Digital Health Identifier Retention Standard

2.2.1 Ontario Health is committed to retaining Digital Health Identifier Records in a secure manner. Ontario Health ensures that records of PHI are retained in a secure manner in accordance with the Personal Health Information Handling Standard and industry security standards and best practices. The VP, Access Products and Services is responsible for ensuring the secure retention of these records.

2.2.2 The form (identifiable/de-identified) in which Digital Health Identifier Records are retained will be determined and implemented in accordance with the Personal Health Information Handling Standard, and in consideration of the purpose of carrying out the DHI activities.

2.2.3 The precise methods by which records of PHI in paper and electronic format are securely retained, including records retained on various media, is determined and implemented in accordance with the Personal Health Information Handling Standard, Information Classification and Handling Standard and the Information Classification and Handling Guidelines.

2.2.4 Employees and other Ontario Health Agents must take steps that are reasonable in the circumstances to ensure that retained PHI is not used or disclosed without authority and is protected against theft, loss and unauthorized use or disclosure, and that records of PHI are protected against unauthorized copying, modification or disposal.

2.2.5 The Information Security Risk Management Standard identifies the Ontario Health Agent(s) responsible for retaining the system control and audit logs, as well as where these items are retained.

CPO: Chief Privacy Officer

DHI: Digital health Identifier

DHI Activity Records: Any of the following records:

1. records related to a change in the identifying information used in the creation or maintenance of an individual’s My Ontario Account for Health;
2. records of consents that have been given or withdrawn in relation to an individual’s My Ontario Account for Health;
3. records related to Validation and Verification Services; and
4. records of the date on which an individual used the My Ontario Account for Health to access a Digital Health Tool (including My Health Record).

Digital Health Identifier Records: Records of PHI that are under the custody or control of Ontario Health and are collected or used by Ontario Health under its authority as a prescribed organization for the purposes of Part V.2 of PHIPA.

Digital Health Tool: Any digital platform, provided by either Ontario Health or an authorized health information custodian, that may be accessed by individuals through their My Ontario Account for Health.

Employee: A person employed and compensated by Ontario Health as an Employee, and is classified as either permanent full-time, permanent part-time, temporary full-time, temporary part-time, paid student or casual, as set out in the Employee Classification Guideline. A consultant or contractor is not an Employee.

IPC: Information and Privacy Commissioner of Ontario

My Health Record: A Digital Health Tool provided by Ontario Health that provides individuals who have a My Ontario Account for Health with digital access to certain of their health records that are contained in the Ontario Laboratories Information System and the Digital Health Drug Repository, which are held in the provincial Electronic Health Record maintained by Ontario Health.

My Ontario Account for Health: The application through which an individual may validate and verify their identity and authenticate themselves to access Digital Health Tools

O.329/04: Ontario Regulation 329/04 made under PHIPA

Ontario Health Agent: A person that acts for or on behalf of Ontario Health for the purposes of Ontario Health , and not for the person’s own purposes, whether or not the person has the authority to bind Ontario Health , whether or not the person is an Employee, and whether or not the person is being remunerated.

PHI or Personal Health Information: Has the meaning set out in s. 4 of PHIPA. Specifically, it is “identifying information” in oral or recorded form about an individual that:

• relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family;
• relates to the provision of health care to the individual, including the identification of a person as a provider of health care to the individual;
• Is a plan that sets out the home and community care services for the individual to be provided by a health service provider or Ontario Health Team pursuant to funding under section 21 of the Connecting Care Act, 2019;
• relates to payments or eligibility for health care or eligibility for coverage for health care, in respect of the individual;
• relates to the donation by the individual of any body part or bodily substance of the individual or that is derived from the testing or examination of any such body part or bodily substance;
• is the individual’s health number;
• identifies an individual’s substitute decision-maker; or
• is the individual’s digital health identifier or other identifying information related to the creation of the digital health identifier.

PHI includes identifying information about an individual that is not listed above but that is contained in a record that includes PHI listed above.

Information is “identifying” when it identifies an individual or when it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify the individual.

PHIPA: Personal Health Information Protection Act, 2004.

References to PHIPA include O. Reg. 329/04, as may be amended or replaced from time to time.

PI or Personal Information: Subject to the provisions of FIPPA, as applicable, Personal Information has the meaning set out in section 2 of FIPPA. Specifically, it means recorded information about an identifiable individual, including:

• information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual;
• information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved;
• any identifying number, symbol or other particular assigned to the individual;
• the address, telephone number, fingerprints or blood type of the individual;
• the personal opinions or views of the individual except where they relate to another individual;
• correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence;
• the views or opinions of another individual about the individual; and
• the individual’s name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual.

Personal Information also includes information that is not recorded and that is otherwise defined as Personal Information when considering the manner of collection, notice to public, privacy impact assessments and safeguards. Footnote: Section 38 (1) FIPPA.

PIA: Privacy Impact Assessment

Prescribed Organization or PO: The organization prescribed in Ontario Regulation 329/04 as the organization for the purposes of PHIPA. The Prescribed Organization has the power and the duty to develop and maintain the EHR in accordance with Part V.1 of PHIPA, and the power to carry out digital health identifier activities in accordance with Part V.2 of PHIPA. 

Privacy Breach: A Privacy Breach includes:

1) Privacy Breach of PHI or PI (Privacy PHI/PI Breach) means an event where:

• The Collection, Use or Disclosure of PHI or PI is not in compliance with PHIPA or its regulation, or with FIPPA or its regulations (i.e. without legal authority); and/or
• The Viewing, handling or otherwise dealing with PHI provided to Ontario Health is not in compliance with PHIPA, or its regulation;
• PHI or PI is stolen, lost or subject to unauthorized Collection, Use or Disclosure or where records of PHI or PI are subject to unauthorized copying, modification, or disposal.

Note: A Privacy PHI/PI Breach does not include a breach of De-identified Information, or Business Identity Information, if the event does involve PI or PHI.

2) Privacy Breach of Privacy Policy or Agreement (Privacy Policy/Agreement Breach) means an event where:

• There is a contravention of Ontario Health’s privacy policies, procedures or practices; and/or
• There is a contravention of a privacy-related term or condition in a:
  • data sharing agreements,
  • research agreements,
  • confidentiality agreements, or
  • agreements with third party service providers retained by Ontario Health to handle PHI or PI,
  • written acknowledgements acknowledging and agreeing not to use PHI or PI which has been de-identified and/or aggregated, to identify an individual; and
• Does not include a privacy breach of PHI or PI

Note: A Privacy Policy/Agreement Breach may include a breach that involves De-identified Information or Business Identity Information, if the breach relates to privacy controls in an agreement or a privacy policy, procedure or practice related to handling of De-identified Information or Business Identity Information.

Privacy Incident: Any event where the Privacy Office is notified or becomes aware that a Privacy Breach may have occurred. This includes events that are reviewed/investigated and are:

1. Confirmed to be a Privacy Breach;
2. Confirmed not to be a Privacy Breach; or
3. It cannot or has not been determined if a Privacy Breach occurred (Suspected Privacy Breach).

Note: Privacy Incidents include events involving PI and PHI, as well as De-identified Information and Business Identity Information as these events require investigation in accordance with this Policy to confirm if they are Privacy Breaches as defined below. Ontario Health shall investigate these incidents involving De-identified Data and Business Identity Information, considering factors such as the 1) risk of re-identification and related de-identification guidelines for De-identified Data, as well as 2) the context for handling data that Ontario Health received as Business Identity Information, to confirm that it does not constitute PI, respectively.

Third-Party Service Provider: A third-party contracted or otherwise engaged to provide services to Ontario Health, including Electronic Service Providers.

TRA: Threat Risk Assessment

Validation and Verification Services: Services provided by Ontario Health that:

1. validate the health number and additional PHI from the health card provided by an individual, including by relying on a database for health cards maintained by the Minister;
2. verify that an individual who is providing the health number or additional PHI, and such other identifying information as may be requested by Ontario Health, is the individual to whom the health number or PHI relates;
3. rely upon the services described in clauses (a) and (b), or such other services as may be prescribed by O. Reg. 329/04, to create or renew an individual’s digital health identifier; or
4. are prescribed by O. Reg. 329/04.