bttn-login bttn-create


Experiences and perspectives

Browse through stories and videos shared by clinicians, patient, and health care administrators on the journey to better health care through improved connection and access to health information.

A national process to certify trusted, standards-based solutions

Infoway launched Certification Services to accelerate the introduction of private, secure, interoperable health information solutions that leverage Canada’s substantial investments in EHR systems.

The objectives of Infoway Certification Services are to:

  1. Provide a national process to reduce cost and risk to vendors and purchasers of health IT solutions in Canada;
  2. Promote the use of trusted, interoperable health IT solutions in the Canadian marketplace; and
  3. Ensure standards-based solutions are uniformly applied across the country.

What does Infoway certify?

Infoway continues to expand its services to include certification of domains relevant to EHR system investments.

How does certification work?

At the heart of Certification Services is the review of your product to determine whether it conforms to the Infoway assessment criteria. The assessment criteria are focused on privacy, security, interoperability and management. They have been developed using accepted standards within the Canadian and international health information communities, and enhanced with input and feedback from a broad range of health industry stakeholders.

Framework for criteria

The framework for the assessment criteria is shown in the table below. It consists of two classes of criteria:

Solution – Refers to the aspects of the health information solution’s privacy, security and interoperability that are assessed.

Management – Refers to how the organization providing the solution manages risk, data, system security, as well as third party services and solution accreditation.

Structure of Certification Assessment Criteria
Solution Management




Data safeguards

Identifying purposes & limiting collection

Limiting use, disclosure & retention




User identity management

Access control

Data integrity

Data availability



Data confidentiality

Interoperability *

Diagnostic imaging



Clinical reports

Client demographics

Provider demographics

* These criteria vary depending upon the type of solution


Risk management

Data management

System security

Solution accreditation

Third party services

Standards basis of certification

Standards used to create the assessment criteria include:

  • Privacy – Canada Health Infoway Electronic Health Record Infostructure (EHRi) Privacy & Security Conceptual Architecture; Government of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA); The Canadian Standards Association’s Model Code for the Protection of Personal Information – CAN-CSA-Q830-03.
  • Security – Canada Health Infoway Electronic Health Record Infostructure (EHRi) Privacy & Security Conceptual Architecture; The ISO 17799:2005; ISO 27001 – Information Security Management Systems Requirement; ISO 27002- Code of Practice for Information Security Management
  • Interoperability – Health Level Seven International’s - HL7 v3, HL7v2, HL7 Clinical Document Architecture, Release 2, CHI pan-Canadian Standards and Conformance Profile Definitions for laboratory, drug, clinical reports and demographic information.
  • Management – The Canadian Standards Association’s Risk Management: Guideline for Decision Makers – CAN-CSA-Q850-97; The Information Systems Audit and Control Association’s Control Objectives for Information and Related Technology (COBIT); The Information Technology Infrastructure Library (ITIL).
Provide Feedback
Commencer le sondage