bttn-login bttn-create


What is Infoway doing to ensure the privacy and security of digital health information systems?

The privacy and security architecture is a key component of the Electronic Health Record Solution (EHRS) Blueprint. The framework and vision for electronic health records are intended to accommodate and respect privacy requirements across the country. Privacy rules may vary by jurisdiction, but the architecture has been designed to accommodate these differences.

Privacy and security components are also included in Infoway's Certification Services reviews to ensure that digital health solutions conform to assessment criteria.

In addition, one of the ways in which Infoway achieves its privacy mandate is to require funded projects that involve personal health information to conduct Privacy Impact Assessments, where applicable.

Infoway also recognizes that privacy has non-technical as well as technical aspects that need to be considered in interoperable digital health information systems in Canada. Infoway supports work on non-technical issues through mechanisms such as the Privacy Forum and the Health Information Privacy Group as well as other projects.

In addition, to promote consistency in legislative approaches and solutions, Infoway offers input on legislative activities and has contributed to consultation processes in: New Brunswick, Nova Scotia, Newfoundland and Labrador, Yukon, Northwest Territories, Ontario and Prince Edward Island.

Finally, Infoway's Emerging Technology Group provides thought leadership nationally and internationally by setting out privacy considerations related to topics such as cloud computing, big data analytics and mobile computing in clinical settings.

What is Infoway’s privacy mandate and role in respect to the implementation of digital health information systems in Canada? 

Infoway acts as a strategic investor to foster and accelerate the development and adoption of digital health information systems in Canada. Provinces and territories are responsible for health care delivery, privacy legislation and digital health solutions within their own jurisdictions. Infoway's role is to support the privacy and security activities through:

  • requiring that funded projects involving personal health information conduct Privacy Impact Assessments, where applicable
  • working to identify practices that can be leveraged for re-use across the country
  • working to ensure that projects adopt an interoperable approach
  • raising awareness of the issues through white papers and webinars
  • facilitating jurisdictional collaboration by sponsoring the Privacy Forum and the Health Information Privacy Group
  • providing guidance on architectural developments related to the development and implementation of secure and privacy enhancing interoperable EHRs.

Does Infoway create or manage digital health information systems?

No, Infoway does not create or manage any personal health information systems. That is done by the jurisdictions.

Does Infoway hold or manage repositories of personal health data?

No, Infoway does not hold or manage any repositories of personal health data.

Does Infoway conduct Privacy Impact Assessments (PIAs)?

No. These PIAs are completed and submitted to Infoway by the applicable jurisdictional projects.

Have Canadians been consulted regarding EHRs and privacy? What views or concerns do they have?

In addition to public opinion polling or consultations conducted by the provinces and territories, Canada Health Infoway has conducted public opinion surveys on the subject of "Electronic Health Information and Privacy," in 2012 and 2007.

The findings indicate that Canadians support the use of electronic health records and expect their privacy to be protected in the collection, storage and use of their personal information.

The table below shows the measures Canadians would like to see in place to protect the privacy and security of their personal health information, and what privacy and security protections exist in jurisdictions.

Measures that increase Canadians’ comfort with electronic health records (EHRs)   What is in place in jurisdictional laws and EHRs
Being able to find out when and who accessed their health record

Laws: all jurisdictions have access provisions

EHRs: EHRs enable this through:

  • access controls
  • secure audit and transaction logs
  • identity management
  • user authentication
Knowing they would be informed of any privacy breach that occurred

Laws: breach notification obligations are increasingly being required

EHRs: EHRs enable this through:

  • secure audit and transaction logs
Being able to access and correct their records

Laws: all jurisdictions have access and correction clauses

EHRs: EHRs have processes in place to document changes to records

Legislation that would make unauthorized access of health records a criminal/serious offence Laws: all newer laws have penalty provisions, and some include criminal prosecution

Who do I contact if I need more information on privacy as it relates to digital health initiatives?

For specific privacy queries related to your jurisdiction, please contact your ministry or department of health.

For Infoway-related initiatives, please contact us.

Provide Feedback
Commencer le sondage