Information Security Guides – Now available

Health care organizations are very familiar with what their responsibilities are when it comes to the protection of personal health information. But some may need assistance putting some of the tools in place to support security programs.

eHealth Ontario is pleased to present the Guide to Information Security for the Health Care Sector: Information and Resources for Complex Organizations.

Download the Guides

If you would like to receive future communications from the eHealth Ontario Privacy & Security team please fill out the form below:

Full Name:

Organization:

Email Address:

Job Title

Yes! Sign me up for your newsletter.

Just Download the Guide

Bobby Singh, Director, Information Security at eHealth Ontario was invited by the Ontario Hospital Association to speak about the Guide to Information Security for the Health Care Sector. Bobby addressed a packed house of information and security professionals on April 19, 2010 at the Marriott Toronto Downtown Eaton Centre. Video highlights include safeguarding personal information, best practices, and eHealth Ontario security tools.

Why is the guide important?
  • It provides a common framework for applying security controls to enhance the providers’ and public trust in ehealth solutions.
  • It is based on the international security standards ISO27001 and ISO27002.
  • It will build awareness and commitment for ensuring the proper use and storage of personal health information and will support compliance with PHIPA legislation.
  • The guide help organizations establish an information security and risk management best practices by providing sample policies, templates, checklists and a risk management methodology.

This tool is the result of extensive collaboration of key stakeholders including the Ministry of Health and Long-term Care as well as hospitals, labs, pharmacies, physicians, community care access centres, mental health associations and others.

“There is no other comparable resource of this type for someone with no security experience. Alternatives exist, but cost is also a barrier to most organizations and physician practices getting started with this topic. This guide acts as a double check for folks who don’t normally specialize in this topic and ensures that they have the basic facts and an understanding of a standards based approach before they start.”

- Jeff Curtis MBA, CISSP, CISM Chief Privacy Officer, Sunnybrook Health Sciences Centre and steering committee member involved with the development of the guides

The guide is designed to be interactive and allow users to navigate and select the sections that are relevant to specific needs.

Acknowledgements

Numerous representatives from the health care community were consulted during the development of this guide. Representatives included physicians, the continuing care sector, laboratories, pharmacies, hospitals, LHINS and vendors of health care and health care related technology.

eHealth Ontario would like thank the following participants for their effort, time and contribution to the development of the guide:

  • Judy Ash, Ontario Association of Medical Laboratories (OAML)
  • Peter Berwick, Canadian Medical Association (CMA)
  • Peter Catford, Centre for Addiction & Mental Health (CAMH)
  • Jeff Curtis, Sunnybrook Health Sciences
  • Lyndon Dubeau, Formerly of Community Care Access Centre (CCAC)
  • Brian Forster, OntarioMD (OMD)
  • Sunny Loo, Ontario Pharmacy Association (OPA)
  • Mary McKeen, Ministry of Health and Long-Term Care (MOHLTC)
  • Steve Milling, Ministry of Health and Long-Term Care (MOHLTC)
  • Scott Mitchell, Canadian Mental Health Association (CMHA)
  • Martha Murray, Ontario Hospital Association (OHA)
  • Fraser Ratchford, Formerly of Ontario Health Information Standards Council (OHISC)
  • Harley Rodin, OntarioMD (OMD)
  • Ben Rodrigues, Gamma Dynacare (LAB)
  • Igor Sirkovich, Standards (SMBI)
  • Bobby Singh, eHealth Ontario
  • Martin Green, eHealth Ontario
  • Ireen Birungi, eHealth Ontario
  • Marc Stefaniu, eHealth Ontario

 

Frequently Asked Questions

What is the Guide to Information Security for the Health Care Sector?

The Guide to Information Security for the Health Care Sector provides a common framework for applying security controls for the protection of personal and personal health information. This guide is for complex organizations such as hospitals and regional care centres.

Who developed the guide?

The Guide to Information Security for the Health Care Sector was developed by eHealth Ontario in consultation with key stakeholders in the health care community. Representatives included physicians, hospital personnel, the continuing care sector, laboratories, LHINS and vendors.

Who should use the guide?

The guide would be of interest to individuals responsible for the information security program and for managing security risks within the health care community.

How do you use the guide?

The guide is divided into subject areas such information security programs, risk management, roles and responsibilities, sample policies, checklists and templates. It is not meant to be read as a book, but is designed so that users can quickly scan the sections of the guide that are of interest to them and go directly to that section for more information.

Who should I contact if I have questions?

Please contact Privacy and Security department:
Tel: 416 - 586 - 6500
Email: privacyandsecurity@ehealthontario.on.ca

 

What people are saying about the guide?

"eHealth Ontario's Guide to Information Security for the Health Care Sector is a valuable resource that provides clear guidance to hospitals, helping them to protect information and continue engendering trust and confidence among their patients."

-Tom Closson, President and CEO
Ontario Hospital Association

“There is no other comparable resource of this type for someone with no security experience. Alternatives exist, but cost is also a barrier to most organizations and physician practices getting started with this topic. This guide acts as a double check for folks who don’t normally specialize in this topic and ensures that they have the basic facts and an understanding of a standards-based approach before they start.”

- Jeff Curtis MBA, CISSP, CISM
Chief Privacy Officer, Sunnybrook Health Sciences Centre and steering committee member involved with the development of the guide

“This tool enables us to help the entire health care sector by providing a common framework for applying security controls to enhance the providers’ and public trust in ehealth solutions.”

- Bobby Singh, Director, Information Security
eHealth Ontario

Accessibility | Privacy Statement | © 2008-2010 eHealth Ontario