DRAFT - The specification is currently in development and subject to significant change. It is not ready for limited roll-out or production level use.
Privacy and Security Guidance
Privacy and Security Guidelines
Infoway is continuously developing and maintaining Privacy and Security guidelines, supporting existing and emerging digital health solutions and providing Privacy and Security best practices.
Privacy areas of focus include an overview of Canadian privacy laws and some practical approaches on how to share health data safely, with the patient’s consent, and the responsibilities of both parties when patient information is shared. They include organizational recommendations and considerations with the aim of ensuring the privacy and security (confidentiality, integrity, and availability) of both patient health information and patient data and their lifecycle.
The set of recommendations finds common ground between existing provincial, national and international standards, and legislations. The guidelines are informative and do not relieve the health care organization and/or health care solutions vendor of their obligation to comply with relevant Privacy and Security measures, laws, regulations and legislations within their regions of operations.
Privacy and Security Focus Areas
It is recommended that vendors and jurisdictions ensure that appropriate Privacy and Security measures are in place for the CA:eReC implementations. Measures implementation, governance should be proportional to the identified risks, and aligned with the local and applicable jurisdiction requirements. Privacy and security practices should cover, but are not limited to the following principles:
| Privacy |
|---|
| Responsibility |
| Identifying purposes |
| Openness and transparency |
| Limiting use and disclosure |
| Consent |
| Limiting data collection and retention |
| Privacy Safeguards |
| Security |
|---|
| Authentication |
| Authorization |
| Access control |
| Security policy |
| Risk and Incident Management |
| Data Encryption at rest and in transit |
| Digital Signatures |
| Audit and Monitoring |
| Acquisition, development, and maintenance |
| Third Party Management |
Privacy and Security Supporting Documents
Digital Health Solutions Privacy & Security Guideline
This Guideline sets out technical security and privacy recommendations that a health care organization, solutions developer or provider can use to ensure support its clinical practices and/or solution to meet the necessary regulatory requirements to protect patient privacy and secure information handling processes.
Privacy as an Enabler: Sharing Personal Health Information for Interoperability Primer
This privacy primer provides an introduction to interoperability, an overview of Canadian privacy laws and some practical approaches to privacy for interoperability. It delves into the role privacy plays in the creation of interoperable health systems. It addresses the myth that privacy laws mean patient data can’t be shared. The primer outlines how privacy laws enable the sharing of patient data by providing guidance on how to share health data safely, with a patient’s consent, and the responsibilities of both parties when patient information is shared.
Digital Health Solutions Procurement Toolkit
This toolkit provides consolidated privacy and security requirements common to virtual visits and remote patient monitoring solutions.
A Path Forward for Data Sharing in Canada
The objective of this white paper is to highlight data sharing opportunities in Canada and put forward solutions about how to address the identified needs. It focuses on privacy and data governance concerns, especially legislative and related potential barriers and solutions.