From detailed guides to online courses – resources are available to provide you with the knowledge necessary to build and integrate EHR applications.
The elements of the EHR are stored with eHealth Ontario and its regional partners, some of which are large, well-established organizations with mature IT processes and security/privacy controls, while others are smaller and less mature. The EHR may be accessed through large systems, EMR systems or portal implementations. All of these accesses occur through a secure mechanism.
Figure 26: Layered Access Control
eHealth Ontario has adopted a layered approach to access control:
These partners are typically institutions with large amounts of PHI already in their local systems, such as pharmacy systems, hospital information systems, laboratory systems and radiology systems. They are expected to have controls that include:
Users from these partners can be granted access to EHR services using their local login credentials.
Providers in smaller practices will access the EHR through EMR systems or standards-based portals. Models for deploying EMRs include hosting at a provider’s site, or centrally as an application service provider on behalf of users at remote sites.
The ASP models are large, centrally managed implementations. Local implementations are typically smaller and are more challenging from a trust perspective. Each installation of an EMR system will be identified, registered and issued a security certificate to authenticate to the EHR infrastructure. Additional user-based authentication mechanisms will also be included.
Diagnostic imaging information may not always be in a central repository, but in locations distributed around the province. These federated service providers will be supported by facilities developed by eHealth Ontario, e.g. if a certain type of diagnostic image or report is distributed across multiple regional repositories, eHealth Ontario can build common services to search across them all.
Content from many sources, including the EHR, can be presented to users through a web/portal interface using portlets. Hospitals and other large provider organizations wanting to consume eHealth Ontario portlets in their portals can qualify to be trusted by eHealth Ontario to control access to and use of EHR components, based on existing security and privacy controls and their HIC status.
The identity provider is responsible for authenticating and authorizing the user, and for controlling access to the pages hosting the portlets. Audit records will be kept of all transactions, and integration with the eHealth Ontario audit service will ensure appropriate reporting.
All user interactions with portals use Transport Layer Security (TLS) between the browser and the portal at the strongest cipher level available from the browser, or in the worst case, in compliance with minimum requirements set by policy. Communications from the portal to the eHealth Ontario infrastructure also use TLS, but they are authenticated by both ends of the communication channel.
All portal features must be thoroughly tested, including penetration tests, before being put into production.
The following diagram shows the high level user and system actions performed by solution components for the ‘remote portlet’ model. The user securely logs on to a partner portal which displays a page containing one or more portlets. The user interacts with the portlets which then communicate with one another in the browser via the eHealth Ontario shared context manager portlet. The context manager provides event management and also manages attributes that specify the current activity context, such as the health care client health number or other health information.
Figure 27: Action steps in the Remote Portlet Model
The eHealth Ontario portal is complemented by regional portals providing similar services and using common technologies, components and standards. Regional portals have integrated security and a strong trust relationship with eHealth Ontario, allowing them to offer the same services as the eHealth Ontario portal. However, they have different governance structures and a mandate to expose additional content and services that only apply to their regional providers.
For health care clients to have access to their own records, their identities must be managed and authenticated. Leveraging a model of federated identity and authentication similar to that for clinicians may be the best approach. Addressing the security and privacy of individuals under these circumstances requires considerable attention to identity, appropriateness, and audit verification. eHealth Ontario’s advanced registration authentication systems can be leveraged where needed to support stronger identification and authentication of users.
Giving the public access to their health information also provides strong security benefits. For example, providing users with a list of organizations that have accessed their records allows them to validate appropriate use and request investigations for perceived violations. Individuals will be able to provide and manage consent directives which guide the use and disclosure of their PHI.
Any provider accessing the EHR is considered to be acting under the authority of a Health Information Custodian (HIC), as defined in legislation. The HIC could be a large organization (e.g. a hospital), or it could be a sole practitioner’s clinic. eHealth Ontario records the HIC associated with each transaction.
Some providers may work for more than one HIC. When interacting with the EHR, they must specify under which HIC’s authority they are acting.Back to Top
Multiple views describe the many ways the blueprint supports EHR delivery.
From advisory consultations on blueprint alignment to standard selection, we can help you align, adopt and implement solutions.Contact Us