From detailed guides to online courses – resources are available to provide you with the knowledge necessary to build and integrate EHR applications.

Common Services

Common services promote the reuse and consistency of approach in performing common functions. They also relieve clinical domains of the need to build this functionality into their own repository logic.

Since all messaging traffic must go through it, the HIAL is an ideal place to provide these common services – handling tasks that are required across all lines of business and user types. Examples include: logging, auditing, consent management, authentication, authorization, and virus checking. 

Providing these services centrally has a number of benefits, including: 

  • Point of service and line of business systems don’t need to handle these functions themselves; offloading responsibility for these things allows the systems that connect to the HIAL to be more streamlined and effective. It also reduces time to market for new innovative EHR solutions.
  • Each of these functions can be applied in a consistent, reliable, predictable manner.
  • Management of each of these functions (including maintenance, enhancements) is far easier. 






Other Common Services


Figure 7: Common Services



Authorization: ensures that the identified service consumer is allowed to access a controlled resource in a specific way. The HIAL implements a policy enforcement point (PEP) which validates that the service consumer has been authorized for the request that is being made. Authorization is rule based; the rules are defined within the user registry’s policy decision point (PDP), which is a XACML-based rule engine.

Authentication: refers to the policy enforcement point that ensures service consumers are identified. The HIAL implements a policy enforcement point that asserts the service consumer authentication. Services offered through the Ontario HIAL solution leverage a federated identity model. 

Access control: the gating of access to secured components, through policy enforcement points at run time

User registry: enables and authorizes providers for access to EHR services. Leverages existing electronic credentials used by providers and health care clients, and binds them to their provincial identities in the provider and client registries. By knowing the real identity of providers and health care clients, the user registry can authorize EHR transactions to ensure their compliance with privacy and security policies, apply coarse- and fine-grained authorization rules, and ensure that only authorized individuals access PI and PHI.

Public Key Infrastructure (PKI): the hardware, software, people, policies, and procedures that create, manage, distribute, use, store, and revoke digital certificates. The PKI is required for digital signature and encryption.

Digital signature: a cryptographically strong electronic signature which typically depends on the PKI


Consent directives management: allows users to block access to their PHI through directives that are checked and honoured during execution of transactions by the HIAL

Auditing: records events in an immutable log, which can be used for subsequent investigations

Other Common Services 

Portal services: the services required to support portals; includes portlets, the context framework and other related capabilities for portal integration

Terminology services: provide a consistent interface and set of functions to manage and use terminology for a clinical domain. May include vocabulary lists, value sets, taxonomies, concepts, relationships. An example is translation of vocabulary used in a message to make it understandable to the receiver. 

Message transformation: transforms message structure from an input format to an output format by applying a map retrieved from the mapping service

Policy management: provides an interface to configure, manage and enforce policies for access, auditing, logging, and consent, etc., as required for operation of EHR services

Line of business orchestration: provides a means to automate and integrate multiple services that execute on heterogeneous platforms into a business process or workflow. Specifically, it invokes activities or services in a particular order, according to a set of rules; manages the complex flow logic and process state, and correlates responses from downstream and upstream systems to a service orchestration instance. 

Line of business realization: the HIAL orchestration level activities that are implemented and customized for each line of business service integrated through the HIAL 

Portlet services: help eHealth Ontario portal services facilitate secure and simple access to services provided by eHealth Ontario line of business applications, and integrate into regional and third-party value-add solutions. This enables the aggregation of content and web services from remote sources across many organizational boundaries on numerous application servers.

Back to Top

Explore the Blueprint

Multiple views describe the many ways the blueprint supports EHR delivery.

Get Us Involved

From advisory consultations on blueprint alignment to standard selection, we can help you align, adopt and implement solutions.

Contact Us

Stay Up To Date

Published four times a year, the Blueprint Bulletin provides readers with regular insight into the elements, services and new developments associated with the Ontario eHealth blueprint.

Looks like you’re using an old browser.

To view this site, you’ll need to upgrade your browser.

Upgrade Now