Security Program

Our security program is built on a foundation of best practices, and includes a range of features, procedures and processes that are designed to protect sensitive health information.

Information Security Policy (PDF)

It's not enough to say we're secure. We have to prove it each and every day. We conduct independent threat and risk assessments to ensure our people, processes and technologies are adhering to the highest standards of security. We also work hard to identify new or potential threats, and recommend safeguards to minimize risks.

Are you a health information custodian (HIC) preparing your organization for access to the EHR?

Find out how your organization can securely connect to the EHR.

EHR Security Services

We offer a range of security services to health service providers to protect patient data in Ontario’s EHR against cyber threats. To discover how we can help your team, contact us at

Program Governance

We lead a group of subject matter experts from across the province in developing relevant security policies and creating and supporting standards, guidelines, tools, and templates, to ensure eHealth Ontario solutions and procedures align with security best practices and industry standards. This is all part of our ongoing work in establishing and maintaining the province’s EHR security governance framework. This framework will also help ensure that any upcoming technologies and innovations being considered for the EHR will be compatible with it. Effective governance is essential to keep patient data secure and confidential.

Risk Governance

We help clients identify and evaluate potential security risks that could occur when participating in the EHR by assessing their systems and processes based on provincial EHR policy. We recommend solutions to address any security risks and provide oversight at a provincial level for all clients participating in the EHR. This ensures security risks are kept to a minimum and managed consistently. 

Policy Compliance Assessments

Helping clients comply with EHR policies by conducting security assessments is another way we can help. We advise and assist clients in putting EHR policies into practice, and we facilitate ongoing compliance in the event of any changes to their systems (e.g. new apps / service providers) through annual compliance attestations.

Program Communications and Collaboration

We communicate the EHR security governance framework to health service providers by leading and participating in provincial and regional working groups and committees. This helps EHR participants understand the workings and value of the security framework and policies.  

Security Training and Awareness

We develop and administer security training in the form of modules and webinars which we publish online. We also host virtual and in-person seminars. Training focuses on the EHR security framework and policy obligations necessary to align with best-practices and protocols.

Incident Response

We help clients respond to security incidents so they are able to reduce any negative impacts by limiting potential damage and reducing recovery time and costs. We can notify affected health information custodians about an incident on behalf of a client to help with managing response process.

Contact us for more information about our security policies.