v1.0.0-ballot1
For a full list of available versions, see the Directory of published versions
Prior to implementing this guide, each health information custodian must complete the following, as applicable. To provide personal health information for the purposes of contribution to IAR clinical data repository, each health information custodian (HIC) must:
In accordance with section 30 of O. Reg. 329/04, the health information custodian is responsible for ensuring that every digital health asset that it selects, develops or uses complies with every applicable interoperability specification, as it may be amended from time to time, and within the time period set out in the specification. In addition to complying with the requirements set out in each applicable interoperability specification, the health information custodian is responsible for complying with PHIPA and its regulations.
Note to Implementers (Privacy & Security — Formal Requirements): The current IAR architecture SHALL NOT be used to apply or enforce provider‑specific consent blocking. The system consistently treats all authorized IAR viewers uniformly once an assessment is submitted with a shareable consent directive. Any request from an individual to restrict access by a specific provider SHALL be managed operationally by the submitting Health Information Custodian (HIC) prior to submission. The submitting HIC SHALL have in place a process to determine whether the assessment can be uploaded in a manner consistent with the individual’s consent instructions, including choosing not to submit the assessment if required. Implementers SHALL NOT rely on the IAR system to enforce or validate provider‑specific access restrictions, and the submitting HIC retains responsibility for ensuring compliance with the individual’s instructions with respect to any past or future submissions or disclosures.
To support all instances where personal health information is collected, used, and disclosed - user credential information SHALL be included in each data transfer between the source and target systems for audit and logging purposes and also for the messages to identify the user who initiated the request, when that request was initiated by an actual user (as opposed to when performed by a system with no PHI disclosure to an individual user). Refer to the Connectivity Summary for further details.
A "system" level integration is when a Point of Service (PoS) system representing many users, registers for access to the IAR clinical data repository (CDR), instead of registering individual users. In this case, access to the IAR CDR is granted to the PoS System and all access PoS are treated equally. The responsibility to authenticate and authorize individual access is delegated from the IAR CDR to the HIC that will submitt assessment via the given PoS. The HIC must ensure individual users access the IAR CDR as required by Ontario Health’s privacy policies.
The HIC that will access IAR CDR via the given PoS is responsible for ensuring the accuracy of the identity of the individual requester specified in the message. User identities must be tied to authenticated user accounts.
The PoS must audit user-initiated activities such as HTTP GET or POST requests. Audit logs are maintained by the PoS System to audit PHI disclosure to their end users. PoS Systems must audit PHI disclosure to their end users.
The PoS System must log all user-initiated or system-initiated activities such as HTTP GET or POST requests.
All of the above logs are retained in accordance with the HIC’s obligation as defined by and applicable PHIPA agreements or other agreements with Ontario Health.