Ontario Medical Imaging HL7® FHIR® Implementation Guide

Implementation Guidance Index > Consumer Responsibility

Data Consumer Responsibility

Privacy and Security

Prior to implementing this guide, an organization shall complete security and privacy risk assessments and address the recommendations of those assessments. Care should be taken to ensure the confidentiality and integrity of Personal Health Information in transit and at rest can be maintained at an appropriate level.

The information which adopters receive when submitting/receiving MI data is considered Personal Information (PI) and Personal Health Information (PHI). As a result, access to the health patient information must be restricted as specified in data-sharing agreements and corresponding legislation.

System Responsibility for User Authorization, Authentication

System level integration is when a Point of Service (PoS) system representing many users, registers for access to miCDR, instead of registering individual users. In this case, access to the miCDR is granted to the PoS System and all access PoS are treated equally. The responsibility to Authenticate and Authorize individual access is delegated from miCDR to the PoS. The PoS must ensure individual users access miCDR as required by Ontario Health’s privacy policies.

The PoS System is responsible for ensuring the accuracy of the identity of the individual requester specified in the message. User identities must be tied to authenticated user accounts.

User Credentials

Any requests for MI documents must be authorized by miCDR. Authorization is granted via a trust model where OAuth2 tokens are exchanged.

The HIC organization under whose authority the interaction is initiated SHALL be identified in the OAuth token.

For any user initiated access to MI documents, the individual user must identified by the PoS within the token for auditing purposes within miCDR. For system initiated access, where there is no individual user, the user is not required to be identified. Refer to the Connectivity section for further details.

Auditing

The PoS must audit user-initiated activities such as GET or POST requests. Audit logs are maintained by the PoS System to audit PHI disclosure to their end users. PoS Systems must audit PHI disclosed to their end users.

Logging

PoS Systems must log all activities utilizing the MI API. The PoS System must log all user-initiated activities such as GET or POST requests.

Application logs are tracked by the PoS System for activities performed by the system. PHI must not be stored in application log files.
Access logs are tracked by the PoS System when the user accesses the PoS System. PI may be stored in access logs.
Application logs should log the API request/response HTTP responses codes and operational outcome.

All of the above logs are retained in accordance with the HIC's privacy policies and any supporting agreements with Ontario Health.

Conformance

All FHIR resources submitted to Ontario Health SHALL be well-formed and conform with this specification.