Implementation Guidance Index > Implementer Responsibility
Implementer Responsibility
Privacy and Security
Prior to implementing the integrations in this implementation guide, an organization shall complete security and privacy risk assessments and implement the recommendations of those assessments. Care should be taken to ensure that the confidentiality and integrity of Personal Health Information in transit and at rest can be maintained at a level that is appropriate.
The information received by adopters when submitting/receiving referrals is considered personal health information within the meaning of PHIPA.
Access to personal health information must be restricted to health information custodians (and their agents) and collected, used or disclosed on a need-to-know basis, as specified in data sharing agreements and legislation, including PHIPA. Furthermore, health information custodians must consider if personal health information is necessary for the purposes of the DHDR. If personal health information is necessary, health information custodians must consider how much personal health information is reasonably necessary for the purpose of the DHDR. Under PHIPA, health information custodians must not collect, use or disclose personal health information if other information will serve the purpose or collect, use or disclose more personal health information that is reasonably necessary to meet the purpose, among other requirements.
As a result, access to the health patient information must be restricted to only appropriately authorized users and used on a need-to-know basis as specified in data-sharing agreements and corresponding legislation.
User Credentials
To support all instances where personal health information is collected used and disclosed, user credential information SHALL be included in each data transfer between the source and target systems for audit and logging purposes and also for the DHDR messages to identify the user who initiated the request, when that request was initiated by an actual user (as opposed to when performed by a system with no PHI disclosure to an individual user). Refer to the Connectivity section for further details
System Responsibility for User Authorization, Authentication
A "system" level integration is when a Point of Service (PoS) system representing many users, registers for access to the DHDR, instead of registering individual users. In this case, access to the DHDR is granted to the PoS System and all access PoS are treated equally. The responsibility to authenticate and authorize individual access is delegated from the DHDR to the HIC that will access DHDR via the given PoS. The HIC must ensure individual users access the DHDR as required by Ontario Health’s privacy policies.
The HIC that will access DHDR via the given PoS is responsible for ensuring the accuracy of the identity of the individual requester specified in the message. User identities must be tied to authenticated user accounts.
Auditing
The PoS must audit user-initiated activities such as HTTP GET or POST requests. Audit logs are maintained by the PoS System to audit PHI disclosure to their end users. PoS Systems must audit PHI disclosure to their end users.
Logging
The PoS System must log all user-initiated or system-initiated activities such as HTTP GET or POST requests.
- Application logs are tracked by the PoS System for activities performed by the system. PHI must not be stored in application log files.
- Access logs are tracked by the PoS System when the user accesses the PoS System. PI may be stored in access logs.
- Application logs should log the API request/response HTTP responses codes and operational outcome.
All of the above logs are retained in accordance with the HIC’s obligation as defined by and applicable PHIPA agreements or other agreements with Ontario Health.