From detailed guides to online courses – resources are available to provide you with the knowledge necessary to build and integrate EHR applications.

Secure Access to the EHR

The elements of the EHR are stored with eHealth Ontario and its regional partners, some of which are large, well-established organizations with mature IT processes and security/privacy controls, while others are smaller and less mature. The EHR may be accessed through large systems, EMR systems or portal implementations. All of these accesses occur through a secure mechanism. 

Figure 26: Layered Access Control

eHealth Ontario has adopted a layered approach to access control:

  • The operators of health care provider systems restrict access to those with valid user identities and a specific need to access the data.
  • Only systems with an eHealth Ontario PKI certificate issued through a ONE ID registration event can communicate directly with provincial EHR assets through the eHealth Ontario HIAL segment. 
  • ONE ID works with other EHR systems to evaluate service requests in the context of the requesting system, the identity of the requesting user, the user’s roles, and the service being requested.
  • The solution implementing the business service (the application owner) applies fine-grained access control based on business rules and the transaction the end system is requesting.
  • Applicable consent directives are applied against all transactions that require access to PHI.
  • All accesses and transactions to PI/PHI through eHealth Ontario are logged for audit purposes.

Access through Large Organization Systems

These partners are typically institutions with large amounts of PHI already in their local systems, such as pharmacy systems, hospital information systems, laboratory systems and radiology systems. They are expected to have controls that include: 

  • Physical restrictions that reduce the likelihood of public or illicit access
  • Human resources processes that ensure that credentials and accesses are removed when employment terminates
  • Local privacy and security officers to manage policies and respond to threats

Users from these partners can be granted access to EHR services using their local login credentials. 

Accessing through EMRs

Providers in smaller practices will access the EHR through EMR systems or standards-based portals. Models for deploying EMRs include hosting at a provider’s site, or centrally as an application service provider on behalf of users at remote sites. 

The ASP models are large, centrally managed implementations. Local implementations are typically smaller and are more challenging from a trust perspective. Each installation of an EMR system will be identified, registered and issued a security certificate to authenticate to the EHR infrastructure. Additional user-based authentication mechanisms will also be included. 

Accessing Diagnostic Imaging Repositories

Diagnostic imaging information may not always be in a central repository, but in locations distributed around the province. These federated service providers will be supported by facilities developed by eHealth Ontario, e.g. if a certain type of diagnostic image or report is distributed across multiple regional repositories, eHealth Ontario can build common services to search across them all. 

Accessing through Portals

Content from many sources, including the EHR, can be presented to users through a web/portal interface using portlets. Hospitals and other large provider organizations wanting to consume eHealth Ontario portlets in their portals can qualify to be trusted by eHealth Ontario to control access to and use of EHR components, based on existing security and privacy controls and their HIC status.

The identity provider is responsible for authenticating and authorizing the user, and for controlling access to the pages hosting the portlets. Audit records will be kept of all transactions, and integration with the eHealth Ontario audit service will ensure appropriate reporting.

All user interactions with portals use Transport Layer Security (TLS) between the browser and the portal at the strongest cipher level available from the browser, or in the worst case, in compliance with minimum requirements set by policy. Communications from the portal to the eHealth Ontario infrastructure also use TLS, but they are authenticated by both ends of the communication channel.

All portal features must be thoroughly tested, including penetration tests, before being put into production. 

The following diagram shows the high level user and system actions performed by solution components for the ‘remote portlet’ model. The user securely logs on to a partner portal which displays a page containing one or more portlets. The user interacts with the portlets which then communicate with one another in the browser via the eHealth Ontario shared context manager portlet. The context manager provides event management and also manages attributes that specify the current activity context, such as the health care client health number or other health information.

Figure 27: Action steps in the Remote Portlet Model

  • The partner portal provides the user web experience, as well as the attributes for user context for service authorization and entitlement. The users implicitly rely on the partner portal to address their privacy and security concerns. The partner portal also establishes the communication channel to the eHealth Ontario portlet producer.
  • HIAL portlet access processing validates the partner portal. 
  • The eHealth Ontario portlet producer provides the portlets with a common set of interfaces (the WSRP interfaces). The portlets obtain the user and activity context from the WSRP messages sent from the partner portal. They convert the user context to SAML assertions that are inserted into the line of business services requests.
  • HIAL service access processing engages ONE ID to check the user’s entitlement, based on the SAML assertions. 
  • Line of business services process information based on the service request.

The eHealth Ontario portal is complemented by regional portals providing similar services and using common technologies, components and standards. Regional portals have integrated security and a strong trust relationship with eHealth Ontario, allowing them to offer the same services as the eHealth Ontario portal. However, they have different governance structures and a mandate to expose additional content and services that only apply to their regional providers. 

Access to the Public 

For health care clients to have access to their own records, their identities must be managed and authenticated. Leveraging a model of federated identity and authentication similar to that for clinicians may be the best approach. Addressing the security and privacy of individuals under these circumstances requires considerable attention to identity, appropriateness, and audit verification. eHealth Ontario’s advanced registration authentication systems can be leveraged where needed to support stronger identification and authentication of users. 

Giving the public access to their health information also provides strong security benefits. For example, providing users with a list of organizations that have accessed their records allows them to validate appropriate use and request investigations for perceived violations. Individuals will be able to provide and manage consent directives which guide the use and disclosure of their PHI.

Access ‘Under the Authority Of’

Any provider accessing the EHR is considered to be acting under the authority of a Health Information Custodian (HIC), as defined in legislation. The HIC could be a large organization (e.g. a hospital), or it could be a sole practitioner’s clinic. eHealth Ontario records the HIC associated with each transaction.

Some providers may work for more than one HIC. When interacting with the EHR, they must specify under which HIC’s authority they are acting. 

Back to Top

Explore the Blueprint

Multiple views describe the many ways the blueprint supports EHR delivery.

Get Us Involved

From advisory consultations on blueprint alignment to standard selection, we can help you align, adopt and implement solutions.

Contact Us

Stay Up To Date

Published four times a year, the Blueprint Bulletin provides readers with regular insight into the elements, services and new developments associated with the Ontario eHealth blueprint.

Looks like you’re using an old browser.

To view this site, you’ll need to upgrade your browser.

Upgrade Now