Infoway's privacy mandate is to incorporate the protection of personal health information in its activities in accordance with applicable Canadian laws and privacy principles.
The provinces and territories are responsible for health care delivery, privacy legislation and electronic health records (EHR) solutions within their own geographical areas. To date, each is at various points in developing and implementing legislation and/or policies for the information systems that will make up the electronic health records network.
Achieving Infoway’s Privacy Mandate
Infoway’s Electronic Health Record Solution (EHRS) Blueprint includes a privacy and security component.
Infoway requires that all Infoway funded projects, involving personal health information, conduct privacy-impact assessments (PIA).
Infoway also works closely with the jurisdictions to integrate privacy into the interoperable EHR (iEHR) and to identify and leverage best practices for re-use across the country. The Privacy Forum established in 2007 and sponsored byInfoway, includes representatives from each federal/provincial/territorial Ministry of Health and privacy oversight body. The Forum offers a mechanism for members to share and leverage their collective knowledge and experience on privacy matters in the development of interoperable iEHR initiatives.
Infoway also sponsors the Health Information Privacy (HIP) Group. Established in 2008, this group, made up of health ministry representatives only, is focused on the consideration of common approaches to information governance issues as they pertain to privacy in electronic health information systems.
Infoway Certification Services reviews EHR solutions to determine whether the product conforms to assessment criteria. Privacy and security are key components of the certification.
Privacy at Canada Health Infoway is handled through the Chief Privacy Strategist and the Group Director of Privacy and Security. The Chief Privacy Strategist promotes Infoway’s commitment to addressing privacy issues in the iEHR, communicates our privacy position to external stakeholders, and deals with privacy issues related to corporate matters.
The Group Director of Privacy and Security is responsible for the development and adoption of interoperable privacy and security standards in addition to alignment with the Infoway Privacy and Security Conceptual Architecture as part of Infoway investments. This role is held by the Group Director, Implementation Solutions, Products and Services.
For more information on Infoway’s Privacy Mandate please contact:
Chief Privacy Strategist
Canada Health Infoway
1000 Sherbrook West
Please submit e-mail inquiries via our online form.
For specific privacy queries or concerns related to the implementation of electronic health records please contact your respective ministry or department of health.
For more information on privacy and electronic health records please read our FAQs.
Key privacy resources
- Consent management solutions paper: Information to help jurisdictions with consent management solution choices, planning and implementation
- Privacy and EHR Information Flows in Canada, Version 2.0: 53 "common understandings" to support appropriate and privacy protective disclosures of EHR information
- EHRS Blueprint: Technology framework for securely sharing health information
- EHR Privacy and Security Architecture: Privacy and security requirements and standards for an interoperable EHR
- A Conceptual Privacy Impact Assessment of the EHRS Blueprint: Ensuring privacy is considered in the development of the EHRS blueprint
- White paper: Information Governance of the Interoperable Electronic Health Record
- EKOS Survey: Canadian attitudes towards electronic health information and their privacy
- Privacy and EHR Information Flows: 33 "common understandings" for the disclosure of EHR information