Safeguards

We have implemented the following safeguards to protect health information:

Administrative

  • We have appointed individuals who are accountable for privacy and security, namely, the Chief Privacy Officer, and Chief Information Security Officer
  • We have a comprehensive set of information security policies which are regularly reviewed and enhanced. Staff members and contractors are required to read the relevant policies and sign an attestation that they have read, understood and are committed to comply with them.
  • All staff and contractors must sign confidentiality agreements and undergo criminal background checks prior to joining or providing services to eHealth Ontario. We have a security screening policy that requires staff to have an appropriate level of clearance for the sensitivity of the information they may access.
  • We have mandatory privacy and security awareness and training programs for staff, which includes testing to confirm that the main concepts and behaviour requirements are understood.
  • Our staff and contractors generally have no ability or permission to access personal health information. If access to personal health information is required in the course of providing eHealth Ontario services, individuals are required to adhere to our policies and are prohibited from using or disclosing such information for any other purposes.
  • We ensure, through formal contracts and service level agreements, that any third party we retain to assist in providing services to eHealth Ontario or to health information custodians, will comply with the restrictions and conditions necessary for us to fulfil our legal responsibilities.
  • Our staff, consultants, suppliers and clients must promptly report any privacy and security breaches to us for investigation. An enterprise security and privacy incident management program is in place to ensure management of incidents and regular training and awareness for staff members involved in incident management.
  • Security threat and risk assessments are conducted as part of both product/service development and client deployments. Security risk mitigation activities are established, assigned to a responsible individual, recorded and tracked as part of each assessment.
  • We provide a written copy of the results of privacy impact assessments and security threat and risk assessments to the affected health information custodians.
  • We have established a formal risk management program, including an enterprise risk management policy and guidelines. A specialized management forum, the security leadership group, provides strategic direction and governance oversight for the security program, including regular review of risks and the corresponding risk treatment plans.
  • Audit logs recording user activities, system administrator’s activities, exceptions, and information security events must be produced and kept for a minimum of six months online and a minimum of 18 months in the archive, to assist in incident and problem management, future investigations and access control monitoring.
  • We keep an electronic record of each and every access to all or part of the personal health information contained in the electronic health record and ensure the record identifies who accessed the information and on what date.
  • Log data required for litigation support must be kept until the disposition of the legal matter.

Technical

  • Strong passwords, secure tokens, and other authentication solutions are required for access to sensitive information.
  • Administrative access to all IT equipment and applications is provided on a need to know basis controlled via proper authorization and strong, two-factor authentication. All system and application access activities are logged.
  • Network traffic is monitored and managed using security mechanisms such as routers, switches, network firewalls, intrusion detection systems, and anti-virus programs.
  • All sensitive data is encrypted in traffic between external sources and eHealth Ontario systems.
  • All data stored on staff computers is encrypted. If laptops are lost or stolen, data confidentiality and integrity are not at risk.
  • Data integrity controls are implemented as a quality assurance activity on the personal health information provided to us by health information custodians. Data integrity controls are also used to prevent the unauthorized modification and destruction of this data.
  • Independent vulnerability assessments of technical configurations and operational security practices are conducted periodically.
  • A patch management process is in place to ensure that operating systems, databases and applications receive security patches and functional updates in a timely manner.
  • Upon termination of employment or contracts, all accounts of former staff or consultants are deleted and access is disabled.
  • Data and applications are backed up on a regular basis, and can be easily restored in case of operational incidents.
  • Comprehensive disaster recovery and business continuity plans were developed and are tested and are updated as needed on a regular basis.
  • Contact us for more information about our security policies.

Physical

  • Our data centres are purpose-built facilities, with appropriate environmental controls and physically secured against unauthorized access. They are staffed and monitored continuously by trained security personnel.
  • Specific physical security zones are implemented to separate and control access to public zone, delivery and loading area, office space, and computer rooms, with increasing physical security controls.
  • Data centre physical security controls have been validated by an independent third party in accordance with federal government standards, and through internally conducted threat and risk assessments.
  • Access to office areas is controlled with access badges, and traffic in the office areas is recorded by security cameras.
  • Access to office areas where business processes require access to PI or PHI is physically restricted to only the staff members whose role involves handling of PI or PHI. Other staff members do not have physical or logical access to those areas.
  • Visitors and third-party vendors to eHealth Ontario require visitor badges and are escorted at all times by full time staff members.
  • Decommissioned equipment that was used to process or store PI or PHI is securely disposed of, according to approved procedures.
  • Procedures and appropriate equipment are in place for secure disposal of paper, CDs, or other media that may have sensitive information.