Plain Language Description of the Electronic Health Record
Under Ontario Health’s authority as a prescribed organization pursuant to Ontario Regulation 329/04, Ontario Health (Digital Services) develops and maintains the electronic health record (EHR) in accordance with Part V.1 of the Personal Health Information Protection Act, 2004 (PHIPA).
The EHR consists of the following repositories:
- Ontario Laboratories Information System (OLIS): lab test requisitions and results from hospitals, community labs and public health labs.
- Diagnostic Imaging-Common Service (DI-CS): diagnostic imaging reports from hospitals and independent health facilities, as well as relevant information to support the retrieval of diagnostic imaging reports from the regional image repositories in Ontario.
- Acute and Community Clinical Data Repository (acCDR): clinical information from hospitals and home and community care organizations across Ontario, including information about hospital visits by patients, emergency room reports, consultation reports and discharge summaries, as well as long-term care placement details, risk assessments and care plans.
- Primary Care Clinical Data Repository (pcCDR): clinical information from primary care providers (such as general practitioners or family physicians) submitted via certified electronic medical record (EMR) systems, including demographics, medications, allergies and adverse reactions, current health conditions, past medical and surgical history, immunizations, risk factors, vitals and vitals trends.
- Digital Health Drug Repository (DHDR): drug and prescription information from publicly-funded drug programs, publicly-funded pharmacy services (e.g. MedsCheck Program, Pharmacy Smoking Cessation Program, vaccine administration) and monitored drugs programs (narcotics and controlled substances) regardless of who the payor is.
- Provincial Client Registry (PCR): patient demographics and identifiers, such as patient health card numbers, medical record numbers and address information from the Ministry of Health’s Registered Persons Database (RPDB), hospitals and participating health care organizations.
Ontario Health has administrative, technical and physical safeguards in place to:
- protect against theft, loss and unauthorized collection, use or disclosure of the personal health information accessible by means of the EHR;
- protect the personal health information accessible by means of the EHR against unauthorized copying, modification or disposal; and
- protect the integrity, security and confidentiality of the personal health information accessible by means of the EHR.
Safeguards include the use of tools (both technological and physical) such as security software and encryption protocols, firewalls, locks and other access controls, including, but not limited to, the following:
- appointment of a Chief Privacy Officer;
- privacy assessments performed on all projects and initiatives to identify and mitigate privacy risks;
- a comprehensive suite of privacy policies outlining our information handling practices;
- privacy and security training completed by all staff upon joining and annually thereafter, including role-based training for individuals who have defined and controlled access to personal information or personal health information;
- agreements with health information custodians (health care providers and organizations) that outline the roles, responsibilities and obligations governing their contribution and access to the EHR; and
- access controls to ensure individuals are only granted access to personal information or personal health information that is directly proportionate to the time and purpose required to perform their role.
For more information about Ontario Health’s practices as the prescribed organization, please see our Statement of Information Practices.