Privacy

Privacy protection is a core requirement for eHealth Ontario because personal health information is the most sensitive of all information.  Our objective is to build privacy protection into our products, services, policies, procedures and processes.

One example of this approach is our
Privacy and Security Code of Conduct, which all staff
and contractors have to accept to work at eHealth Ontario.

Health care providers entrust eHealth Ontario with their patient records. Patients trust that we are protecting the privacy of their personal health information.

We seek to adhere to high standards and to be a best practices organization in privacy protection. We recognize our role in the development of eHealth in Ontario and the resulting need to protect privacy at all times.  

Our Privacy Program

The privacy department provides services to the health care sector and to eHealth Ontario teams, including:

• Assurance Services
  Ensuring that products and services are designed to protect privacy as legally required by eHealth Ontario
• Design Support and Solution Development
  Developing privacy business and technical requirements, as well as consent tools. Providing input into policy and contract development
• Advice and Guidance Service
  Ensuring that privacy protection is integrated with other components of eHealth Ontario’s activities

• Complaints
  Receiving, handling and responding to complaints, inquiries and suggestions related to personal and personal health information
• Training
  Ensuring that employees and clients are aware of their privacy roles and responsibilities

---

Privacy-related roles and responsibilities for the protection of personal information and personal health information.

What we do

To protect privacy, our privacy department carries out the following activities

Privacy Impact Assessments of our products and services to ensure they:

• Comply with privacy laws, government regulations, and generally accepted best privacy practices, and
• Ensure the rights of patients and health care providers are protected.

Privacy Impact Assessment Summaries

• Work with our partners in the health care sector to ensure privacy is protected whenever our products are being used

Read our Privacy Impact Summaries(PIA)*

• ONE Mail Direct Privacy PIA
• ONE Mail Partnered Privacy PIA
• ONE Pages PIA
• ONE Portal PIA
• ONE Hosting PIA
• Client Registry / EMPI PIA
• ONE Network Access (OfficeNet) PIA
• ONE Network (Network Refresh) PIA
• ONE Network Access Extended Wide Area Network (eWAN) PIA
• Ontario Laboratory Information System (OLIS) PIA
• Ministry of Health and Long-Term Care and SSHA response to OLIS PIA

* Note: These documents were prepared for the former Smart Systems for Health Agency

Our Policies

• Personal Information Privacy Policy
• Personal Health Information Privacy Policy
• Privacy and Data Protection Policy
• Privacy Impact Assessment Policy
• Privacy Complaints and Other Feedback Handling Procedure

Legislation governing eHealth Ontario

• The Personal Health Information Protection Act, 2004
• The Freedom of Information and Protection of Privacy Act
• Oversight of our compliance with applicable laws is conducted by the Office of the Information and Privacy Commissioner of Ontario.

Privacy Standards

We seek to achieve the highest level of privacy protection. The following are guidelines created by Canadian organizations regarding privacy protection and information technology which we take into consideration when creating our policies and procedures.

• Guidelines for the Protection of Health Information
  Canada’s Health Informatics Association (COACH)
• Privacy Best Practice Guidelines
  Canadian Institutes of Health Research (CIHR)
• Health Information Privacy Code
  Canadian Medical Association (CMA)
• Model Code for the Protection of Personal Information
  Canadian Standards Association (CSA)