top of page

The Data Mining Industry In The Health Care System Of Ontario

By: James B.

Is Your Personal Health Information Safe?
Many Health Tech Companies and Online Pharmacies are promoting that the Future of Medicine and Pharmacy is Digital. Is the lobby and promotion of Digital Health in the public's best interest or the financial interest of Health Tech Firms? Before we dive deeper into the issue, let's define basic technical terms to understand Digital Health better.

Digital Health

What is Digital Health?

The broad scope of digital health includes categories such as mobile health (mHealth), health information technology (IT), wearable devices, telehealth and telemedicine, and personalized medicine. From mobile medical apps and software that support the clinical decisions doctors make every day to artificial intelligence and machine learning, digital technology has been driving a revolution in health care. (source: US Food and Drug Administration)

Canadian Law has no official definition of Digital Health and Online Pharmacy. For clarity, I have used the USFDA definition for Digital Health. Digital Health offers consumers and patients convenience in return for collected data.

Every day Canadians think that providing personal data online does not pose any risks. On the contrary, cybercrimes exist, and there has been a noticeable increase since the start of the pandemic. Here are examples of cybercrime: Fraud, Eavesdropping, cyberattacks, Theft of personal information & money, and Others.

Canadians need to be cautious about the data it provides online. Once the data is processed. The organization’s legal ownership of the collected information has the ability to create, edit, modify, share and restrict access to the data. Data ownership also defines the data owner’s ability to assign, share or surrender all of these privileges to a third party.

What is Data Ownership

Data ownership is having legal rights and complete control over a single piece or set of data elements. It defines and provides information about the rightful owner of data assets and the acquisition, use and distribution policy implemented by the data owner. Data ownership is primarily a data governance process that details an organization’s legal ownership of enterprise-wide data. A specific organization or the data owner has the ability to create, edit, modify, share and restrict access to the data. Data ownership also defines the data owner’s ability to assign, share or surrender all of these privileges to a third party. (source: Techopedia)

Data owners have control over the collected information. The more data they have, the more business opportunities they can generate from Data Mining.

What is Data Mining?

Data mining is a process used by companies to turn raw data into useful information. By using software to look for patterns in large batches of data, businesses can learn more about their customers to develop more effective marketing strategies, increase sales and decrease costs. Data mining depends on effective data collection, warehousing, and computer processing. (source: Investopedia)

Here are the Major Concerns about Data Mining:

1. Violation of Users’ Privacy:

Since there is no direct government oversight or proactive regulatory governance in handling collected information, the privacy and security of the users are not protected. Anyone who has access to the system or server will have access to your information.

2. Collection of irrelevant information:

Data mining systems can collect information that is irrelevant to one business but can be beneficial to another business. This information is sometimes sold to Data Brokers.

3. Abuse and Misuse of information:

There is a potential to misuse or abuse this information to advance different interests. Data can also be sold to Data Brokers. Data Brokers will sell it to businesses that require specific data for their businesses.

Although Canada has The Personal Information Protection and Electronic Documents Act, this law is only utilized after discovering a breach. Most Canadian are not well informed about Cybersecurity and Privacy Rights. Most online consent forms are very technical, and users will likely click yes to the consent form without reading the content. This leaves the users unprotected from any data breaches.

Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as age, name, ID numbers, income, ethnic origin, or blood type; opinions, evaluations, comments, social status, or disciplinary actions; and employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs) (source: PIPEDA)

This means information like names, ages, email addresses, phone numbers, and photos as long as it is about an identifiable individual. All count as personal information. The “Individual” will always maintain ownership over any personal data they share. Here are some fundamental Privacy Rights that Canadians need to know.

  • Businesses must ask for consent when collecting personal data and disclose the data's specific use.

  • Businesses must provide access to personal data for copying, completing and rectifying collected information of the individual.

  • Businesses should delete individual personal data If no longer needed for its original legal purpose; have processed their data unlawfully, or the individual formally objects to or withdraw consent to the processing,

  • Individuals have the right to discontinue processing personal data and object to using data for direct marketing.

(source: Who owns the personal data you collect from users?)

According to the Association of Computing Machinery Journal, “Data mining and analytics techniques have extensively exploited ELECTRONIC HEALTH RECORDS information to study patient cohorts. The primary purpose of record-keeping patients' health information is to monitor patients' health and review medical records to provide the best treatment plan. Collecting patients' data for business or financial purposes violates patients’ privacy. The intention of Digital Ambition in Health Care is not to put the best interest of the patients but to advance the business interest of Health Tech Firms.

Electronic Health Records have also been extensively used for the secondary purpose of clinical research and to improve healthcare practice. EHRs provide a rich set of information, including demographics, medical history, medications, laboratory test results, and diagnosis. Data mining and analytics techniques have extensively exploited EHR information to study patient cohorts for various clinical and research applications, such as phenotype extraction, precision medicine, intervention evaluation, disease prediction, detection, and progression. (source: The Secondary Use of Electronic Health Records for Data Mining)


The Justice Department has accused an upstate New York health insurance plan for seniors, along with a medical analytics company affiliated with the insurer, of cheating the government out of tens of millions of dollars. The civil complaint of fraud, filed this week, is the first by the federal government to target a data mining company for allegedly helping a Medicare Advantage program to game federal billing regulations in a way that enables the plan to overcharge for patient treatment. According to an article from National Public Radio (To read the full article, click the link below).

The DOJ Says A Data Mining Company Fabricated Medical Diagnoses To Make Money

Click the link below to read the full article.

3rd Party Health insurance can use data collected to make more profit and minimize costs.

Here are incidents that make Virtual Care and Online Pharmacies in Ontario not safe:

1. Regulators and Franchise turning a blind eye to Data Breach of Patient Health Information

Image of Cadence Health Center and Cadence Pharmasave

There was an incident that involved Dr. Tina Chanchlani and Dr. David Kennedy of Beacon Health Center, they were involved in the data breach of patient health information at CADENCE HEALTH CENTER and Cadence Pharmasave, and the authorities did not pursue the investigation both the College of Physicians and Surgeons of Ontario and Information and Privacy Commissioner.

How deep is the connection of Dr. Tina Chanchlani to the Ministry of Health and regulatory organizations to avoid investigations? MOH's investigations department is based in Hamilton, whereas Chanchlani Research Center is also found in Hamilton at Mcmaster University

There are not enough laws to protect the public from people who are into data mining and data collection for business purposes. The Ontario College of Pharmacists was aware of this incident and did nothing.

College of Physicians and Surgeons of Ontario, Ontario College of Pharmacists and Pharmasave East were informed of this incident, but they chose to turn a blind eye.

2. Regulators engaging in Conflict of Interests

Mr. Billy Cheung, Executive Board Chairman of the Ontario College of Pharmacists, advanced the business interest of Online Pharmacies in the Pharmacy Profession.

His data collection initiative brought up a questionable agreement between the Ontario College of Pharmacists and PHARMAPOD from Dublin, Ireland.

Mr. Billy Cheung, Executive Director of Pharmasave East

The Ontario College of Pharmacists & College of Physicians and Surgeons of Ontario. They have regulated online businesses. Small Independent business operators should make them accountable for creating unfair business competition.

3. Active Lobbyist of Digital Health holds Chair position of Investigations, Complaints, Resolutions Committee.

Ms. Aska Patel & Acuvise Consultancy Inc.
  • OCP Investigations, Complaints and Resolutions Committee Chair

  • Primary Consultant of Acuvise Consultancy

Ms. Angela Bates & Signal Regulatory
  • OCP Conduct Director

  • Primary Consultant of Signal Regulatory

Ms. Shenda Tanchak & Magnetic North Consultancy
  • CEO and OCP Registrar

  • Primary Consultant of Magnetic North

  • Former President Federation of Health Regulatory Colleges (FHRCO) or Health Profession Regulators of Ontario (HPRO)

The public will not have any confidence in any policies that OCP promotes until the organization addresses the issues of CORRUPTION and CONFLICT OF INTEREST. These officials came to the college with no experience in the profession.

Ms. Aska Patel became the Chair of ICRC without any work experience in regulation. Due to her incompetence, OCP is outsourcing complaints to a private law firm, Palliare Rolland. Is financially benefitting from this process

These officials should be held accountable for their corrupt practices. They should be audited for the questionable agreement they entered.

Online Pharmacies became legal without consultation from the College and the Public members.

4. Questionable Platform that mandatory Collects Patient Health Information

Since it rolled out in 2021, the Ontario Government outsourced the data collection of the COVID-19 VACCINATION PROGRAM when it could easily use the Database for Ontario Health Insurance Plan (OHIP).

Covaxon App could not provide data analysis on vaccine-related injuries and deaths despite having an accessible database from Covaxon (Salesforce Canada platform for vaccinated patients).

Salesforce Canada has the database of ALL Vaccinated Patients in ONTARIO.

These are Questions on the purpose of the Platform:

1. What was the agreement between Salesforce Canada and the Ontario Ministry of Health in creating a New Database for the COVID-19 VACCINATION PROGRAM?

2. What happened to this database?

3. Why is the collected data of vaccinated patients outsourced to Salesforce Canada?

4. Why is Salesforce Canada managing Ontario's Patient Health Information Database for the COVID-19 Vaccination Program?

5. Was the data collected by Salesforce Canada to track Vaccine-related injuries and deaths?

6. If not, why did Salesforce Canada collect patient health information if it will not be used to track adverse events?

ArriveCan App and Salesforce Covaxon

Suppose the government and private sector are on joint projects to collect data from the public, like the ArriveCan App and Covaxon Platform. In that case, they cannot provide security and protection for DATA PRIVACY or any beneficial use. Why should the public trust the private sector in handling Patient Health Information? If there are no regulations to secure or monitor privately owned servers.

How can the Public be protected from Patient Health Information breaches and Data Brokers? If the Government itself engages in questionable practices. Going back to my first question,

Is the Publics’ Personal Health Information Safe?

bottom of page