Teleophthalmology PIA Summary

Date of PIA Report: February 2022 (PIA reflective of information received up until this date) 

Date PIA Summary Last Reviewed and Updated: May 29, 2025

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background on the Teleophthalmology (TOP), key findings, risk and recommendations as applicable, and target dates for completion. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

The objective for the Teleophthalmology (TOP) service is to ensure that all diabetic patients in the province, regardless of their location or socio-economic situation, have access to regular diabetic retinopathy screenings. This is in line with the Ontario Government’s transition to patient-centric, community-based care. Technologies like telemedicine and teleophthalmology are a key means to ensuring ubiquitous access to care while streamlining processes and reducing costs. Ontario Health actively promotes the adoption of TOP across the province by working closely with LHINs, government agencies and health care organizations to build awareness and convey the benefits of the program offering.  

TOP focuses on the provision of vision-related health care at a distance. It is based on the use of electronic means to store and transmit digitized personal health information (PHI), including images, demographic details, clinician notes, and supporting documentation. Clinicians at a referring site will upload digital images of a patient’s retina to iVision. Once loaded, a patient’s information can be accessed by vision care specialists via an internet connection. The result of the process is a diagnosis of the patient’s condition, delivered to the patient by staff members at the referring site. The goals of the project are to: 

1. improve access to retinal vision services,  
2. improve the efficiency of retinal assessment, and  
3. reduce the burden on patients seeking treatment. 

Ontario Health (formerly Ontario Telemedicine Network) originally completed a Privacy Impact Assessment (PIA) on the TOP service on January 2010 at the inception of the program. After six years of supporting TOP across the province, Ontario Health recognized the need to integrate retinal screening into chronic disease management programs. As such, Ontario Health selected, through competitive procurement, a new cost-effective TOP solution from Retina Labs RD Inc. (Retina). The solution is robust, scalable, and delivered through a Software as a Service (SaaS) cloud-based model hosted in Canada. Retina Labs (Retina)’s product, iVision, is a web-based, secure TOP application to support the TOP expansion. Ontario Health conducted a Privacy Impact Assessment (PIA) for the migration of the service to Retina and on the security around the infrastructure provided by Retina. Since then, service and reporting changes have resulted in three updated PIAs. 

Key Findings

With the Teleophthalmology (TOP) service, the privacy analysis of the initiative identified seven (7) risks and twenty (20) mitigation recommendations.  In accordance with Ontario Health’s Privacy Risk Management policy and procedures, the Chief Privacy Officer (CPO) approves and endorses the results of the PIA and risk management process, and should there be a risk or risks that cannot be mitigated to an acceptable risk tolerance of minor, the designated business or portfolio owner must: 

• Review and sign off the Risk Acceptance Form.  

• Prepare a supporting documentation (briefing note) addressing possible consequences as a result of accepting the risk(s) and not implementing the recommendation(s) provided by Legal, Privacy and Risk Portfolio; and  

• Submit the Risk Acceptance Form and supporting documentation to the Executive Lead for the applicable portfolio and to the Executive Lead for Legal, Privacy, and Risk Portfolio for review and approval.  

Ontario Health’s PIA standard recommends that all very high, high, and moderate risks be mitigated to an acceptable level (minor) prior to a project going live. As such, the following recommendations should be implemented prior to or in concert with this project’s launch. Risk rating definitions used to assess the risk of each identified gap are available upon demand

Risk rating definitions used to assess the risk of each identified gap are available upon demand. 

Risks and Recommendations

The PIA makes the following risks and recommendations:

Risk 1: The previous PIA identified Ontario Health only as an Esp and HINP. There is a risk that Ontario Health assumes other roles. The result is that Ontario Health PHIPA Authority may not have been identified properly and brings role of Program Evaluation and Management into question.    

Risk Level: Medium

Recommendations:

• Review the Ontario Health’s mandate and align with legislative PHIPA authority. 
• HIC to appoint Ontario Health as their Agent. 
• Establish authority through PHIPA Agent/Service Agreement between HICs and Ontario Health to allow HIC to have Program Management and Evaluation mandate and Ontario Health to fulfill requirement. 
• Ontario Health to provide update to consent which is collected by the HICs. 
• Develop an agreement/training for Ontario Health employees to separate the access to PHI role for Agent or HINP role (non-disclosure agreement). 

Status: Completed

Risk 2: There is a risk of overcollection of PHI by Ontario Health

Risk Level: Medium

Recommendations:

• Confirm that data elements extracted is what is required for HICs to evaluate program based on the KPIs. 
• Review record-level data elements and assign the label as per Ontario Health Deidentification Guidelines. Update Report Template to correct any elements that are not required. 
• Request that Retina revise Report Template to reflect new data list. 

Status: Completed

Risk 3: There is a risk that current service agreement (OTN Teleophthalmology Website User Agreement dated March 2017) does not reflect required HINP requirements as per PHIPA. Also there seems to be no record of the HICs agreeing to the Terms.

Risk Level: Medium

Recommendations:

• Update the Service/Agent agreement to include the HINP requirements. 
• Create a tracking mechanism for the HIC acknowledgement of the Terms. 

Status: Completed

Risk 4: There is a risk that the OTNhub Teleophthalmology Report allows HICs to access other HIC data in contravention of the Ontario Health Small Cell Disclosure Guideline. There is also a risk that Ontario Health staff and others who have been given access to the web-Dashboard can access data also in contravention of the Small Cell Disclosure Guidelines.

Risk Level: Medium

Recommendations:

• Revise Dashboard access to only allow HICs to access their own report and overall program totals. 
• Revise HIC access other HICs data to comply with the Small Cell Disclosure Guideline. 
• Revise Dashboard for Ontario Health access by limiting reports to elements that meet Small Cell Rule. 
• Add a disclaimer to Dashboard that explain how the data should be used/disclosed

Status: Completed

Risk 5: There is a risk that a retention period has not been established for the reporting process.  

Risk Level: Low

Recommendations:

• Work with Business to determine appropriate retention period for reports including for record-level data extract from Retina, Ministry reporting and Dashboard. 
• Work with the HICs to establish an appropriate retention period for PHI. 
• Ontario Health to work with Records Information Management to establish an appropriate retention schedule

Status: Pending

Risk 6: There is a risk that Retina has not updated all pertinent policies and procedures related to new cloud provider implementation.

Risk Level: Low

Recommendations: Review policies to ensure meet compliance recommendations of new cloud provider implementation. 

Status: Completed

Risk 7: There is risk that a delta Threat and Risk Assessment (TRA) is not being contemplated to ensure the level of security safeguards and controls are in place commensurate with the level of sensitivity of the data assets. 

Risk Level: Low

Recommendations:

• Confirm/validate if a TRA will be undertaken and required. 
• If a TRA is required, privacy to include the security safeguard findings in this PIA including access to the identified risks, recommended mitigation activities, and timelines. 

Status: Completed