• Home
• Who We Are
  • Overview
  • Investment Strategy
  • Accountability
  • Our People
• What We Do
  • Overview
  • Programs
    • PAQC
    • Registries
    • Diagnostic Imaging Systems
    • Drug Information Systems
    • Laboratory Information Systems
    • Telehealth
    • Public Health Surveillance
    • Interoperable EHR
    • Innovation and Adoption
    • Infostructure
  • Standards Collaborative
    • SNOMED CT®
    • HL7 Canada
    • Partnership
    • ISO/TC215
    • Standards Collaborative Governance
    • Standards Maintenance
    • EHRS Blueprint
• How We Work
  • Overview
  • Collaborating with the Private Sector
  • Archive
  • Knowledge Transfer and Sharing
• Value to Canadians
  • Overview
  • Electronic Health Record
  • Success Stories
  • Successes Worth Watching
  • Privacy and Security for EHR
• News & Events
  • Media Releases
  • In the News
  • Events
  • Newsletter Subscription
• Resource Centre
• Working with Infoway
  • Overview
  • Roles at Infoway
  • Working at Infoway
    • Work Opportunities
  • Project Based
    Resources Registration
    • Registration
• KnowledgeWay
•  

 

Privacy and Security for Electronic Health Information
Systems

Infoway considers privacy a fundamental piece of its vision for electronic health record systems.

We are resolute in our belief that privacy must be respected, that personal health information is protected and confidentiality maintained. We believe that the implementation of electronic health information systems will modernize the Canadian health care system while ensuring privacy and data protection for Canadians.

We address privacy and security of the EHR systems in which we invest in a number of ways.

Privacy Impact Assessments (PIA)

All projects involving personal health information in which we co-invest require a completed Privacy Impact Assessment (PIA). Each jurisdiction approaches privacy in a unique manner. As a result, when a jurisdiction completes a PIA, it should be clearly stated how a system will function and how the particular initiative will comply with applicable legislation within the jurisdiction in which the system will operate. The PIA should also identify privacy risks and provide strategies to mitigate the identified risks.

By requiring projects to undertake a PIA, we ensure that those responsible for the projects consider all the privacy requirements already in place in their jurisdiction during development of the system.

Privacy and Security Architecture

We have developed a national blueprint for an electronic health record (EHR) solution to be used by our provincial and territorial partners. A key component of the blueprint is a privacy and security architecture. The architecture is the result of a collaborative effort between Infoway, clinicians, businesses and privacy experts from across Canada. The privacy and security architecture identifies privacy and security features that system developers should consider and address, when developing an electronic health record system. It also encourages developers to address features related to privacy at the front-end of system development.

Infoway respects the fact that privacy rules are set by each jurisdiction; as such the architecture has been designed with built-in flexibility. Jurisdictions can implement privacy protective features in a manner that is consistent with their local legislative requirements and allows consensual access to personal health records by authorized users.

Our pan-Canadian view means that if a project in one province involves looking at technical solutions for authorized access, we will work to ensure it is available for another jurisdiction to consider.

Read a non-technical summary of the privacy and security architecture.

Diagram: Privacy and Security Services - Future State

Please direct any questions, concerns or privacy-related queries to privacy@infoway-inforoute.ca.

Information Governance of the EHR

During development of the privacy and security architecture a need to address the topic of governance of the EHR was highlighted.

Consistent with our commitment to address privacy and confidentiality in its EHR initiative, we have completed a whitepaper on information governance of the interoperable EHR. The document sets out a broad array of topics related to information governance that should be considered when identifying governance responsibilities and developing governance structures to support the EHR.