From detailed guides to online courses – resources are available to provide you with the knowledge necessary to build and integrate EHR applications.

Provider Identity

eHealth Ontario’s provider registry is a sharable province-wide repository of providers to help manage access to health care applications. Some providers, such as physicians, nurse practitioners, and dieticians, are regulated by colleges or similar bodies. The provider registry will contain both regulated and unregulated providers. 

Electronic credentials uniquely identify the provider who is accessing the health care application, and are used to ensure that the provider has authorized access. These credentials are stored as part of the EHR transaction logs, providing traceability throughout the EHR.

To ensure accountability, all EHR transactions must be traceable to a responsible individual. Due to the distributed nature of access to the EHR, this responsibility is shared by eHealth Ontario and its federation partners. Prior to disclosure of information from the EHR, the requesting care provider will always be strongly identified and authenticated. The strength of the identity process is taken into account during the entitlement evaluation. If the requested EHR or data domain service has a policy that requires users to have a particular strength of identity or authentication, then requests that do not meet these requirements will be rejected.

Two patterns are typical for disclosure of EHR data to a user. In the first a provider system presents a PKI certificate as part of an SSL mutually-authenticated session. The system owner will have proven their identity to the appropriate Certificate Authority (eHealth Ontario) to obtain the credential (PKI certificate) that enables them to submit a request to the EHR. Businesses seeking this type of access are bound contractually through agreements with eHealth Ontario, and must meet the requirements outlined in the appropriate policy. 

The second disclosure pattern requires identification of the individual user. The level of assurance associated with user identification needs to be commensurate with the sensitivity of information being disclosed. Users can be identified through eHealth Ontario’s ONE ID mechanism, or through other recognized and federated identity providers and federation partners.

Back to Top

Explore the Blueprint

Multiple views describe the many ways the blueprint supports EHR delivery.

Get Us Involved

From advisory consultations on blueprint alignment to standard selection, we can help you align, adopt and implement solutions.

Contact Us

Stay Up To Date

Published four times a year, the Blueprint Bulletin provides readers with regular insight into the elements, services and new developments associated with the Ontario eHealth blueprint.

Looks like you’re using an old browser.

To view this site, you’ll need to upgrade your browser.

Upgrade Now