OTNhub Care Coordination: Patient Access Network (PAN) Scheduling (Limited Release) PIA Summary

Date of PIA Report: October 27, 2021 (PIA reflective of information received up until this date) 

Date PIA Summary Last Reviewed and Updated: May 26, 2025

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background on the Care Coordination: Patient Access Network (PAN) Scheduling project (eVisit 4.9.1), key findings, risk and recommendations as applicable, target dates for completion. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

In late 2020, Ontario Health began a project (eVisit 4.9.1) to improve the workflow for scheduling Patient Access Network (PAN) sites, which host patients for Video Visits. These hosting services are critical for patients who may experience barriers to their participation in Direct to Patient Video Visits, including a lack of high-speed internet access or a requirement for nursing support during a Video Visit.

Initially, the eVisit 4.9.1 project contained two key components: 1) a new workflow for consultants and their schedulers on the OTNhub, and 2) the distribution of Outlook licenses to select PAN sites to enable integration of PAN site availability and scheduling data with the new OTNhub workflow. The PIA conducted on the eVisit 4.9.1 project identified 16 total risks, including 5 high and 7 medium risks, with most of the high and medium risks related to the Outlook component of the project. As a result, the Outlook component was de-scoped from the eVisit 4.9.1 release and may be contemplated separately in the future.

With the Outlook component de-scoped, only 4 risks remained that were applicable to the OTNhub component of the project, including 1 high risk and 3 medium risks. Any findings, observations and recommendations in this report are based on a review of project documentation at the time of the assessment. The following table is a summary of the risks and recommendations and is shown in risk severity order.

Key Findings

With the Outlook component of the project removed, the privacy analysis of the initiative identified 4 risks. Ontario Health’s PIA policy recommends that all high and medium risks be mitigated to an acceptable level prior to a project going live. As such, the following recommendations should be implemented prior to or in concert with this project’s launch. The recommendations should reduce the risk ratings from high to medium and from medium to low. The identified low risks should be mitigated within a reasonable time as determined by the Privacy Team.

Risk rating definitions used to assess the risk of each identified gap are available upon demand.

Risks and Recommendations

The PIA makes the following risks and recommendations:

Risk 1: When a scheduler is booking a patient host site in OTNhub, the patient address should be identified as optional. The address field does not appear to be labelled as optional in the latest screenshot viewed. A previous rendition in the requirements document reviewed did identify the address field to be optional.    

Risk Level: High

Recommendations: A pop up/just in time notice should appear when the address field is hovered over to explain that this information is only required if the scheduler would like the patient’s address to be populated into the patient letter.

Status: Completed

Risk 2: Documented policies under review by the Ontario IPC must be finalized with an implementation/operationalization plan. Legacy Ontario Telemedicine Network (OTN) policies and procedures are being rolled into the Ontario Health policies yet to be confirmed.

Risk Level: Medium

Recommendations: The Ontario Health suite of privacy policies and procedures will apply to eVisit 4.9.1. Where the Ontario Health framework differs from what exists for the legacy OTN, the internal privacy team must assure the eVisit 4.9 projects are in alignment with these components. 

Status: Mitigation measures in place reduce residual risk to low. Mitigation measures include legacy business unit privacy policies and procedures which remain in effect until new policies and procedures are harmonized and privacy training for all staff.

Risk 3: Privacy event audit logging has not been confirmed or documented by the project team for eVisit 4.9.1. Note that event logging requirements have been provided for event scheduling activity in OTNhub but must also incorporate MS O365 accounts (including view-only activity of PHI contained in Outlook files).

Risk Level: Medium

Recommendations: Privacy event audit logging has not been confirmed or documented by the project team for eVisit 4.9.1. Note that event logging requirements have been provided for event scheduling activity in OTNhub but must also incorporate MS O365 accounts (including view-only PHI activity contained in Outlook files).

Status: Completed for in scope elements (that is, OTNhub workflow).

Risk 4: Retention rules have not been established for scheduling related data that will be contained in the OTNhub database and in Outlook e-mail files. Retention practices are yet to be approved by Chief Privacy Officer and Archivist of Ontario.

Risk Level: Medium

Recommendations: eVisit 4.9.1 scheduling records must be included in the retention schedule so Outlook records (.OST files) are not retained indefinitely (cancelled events may warrant a longer retention timeframe than completed events that are already recorded/maintained in the source system NCompass/TSM).

Status: Mitigation measures in place reduce residual risk to low. Mitigation measures include retention of scheduling data (with plans to accommodate long-term retention of data in alignment with existing regulatory requirements and guidance from oversight bodies) until the new retention schedule is finalized and privacy training for all staff.