Privacy & Security
Keeping your Data Safe
Infoway works closely with the provinces and territories to develop solutions that protect personal health information (PHI) and keep your health data private and secure.
Data are a valuable commodity in our digital world, and health data is no exception. The provinces and territories, health providers and vendors work together to make certain that your personal health information isn’t lost, stolen or misused.
Privacy and security requirements are reinforced in all Infoway initiatives. Infoway also works closely with the jurisdictions through working groups such as the Privacy Forum and the Health Information Privacy Group to identify privacy and security best practices that can be leveraged and standardized across the country.
What is PHI?
Personal health information includes oral or written information in any format that identifies an individual and relates to their health and health care. Some examples might include:
- Your address
- Your health card number
- Your medications
- Laboratory test results
- Examination notes
While your information is held by an institution or someone other than yourself, the information contained in the records is yours, and you have the right to access it. However, the physical record is the responsibility of the person or organization that created it.
Personal health information is precisely that — personal. As the owner of your health data, consent for sharing it rests with you. Just as banks protect financial information, it’s important to ensure that health data is kept private and secure.
By the Numbers
Our primer provides an introduction to interoperability, an overview of Canadian privacy laws and some practical approaches to privacy for interoperability.
In Privacy as an Enabler: Sharing Personal Health Information for Interoperability Primer we delve into the role privacy plays in the creation of interoperable health systems. We address the myth that privacy laws mean patient data can’t be shared. The primer outlines how privacy laws enable the sharing of patient data by providing guidance on how to share health data safely, with a patient’s consent, and the responsibilities of both parties when patient info is shared.
Protecting your PHI
Addressing privacy, confidentiality and security of personal health information is fundamental to all Infoway digital health initiatives. All jurisdictions in Canada (federal, provincial, territorial) have laws in place to protect personal information, and many have legislation specific to health information. These laws, regulations and best practices are respected by all Infoway-funded projects.
What Canadians Think 2022 — Privacy Edition Survey: Canadians’ Perspectives on Digital Health PrivacyInfoway has been tracking attitudes, expectations and experiences in digital health privacy in Canada every five years since 2007. Find out about Canadians’ perspectives on digital health and privacy in 2022.
Security Policy TemplatesTemplates based on international standardsThe goal of these templates is to provide health care organizations in Canada with a foundation for implementing a comprehensive security program based on internationally recognized standards and best practices.
A Path Forward for Data Sharing in Canada: A White PaperThe objective of this white paper is to highlight data sharing opportunities in Canada and put forward solutions about how to address the identified needs. It focuses on privacy and data governance concerns, especially legislative and related...
Privacy Impact Assessments: Common UnderstandingsThis paper from the Pan-Canadian Health Information Privacy Group provides common understandings across Canadian jurisdictions related to Privacy Impact Assessments. We recommend that readers familiarize themselves with Version 2 of Privacy and EHR...
Secondary Use Governance Across Canada: Common UnderstandingsThis paper from the Pan-Canadian Health Information Privacy Group provides common understandings across Canadian jurisdictions related to governance of secondary use of electronic health information. We recommend that readers familiarize themselves...
Privacy and Security Requirements and Considerations for Digital Health SolutionsThis document builds on the original Electronic Health Record (EHR) Privacy Security Requirements , published in 2005, by addressing the privacy and security challenges of new digital health solutions such as remote patient monitoring and consumer...
- Policies / Guidelines
Infoway Privacy and Security Assessment PolicyThis policy includes relevant assessments for identifying data privacy and information security risks associated with new systems and services, ensure appropriate controls and to address identified risks and recommendations. The policy cover the...
- Technical documents
EHR Privacy and Security Architecture (Full)Infoway's Electronic Health Record (EHR) Privacy and Security conceptual Architecture (PSA) helps ensure that future interoperable EHR systems will comply with federal/provincial/territorial, as well as cross-jurisdictional Privacy and Security...
- Technical documents
EHR Privacy and Security RequirementsThis document identifies the privacy and security (P&S) requirements that an interoperable electronic health record (EHR) must meet in order to fully protect the privacy of patient/persons and maintain the confidentiality, integrity and...
Earnscliffe Survey on Electronic Health Information and PrivacyThis 2017 survey includes comparisons with similar surveys conducted in 2012 and 2007. It also includes questions about Infoway’s new areas of focus, such as e-prescribing, consumer health and mobile devices.
Data Sharing Agreements and the Interoperable Digital Health Record: A Discussion PaperData sharing agreements (DSAs) are essential in defining the roles, responsibilities, obligations and penalties associated with sharing personal health information electronically. This discussion paper sheds light on the value of DSAs, common...
Business and Architecture Considerations for Interoperable Consent Solutions – A Discussion DocumentThis paper provides information related to consent management solution choices, planning and implementation, to help jurisdictions meet their legislative and policy requirements regarding consent (an individual's wishes for use and disclosure of...
Privacy Impact AssessmentsMeasuring the potential impact of digital health projectsA privacy impact assessment (PIA) helps projects consider the actual or potential effects that a proposed technology, information system or program may have on an individual’s privacy.
Privacy Frequently Asked Questions (FAQs)Privacy is an essential part of our initiativesView answers to frequently asked questions about Canada Health Infoway’s privacy mandate, the Privacy Forum and Health Information Privacy Group, and more.
Digital Health Privacy LinksLinks to jurisdictional oversight bodiesHave questions about privacy and your personal health information? Visit your local privacy oversight body or your health minister or e-health agency through these useful links.