Implementation Guidance > Data Consumer Responsibility
Data Consumer Responsibility
Privacy and Security
Prior to implementing this guide, an organization shall complete security and privacy risk assessments and address the recommendations of those assessments. Care should be taken to ensure the confidentiality and integrity of Personal Health Information in transit and at rest can be maintained at an appropriate level.The information which adopters receive when submitting Mental Health and Addictions Provincial Data Set information is considered Personal Information (PI) and Personal Health Information (PHI). As a result, access to the personal health information must be restricted as specified in data-sharing agreements and corresponding legislation.
In accordance with section 30 of O. Reg. 329/04, the health information custodian is responsible for ensuring that every digital health asset that it selects, develops or uses complies with every applicable interoperability specification, as it may be amended from time to time, and within the time period set out in the specification. In addition to complying with the requirements set out in each applicable interoperability specification, the health information custodian is responsible for complying with PHIPA and its regulations, including but not limited to the health information custodian’s obligations related to ensuring accuracy (section 11(1) of PHIPA), security (section 12 of PHIPA), and the handling of records (section 13 of PHIPA).