Safeguarding PHI is about much more than simply keeping it under lock and key. It is also about appropriate collection, use, disclosure and, when the information is no longer required, its secure disposal.
PHI has always been at the foundation of Ontario’s health care system. But paper-based records can be difficult to protect and may prove challenging to share in a timely fashion with all of the members of an individual’s circle of care. They can be easily lost or misplaced, especially when they move from one place to another. Recognizing the many benefits (improved privacy and enhanced availability among them) of electronic health records (EHRs), physicians in Ontario have increasingly begun adopting them in their practices.
That’s where eHealth Ontario comes in.
Trust is the foundation of a successful, province-wide EHR program. We work closely with all stakeholders to ensure that all PHI which has been entrusted to eHealth Ontario is protected.
- eHealth Ontario’s privacy office ensures that the electronic exchange of PHI among patients and health care providers is conducted securely, protecting and enhancing individual privacy.
- The privacy office also promotes a culture of privacy within eHealth Ontario. Going beyond legislation and regulation, it employs the Principles of Privacy by Design to ensure that protection of PHI is embedded in all of the products, services, policies, procedures and processes developed by eHealth Ontario.
Ultimately, this fosters an environment of trust. And trust will always be at the heart of our health care system.
eHealth Ontario is committed to meeting all of our privacy obligations. We start by adhering to the Personal Health Information Protection Act, 2004 (PHIPA) in our role as a health information network provider (HINP) and as an agent to health information custodians (HICs).
In addition, section 6.2 of Ontario Regulation 329/04 to PHIPA was amended on June 30, 2011 to clarify that eHealth Ontario can create and maintain EHRs as a service for health information custodians.
We have the measures in place to ensure that any information we receive for the purpose of creating and maintaining EHRs is protected to the highest standards. Learn more in our privacy policies and Statement of Information Practices.
- List of Data Stores
- Privacy Complaints and Inquiries Procedure
- Statement of Information Practices
- Privacy Incident and Breach Management
- Responsibilities of Third Party Service Providers
- Privacy and Data Protection Policy