A national process to certify trusted, standards-based solutions
Infoway launched Certification Services to accelerate the introduction of private, secure, interoperable health information solutions that leverage Canada’s substantial investments in EHR systems.
The objectives of Infoway Certification Services are to:
- Provide a national process to reduce cost and risk to vendors and purchasers of health IT solutions in Canada;
- Promote the use of trusted, interoperable health IT solutions in the Canadian marketplace; and
- Ensure standards-based solutions are uniformly applied across the country.
What does Infoway certify?
Infoway offers pre-implementation certification for the following technology classes:
Infoway continues to expand its services to include certification of domains relevant to EHR system investments.
How does certification work?
At the heart of Certification Services is the review of your product to determine whether it conforms to the Infoway assessment criteria. The assessment criteria are focused on privacy, security, interoperability and management. They have been developed using accepted standards within the Canadian and international health information communities, and enhanced with input and feedback from a broad range of health industry stakeholders.
Framework for criteria
The framework for the assessment criteria is shown in the table below. It consists of two classes of criteria:
Solution – Refers to the aspects of the health information solution’s privacy, security and interoperability that are assessed.
Management – Refers to how the organization providing the solution manages risk, data, system security, as well as third party services and solution accreditation.
|Structure of Certification Assessment Criteria|
Identifying purposes & limiting collection
Limiting use, disclosure & retention
User identity management
* These criteria vary depending upon the type of solution
Third party services
Standards basis of certification
Standards used to create the assessment criteria include:
- Privacy – Canada Health Infoway Electronic Health Record Infostructure (EHRi) Privacy & Security Conceptual Architecture; Government of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA); The Canadian Standards Association’s Model Code for the Protection of Personal Information – CAN-CSA-Q830-03.
- Security – Canada Health Infoway Electronic Health Record Infostructure (EHRi) Privacy & Security Conceptual Architecture; The ISO 17799:2005; ISO 27001 – Information Security Management Systems Requirement; ISO 27002- Code of Practice for Information Security Management
- Interoperability – Health Level Seven International’s - HL7 v3, HL7v2, HL7 Clinical Document Architecture, Release 2, CHI pan-Canadian Standards and Conformance Profile Definitions for laboratory, drug, clinical reports and demographic information.
- Management – The Canadian Standards Association’s Risk Management: Guideline for Decision Makers – CAN-CSA-Q850-97; The Information Systems Audit and Control Association’s Control Objectives for Information and Related Technology (COBIT); The Information Technology Infrastructure Library (ITIL).
Infoway Certification Services Review - Summary Report
Infoway and Information Technology Association of Canada (ITAC) announce the completion of a joint review that evaluated and identified ways to enhance digital health certification services in Canada. Infoway looks forward to collaborating with ITAC and other partners to implement several key initiatives over the next three years.
Read the summary report
Guide to Pre-implementation Certification Services
- apply for certification
- participate in the assessment process
- receive and maintain Infoway certification for your health information technology solution
A Framework and Toolkit for Managing eHealth Change: People and Processes.