A Privacy Impact Assessment (PIA) is a process that helps projects consider whether technologies, information systems and proposed programs meet privacy requirements. This process also helps identify mitigating measures intended to resolve privacy risks that are identified.
PIAs also constitute an ongoing due diligence exercise for projects to promote consideration of privacy requirements and approaches throughout a project.
Project sponsors of Infoway-funded projects are responsible for completing PIAs in compliance with applicable legislation and for choosing appropriately privacy sensitive approaches.
Infoway reviews the PIAs submitted by the jurisdictions on Infoway-funded projects, except where statutes are in place for other formal mechanisms to do so.
PIAs are submitted to Infoway in confidence by the appropriate ministries or jurisdictional bodies.
Key privacy resources
- Privacy and EHR Information Flows in Canada, Version 2.0: 53 "common understandings" to support appropriate and privacy protective disclosures of EHR information
- Business and Architecture Considerations for Interoperable Consent Solutions: A Discussion Document
- Consent Management Solution Considerations: a companion piece to Business and Architecture Considerations for Interoperable Consent Solutions
- Ipsos Survey: Canadian attitudes toward electronic health information and their privacy
- Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities – Win/Win
- White paper: Exploring the value, benefits and common concerns of e-booking
- EHRS Blueprint: Technology framework for securely sharing health information
- EHRi Privacy and Security Conceptual Architecture: Privacy and security requirements and standards for an interoperable EHR
- A Conceptual Privacy Impact Assessment of the EHRS Blueprint: Ensuring privacy is considered in the development of the EHRS blueprint
- White paper: Information Governance of the Interoperable Electronic Health Record
- EKOS Survey: Canadian attitudes towards electronic health information and their privacy
- Privacy and EHR Information Flows: 33 "common understandings" for the disclosure of EHR information