Executive Summary - eReferral via eFax (Initial Phase) Privacy and Security Assessments

The eHealth Centre of Excellence (eCE) has engaged a third party [VersaFile partnered with IBM and Ingenium] to develop and operationalize an eReferral via eFax solution.  The solution utilizes IBM® Business Automation Workflow (BAW), hosted on the eCE Azure instance. Business automation means the creation of workflow applications to improve productivity. The BPM orchestration platform is defined as a service whereby a digital referral within the Ontario eServices network is converted into an image when the receiver cannot accept a digital referral within the network; and the returned information is converted back into digital fields to allow efficient, secure communication in the originating point of care system.

Privacy & Security

A third party was engaged by the eCE to conduct a Privacy Impact Assessment (PIA) and Threat & Risk Assessment (TRA) for the eReferral via eFax (Initial Phase). The assessments were undertaken to meet the following objectives:

• To demonstrate to stakeholders that the proper due diligence with respect to privacy and security has been conducted on behalf of the eHealth Centre of Excellence on the eReferral via eFax solution integration with Ocean eReferral solution for the initial phase of the project

• To identify privacy and/or security risks and to recommend strategies to manage those risks

• To ensure that the residual risk at the point of go-live is low

The eReferral via eFax (Initial Phase) is governed by eCE’s existing privacy policy. Strong safeguards are in place at both eCE and by the two vendors (IBM and Ingenium) to protect personal/personal health information (PI/PHI) as faxes traverse electronically. 

For more information on the PIA and TRA for this project, please contact [email protected].