A consumer health platform is an electronic system that provides a secure, interoperable environment and personal health information database. The platform enables a range of consumer health applications, most often from different vendors, to run and interoperate.
The consumer health platform also facilitates the sharing of data by the consumer with clinicians, family members and other authorized individuals, as well as with other applications and health information systems (Electronic Health Records (EHRs), Electronic Medical Records (EMRs) and Hospital Information Systems (HIS)).
The Infoway pre-implementation consumer health platform certification is relevant to market-ready health-information technology solutions involved in storage, management and sharing of personal health information and other health-related data by consumers at the national, jurisdictional, regional or local level. The evaluation and assessment is offered to consumer health platforms offered as a hosted service and/or as a product to be deployed at client sites.
Infoway's pre-implementation certification requirements are focused on four areas to evaluate consumer health platforms:
- Privacy requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture, Government of Canada’s Personal Information protection and Electronic Documents Act; the Canadian Standards Association model code for the protection of personal information (CAN-CSA-Q830-03) as well as ISO 29100:2011 – Information technology – Security techniques – Privacy Framework.
- Security requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture as well as the International Organization for Standardization's (ISO) codes of practice for health information system security management (ISO 27799, ISO 17799, ISO 27001, ISO 27002, ISO 27005, ISO 27018, ISO 27789).
- Management Control requirements (mandatory for hosted services) are based on the Canadian Standards Association’s Risk management: Guideline for Decision Makers – CAN-CSA-Q850-97, the Information Systems Audit and Control Association’s Control Objectives for Information and Related technology (COBIT) as well as the Information Technology Infrastructure Library (ITIL).
- Interoperability requirements (optional), which specifically apply to a consumer health platform, depending upon its system capability(s).