eHealth Centre of Excellence

Privacy Resources


Your privacy is important to us. 


The Personal Health Information Protection Act (PHIPA, 2004) establishes a privacy framework for protecting personal health information in Ontario. Under the Act, the eHealth Centre of Excellence in its development, provision and/or deployment of various digital health programs and services, acts variously as:


  • a Service Provider/eService Provider to Participants

  • a Health Information Network Provider (HINP)

  • an agent of health information custodian (HIC) Participants


According to these roles, eHealth Centre of Excellence complies with the following ten privacy principles:


Be accountable

An organization is responsible for personal information under its control and must designate an individual or individuals who are accountable for the organization’s compliance with the following principles.

Identify the purpose

The purposes for which personal information is collected must be identified by the organization at or before the time the information is collected.

Obtain consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

Limit collection

The collection of personal information must be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

Limit use, disclosure and retention

Personal information must not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information must be retained only as long as necessary for the fulfillment of those purposes.

Be accurate

Personal information must be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

Use appropriate safeguards

Personal information must be protected by safeguards appropriate to the sensitivity of the information.

Be open

An organization must make readily available to individuals, specific information about its policies and practices relating to the management of personal information.

Give individuals access

Upon request, an individual must be informed of the existence, use, and disclosure of his or her personal information and be given access to that information. An individual must be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Provide recourse

An individual must be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.




eHealth Centre of Excellence privacy policies and forms

Privacy resources for health information custodians

(For eReferral and eCE Automates)

Privacy resources for patients & caregivers



If you have questions or would like more information, please contact us at [email protected].