One of the ways in which Infoway achieves its privacy mandate is by requiring funded projects that involve personal health information to submit privacy impact assessments.
A Privacy Impact Assessment (PIA) is a process that helps projects consider whether technologies, information systems and proposed programs meet privacy requirements. This process also helps identify mitigating measures intended to resolve privacy risks that are identified.
PIAs promote consideration of privacy requirements and approaches throughout a project and are a condition of Infoway funding of jurisdictional projects involving personal health information.
PIAs are an on-going due diligence exercise for projects. Jurisdictions are responsible for completing PIAs in compliance with applicable legislation and for choosing appropriately privacy sensitive approaches.
Infoway reviews the PIAs submitted by the jurisdictions on Infoway funded projects, except where statutes are in place for other formal mechanisms to do so.
PIAs are submitted to Infoway in confidence by the appropriate ministries or jurisdictional bodies.
For more information download A Conceptual Privacy Impact Assessment of the EHRS Blueprint .
Key privacy resources
- Consent management solutions paper: Information to help jurisdictions with consent management solution choices, planning and implementation
- Privacy and EHR Information Flows in Canada, Version 2.0: 53 "common understandings" to support appropriate and privacy protective disclosures of EHR information
- EHRS Blueprint: Technology framework for securely sharing health information
- EHR Privacy and Security Architecture: Privacy and security requirements and standards for an interoperable EHR
- A Conceptual Privacy Impact Assessment of the EHRS Blueprint: Ensuring privacy is considered in the development of the EHRS blueprint
- White paper: Information Governance of the Interoperable Electronic Health Record
- EKOS Survey: Canadian attitudes towards electronic health information and their privacy
- Privacy and EHR Information Flows: 33 "common understandings" for the disclosure of EHR information