Privacy and Security
- Small Medical Offices
- Complex Organizations
Benefits
Easy-to-read, user-friendly booklet provides small medical offices with helpful best practices and trusted guidelines.
Clearly outlines roles and responsibilities for health information custodians, general staff and IT service providers.
Assists in building an information security program for community-based offices.
Supports compliance with Personal Health Information Protection Act, 2004 (PHIPA) legislation.
Includes
A General Security Practice Guide, Security Policy for an Office, Security Acknowledgement and Confidentiality Agreement, Staff Security Responsibilities and IT Service Provider Security Responsibilities.
What is the Guide to Information Security for the Health Care Sector?
The Guide to Information Security for the Health Care Sector provides a common framework for applying security controls for the protection of personal and personal health information. This guide is for small medical offices such as physician offices and family health teams.
Who developed the guide?
The Guide to Information Security for the Health Care Sector was developed collaboratively key stakeholders in the health care community,and eHealth Ontario Representatives included physicians, medical office managers and family health team employees.
Who should use the guide?
The guide would be of interest to individuals responsible for the information security program and for managing security risks within the health care community.
How do you use the guide?
The guide is divided into subject areas such information security programs, risk management, roles and responsibilities, sample policies, checklists and templates. It is designed so that users can pinpoint sections of the guide that are of interest to them and go directly to that section.
Numerous representatives from the health care community were consulted during the development of this guide. Representatives included physicians, the continuing care sector, laboratories, pharmacies, hospitals, local health integration networks (LHINs) health care and health care-related technology vendors.
eHealth Ontario would like thank the following participants for their effort, time and contribution to the development of the guide:
- Dr. John McDonald
- Dr. Jason Murdoch
- Dr. David Daien, Trillium Health Centre
- Dr. Lauren Cameron
- Dr. Fionnella Crombie
- Dr. Ruth Morris
- Dr. Michael Pray
- Dr. Leslie Solomon
- Beth Kerman
- Bruce Fleming, Hamilton Family Health Team (HFHT)
- Jane Aitkin, HFHT
- Dr. Karim Keshavjee
- Dr. Jim Kavanagh
- Deborah Walton
- Harley Rodin
- Ron Zoratti
- Marc Stefaniu, eHealth Ontario
Benefits
Provides a common framework for applying security controls to enhance the providers’ and public trust in ehealth solutions.
Builds awareness of, and commitment to ensuring the proper use and storage of personal health information. Will support compliance with Personal Health Information Protection Act, 2004 (PHIPA) legislation.
Helps organizations establish an information security and risk management best practices by providing sample policies, templates, checklists and risk management methodology.
Includes
Information Security Policy Checklist, Roles & Responsibilities, Confidentiality Agreements, Program Assessment, Risk Management Methodology, Risk Management Methodology, Risk Treatment and Risk Monitoring
What is the Guide to Information Security for the Health Care Sector?
The Guide to Information Security for the Health Care Sector provides a common framework for applying security controls for the protection of personal information and personal health information. This guide is for complex organizations such as hospitals and regional care centres.
Who developed the guide?
The Guide to Information Security for the Health Care Sector was developed by eHealth Ontario in consultation with key stakeholders in the health care community. Representatives included physicians, hospital employees, the continuing care sector, laboratories, local health integration networks (LHINs) and vendors.
Who should use the guide?
The guide would be of interest to individuals responsible for the information security program and for managing security risks within the health care community.
How do you use the guide?
The guide is divided into subject areas such as information security programs, risk management, roles and responsibilities, sample policies, checklists and templates. It is not meant to be read as a book, but is designed so that users can quickly scan the sections of the guide that are of interest to them and go directly to that section for more information.
eHealth Ontario would like thank the following participants for their effort, time and contribution to the development of the guide:
- Judy Ash, Ontario Association of Medical Laboratories (OAML)
- Peter Berwick, Canadian Medical Association (CMA)
- Peter Catford, Centre for Addiction & Mental Health (CAMH)
- Jeff Curtis, Sunnybrook Health Sciences
- Lyndon Dubeau, formerly of Community Care Access Centre (CCAC)
- Brian Forster, OntarioMD (OMD)
- Sunny Loo, Ontario Pharmacy Association (OPA)
- Mary McKeen, Ministry of Health and Long-Term Care (MOHLTC)
- Steve Milling, MOHLTC
- Scott Mitchell, Canadian Mental Health Association (CMHA)
- Martha Murray, Ontario Hospital Association (OHA)
- Fraser Ratchford, Formerly of Ontario Health Information Standards Council (OHISC)
- Harley Rodin, OMD
- Ben Rodrigues, Gamma Dynacare
- Igor Sirkovich, Standards (SMBI)
- Marc Stefaniu, eHealth Ontario
“There is no other comparable resource of this type for someone with no security experience. Alternatives exist, but cost is also a barrier to most organizations and physician practices getting started with this topic. This guide acts as a double check for folks who don’t normally specialize in this topic and ensures that they have the basic facts and an understanding of a standards-based approach before they start.”
Jeff Curtis MBA, CISSP, CISM
Chief Privacy Officer
Sunnybrook Health Sciences Centre
"eHealth Ontario's Guide to Information Security for the Health Care Sector is a valuable resource that provides clear guidance to hospitals, helping them to protect information and continue engendering trust and confidence among their patients."
Tom Closson, President and CEO
Ontario Hospital Association
