eHealth Centre of Excellence

Safeguards Employed for the eServices eReferral Network

 

In its capacity as a Health Information Network Provider (HINP) for the Ontario eServices Program (eReferral) under the Personal Health Information Protection Act (PHIPA, 2004), the eHealth Centre of Excellence adheres to the following practices for safeguarding personal health information:

 

  1. Individuals have been designated as being responsible for privacy and security compliance.

  2. The eHealth Centre of Excellence has entered into written agreements with Participants in the eReferral Network.

  3. Organizational policies and procedures for privacy and security management have been developed, implemented and are monitored and enforced.  A mechanism is in place for reviewing and updating the policies and procedures. Employees, contract staff, students and volunteers are required to comply with these policies as a condition of their employment or applicable relationship with eHealth Centre of Excellence.

  4. The eHealth Centre of Excellence has contracted third-party Service Providers to assist in the fulfillment of our accountabilities. These third parties are required to comply with the eHealth Centre of Excellence's organizational policies and procedures for privacy and security management.

  5. Confidentiality and/or non-disclosure agreements (as applicable) are in place for all employees, contract staff, students, volunteers and service providers.  These agreements contain appropriate measures for breach of privacy, confidentiality, or security, up to and including dismissal or termination of the contract or agreement, as appropriate.

  6. Mandatory and ongoing privacy, confidentiality, and security awareness training is conducted for all employees, contract staff, students and volunteers. Service Providers are required to complete eCE privacy & security awareness training or agree in writing to providing substantially similar content to their personnel.

  7. The eHealth Centre of Excellence employees and consultants generally have no ability or need to collect, use or access personal health information. If collection, access/use of personal health information is required in the course of providing an eHealth Centre of Excellence service, employees and consultants are required to do adhere to the eHealth Centre of Excellence Privacy Policy and are prohibited from collection, use or disclosure of such information for any purpose other than the provision of the service.

  8. The eHealth Centre of Excellence ensures that Service Providers maintain audit logs of user activities and system administrator activities. These logs are audited and monitored. 

  9. A Privacy/Security Breach protocol with respect to the privacy and security of personal information has been developed and implemented. (IN PROGRESS)

 

See also eCE Privacy Policy Section 7: Safeguards