The Canadian Standards Association’s Model Code (CSA Model Code) is a national standard for privacy protection and is widely used across Canada as the basis for health information privacy legislation, including Ontario’s PHI Protection Act, 2004 (PHIPA). Detailed information is available at
www.ehealthontario.on.ca in the Privacy section.
eHealth Ontario adheres to the CSA Model Code’s privacy principles in the implementation of the EHR as follows:
- Accountability: an organization is responsible for PHI under its control and has designated an individual or individuals who are accountable for the organization’s compliance with privacy principles.
eHealth Ontario’s Board of Directors is accountable for the protection of privacy at the agency. It delegates this authority to the Chief Executive Officer who designates and appoints a Chief Privacy Officer to act on his or her behalf in this capacity.
- Identifying purpose: the purposes for which PHI is collected shall be identified by the organization at or before the time the information is collected.
eHealth Ontario does not collect PHI directly from health care clients, but is permitted under PHIPA to use PHI received from Health Information Custodians (HICs – e.g. hospitals, labs, pharmacies) to create and maintain the electronic health record. Information about the purpose of the eHealth Ontario-managed data repositories can be found on eHealth Ontario’s website under Privacy. HICs, as the collectors of the PHI, are responsible for identifying the purpose for the collection of PHI at or before the time it is collected.
- Knowledge and consent: the knowledge and consent of the individual are required for the collection, use or disclosure of PI, except where inappropriate.
When health care clients receive health care services from HICs, their express consent to share information between HICs who are involved is not required. According to PHIPA, HICs may rely on the implied consent of the health care client to collect, use, disclose and retain PHI in the EHR, for the purpose of providing or assisting in the provision of healthcare services, unless the health care client has expressly withheld or withdrawn consent. Consent should be meaningful and health care clients should be able to understand how their PHI will be used and disclosed in the EHR, as well as the fact that they are entitled to withdraw consent at any time.
eHealth Ontario’s role is to implement a consent management system for provincially managed assets. Health care client consent directives regarding how their PHI can be shared through the EHR are processed to respect and protect the health care client’s privacy. If a consent directive has been overridden by a HIC, a notification in writing shall be sent to the health care client, unless otherwise directed by the health care client.
- Limiting collection: the collection of PHI shall be limited to that which is necessary for the purposes identified by the organization. PHI shall be collected by fair and lawful means.
When eHealth Ontario is creating or maintaining EHRs, it is not collecting PHI as defined by PHIPA. eHealth Ontario is permitted to receive the PHI collected by HICs for the purpose of creating or maintaining EHRs. When acting as an agent for a HIC, eHealth Ontario collects PHI only as directed by the HIC and only on behalf of the HIC.
- Limiting use, disclosure and retention: PHI shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
eHealth Ontario does not use or disclose PHI, as those terms are defined in PHIPA, for its own purposes. PHI is only used, disclosed and retained as directed by the HICs to which it is providing services when acting as an agent under PHIPA, or in accordance with the legislation to provide and assist in the provision of healthcare services, and for no other purpose unless permitted by the legislation and approved by the Commissioner. According to PHIPA and its regulations, when PHI is provided to eHealth Ontario by a HIC for the purposes of creating and maintaining one or more EHRs, the HIC is not considered to be disclosing the PHI to eHealth Ontario as the term is defined in PHIPA. eHealth Ontario does not disclose PHI to HICs when it is creating or maintaining one or more EHRs; it receives PHI from and sends PHI to authorized HICs for the purpose of providing or assisting in the provision of healthcare services.
PHI is retained within eHealth Ontario’s data centre(s) and systems only as long as necessary for the fulfillment of those purposes, to the extent that is reasonable and practical.
To prevent misuse and lack of consistency of the privacy protocol among HICs and eHealth Ontario, there are agreements stipulating the permitted disclosure and uses of PHI.
Where a HIC provides PHI for the creation and maintenance of the EHR, and such PHI is stolen, lost or accessed by an unauthorized person, eHealth Ontario notifies the HIC at the earliest opportunity.
- Accuracy: PHI shall be as accurate, complete and up to date as is necessary for the purposes for which it is to be used.
The HICs who collect the PHI are responsible to ensure the accuracy of the source PHI. Corrections or changes to PHI must be completed by the HIC who has custody and/or control of the PHI. eHealth Ontario, where possible, provides mechanisms to HICs to support the accurate entry of PHI into the EHR (such as input validation controls). eHealth Ontario implements the security controls (e.g. encryption and digital signatures) to make sure the information sent to eHealth Ontario by HICs has not been intentionally modified or accidentally corrupted, and that it can be relied upon.
- Safeguards: PHI shall be protected by security safeguards appropriate to the sensitivity of the information.
eHealth Ontario consistently identifies and classifies its information assets and implements the commensurate security safeguards to protect the information and systems from the perspectives of confidentiality, integrity and availability (refer to the Securitysection below). Specifically, eHealth Ontario implements administrative, technical and physical safeguards, including but not limited to: encryption of PHI in transit or mandatory required on mobile devices; threat and risk assessments; privacy monitoring, immutable logging, auditing and reporting; access control; and privacy and security training.
In addition, for every eHealth Ontario service that involves PHI, a privacy assessment must be conducted, and identified risks and issues must be addressed prior to go-live.
Back to Top
- Openness: an organization shall make readily available to individuals specific information about its policies and practices relating to the management of PHI.
eHealth Ontario maintains a high degree of transparency with respect to its policies and practices relating to the management of PHI in the EHR. eHealth Ontario publishes this information to the public at www.ehealthontario.on.ca/en/privacy<
- Individual access and correction: upon request, an individual shall be informed of the existence, use and disclosure of their PHI and shall be given access to that information. An individual must be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
eHealth Ontario is not a HIC and does not directly deal with a health care client’s request to access or correct PHI. If eHealth Ontario receives an access or correction request, it will direct the individual to the appropriate HIC(s) to respond to the request.
- Compliance challenge: an individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.