OTNhub eVisit Program PIA Summary

Date of PIA Report: October 20, 2022 (PIA reflective of information received up until this date)  

Date PIA Summary Last Reviewed and Updated: May 9, 2025

The following is a summary of the above-referenced privacy impact assessment (PIA) is an updated summary based on a delta PIA that was completed to assess the chat feature. The summary includes a brief background on the OTNhub eVisit Program, key findings, risk and recommendations as applicable, and target dates for completion.  See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

This assessment focuses primarily on Ontario Health’s role in the delivery of the OTNhub eVisit Program to users located in Ontario, consisting of health care providers and associated Member Organizations. Ontario Health’s mandate pursuant to the Connecting Care Act, 2019, includes the provision of virtual care to assist health care providers in delivering care to patients by using videoconferencing technology. 

An aspect of this mandate is carried out by Ontario Health’s OTNhub eVisit Program by using videoconferencing technology to (i) allow health care providers to remotely conduct appointments with patients, (ii) allow health care providers, where required, to interact in consultations with each other in connection with patient care and (iii) allow health care providers to chat to patient while conducting an eVisit. 

The form of OTNhub eVisit can either be through existing Ontario Health videoconferencing facilities found in health care organizations (Hosted eVisit) or through internet- based videoconferences (Direct to Patient Visits). These two means of connecting with patients (and, for health care providers, with each other) utilize eVisit services that are supported by Ontario Health, developed scheduling tools and are hosted by a cloud-based infrastructure platform. 

Key Findings

With the Outlook component of the project removed, the privacy analysis of the initiative identified four risks. Ontario Health’s PIA policy recommends that all high and medium risks be mitigated to an acceptable level prior to a project going live. As such, the following recommendations should be implemented prior to or in concert with this project’s launch. The recommendations should reduce the risk ratings from high to medium and from medium to low. The identified low risks should be mitigated within a reasonable time as determined by the Privacy Team.

Risk rating definitions used to assess the risk of each identified gap are available upon demand.

Risks and Recommendations

The PIA makes the following risks and recommendations:

Risks and Recommendations (2024 Delta PIA)

Risk 1: Ontario Health current agreement with the Member Organization and the User’s does not clearly articulate the chat feature of the OTNhub eVisit program.  There is a risk that without the chat feature noted as part of OTNhub eVisit program, the existing agreements will not apply to the chat feature 

Risk Level: Low

Recommendations: Ontario Health should update the Ontario Health Services section of the existing OTNhub Member Organization and the User Agreement to include chat features as part of the OTNhub eVisit program. 

Status: Accept - Risk has been carefully monitored for the past year and has not materialized. No new risk scenarios have occurred. 

Risk 2: Ontario Health’s OTNhub eVisit program training module does not include training for the chat feature.  There is a risk that without providing chat specific training, users will not be aware of privacy best practices when using the chat feature. 

Risk Level: Insignificant

Recommendations: Ontario Health should consider adding chat specific privacy training to the existing OTNhub eVisit program training module.

Status: Completed

Risks and Recommendations (2022 PIA):

Risk 1: Ontario Health does not securely return or destroy information at the end of the agreement. Neither of the agreements contains a provision that specifies that PI or PHI will be returned if the agreement is terminated.

Risk Level: Insignificant

Recommendations: Ontario Health should examine whether PI or PHI is retained upon termination of the user or member organization agreements. If such information is retained, Ontario Health should determine a retention period and establish a process to securely destroy such information after the retention period ends.

Status: Accept - Risk has been carefully monitored for past year and not materialized. No new risk scenarios have occurred. 

Risk 2: The “Your eVisit Appointment” document recommends that patients use a personal email address and not a business email address but does not provide instructions around password protection.  

Risk Level: Insignificant

Recommendations: Ontario Health should consider amending email messages to patients to suggest the use of passwords in accessing emails. 

Status: Completed

Risk 3: Proposed language associated with health care provider’s affirmation in obtaining consent. 

Risk Level: Insignificant

Recommendations: Ontario Health should consider amending the privacy language and providing greater detail in guidance documentation concerning what health care providers are to discuss with patients in connection with scheduling eVisit. 

Status: Completed

Risk 4: Ontario Health proposes to retain the patient’s name and email address for 15 years. There is no evidence that this retention is for the purpose of providing health care and no stated rationale for this length of a retention period. 

Risk Level: Insignificant

Recommendations: Ontario Health should consider (i) whether retention of this information is necessary or alternatively, whether a shorter retention period would suffice and (ii) whether Ontario Health can technologically retain such information.

Status: Accept - Risk has been carefully monitored for the past year and has not materialized. No new risk scenarios have occurred.  

Risk 5: Patients should be informed that their PI/PHI is being retained by a service provider (Ontario Health) for an extended period for reasons unrelated to the purpose of their consultation with a health care provider.  

Risk Level: Insignificant

Recommendations: Ontario Health should ensure that patients are aware that their email is recorded and retained by Ontario Health every time they receive an email scheduling an eVisit and that Ontario Health may, in some instances, act as an Agent of the Member Organization or health care provider. 

Status: Completed

Risk 6: The cloud service provider (“CSP” reserves the right to transfer client data to another region in the event all Availability Zones (“AZs”) within a region are incapacitated. Given that there are multiple AZs within a region, this is a very low probability event (likely an extremely low probability event). 

However, the CSP currently has only one (1) region in Canada. Should a regional failure occur, all Ontario Health tenant data may be relocated outside of Canada. The CSP has a second (2nd) region, based in Calgary, scheduled to open in late 2023 or early 2024.  

Risk Level: Insignificant

Recommendations: In anticipation of the CSP’s second (2nd) region in Canada starting operations, Ontario Health should formalize an understanding with the cloud service provider that any transfer any data - belonging to Ontario Health - held in the current Canadian region is transferred there. 

Status: Accept - Risk has been carefully monitored for the past year and has not materialized. No new risk scenarios have occurred.