Privacy

Portfolio with padlockeHealth Ontario is committed to protecting the privacy of Ontarians by safeguarding the information which has been entrusted to us by health care providers and patients. Our objective is to build privacy protection into our products, services, policies, procedures and processes.

We meet these commitments through our privacy program, which establishes a culture of privacy throughout the organization. We define privacy roles and responsibilities while working in collaboration with stakeholders, including provincial level organizations, to ensure that any data or information which has been entrusted to eHealth Ontario is protected.

Privacy program

eHealth Ontario has specific obligations under the Personal Health Information Protection Act, 2004 (PHIPA) in its role as a health information network provider (HINP) and as an agent to health information custodians (HICs).

In addition to these roles, section 6.2 of Ontario Regulation 329/04 to PHIPA was amended on June 30, 2011 to clarify that eHealth Ontario can create and maintain electronic health records (EHRs) as a service for health information custodians. This regulation under PHIPA outlines eHealth Ontario’s role as an information manager. Section 6.2 of the amended Ontario Regulation 329/04 provides eHealth Ontario with the authority to create and maintain one or more electronic health records.

eHealth Ontario has administrative, technical and physical safeguards, practices and procedures in place to ensure that any data we receive for the purpose of creating and maintaining electronic health records (EHRs) is protected to the highest standards. These are detailed further in our privacy policies and Statement of Information Practices.

Privacy impact summaries (PIA)

A privacy impact assessment (PIA) evaluates the impact of a new system or initiative to determine its actual and potential impact to individual privacy. PIAs measure compliance with privacy legislation and broader privacy policy implications. A PIA addresses all administrative, physical and technical components of the business processes, flows of personal information or personal health information, information management controls and human resource processes associated with a system or program initiative.

eHealth Ontario conducts a PIA on any system or program initiative that involves personal information or personal health information.

Client registry (CR) PIA summary

Provider registry (PR) PIA summary

User registry (UR) PIA summary

Integrated facility (IF) PIA summary

Ontario laboratory information system (OLIS) PIA summary

Ontario Laboratories Information System – electronic medical records Initiative PIA summary

Portal services expansion summary

Privacy resources

Additional links on privacy legislation, best practices and standards are available for your reference.

Frequently asked questions

Does eHealth Ontario collect, use and disclose personal health information?
eHealth Ontario does not collect, use or disclose personal health information for its own purposes. Under Ontario Regulation 329/04, eHealth Ontario provides information technology services to Ontario’s health care sector, including hospitals, physicians, labs and public health units. The agency supplies information management services for the purpose of creating and maintaining a provincial electronic health record system.

How does eHealth Ontario protect my personal health information?
eHealth Ontario has implemented administrative, physical and technical safeguards, consistent with industry best practices, to protect its networks from misuse, alternation, copying, disclosure, destruction, monitoring and/ or damage. These safeguards include security software and encryption protocols, firewalls, locks and other access controls, privacy impact assessments, staff training and confidentiality agreements.

Existing privacy and security safeguards are constantly under review and will be enhanced where necessary to ensure the highest level of protection.

How can I access my information in the EHR?
In Ontario, the handling of personal health information is governed by the Personal Health Information Protection Act, 2004 (PHIPA). PHIPA provides you with a right to access your personal health information and, if you believe the information to be incorrect, to ask for it to be corrected. All requests for accesses or corrections to your personal health information should be directed to the health information custodian (e.g., your primary care provider or family physician) who originally collected the information or who is directly involved in your care and treatment. Please note that eHealth Ontario is not a health information custodian.