B.C. Medical Privacy Is Being Exploited and Contracted Out – Lock Your PHI
Author: Christine Colebeck, Ed. Jen Berman Diaz
Private Health Information in British Columbia is Being Collected in the ‘Panorama’ Digital Database
Protected health information, known commonly as PHI, is an industry term used to describe patient data that is regulated under law, i.e., health records, lab results, medical bills—information that is linked to individual identifiers.
In British Columbia where Health Officer Bonnie Henry has finally ended the province’s COVID-19 public health emergency and dropped vaccine mandates for healthcare workers, B.C. Health continues to collect and store PHI in a Provincial Health Services Authority (PHSA) digital database called “Panorama“.
Unfortunately, a December 2022 investigative report from The Office of the Information and Privacy Commissioner for B.C. (IPC) highlighted serious concerns that personal information in the Panorama database was vulnerable to misuse and attack.
The B.C. Government Contracts Out to Corporations and Pharma-Funded Affiliates
PHSA is responsible for the governance and management of B.C.’s Provincial Public Health Information System (PPHIS) (The System) under the terms of a 2016 contract called the Master Service Agreement. The System operates under the auspices of a Board appointed by the Ministry and receives its mandate from the Honourable Adrian Dix, B.C. Minister of Health.
On June 21, 2018, Honourable Dix presented the Board with a multi-year foundational mandate letter that assigned responsibility for B.C. Health’s digital information technology systems to PHSA. It should come as no surprise that the foundation affiliated with PHSA is also funded by Pharma: Merck Canada, Sanofi, Pfizer and more, and that just two years later in 2020, it found itself involved in a multiple-whistleblower scandal, following allegations of misspending.
Panorama collects and stores PHI for six million people who have used the healthcare system in British Columbia. It includes vaccination status, mental health evaluations, sexually transmitted diseases, including HIV, pregnancy information, including their outcome, as well as drug and alcohol use information on patients who have died or left the province, and addresses and other personal information of migrant workers in B.C.
The IPC report stated,
“There is an enormous volume of sensitive personal information that, if breached, could cause a significant list of harms including embarrassment, loss of dignity, family breakdowns, and even physical harm to individuals if it was accessed improperly,” and “It should go without saying that the nature of this personal information is amongst the most sensitive and voluminous data held about us by any public body,” and it is vulnerable to cyber attacks or breeches by bad actors.
Cyber Breeches Have Already Happened in B.C. Health
In June 2023, the Health Employers Association of B.C servers were breeched in a cyberattack. The server hosted three of its health professional services’ websites: Health Match B.C., the B.C. Care Aide and Community Health Worker Registry and the Locums for Rural B.C. program. In this case, the hackers may have gained access to email addresses, birth dates, social insurance numbers, passport information, driver’s licenses, educational credentials, investigative reports, and other personal information.
The PHI collected and stored in Panorama may also be collected without full informed consent using a loophole called ‘implied consent.’ Implied consent means you are considered to have consented unless you expressed that you were withholding your consent. This is contrary to privacy laws that outline one’s right to withhold consent to the collection and storage of PHI.
The B.C. schools requirement for parents to report children’s immunizations also means that your child’s PHI is being fed directly into Panorama, creating a permanent record of your child’s private medical information that can never be withdrawn.
How to Protect Your Family’s PHI – Opt Out! 
Many people simply choose to opt out of The System by exercising their legal right under privacy laws and decline to consent to the collection, disclosure or storage of their private health information.
In fact, many Canadians are now choosing to go even one step further to protect their family’s private medical records–by locking them in a “Lock-Box.” This means parents are simply instructing their doctors to lock their medical file, so that no one can access their private medical records without their express and written consent. This safeguards private information against any ‘implied consent’ loopholes.
Lock-Box is a smart option, as Canada is clearly following the W.H.O.’s Global Strategy on Digital ID
W.H.O. global strategy digital health 2020-2025
The 2030 Agenda for Sustainable Development highlights the following:
“the spread of information and communications technology and global interconnectedness has great potential to accelerate human progress.”
The W.H.O. Strategic Objectives — 4 steps to get every country on board with global digital health 2020-2025
1.) Promote global collaboration and advance the transfer of knowledge on digital health.
2.) Advance the implementation of national digital health strategies.
3.) Strengthen governance for digital health at global, regional and national levels.
4.) Advocate people-centered health systems that are enabled by digital health.
*********************************************************************************************************************************