information and what is called the “Integrated Case Management Project (ICM)”.

The intent of this project is to collect all the client personal data collected by community service organizations that accept money from the government and link (share) the information to government ministries and their private sector contractors. And, it is believed, this information will eventually be shared nationally, and possibly, internationally. In other words, all information that you provide to the government, and any organization that takes a dime from the government, could be linked and shared.

According to a bulletin by the Ministry of Housing and Social Development, Deloitte Inc. has been contracted to develop the computer system. They claim that it will cost $181 million over six years but may start to be implemented by the end of 2010.

If you read “Culture of Care...or Culture of Surveillance?” at, you will note the many concerns. These concerns include identity theft, people not accessing needed services because of privacy issues, legal risks and liabilities to the organizations, the lack of resources to implement the privacy and informational requirements (not to mention the diversion of those resources from aiding the people to providing information to the government), the constitutional right of the province to implement this system

The government has shown, repeatedly, that it neither has the desire nor is capable of protecting the information they collect. As has been proven, when the government says that the information will only be accessed by those who “need” the information, they lie, or, at the very least, have yet to prove that it is not a lie.

Once this information is shared, it is “out there”, it cannot be taken back. The information shared will follow the people for the rest of their lives. And, the government, once it has the information, can change the rules and do whatever it wants with the information (example is the e-health system – when you gave your personal information to a doctor or hospital, over the years, did you know that it would be shared).

Also, the government has yet to operate in an open, transparent, accountable manner. So, we will not know specifically who is accessing the information.

June 13, 2011


In comments to the privacy review (1), Paul Fraser, Acting Information and Privacy Commissioner, recommended to “Add to FIPPA a “duty to document” key prescribed government decisions”. “The OIPC has investigated hundreds of complaints concerning the fact that a requested record does not exist, as one was never created”. “...a “duty to document” be contained in access to information legislation, which would include a requirement for detailed documentation of key government actions and decisions, and an obligation to keep records up to date and readily retrievable, with penalties for non-compliance. A duty to document key government decisions is critical to good governance.”
The government and all the agencies and corporations of the government don't like to document anything because that makes them accountable, which I assume, is one of the reasons the hospitals/clinics refuse to state specifically who has access to our information. So, I will provide some tips based on my own experiences:
1. We have a right to have the information provided by government in writing so I have been told by government staff. And, that you can report them if they refuse to put it in writing.
2. They (those who don't want to put it in writing) will tell you that it is easier to discuss it on the phone (or in person behind closed doors) and they will put the conversation in writing later. I have found that what is later written (if something actually gets written) usually has little resemblance to what was said. So now I insist that it be put in writing, and it helps to prevent misunderstandings.
3. They insist that they just want to say one thing on the phone (or in person). I think of it as the “foot in the door” tactic. They don't stop at one thing and, before you realize it, they have said everything. And nothing is in writing. If I get caught in this tactic now, I let them know that, since they lied and nothing was in writing, it didn't happen, the conversation never took place. And, because it isn't in writing, they can't prove the conversation took place.
4. I had one person from the government who kept phoning me, despite the number of times that I said that I wanted to communicate only in writing. I should have reported him but instead, if I answered the phone I would repeat that I wanted everything in writing and hang up. If he left a message on my answering machine, then I would email him, restating what he had said on the phone and providing an answer. That way he either had to deny what was in my email or, by default, agree that it was what he had said. The end result was that it was in writing.
5. If someone refuses to put it in writing when asked (government or other), if they won't be held accountable, then I know that what they have to say isn't worth my time (the hospitals are an example). And, in fact, may put me at risk because there is a reason they don't want it in writing. I also think it lacks in ethics and integrity.
There are obviously occasions when I don't need it in writing. It's a judgement call. But if I have to think about whether I need it in writing or not, I get it in writing.

(1) Office of the Information & Privacy Commissioner for BC, March 15, 2010, Submission of the A/Information and Privacy Commissioner to the Special Committee to Review the Freedom of Information and Protection of Privacy Act
(2) The Tyee, April 1, 2010, Andrew MacLeod, BC Lousy at Guarding Privacy

June 12, 2011


In an earlier blog (November11, 2009) I wrote that the government had decided to review the Privacy Act for the 3rd time since its inception, and that the committee was composed entirely of politicians and that I didn't have high hopes for a positive outcome.

Well, it is worse than even I expected. It appears that the real purpose for the review was to have the Privacy Act changed to allow the government to legally centralize control of all the personal information obtained from citizens who receive government services. This information would come from all sources contracted to provide government services, including independent community service organizations. The ICM (Integrated Case Management) system would be shared across provincial ministries (and god knows who else) since I'm sure they won't tell us who has access. ALL WITHOUT OUR CONSENT.
And the government wants to store the database outside of Canada. I'm sure that would be in the United States, where the Patriot Act would give the US access to all our personal information. That, of course, assumes that they don't already have it. To add insult to injury the “government” hired a foreign company to handle all our personal information. What's wrong with Canadian companies, Canadian people. The government always talks about promoting Canadian companies, Canadian jobs, then hires foreign companies.
Currently the government is only allowed to store our information outside Canada for short periods of time. Why does our information have to go outside Canada at all? As you will see in future blogs, the government is prepared to spend huge sums of our money in collecting our information, why don't they invest in protecting it – inside Canada. Then again, Nancy Napolitano of U.S. Homeland Security did say she wanted more information on Canadians. Maybe this is how it happens.

June 11, 2011

Privacy Breaches

The Acting Information and Privacy Commissioner, Paul Fraser, to his credit, has pointed out the governments inability to protect personal information. This was shown in a report, dated February 9, 2009 (I believe they mean't 2010), from the Office of the Information and Privacy Commissioner for BC, on an investigation on the large-scale privacy breach by the Ministry of Children and Family Development (MCFD). In the report “Commissioner Fraser found MCFD and MHSD failed to make reasonable security arrangements to protect personal information from risks such as unauthorized access, collection, use, disclosure or disposal as required by the Freedom of Information and Protection of Privacy Act (FIPPA). In addition, “Commissioner Fraser found a troubling lack of knowledge within the Ministries about the rules respecting the protection of personal information”. So, not only do they not protect personal formation, they don't even know the privacy rules.
Some of the recommendations in the report by the Special Committee to Review the Freedom of Information and Protection of Privacy Act (based on recommendations of various groups/individuals) are:

Recommendation 20: Amend the Act to allow an individual to consent to the collection, use and disclosure of their personal information by a public body (similar to the Personal Information Protection Act).
“OIPC and privacy advocates....questioned whether the concept of consent was meaningful because of the power imbalance between the clients and providers of on-line, integrated government services.”

This was from OIPC – Cantelon letter 21 Apr 10 – From Paul Fraser under Consent, Collection and Disclosure:
“We strongly disagree with government’s submission that FIPPA should permit collection of personal information with consent. One of the internationally recognized privacy principles is that the collection of personal information must be limited to that which is necessary for the purposes identified by the organization. Permitting government to collect more than is necessary via a consent mechanism violates this privacy principle and would be inconsistent with all other public sector privacy legislation in Canada. Any “consent” would be meaningless given that citizens would not have any genuine or real choice to consent if they want or need to obtain government services.”

As you will note in a later blog on the children, this can result in a situation tantamount to blackmail, i.e. give us your consent or we will deny you medical service.

​Recommendation 22: Consider holding public consultations on data sharing initiatives.
The OIPC submission, presented to the Special Committee on March 31, 2010, also focused on the privacy provisions of the Act. The submission pointed out that new information technologies enable
data sharing initiatives on a scale and frequency that were never contemplated at the time the Act was drafted. The new ways in which the personal information contained in electronic databases is being collected, used and disclosed in data sharing projects raise significant privacy issues. When there is a bulk disclosure of personal information from a large database of one public body to another public body, citizens usually do not know how their personal information is being reconfigured, who is accessing it, for what purpose, whether it is accurate and how they can access it. This is particularly true where the transferred data is linked with personal information in other databases.
For this reason, the OIPC argued the public must be engaged in discussions around protecting privacy rights in data sharing projects. Its submission recommended that a code of practice be
developed by government in an open and transparent manner with stakeholder consultation through something like a White Paper process. A public consultation process on data sharing was successfully conducted by government and the Commissioner’s office in Britain in recent years.
The Special Committee supports the idea of a consultation process because we see it as a way to educate British Columbians on how the Act works now and how requests are treated by public bodies. We have concerns, though, about the prescriptive tone and broad scope of this OIPC amendment (as well as the one requiring the Commissioner’s approval for data-sharing initiatives).
Our own recommendation to government in regard to consultation is more modest.”

“Recommendation 23: Appoint a Government Chief Privacy Officer.
The OIPC submission also stated that a government-appointed Chief Privacy Officer is urgently required to act as a privacy advocate in the decision-making process and to ensure that privacy is fully
considered and respected in any new initiative. This recommendation had been made by the former Information and Privacy Commissioner, and the current A/Commissioner in his investigation report
into a recent privacy breach.
While the Special Committee is reluctant to create a new layer of bureaucracy, we think there is a need to educate ministries about what they can and cannot do in regard to privacy matters.”

If the public servants haven't learned to read, to take courses or have an interest in protecting privacy by now, or interprets the Privacy Act in a self-serving way, I wonder if adding another layer of government bureaucracy will have any value. I still believe that we need transparency. I believe the public servants need to know we are monitoring them, holding them accountable. We need to know exactly what information is being collected, why it is being collected, specifically who has access, and specifically what measures are taken to protect that information. This should be followed up by independent reviews.

“Recommendation 24: Amend the Act to require that data sharing projects for the purpose of research must be subject to ethics review by an arm’s length stewardship committee.
The OIPC submission suggested too that some form of specific ethics review is necessary and desirable for government’s data sharing activities for the purposes of research. Complementary research-governance measures should be adopted in addition to the approval role for the OIPC. A committee of experts should be appointed by government that would function in a manner similar to research ethics boards of universities and the stewardship committees of the Ministry of Health Services. It would apply the criteria in s. 35(1) of the Act and such other criteria as are considered desirable in the committee’s terms of reference. The committee’s approval should be a mandatory precondition to disclosure of personal information by any public body for research purposes.”

This comes back to transparency and accountability. A committee of unknown individuals, agreeing to share our information with unknown research organizations, for unknown purposes – unknown to the individuals whose information will be shared. Why not recommend that consent be obtained from the people whose information is being shared? Why not identify who the researchers are, who they work for, what type of research they are doing with our information, and who will have access to our information, and who profits. After all, who selects these committees – not us!! Whose interests will these committee members serve? And if everything is above-board, then there is no need to hide this information. I just see this as another form of secrecy, and if you have secrecy you must have something to hide, and that may be fine, if it's your information but it isn't, its ours.

And from BC Office of the Privacy Commissioner - 2010 Annual Report News Release
“The risks to privacy presented by the growth of networked databases is a growing concern for public and private sector agencies, and a key challenge for the Office of the Information and Privacy Commissioner. This message was delivered in the office’s annual report, issued by Acting Information and Privacy Commissioner Paul Fraser, Q.C. today. “The erosion of privacy protection is nothing new, but the nature and magnitude of the risks to privacy provide increasing cause for alarm.”
New technologies are enabling, and driving the creation of more and more personal information data bases. “These systems collect and match disparate pieces of information about us and create a digital persona that not only may we be unaware of, but which may not represent an accurate picture of who we are,” the Acting Commissioner stated. “Yet this information will be used in decisions that affect us. I cannot understate the urgency of building these systems in a transparent, restrained and accountable way.”
Perhaps the first questions should be – do we (the patients, the citizens) need these systems, and who benefits.

I have not heard what the government will do. It can ignore all recommendations, or some recommendation; in essence it can do what it wants.

June 10, 2011


I understand from a newspaper article (The Province, August 27, 2010 pg. A10) that Auditor General John Doyle is in trouble with the politicians. There seems to be a conflict regarding who he works for – the politicians or the people. Fortunately, he believes that he works for the people and keeps doing his job and exposing wrong-doings of the politicians, including the violation of privacy rights. I hope he continues and doesn't bend to political pressure.

There is a question I have regarding his report on the hospital database audit. Mr. Doyle's report says that so many people were accessing patient information that it was impossible to sort out who was accessing the information. Doesn't the CEO Dr. David Ostrow know who his suppliers are and which were accessing patient information? Doesn't the CEO, Dr. David Ostrow, know who was allowed into the “business room” to plug their computers in the database and whose information they downloaded or was this available to anyone walking in off the street, no questions asked?

Madam Justice L'Heureux, of the Supreme Court of Canada, – Dube in R.V. O'Connor stated:
“Respect for individual privacy is an essential component of what it means to be free...When a private document or record is revealed the invasion is not with respect to the particular document or record in question. Rather, it is an invasion of the dignity and self-worth of the individual, who enjoys the right to privacy as an essential aspect of his or her liberty in a free and democratic society.” - R.v O'Connor [1995] 4 S.C.R. 411 at paras. 114, 119 – pg. 17
So, when someone violates your privacy rights they are also destroying your freedom and democracy.
We appear to have a segregated society in B.C., those whose privacy rights are respected in word and in action, and the rest of us whose privacy rights exist only on paper. Which group are you in??

July 22, 2010


Last night, as I handed out information in front of St. Paul's, I met a lot of supportive people.
However, one man came up very close to me, at first I thought he had been drinking, and I started to back away but he grabbed both my wrists very tightly, holding my arms straight down, and said “You had better find a new activity in life”. He then went into St. Paul's. It all happened very quickly. I didn't smell any alcohol and I believe that he new exactly what he was doing. Later I noticed that I had a red mark on part of one wrist and broken skin.
I mention this because I think it is important that people understand the difficulties and risks that people face when they are peacefully and legally exercising their democratic rights in this country.

May 24, 2010

The Auditor General and the Office of the Information and Privacy Commissioner of BC (OIPC) conducted independent audits of one database (called PARIS) of Vancouver Coastal Health Authority (VCH). I commend them, particularly the Auditor General, for finally exposing the truth (or at least a good part of it) -- that our privacy within the health care system is virtually non-existent. I highly recommend that you read/skim the reports. Even if you don't understand it all, it will give you an idea of how badly our privacy and rights have been violated.

I will reiterate some of the findings from the audits, with a few comments of my own. Please note that PARIS is just one of eight core databases operated by VCH. Patients are referred to as clients.

Privacy Commissioner's Audit:
- “One of the ethical obligations of every health professional is to protect the confidentiality of patient information. The assurance of privacy is essential for patients to be willing to engage in the frank communication with their health care providers that providers rely on to deliver quality care. Patients assume that their personal health information is kept confidential because it is such a well understood hallmark of the provider/patient relationship.” (pg. 5)
The protection of privacy is a fundamental value in modern democracies and is enshrined in ss. 7 and 8 of the Canadian Charter of Rights and Freedoms.2 - (pg. 5)
- “The following types of information are collected into PARIS: Names of clients, contact information of clients, personal health numbers of clients, allergies of clients, employment, funding or eligibility of funding, education, languages, case notes relating to treatment of clients, names of family members or friends of clients (known as “associated persons” in PARIS), contact information of associated persons, whether the associated person is receiving health care from VCH, financial information and social insurance numbers of clients.” (pg. 13)
- Information was illegally shared with other organizations. When the PCO pointed this out, the government just passed legislative amendments making it legal for VCH to share some of the information. (pg. 16) (pg. 27)
- The information provided to clients (pg. 16) by VCH was “incomplete”, in other words VCH wasn't telling everything about what happened to personal information. You will find this to be a recurring tactic in the health care/government system. It appears that the premise is that the less we know, the less we will question, the more we will trust the system and the more they can hide. And, as you will see, there was/is a lot they didn't/don't want us to know.

And, not surprisingly, I didn't find any reference to the audits on the VCH website.
- “VCH does not have a secondary use policy in place to ensure the conditions for the use of personal information for research are met.” (pg. 34) In other words, when giving research organizations personal information, VCH did not ensure that “high standards for privacy and security” were met. The Auditor General found that they was no follow-up to ensure that the information was used and disposed of appropriately.
- I found this information particularly interesting. “An important privacy principle is that individuals should have control over their own personal information to the maximum extent possible. One mechanism that provides an individual with the ability to control their personal information in an electronic system is a “masking” feature. This allows an individual to restrict access to personal information that is collected by the public body. In order for this option to be meaningful, the public body must inform individuals that the option is available; there should not be any barriers for the individual to exercise it; and the individual must be advised of the implications and have access to clinical advice. The ability of a client to mask their personal information is particularly important when its collection is mandatory.” “In PARIS, there is an Enhanced Information Security Client (“EIS”) flag feature in the system that enhances the ability of clients to control their own personal information in PARIS. “ (pg. 35) However, the only people who could utilize the EIS were “staff or family member of a staff person, notable person, and clients who can demonstrate the the PARIS security model does not provide sufficient security.” It's been my experience, through Providence Health Care, that VCH keeps its security arrangements, or lack thereof, secret, so how would anyone know if their information was secure, much less prove it. In essence, staff members and “notables” had rights, the rest of us didn't.
- I had a doctor ask me why I was concerned about my privacy, after all I wasn't important. I tried to explain that I thought I was a damn important person, just as important as anyone else. This was interpreted by the doctor as meaning that I thought I would be important in the future. The concept that I am important now, just as I am, with the same rights as anyone else, was beyond this doctor's comprehension. This attitude seems to be pervasive in the medical system, and I suspect, all government.
- “Because of the large number, and serious nature, of the deficiencies in security, we have chosen not to elaborate on them in this report.” (pg. 37) The Auditor General's report exposes these deficiencies (see below).
- “Archiving records is an effective means to minimize inappropriate access.” “We found that there was no archiving of records in PARIS.” (pg. 42)
- “In our view, the information that is provided to clients about their right to make access requests is inadequate in that it does not inform them about the process for making access requests, the possible scope of the request (e.g. audit logs), timelines, fees and where the request must be made. Improvements are needed to better inform clients about their access rights under FIPPA. With respect to an electronic health record system, clients should have access to the audit logs for their health record so that they are able to monitor disclosure of their own personal information.” (pg. 43)
- “there is so much access to client records that it is impossible to analyze the [au
dit] reports.” (pg. 51) Except, of course, for those privileged few using EIS.
- “It must be noted that many of the problems were not caused by PARIS, but instead were the result of human decisions in respect of how personal health information would be collected into, made available by and disclosed through the system, which is a human issue.” (pg. 53)

- “We found that VCH is routinely, and without legislative authority, disclosing identifiable data sets to other public and not-for-profit entities...” (pg. 54
- For employee's, “privacy training and education at VCH is inadequate.” (pg. 52) Actually, it appears to be almost non-existent.

Auditor General's Report:
- “ Maintaining the confidentiality and integrity of individuals’ health care records is profoundly important. Failure by health care organizations to properly manage and safeguard this information could have serious consequences, from compromising an individual’s privacy to enabling identity theft or other fraudulent use of personal information to occur.” (pg. 1) ” If adequate controls are not in place, the results could be loss of individual privacy, corruption or manipulation of client information, medical identity theft, or system failure.” (pg. 5) Remember that this system has not been properly managed since its inception in 2001 and this probably applies to all health care information in other systems.
- “I undertook an assessment of a clinical information system used by the Vancouver Coastal Health Authority (VCHA)...In every key area we examined — from the management and assignment of user access to security controls within the health authority’s computing environment — we found serious weaknesses.” (pg. 1) (bolding is mine)
- “Because PARIS users are not granted access on a “need-to-know” basis, sensitive and confidential health care records were accessible to thousands of users who have neither the need nor the right to see the information. Security controls throughout the network and over the database were so inadequate that there was a high risk of external and internal attackers being able to access or extract information, without VCHA even being aware of it. Fundamental controls to prevent or detect unauthorized access to the system were lacking, and monitoring to determine what data exchanges occurred was also insufficient.” (pg. 1)
- “In several areas, the governance and direction that staff needed to build a secure environment were not in place. Staff were not provided guidance on security controls to mitigate risks. The organization did not have an IT security policy and basic security practices (such as building layers of defense within the system) were inadequate.” (pg. 1)
- “Due to the seriousness of the deficiencies, I delayed the publication of this audit report to allow sufficient time for VCHA to address the security vulnerabilities we identified, thereby ensuring that this report would not further expose the system to potential compromise. I have been satisfied with the responsiveness and significant effort that VCHA has put into addressing the most significant problems, in a relatively short time. Over the next months, my staff will continue monitoring the actions of the VCHA in addressing the remaining audit findings. Based on the conclusions of this audit and other work performed by my staff, some of the fundamental security weaknesses identified in this information system may be present to some degree in other government systems. The findings and recommendations reported here should therefore be of use to other organizations in the health industry, as well as in other sectors. Adequate security controls should be built into any system, and it is equally important to undertake regular reviews of critical systems to ensure that they remain sufficiently secure.” (pg. 2)
- “We have not published all the details of the findings and recommendations from the detailed management report, to avoid introducing additional security risks. We consolidated the most significant recommendations from the detailed management report into 10 key recommendations.” (pg. 6)

Recommendations (Please go the Auditor General's Report for the complete version):
“Access is beyond “need-to-know” - Access granted to PARIS client records is excessive, with users in many cases having full, unmonitored access to all client records. ( pg. 6)

System Security is Inadequate – Controls to detect and prevent external or internal attacks are not adequate. (pg. 7)

Security Policies are Lacking – The lack of a comprehensive security policy for PARIS has contributed to the absence of other fundamental security controls in the system and of the processes affecting the network, database, operating system and application security. The overall organizational security culture has not set the right tone for a secure environment. (pg. 7)

The database is not secure - Lack of proper database security controls means that errant data could be input, data could be corrupted, unauthorized viewing or data extraction could occur. There have been several irregularities, including connections made to the production database by non‑production servers; vendors having continuous database access; users gaining access to the database directly through unprotected roles; and support staff having access to powerful database privileges that should be restricted to database administrators. - (pg. 8)

Risk of data leakage - There are insufficient controls to ensure that client information stored on PARIS has been safeguarded from inappropriate disclosure for the personal or financial gain of insiders or external intruders. Logs are not monitored; traffic to the database is not restricted; information extracted from the database is not tracked; default passwords have not been changed; and the database management privileges are not properly restricted. - (pg. 8)

Monitoring is not Adequate – Inadequate visibility, logging, monitoring, analysis and management of audit trails could result in external or internal attacks going undetected. Most logs are not monitored, limited information is collected, and log management capabilities are insufficient for consolidating and analyzing the logs. (pg. 9)

Access Is Not Properly Maintained – Inadequate user ID and password management practices could put the system at risk of unauthorized and undetected access. (pg. 9)

Unsecure network access - Current system settings and practices do not restrict unsecure connections to be made into sensitive systems. Physical connections in meeting rooms allow non-VCHA computers to connect to the internal network and the Internet. Unaccounted-for laptops are able to connect to the internal network, remote access servers are allowing connections to bypass perimeter defences, and Virtual Private Network (VPN) users are granted too much access within the internal network. - (pg. 9)

Inadequate Traffic Control on the internal Network – Within the internal network, there are no access control mechanisms to restrict traffic to critical servers or to reduce the spread of viruses or malicious code throughout the network. (pg. 10)

Record management practices are lacking - No classification system or retention policies are in place to effectively guide or manage the removal or archiving of client records that are no longer relevant. These records therefore remain accessible and viewable in the system indefinitely.” - (pg. 10)

Additionally, on page 20 the report states: “We found that a comprehensive security policy for PARIS does not exist. Only a few security policies are in place, and some of those have only recently been established. In all of the IT areas we assessed, we found little guidance provided to IT support staff to tell them what security controls should be implemented.”
On page 22 the report states “Both IT and application support staff have full, unmonitored access to all information”, and “Open vendor accounts exist, allowing health care data to be copied even outside the VCH at any time.”
On page 24 the report states “We found that that some users with former employment or contractual relationships with the Vancouver Coastal Health Authority are still able to access the PARIS network and its resources.
„. Processes are not always followed to remove or change a user’s access when his or her employment or contractual status changes.
„. We found that hundreds of former users, both employees and contractors, still have access to resources through active application accounts, network accounts and Virtual Private Network accounts.
„. Passwords for powerful, privileged IT support accounts have, in some cases, not been changed even though users who know the passwords have left the employment of the health authority.”

After reading this – major deficiencies in every area, 127 recommendations by the Auditor General, you really need to read VCH's response on pg. 11. I think this is symptomatic of the system – the creation of an illusion. Some quotes from Dr. David Ostrow, President and Chief Executive Officer:
“We also know that safeguarding that information is crucial — not just to comply with legislation, but to build confidence and trust in those we serve.
VCH believes that PARIS has served our community patients and clients well without any demonstrated risk to safety.
As you are aware, VCH has always placed a strong emphasis on the protection and confidentiality of patient/client information.
VCH acknowledges it cannot become complacent in the areas of security, confidentiality and protection of privacy.”

I really think this guy wants an award. There is no apology, no recognition of the damage done. Quite the opposite, he just wants to blow it off, an “oh well, no harm done” and “aren't we wonderful” attitude, as if his words still had value. Major deficiencies in every area, virtually open access to all our information but he says that “VCH has always placed a strong emphasis on the protection and confidentiality of patient/client information” A complete disconnect between words and actions, to put it politely. Really, how disgusting, how reprehensible.
As one woman, who came up to speak to me at St. Paul's, pointed out, that even if the security was made perfect today (won't happen) all our information up to today is “out there”. We don't know who has it, how it's being used, or when it will be used against us. Actually, some people I have spoken to have already run into problems.
Dr. Ostrow's kind of statements I think of as propaganda/brainwashing. If you say something often enough, no matter how far it is from the truth, people will start to believe it. It is the difference between words and actions. It is a recurring tactic in the government system.
The medical/government system has lost and does not deserve our trust. In my opinion, they have lied, manipulated and conned about the status of our personal/medical information. In fact, it appears that that our personal/medical information has never been protected, at least since they started using computers, and probably before then.
When I filed my complaint with the OIPC 6 years ago, I was told that the hospitals had never taken steps to determine if they were in compliance with the Privacy Act. So, to the best of my knowledge, this is the first audit that has been done since the Privacy Act came into effect in 1993. So, it took them 15 years to do one audit.

To add insult to injury, I still have people, who say they work at St. Paul's, tell me that the system is good. One person said that at meetings they are told to “ssh”, they aren't suppose to say certain things that are private. Presumably I am suppose to believe that our information is safe because they have a “ssh” policy (at least at meetings). This is someone who works in the system and who, therefore, must have a good idea of the lack of privacy.
As pointed out by the Auditor General, the systems will evolve to meet changing needs, and “Any computing environment has risks that must be constantly addressed and managed.” If the medical system has such a complete lack of concern on security issues now, how can we trust that, even if forced to meet minimum standards today, they will do what is required to meet future minimum security standards.. And again I reiterate, only one core database in one health authority as been audited.
“They [VCH] have told us that the most significant deficiencies identified have been fixed.” (pg. 6 – Auditor General) First of all we cannot trust the VCH to tell the truth. Have they fixed the major deficiencies? We don't really know because it has not been checked by an independent source and VCH has repeatedly lied to us about the security of the system.
The OIPC and Auditor General offers “recommendations”. They will monitor VCH over the next year to see if VCH implements the “recommendations”. Again, I assume they will rely on VCH's “word”. Will we be told if VCH doesn't implement some of the recommendations? Quite honestly I doubt it.
The rest of the medical system is presumed to be as bad or worse. Who is going to ensure that they are “fixed”.
While I commend the Auditor General on the audit, I want to point out that I take exception to a statement by the Auditor General that “security is not the main focus of the health care system”, implying that it is understandable that they made these horrendous errors. People walking or driving don't have the traffic laws as their main focus, but will be fined and even jailed if they break the laws. Most people's main focus is earning an income, not paying taxes. Yet, they will be fined and even jailed if they break the tax laws. VCH will not be fined (of course they would pay with our money anyways), no one lost their job, was disciplined or was charged. These people who have been violating our rights for years will not be punished in any way. That's how much our rights matter.
When there is no trust, it leads one to wonder if some of the information collected illegally was done so because people, who had illegal access to our information, wanted it. Are tests, not necessary to the patient's health care, being done for other purposes? Etcetera.
Also, has anyone heard from the doctors or nurses, etc. or their associations or unions? Have you heard of any of these standing up and saying this is wrong and needs to be fixed? I haven't, with the exception of a report, from the doctor's association, outlining their concern regarding the central health database, and I don't believe it addressed the essentially non-existent security in the medical system. I have had some doctors, etc. come to me and tell me that I'm wrong, that our information is safe. But I have also had doctors, etc. tell me, quietly, that I was right. One doctor told me that the loss of information from the hospitals wasn't a leak but a flood. So true. But the reality is that one person, such as myself, shouldn't have to spend 5 years, and counting, standing in the streets, bringing this to people's attention, taking all the abuse, when so many people knew the truth.

Please note that I hope these suggestions are just the start of an open discussion by the people of this province on how best to make the medical system, and the protection of our information, more transparent and accountable to us (ie. all the people).

1. We need to have the medical system continually monitored
2. We need someone who is independent of the government to continually monitor the health system. PCO calls itself independent but when the privacy commissioner is appointed by the politicians and your career advancement is dependent on the politicians, you are not independent. In addition, PCO has to stick to looking at what is legal, what is allowed under legislation. We need someone who can look past that, to what should be made legal, or what legal rights should be revoked, and what other methods/systems could be used to accomplish the same purpose (ex. sharing information) that would not impact our privacy.
3. I am concerned with the frequent reference in the OIPC report that if the hospitals want to share information, just have yourself designated as a health information bank under the E-Health Act, which legally allows sharing. I think this needs to be reviewed.
4. Possibly this person(s), group(s) could be elected. I would suggest we have more than one person/group reviewing different hospitals or they could alternate health authorities so a person (group) does not become embedded. Their findings could be put on a website and/or their could hold public forums to hear people's concerns and experiences.
And for those of yo
u who would like to accuse me of doing what I do for reasons other than “protecting my rights”, I would not be the slighest bit interested in auditing the hospitals. And my word has value.

5. We should know about any person/group who is looking into privacy issues in the health care sector, who they are, who pays them, and the scope of their mandate. They should not be allowed to hide in the shadows.

6. Information should be shown on a website and/or other means, accessible by the public, sufficient to allow the public to know who has access to their information and under what circumstances. For example, The OIPC has recommended a role-based access control system. “role-based access control (is) capable of mapping each user to one or more roles, and each role to one or more system functions.” (pg. 20). This mapping could be provided to the public.
7. The public should be told, via a website and/or other means, what information is being provided to what research organization for what research. If everything is above board, then there is no need for all the secrecy. The general topic of the research would probably be sufficient.
8. As recommended by the OIPC, people should be informed what to do to mask their personal information.
9. As recommended by the OIPC clients should  receive a copy of audit logs automatically.”(pg. 42). Plus, there shouldn't be roadblocks to a patient accessing their medical information. One of the most frequent complaints I hear, when I am outside St. Paul's, is how difficult it is to get access to their own information. Interesting isn't it, when everyone else has access. I also think of this as a tactic to make it appear that the front door is locked tight so people wouldn't notice that the back door is wide open.

10. One central committee should prepare the forms for the health authorities. This would help to ensure that all forms ask legal questions, are easy to update and audit, and would save taxpayers a lot of money by reducing redundancy.
11. Efforts should be made to determine who has illegally collected our information, and have it deleted, after informing the “client”. A law should be passed which states that anyone having and using patient information, unless directly related to patient care, will be severely punished. But I don't know what you do about the information that has gone out of Canada.

The medical system has lost all right to be trusted. I now operate on the basis that if they can't prove, it isn't true.
And, in the medical system, the only safe information is that which isn't given or is false.

May 10, 2010

A lot has been happening in the last few months. For example, an audit showing the appalling lack of privacy protection of our medical information, Gordo et al wanting all our information (medical plus all our other information) in a database in the US, etc. So, there will be several new postings in the next short while, as soon as I have finished reading all the reports.

April 13, 2010


I am going tell you about a privacy problem with Revenue Canada. The story is true but I will use Party A and Party B to protect the privacy of the people involved. It illustrates so well the huge gap, the contradiction, between what the government (any level of government) says and what it does.
Party A received a notice from Revenue Canada stating that authorization had been given to Party B to access Party A's tax information, in accordance with the form signed by Party A. Party A immediately phoned Revenue Canada informing them that Party A had never signed any such form. Revenue Canada immediately removed Party B's authorization to access Party A's supposedly confidential information.
Party A then asked for more information, such as a copy of the form, how it was submitted (by mail or fax), etc. because this involved potential violation of privacy rights, fraud, forgery, etc. Party A was told to fax a request and given two fax numbers. A fax was sent to the first number and when a reply wasn't forthcoming, a fax was sent to the second number. Two months later Party A still had not received a reply. Despite contacting Revenue Canada several times and explaining that the situation involved a potential crime, requesting to talk to someone or be given an email to contact someone, no help was given. There was no one that Party A could talk to, or email, regarding this potential crime.
Finally, Party A sent emails to the Minister of National Revenue and the local MP (who was from a different party). No response was ever received from the Minister of National Revenue but the local MP was able to get an answer from the local Revenue Canada office.
An “investigation” was conducted, and Party A was told that Party A's identifying number had been inadvertently entered on the form but Party A's information had never been accessed. Revenue Canada obviously hoped that would be the end of it.
But Party A pointed out the list of errors, the problems in their system:
1. Party A's identifying number was entered "in error" on a consent form (or so it was claimed).
2. The information was input into Revenue Canada's system even though the other information on the form did not match the identifying number.
3. Two faxes were sent to Revenue Canada and "lost".
4. Despite the fact that this was identified as a potential CRIME, there was no one Party A could speak with. Was this an error on the operators part (because Party A spoke to several) or was this policy? If this was policy, why does Revenue Canada have a policy that a person cannot talk to someone about a potential crime
5. Revenue Canada stated that the consent form was processed at the same time that the notification letter went out. In other words, access was granted before there was time for the notification letter to reach the recipient and allow the recipient to take action. In other words, someone wanting to access another person's information has however long it takes for the notification letter to reach the recipient and have the authorization cancelled and, if the recipient is away, even longer. Is it policy to allow access at the same time the notification was sent out or was this another error?
Party A asked why the mistakes were made and what they were doing to fix the problems? Revenue Canada's response was that they were committed to providing the best possible service but refused to answer the questions. This is also the government that says that they will get tough on crime, but in fact don't even want to hear about it.
Do you see the difference between the words and the actions? Do you really think the provincial government and its agencies care, any more than the federal government, about the protection of your privacy?

January 10, 2010

People have said to me that we should be grateful for our health care system and not complain because other people don't have as good a health system. They speak as if this is a gift from the hospitals. It isn't. The people of this province and this country, in their wisdom, chose this system. The citizens of Canada pay for this system because they want every person who needs health care to have access to it. This health system belongs to the people. The medical system, and the people who work in the medical system, work for the people of British Columbia and Canada. If the people who fund the system want to know where their information is going, why won't the people we employ provide it?
Tracey Tyler, wrote in the Star, Jan. 14, 2009, of a court ruling in Ontario (in this case regarding the Toronto Police Services Board) that required , “municipal government institutions to produce any electronically stored information the public has a right to see, even if it requires using new technical expertise to develop new software”. So, if the police are required to provide information that the public “has a right to see”, why aren't the hospitals?

November 11, 2009


The government has decided to review the Privacy Act for the 3rd time. The committee reviewing the Act is composed entirely of politicians. Needless to say, I don't have high hopes for any beneficial outcomes (for the general public).
Even if the politicians actually did make a beneficial change, what do we gain. If you don't implement the Privacy Act, it is nothing but useless writing on paper. As we have seen, the government seems to be one of the worst organizations for ignoring the Act. When I first asked questions about privacy at the hospitals, the hospitals had not brought themselves into conformity with the Act, even though the Privacy Act had been in effect for 13 years. When I made phone calls to the hospitals inquiring about the Privacy Act, the people I spoke to had no idea what I was talking about. I was asked what I meant by the Privacy Act, what was the Privacy Act, what is a Privacy officer, etc. These were front line people dealing with the public. So, if after 13 years, hospital staff had no idea what the Privacy Act was, how could they be expected to implement it, to protect our privacy.
Have you walked into a retail store, or an insurance office, etc. and been asked questions? If you ask them why they need this information, do you get a straight forward answer, as is your right under the Privacy Act. Or, do you get answers such as “the computer needs it”, “everyone asks these questions”, “I don't know so just answer it otherwise I won't sell you the product”? In most cases, you have to be very persistent to get a real answer; in some cases even that doesn't work. Most people (general public) aren't that knowledgeable regarding the Privacy Act and/or assertive. And those who are, I suspect often get tired of the fight or, like me, just try to minimize buying anything new. So, the end result is that people's privacy rights are not respected or protected because the Privacy Act is, for the most part, not enforced.
I find it ironic that the politicians will be commemorating Remembrance Day, commemorating the people who fought and died for our rights (including our right to privacy), while they make a mockery of those rights.
I continue to receive threats, some subtle and some not so subtle, while handing out information in front of St. Paul's. For example, I was told that if I came back again I would be given something to be really concerned about (I have been back since). I was told by another person that people who do what I do (peacefully exercise my democratic right to hand out information) “often go missing”. I will not be out as much during the winter months but if I am not in front of St. Paul's for any length of time -- I may have gone missing. This is our democracy.

October 8, 2009


Were you aware that the government had proclaimed September 28 to October 2 as “Right to Know Week” in BC. The government recognizes that the BC Privacy Act grants the people of BC a right of access to information in the custody or control of public bodies.
Ok, I'm back. I had to take a break. I was laughing so hard I couldn't type. I'm sure the politicians are laughing equally hard at the “Right to Know” statement and anyone who actually believes it. “Right to Know” week – what I can only consider as another hypocritcal farce brought to you by the government of BC.

August 8, 2009


Today, as I stood outside St Paul's handing out information, I was approached by two of their security guards, two big guys, who stood in front of me and told me that I was on public property and did I have a permit. Believe me, this was not said nicely; it was said in a tone and manner that I felt to be very threatening. One guy told the other to contact ? (I didn't catch who they were phoning), as far as I knew it was the police, athough I wish they had been called. I was very confused because I knew that I didn't need a permit. I thought they mean't that I was not allowed to have my things on St. Paul's property so I moved my papers and petition off the ledge and put them on the sidewalk and said “I am on public property, now get the hell out of my face”. They did not move, they didn't explain what they were doing, just continued with their phone call and I felt as if I was about to be thrown in jail or charged with some crime although I had no idea what that would be.
A few minutes later they walked up the street and talked to someone. This person then walked towards me and told me that he had explained to the security guards that I was on public property and that I had a right to be there, and they didn't know that. It would appear that he was their supervisor, although he never introduced himself. He did have courtesy to apologize but then said “no harm done”. Well, there was harm done. When you threaten someone, when you treat them like a criminal, when you demand information you have no right to demand, especially when the person has done nothing wrong, there is harm done. And I am sure the people walking by thought I had done something wrong by the way I was being treated.
The three boys made a rapid retreat into St. Paul's.

June 10, 2009


A woman came up to me and claimed that she worked in a hospital (not St. Paul's) and said that everything was corrupt so why was I worried about the hospitals. I find it sad that someone, and I'm sure there are others, believes that everything in our society is corrupt. Have we really reached that stage? But, whether you believe that “everything” is corrupt or if you believe that just some things need to be fixed, rather than give up, is it not better to strive to change things?
She also said that I cannot change the world. I don't think I'm trying to change the world, only a very small part of it. But on the other hand, yes I can change the world by doing something positive. I can do one small thing, even if it's just raising awareness, and someone else can do one small thing and so on and change will occur.

April 12, 2009


According to BCGEU, the BC government is planning to outsource, to a US company, the operation and maintenance of the mainframe computer servers that contain all provincial documents and e-mails. Does this include your health information? Just in case it doesn't, another US company will maintain the provincial health data base.
As early as June 2009 the BC Government will implement its provincial database collection of your personal/medical information. The website provides detailed information, information that should scare you.
This site will tell you that the Province has not stated who will have access (although apparently it will include the government), and whether it will be given to third parties. It does say that the Province used a US-based multi-national company which will be subject to the Patriot Act, allowing the US Government to access this database.
Will it save money? It's possible. Because I'm sure a lot of people, who need medical care, will not access the health care system because of privacy concerns.
A few excerpts from a talk given by Michael Vonn of the BC Civil Liberties Association (Database Nation and Health Privacy)-
“And just so you are clear about the scope of the access, the plan is ultimately for a Pan-Canadian e-health record system. Canada Health InfoWay -- which is an organization which receives a lot of money from the federal government, but is not “government” for the purposes of access to information laws, so is completely unaccountable to citizens – exists solely to promote centralized electronic health records, first provincially and ultimately linked so as to be accessible nation-wide.”
“....this is ultimately the thin edge of the wedge. BC’s electronic health information infrastructure is meant to anchor an integration project called the Information Access Layer, which includes the Integrated Case Management Project. This is a massive information-sharing project meant to encompass the entirety of social services in British Columbia and to link information about us from the Ministries of Employment and Income Assistance, Children and Family Development, Health, Education, Justice and the private sectors contractors for all of the above. The government has already issued an RFP, (a Request for Proposals) for this project.”
Please read this article in full, plus “So, what the heck is eHealth”, as well as the other articles. It's your health, it's your privacy, or at least it was. You can choose to do nothing and give away your rights or you can choose to try to protect those rights.

November 4, 2008


According to a Vancouver Sun article, by Chad Skelton, September 17, 2008 “BC nurses are being allowed to quietly leave their jobs, even under the cloud of accusations of drug misappropriation, abuse and rank incompetence.” They have not been formally disciplined , prosecuted or fined and may apply to return to nursing. No details of their misconduct were made public. This is another example of the shroud of secrecy the medical system has around its actions. Also, if hospital staff are not being disciplined for these offences, how likely are they to be disciplined for violating a person's privacy??
However....An article in the Globe and Mail, by Catherine O'Neill, October 17, 2008, states that Alberta is putting the “often sensitive and private” personal health information online. I read that Ontario is doing the same but on a limited, trial basis. So, hospitals certainly don't mind putting your information online. How safe do you think that is??? How long before it's in BC???

October 12, 2008 


A man, who said that he worked for the computer section of a hospital authority, stated that pharmacies have access to our medical records. He said that you could put a password on your record at the pharmacy so no one in the pharmacies could access your records without this password. I had heard something very similar last year from a person who I understood to be a pharmacist. He said it was the way of the future and implied that we had no say in it.

I visited a couple of pharmacies and they denied having access to our medical records. The people at the pharmacies said that they only have access to the information provided by a person to that individual pharmacy. I will continue to monitor the situation and find out if it changes.
One of things I have noticed, when giving handouts, is the range of people interested in the privacy problem. The people are not only from all over BC but from other provinces and countries. People from other provinces expressed an interest in learning if their province had similar problems.
The European's discuss how the different countries protect people's privacy. Some European countries appear to have really good rules for protecting patients privacy. Many Europeans expressed disappointment that we would be having these privacy problems as they had heard that our medical system was good.

September 4, 2008


One of the things that surprised me, when giving people my handouts in front of the Catholic hospitals, is the number of threats that I have received. I have not proposed blowing up the hospitals, I have not engaged in civil disobedience, instead I have legally exercised my democratic right to question and to inform people. Yet, I have received comments such as “Give them what they want or die”; a couple of times I was told that I am probably now in the hospitals records as a troublemaker and that I may be given a very difficult time if I go to the hospital; I have heard comments such as “I hope you never, ever have to use their services” (implying that if I do I will receive substandard or worse “care”). I have heard quite a number of variations on these threats. Will my health/life be in danger if I go to one of these hospitals? I don't know. However, I do not intend to go to a Catholic hospital again for a number of reasons, nor will I ever again step foot in a Catholic church.

What concerns me is that not only should an individual expect to receive the same care as everyone else regardless of their beliefs, politics, religion, nationality or because they stand up for what is right, there should not even be a perception that a person would receive inferior care.

Of course, money will continue to be taken from my pocket to pay the wages of the hospital administrators and staff and otherwise support these hospitals.

I won't describe the other abuses that have been heaped on me. But it is telling that these people support the medical/catholic system as is. I have obviously hit on a very, very sensitive nerve. I can only wonder why this topic is considered so sacrosanct that these people would do the things they do and say the things they say.
The other side of the coin are the people who have offered their support because they are concerned, even fearful, about who is receiving their personal information. And they agree that we have the right to know.

September 3, 2008


I have had a few people say to me that I shouldn't be concerned with whom the hospital shares our information. After all, anyone can get all your personal information off the internet. Well, it appears this is not true. If it were, there would be no need to use methods such as buying the information from employees, as noted in the article below.

National Post, August 23, 2008, pg. A6 [bolding is mine]

Personal and financial information is becoming just as attractive as cocaine and marijuana to Canada's organized crime groups.

The problem of identity theft and fraud has become such a concern to police who investigate organized crime that it is the main focus of Criminal Intelligence Service Canada's annual report.

As we move more and more to the Internet and the technology being used, the risks are increasing. A lot of the public are not very careful about their identity,” said Commissioner Elliott....

Inspector Roberty Chartrand of the Montreal police said investigators are noticing an increase of cases in which employees of companies and institutions are being tempted by the lure of easy money and selling large quantities of personal and financial information.

We've noticed over the past year that there are a lot of people involved in different companies who give information from the inside to organized crime members. It's not necessarily on the street [level]. It's more like companies, government, it's almost everywhere,” said Insp. Chartrand, who is also head of Quebec's criminal intelligence bureau.

It's a pretty new phenomenon for us. It's a nationwide problem.”e people are not very careful about their identity. But a large part of the problem are the companies/organizations, such as hospitals, who demand information they do not need and who refuse you service if you do not provide it. Obviously, the more companies/organizations that have your personal information, whether you give it to them directly or it is given by companies/organizations such as hospitals, the greater the risk.

This is why we need to know with whom our information is being shared, how much is being shared and the circumstances. We need to monitor that our information is being shared appropriately and that the appropriate safeguards are in place.