Privacy & Security
Keeping your Data Safe
Infoway works closely with the provinces and territories to develop solutions that protect personal health information (PHI) and keep your health data private and secure.
Data are a valuable commodity in our digital world, and health data is no exception. The provinces and territories, health providers and vendors work together to make certain that your personal health information isn’t lost, stolen or misused.
Privacy and security requirements are reinforced in all Infoway initiatives. Infoway also works closely with the jurisdictions through working groups such as the Privacy Forum and the Health Information Privacy Group to identify privacy and security best practices that can be leveraged and standardized across the country.
What is PHI?
Personal health information includes oral or written information in any format that identifies an individual and relates to their health and health care. Some examples might include:
- Your address
- Your health card number
- Your medications
- Laboratory test results
- Examination notes
While your information is held by an institution or someone other than yourself, the information contained in the records is yours, and you have the right to access it. However, the physical record is the responsibility of the person or organization that created it.
Personal health information is precisely that — personal. As the owner of your health data, consent for sharing it rests with you. Just as banks protect financial information, it’s important to ensure that health data is kept private and secure.
Privacy Primer
Our primer provides an introduction to interoperability, an overview of Canadian privacy laws and some practical approaches to privacy for interoperability.
In Privacy as an Enabler: Sharing Personal Health Information for Interoperability Primer we delve into the role privacy plays in the creation of interoperable health systems. We address the myth that privacy laws mean patient data can’t be shared. The primer outlines how privacy laws enable the sharing of patient data by providing guidance on how to share health data safely, with a patient’s consent, and the responsibilities of both parties when patient info is shared.
Protecting your PHI
Addressing privacy, confidentiality and security of personal health information is fundamental to all Infoway digital health initiatives. All jurisdictions in Canada (federal, provincial, territorial) have laws in place to protect personal information, and many have legislation specific to health information. These laws, regulations and best practices are respected by all Infoway-funded projects.
Infoway is committed to respecting personal privacy, safeguarding confidential information and ensuring the security of personal health information within our custody or control.
If you have questions or complaints about Infoway’s information practices and privacy program, please visit our contact us page and select "Privacy" from the subject drop-down.
Visit PrescribeIT.ca to view the PrescribeIT® Privacy Policy.
- Policies / Guidelines
Infoway Privacy and Security Assessment Policy
This policy includes relevant assessments for identifying data privacy and information security risks associated with new systems and services, ensure appropriate controls and to address identified risks and recommendations. The policy cover the... - Privacy
Digital Health Solutions Privacy & Security Guideline
This Guideline sets out technical security and privacy recommendations that a health care organization, solutions developer or provider can use to ensure its clinical practices and/or solution meets the necessary regulatory requirements to protect... - Privacy
A Path Forward for Data Sharing in Canada: A White Paper
The objective of this white paper is to highlight data sharing opportunities in Canada and put forward solutions about how to address the identified needs. It focuses on privacy and data governance concerns, especially legislative and related... - Security
Post-Quantum Computing Security: A Primer for Canadian Health Care Organizations
While quantum computers can bring benefits to the health care sector, new risks arise as the technology becomes more available. Although it is not currently a threat, Infoway has recommended quantum readiness activities to help prepare the health... -
Security Policy Templates
Templates based on international standardsThe goal of these templates is to provide health care organizations in Canada with a foundation for implementing a comprehensive security program based on internationally recognized standards and best practices. - Privacy
What Canadians Think 2022 — Privacy Edition Survey: Canadians’ Perspectives on Digital Health Privacy
Infoway has been tracking attitudes, expectations and experiences in digital health privacy in Canada every five years since 2007. Find out about Canadians’ perspectives on digital health and privacy in 2022.
- Technical documents
EHR Privacy and Security Architecture (Full)
Infoway's Electronic Health Record (EHR) Privacy and Security conceptual Architecture (PSA) helps ensure that future interoperable EHR systems will comply with federal/provincial/territorial, as well as cross-jurisdictional Privacy and Security... - Technical documents
EHR Privacy and Security Requirements
This document identifies the privacy and security (P&S) requirements that an interoperable electronic health record (EHR) must meet in order to fully protect the privacy of patient/persons and maintain the confidentiality, integrity and... - Privacy
Earnscliffe Survey on Electronic Health Information and Privacy
This 2017 survey includes comparisons with similar surveys conducted in 2012 and 2007. It also includes questions about Infoway’s new areas of focus, such as e-prescribing, consumer health and mobile devices.
- Resources
Data Sharing Agreements and the Interoperable Digital Health Record: A Discussion Paper
Data sharing agreements (DSAs) are essential in defining the roles, responsibilities, obligations and penalties associated with sharing personal health information electronically. This discussion paper sheds light on the value of DSAs, common... - Privacy
Business and Architecture Considerations for Interoperable Consent Solutions – A Discussion Document
This paper provides information related to consent management solution choices, planning and implementation, to help jurisdictions meet their legislative and policy requirements regarding consent (an individual's wishes for use and disclosure of...
-
Privacy Impact Assessments
Measuring the potential impact of digital health projectsA privacy impact assessment (PIA) helps projects consider the actual or potential effects that a proposed technology, information system or program may have on an individual’s privacy. -
Privacy Frequently Asked Questions (FAQs)
Privacy is an essential part of our initiativesView answers to frequently asked questions about Canada Health Infoway’s privacy mandate, the Privacy Forum and Health Information Privacy Group, and more. -
Digital Health Privacy Links
Links to jurisdictional oversight bodiesHave questions about privacy and your personal health information? Visit your local privacy oversight body or your health minister or e-health agency through these useful links.