From detailed guides to online courses – resources are available to provide you with the knowledge necessary to build and integrate EHR applications.

The EHR Landscape from a Privacy and Security Perspective

PHI exists in doctors’ offices, pharmacies, hospitals, labs and other locations throughout Ontario. The data custodians of these locations (and their agents and security providers) must ensure that the information is properly protected as required by PHIPA. Providers are responsible for the privacy and security of the records stored on their premises or elsewhere on their behalf. 

With paper-based records, a security or privacy breach could jeopardize only those records held by a single health care provider. In a small clinic with several providers, the number of jeopardized records would be somewhat larger. In a hospital the impact would be larger still. With the introduction of the EHR, the potential impact of a breach is increased, both in terms of the breadth of distribution and the amount of sensitive information available. 

This places greater emphasis on the need for strong security and privacy controls and applicable standards. The EHR will provide the architecture for the widespread sharing of clinical data, coupled with strong controls for registration, identification, authentication, authorization, and auditing. Consent-based privacy mechanisms will allow health care clients to block access to any or all of their PHI. 

In the context of information security, data ‘integrity’ means assurance that the information is accurate and complete. Accuracy is critical to the effective delivery of health care, as diagnoses, prescriptions, treatment plans and other clinical activity depend on the correctness of the information with which health care providers work. The accuracy of EHR data is critically dependent on the quality of identification, which is itself dependent on the identification of sources and users of data. This puts particular onus on the creation and maintenance of accurate provider and health care client identity, from record creation through storage and retrieval. 

This requirement for accuracy has implications for the technologies used to analyze, store and report on information in the EHR. It underpins the need for effective testing, including data quality, change management and audit strategies, and puts emphasis on the quality of procurement and operations activities in support of the EHR. It should also be noted that, while EHR solutions can employ controls to help ensure accuracy, health care providers are ultimately responsible for ensuring that the data is correctly input.

The EHR must be reliable and highly available in order to be successful and widely adopted. Health care providers must be able to access information when and where they need it, which has a huge impact on the design and deployment of EHR services, driving the need for stable, high-availability infrastructure and applications.

EHR solutions also must be protected from malicious attacks from both outside and within the health community. The EHR infrastructure (hardware, software, networks, data centres) will have appropriate security controls.

Back to Top

Explore the Blueprint

Multiple views describe the many ways the blueprint supports EHR delivery.

Get Us Involved

From advisory consultations on blueprint alignment to standard selection, we can help you align, adopt and implement solutions.

Contact Us

Stay Up To Date

Published four times a year, the Blueprint Bulletin provides readers with regular insight into the elements, services and new developments associated with the Ontario eHealth blueprint.

Looks like you’re using an old browser.

To view this site, you’ll need to upgrade your browser.

Upgrade Now