- What is Infoway doing to ensure the privacy and security of Electronic Health Records?
- What is Infoway’s privacy mandate and role in respect to the implementation of EHRs in Canada?
- Does Infoway create or manage electronic health record (EHR) systems?
- Does Infoway hold or manage repositories of personal health data?
- Does Infoway conduct Privacy Impact Assessments (PIAs)?
- Have Canadians been consulted regarding EHRs and privacy? What views or concerns to they have?
- Who do I contact if I need more information on privacy as it relates to the pan-Canadian electronic health initiatives?
A: The privacy and security architecture is a key component of the Electronic Health Records (EHR) Blueprint. It ensures that the framework and vision for electronic health records can accommodate and respect privacy requirements across the country. Privacy rules may vary by jurisdiction, but the architecture has been designed so that it can accommodate these differences.
Infoway also recognizes that privacy has non-technical as well as technical aspects that need to be considered in interoperable electronic health information systems in Canada. Infoway supports work on non-technical issues through mechanisms such as the Privacy Forum and the Health Information Privacy group as well as other projects.
In addition, to promote consistency in legislative approaches and solutions, Infoway offers input on any legislative activity that could impact the EHR, such as the creation of new types of custodians or provisions dealing with inter-jurisdictional data flow. We have recently contributed to consultation processes in: New Brunswick, Nova Scotia, Newfoundland and Labrador, Yukon, and Ontario.
A: Infoway acts as a strategic investor to foster and accelerate the development and adoption of interoperable electronic health information systems in Canada.
Infoway’s privacy mandate is to incorporate the protection of personal health information in its activities in accordance with applicable laws and privacy principles.
Infoway achieves this by:
- requiring projects that impact personal health information to conduct a Privacy Impact Assessment (PIA);
- working to identify and leverage best practices for re-use across the country;
- working to ensure that projects adopt an interoperable approach.
A: Provinces and territories are responsible for health care delivery, privacy legislation and EHR solutions within their own jurisdictions. To date, they are all at various points in developing and implementing legislation and/or policies for the information systems that will make up the electronic health records network within their jurisdictions.
Infoway raises awareness of the issues, facilitates jurisdictional collaboration, and provides guidance on architecture development. For example:
- Infoway released a white paper on Information Governance of the Interoperable EHR environment – it raises for discussion the issues surrounding the rules, requirements (legal, ethical, practical) and mechanisms that are involved in handling personal health information that would be collected and used in a pan-Canadian interoperable EHR in a secure and privacy-protective manner.The paper’s objective is to raise awareness, foster discussion and stimulate action on important information governance topics associated with supporting a pan-Canadian interoperable EHR.
- Infoway facilitates collaboration among jurisdictions at the national level to help support the goal of interoperability across the country in a privacy-protective manner. Infoway does this through the creation and sponsorship of the Privacy Forum and the Health Information Privacy group as well as other projects.
- Infoway has worked with technology and privacy experts across the country to develop a statement of privacy requirements based on the guiding principles set out in legislation and in other standards, such as the CSA Model Code for the Protection of Personal Information.
- A privacy and security architecture based on this statement of privacy requirements has been developed to provide a guide for the development and implementation of secure and privacy enhancing interoperable EHRs. Infoway has developed the EHRS Blueprint, a fully validated, scalable architecture that lays out the business and technical considerations and approaches that will ultimately guide the sustainable development of interoperable EHR systems in Canada.This technical architecture allows jurisdictions to implement the privacy protective features that are consistent with their local legislative requirements.
Q: Does Infoway create or manage electronic health record (EHR) systems?
A: Infoway neither creates nor manages any personal health information systems. These systems are created and managed by the respective jurisdictions.
A: Infoway requires that all Infoway-funded projects involving personal health information complete a PIA. These PIAs are completed and then submitted to Infoway in confidence by the applicable jurisdictional bodies.
A: Provinces and territories are responsible for and are taking a variety of approaches to developing and implementing the information systems that will make up the electronic health records network within their jurisdictions.
In addition to any public opinion polling or consultations conducted by the provinces and territories, Canada Health Infoway has conducted public opinion surveys and focus groups on the subject of “Electronic Health Information and Privacy”. The findings indicate that Canadians support the use of electronic health records (EHRs) and expect their privacy to be protected in the collection, storage and use of their personal health information.
Almost nine in 10 Canadians (88 per cent) support the development of EHRs -- a five per cent increase since 2003. Read the survey – Electronic Health Information and Privacy: What Canadians think, conducted by EKOS Research Associates.
A: For specific privacy queries related to the implementation of electronic health records please contact your respective ministry or department of health.
For Infoway-related initiatives, please contact:
Chief Privacy Strategist
Canada Health Infoway
1000 Sherbrook West
Key privacy resources
- Consent management solutions paper: Information to help jurisdictions with consent management solution choices, planning and implementation
- Privacy and EHR Information Flows in Canada, Version 2.0: 53 "common understandings" to support appropriate and privacy protective disclosures of EHR information
- EHRS Blueprint: Technology framework for securely sharing health information
- EHR Privacy and Security Architecture: Privacy and security requirements and standards for an interoperable EHR
- A Conceptual Privacy Impact Assessment of the EHRS Blueprint: Ensuring privacy is considered in the development of the EHRS blueprint
- White paper: Information Governance of the Interoperable Electronic Health Record
- EKOS Survey: Canadian attitudes towards electronic health information and their privacy
- Privacy and EHR Information Flows: 33 "common understandings" for the disclosure of EHR information