Privacy FAQs

Frequently Asked Questions About Privacy

What does HDC do with health data?

HDC aggregates both patient-level and clinic-level data in order to provide a service to care providers.

Our clinically relevant measures empower care providers to recognize trends in their patient populations and identify strengths and opportunities. We support community-level learning by enabling care providers to share their results with their peers and partner organizations as they choose through HDC Discover.

We aggregate and anonymize data to higher levels that represent groups within the health care landscape (divisions, regions, and health areas). This highly aggregated data supports practice learning, health service planning and quality initiatives.

What is data aggregation?

Data aggregation is the process where raw data is gathered and expressed in a summary form to examine trends, make comparisons, and reveal insights that might not otherwise be apparent.

HDC aggregates your EMR data to represent your clinic’s patient populations and services. Our aggregation protects the privacy of your patients, while providing you with meaningful information about your practice.

We further summarize aggregated data about your clinic to represent groups and regions in BC. When measures about your clinic are aggregated to your division or your region, the data becomes fully anonymized, and can no longer be connected back to any individual or clinic. We refer to this highly aggregated and anonymized data as “HDC Data”.

HDC takes special precautions to ensure HDC Data remains anonymized by withholding small cell sizes and outliers. For example, if your clinic has a unique patient population within your division, any measures that might identify this population would be suppressed in division-level aggregations. Our “rule of 5” means that aggregations representing fewer than 5 entities are not disclosed. If there are fewer than 5 clinics participating in HDC in your region, your region will not be represented in our measures.

Does HDC need access to my EMR or my patients’ personal information?


Yes. We require access to personal information about your patients in order to aggregate it on your behalf. Our access is limited to the information necessary to provide our data aggregation service.

Any other use of this data would be a breach of our data sharing agreement with your clinic.

How we access the personal information depends on your EMR system. In some cases, the information never leaves the physical premises of the clinic. In other cases where the EMR is cloud-hosted, the data is transferred to HDC’s secure servers.

How does HDC process raw EMR data?


We use different models to process EMR data in order to deliver our services in a way that aligns with the technical and security requirements of the various EMR systems.

For clinics that manage their EMR inside the clinic, we install a small computer device, known as an “endpoint” at the clinic to aggregate data. A copy of the EMR data is captured on the endpoint and aggregated securely on this encrypted device. Only aggregated information is transmitted to HDC’s servers and made available through HDC Discover.

For vendors that are SaaS or cloud hosted, a specific, agreed-upon set of patient-level EMR data is transferred to our secure data center. Patient data remains segregated according to the clinic in what we call a virtual endpoint. All data aggregation of patient information occurs in this virtual endpoint, and only aggregated information is transmitted to HDC’s servers and made available via HDC Discover.

In both cases, personal information remains secured on the encrypted endpoint, within the control of the participating clinic.

We use and retain patient information only as required to perform this service, including disaster recovery and troubleshooting. We have no authority to use this data for any other purpose. Should you decide to stop participating in the HDC, we will securely destroy your data.

Does HDC store and retain my patient and practice data?


We use and retain your patient and practice data only as required to perform our data aggregation service, including disaster recovery and troubleshooting. We have no authority to use this data for any other purpose. 

If you are longer interested in HDC’s services, patient information will be destroyed, and any aggregated information identifying you or your clinic will be removed from the application. HDC will provide a certificate of data destruction upon request.

Who controls data within HDC Discover?


There are two types of data in HDC Discover: aggregated data that represents your practice and clinic, and highly aggregated HDC Data that represents divisions, regions and the province.

Care providers and clinics participating in HDC retain full control of their EMR data and the aggregated data that represents their specific patient populations, their practice, or their clinic.

Care providers control sharing in our secure web-based application, HDC Discover. If you decide to participate in an initiative to share measures with a Health System Partner (such as the Practice Support Program), you control and enable this sharing. You can stop sharing at any time.

By enrolling in our service, clinics allow HDC to create highly aggregated and anonymized HDC Data, which is accessed by authorized users in HDC Discover to support practice learning, quality initiatives, and service planning. HDC is accountable to our members, our physician-led governance, and to all participating clinics and care providers to ensure HDC Data is used only as intended – to support patients and the primary care community.

Do care providers need consent from patients to share their EMR Data with HDC?


Under BC’s Personal Information Protection Act (PIPA), medical clinics are authorized to disclose personal information in their control to service providers (such as the HDC) without additional consent from patients, providing the service is consistent with the purpose that the clinics collected the personal information.

When patients share their information with their care providers, they expect that their information will be used to deliver them the highest standard of care. HDC’s clinically relevant measures support care providers in managing quality care within their practice.

All private sector organizations are required under BC’s PIPA to be transparent and to take reasonable steps to ensure individuals understand how they use and disclose personal information. For more information about requirements responsibilities of private sector organizations under PIPA, click here.

What steps should clinics and providers take to ensure they are being transparent about their use of data?


Transparency is a core principle of our Privacy by Design framework and the Personal Information and Protection of Privacy Act (PIPA). HDC is committed to being transparent about how we use and secure data all information in our custody and control.

Clinics can ensure that they are also meeting their obligation for transparency by following the guidance provided in Doctors of BC’s Privacy Toolkit.

How is patient privacy protected?


HDC aggregates EMR information as a service to physicians. We use patient-level EMR data for the purpose of providing this service. Patient-level information is aggregated to each participating clinic and their care providers to create clinic-level data and provider-level data. Clinic-level and provider-level data is not personal information about patients. Provider-level data represents the patient populations and clinical services of an individual care provider, participating as part of a clinic. Clinic-level data represents the patient populations and services of all care providers within a participating clinic.

Patient-level data is never brought into HDC Discover (our secure web application) and does not contribute to aggregations higher than those at the clinic-level. HDC uses anonymization techniques to further ensure that patient identities are protected.

Our secure architecture ensures that information about a clinic’s patients is segregated, protected, and secured to minimize the risks related to cyber-attacks or other breaches. HDC’s operations, including our architecture, data storage, processes and policies have been developed with a Privacy by Design framework, and have been assessed through an international certification process ensuring proactive and preventative controls are in place to protect privacy throughout our organization.

How is provider and clinic privacy and confidentiality protected?


We protect privacy and confidentiality by complying with BC’s Personal Information and Protection of Act (PIPA), building privacy into all aspects of our organization using the Privacy by Design Framework, and ensuring end-to-end industry standard security for all information in HDC’s custody and control.

Care providers control any sharing of their clinic-level aggregate data in HDC Discover. HDC is authorized by participating clinics to share highly aggregated and fully anonymized HDC Data without additional consent, but this authority is limited by the terms of HDC’s Data Sharing Agreement and our Data Use and Disclosure Policy.

Can my clinic or practice be identified when viewing HDC Data?


No. All clinics authorize the HDC to create higher, anonymized aggregations of data when they commit to sharing data with us. HDC Data is data that has been aggregated from clinic-level aggregated data to create information representing groups in the health care landscape, such as divisions of family practice, health regions and local health areas.

HDC data is fully anonymized to ensure it does not represent individuals or clinics. For details on how we ensure HDC Data remains anonymized see the response in question 2.

How can Divisions of Family Practice view regional data, and use data to support planning, grants, and other purposes?


HDC enables authorized health system partners such as Divisions of Family Practice to access HDC Discover to undertake initiatives that support quality, planning, and improvements in the health care system. Divisions may request access to the anonymized, aggregated measures grouped by division or region for these purposes.

HDC assesses each request for access based on the data we have to ensure it cannot be re-identified, is fit for the purposes identified, and to ensure that the purpose aligns with our mission and our Data Use and Disclosure Policy.

Where health system partners are seeking more granular information that might identify a clinic, the expressed consent of those clinics is required and is facilitated through HDC Discover’s sharing features.

Could HDC be used by the College or Ministry to assess a medical practice?


No. HDC Discover may be used for quality improvement, not quality assessment. Our purposes for the use and disclosures of data are outlined in the HDC Data Use and Disclosure Policy.

HDC’s Clinical Data Stewardship Committee oversees all access by Health System Partners to HDC Discover to ensure access and use of our application is fit for purpose, and is consistent with our agreements, policies and mission. As an independent, non-profit organization, HDC is committed to using and disclosing data only as supported our physician-led Board of Directors, which represents our membership. 

If HDC ceased to operate, what would happen to the data?


If HDC were to cease to operate, all agreements with clinics would be terminated, and all personal information including patient information and all aggregated information identifying participating care providers and clinics, would be securely destroyed, as required by those agreements.

As per HDC’s articles of incorporation, in the case that HDC should cease to operate, HDC’s assets would transfer to the Doctors of BC (DoBC). HDC Data, which is the fully anonymized aggregate data that has been summarized to represent groups and regions within the health care landscape is one of those assets. It is understood that this data may have archival value. It would be up to the DoBC if they choose to maintain the static copy to represent a snapshot in time of BC’s health landscape.

What certainty is there that HDC will not sell to Big Pharma or disclose data for profit?


HDC will not profit or accept funding from any organization that could directly or indirectly create a conflict of interest in the work of HDC.

Our work is built on the trust of the primary care community and it relies on maintaining this trust to operate.

As an independent, not-for-profit organization, we are accountable to our Board of Directors, our participating clinics, and the health care community to use data appropriately. We do not sell data and will only share data through HDC Discover where it supports our mission to provide trusted and meaningful access to health information to support new knowledge, improvement of patient outcomes, and the sustainability of health care.