A Client registry is a directory that lists all patients and their relevant personal information (names, addresses, etc.). A client registry supports the centralized storage and retrieval of client (i.e. patient) identification data and enterprise client identifiers (ECIDs).
The Infoway pre-implementation client registry certification is relevant to those health information technology solutions involved in client registries at the national, jurisdictional, regional or local level providing a comprehensive and unambiguous identification of clients. The client registry pre-implementation certification evaluates and assesses client registry applications offered as a hosted service and/or a product deployed at client sites.
The pre-implementation certification requirements are focused on four areas to evaluate client registries:
- Privacy requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture, Government of Canada’s Personal Information protection and Electronic Documents Act; the Canadian Standards Association model code for the protection of personal information (CAN-CSA-Q830-03) as well as ISO 29100:2011 – Information technology – Security techniques – Privacy Framework.
- Security requirements (mandatory) are based on Infoway's Privacy and Security Conceptual Architecture as well as the International Organization for Standardization's (ISO) codes of practice for health information system security management (ISO 27799, ISO 17799, ISO 27001, ISO 27002, ISO 27005, ISO 27018, ISO 27789).
- Management Control requirements (mandatory for hosted services) are based on the Canadian Standards Association’s Risk management: Guideline for Decision Makers – CAN-CSA-Q850-97, the Information Systems Audit and Control Association’s Control Objectives for Information and Related technology (COBIT) as well as the Information Technology Infrastructure Library (ITIL).
- Interoperability requirements (optional) specifically apply to a client registry.