A provider registry is a comprehensive directory of participating authorized health care providers; each authorized health care provider will be authenticated to ensure that he/she is authorized to access electronic health records. A provider registry supports the centralized storage and retrieval of provider (i.e. clinician) identification data, and enterprise provider identifiers (EPIDs).
The Infoway pre-implementation provider registry certification is relevant to those health information technology solutions involved in provider registries at the national, jurisdictional, regional or local level providing a comprehensive and unambiguous identification of providers. The provider registry pre-implementation certification evaluates and assesses provider registry applications offered as a hosted service and/or a product deployed at client sites.
The pre-implementation certification requirements are focused on four areas to evaluate provider registries:
- Privacy requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture, Government of Canada’s Personal Information protection and Electronic Documents Act; the Canadian Standards Association model code for the protection of personal information (CAN-CSA-Q830-03) as well as ISO 29100:2011 – Information technology – Security techniques – Privacy Framework.
- Security requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture as well as the International Organization for Standardization's (ISO) codes of practice for health information system security management (ISO 27799, ISO 17799, ISO 27001, ISO 27002, ISO 27005, ISO 27018, ISO 27789).
- Management Control requirements (mandatory for hosted services) are based on the Canadian Standards Association’s Risk management: Guideline for Decision Makers – CAN-CSA-Q850-97, the Information Systems Audit and Control Association’s Control Objectives for Information and Related technology (COBIT) as well as the Information Technology Infrastructure Library (ITIL).
- Interoperability requirements (optional) specifically apply to a provider registry.