Statement of Information Practices for Client Health and Related Information System (CHRIS)

Ontario Health’s mandate is set out in the Connecting Care Act, 2019. It includes implementation of health system strategies developed by the Ministry of Health, through various information technology and data management services. These services include the Client Health and Related Information System (CHRIS).

Commitment to Privacy

We are committed to respecting personal privacy, safeguarding confidential information and ensuring the security of the personal health information (PHI) in our custody. Our commitment is demonstrated through our robust Privacy Program.

This Statement of Information Practices explains how Ontario Health manages and handles PHI in CHRIS, in compliance with privacy laws and industry best practices. The practices outlined in this statement are based on the 10 Fair Information Principles of the Canadian Standards Association’s Model Code for the Protection of Personal Information and applicable Ontario privacy legislation.

What is CHRIS?

CHRIS is a provincial web-based platform that we operate to support the delivery of home and community care as well as long-term care placement for Ontario patients. The CHRIS platform contains several digital applications that health organizations can use to coordinate and plan patient care. These include:

  • Referral Management stores patient referrals received through various channels into a single intake stream that prioritizes and standardizes the referrals.
  • Intake and Eligibility Management helps streamline the triage and intake processes by providing access to current assessment tools (for example, the Resident Assessment Instrument [RAI]) that help determine patient eligibility for home and community care programs.
  • Equipment and Supply Ordering and Oversight helps CHRIS users order, track and invoice equipment suppliers.
  • Waitlist Management for Long-Term Care Facilities helps care coordinators easily add patients to waitlists for long-term care homes in Ontario and track their position in line.
  • Coordinated Care Plan enables care planning among health organizations involved in the care of the same patient.
  • Health Partner Gateway enables secure communication of PHI for the purpose of providing or assisting in the provision of healthcare of patients. Health Partner Gateway supports notifications and referrals among providers.

CHRIS is used by health organizations classified under the Personal Health Information Protection Act, 2004 (PHIPA) as Health Information Custodians (HICs). Each HIC organization that participates in CHRIS is known as a CHRIS Tenant and can contribute patient information to:

  • A tenant specific CHRIS repository, which is only accessible to each individual CHRIS Tenant. This tenant specific CHRIS repository is used by each CHRIS Tenant to store and manage PHI which is under the custody and control of that Tenant, such as plans, orders and invoices for patient services.
  • A shared CHRIS repository containing demographic PHI of all patients in CHRIS. The shared repository can be accessed by any CHRIS Tenant in the course of care. It includes demographic information needed to correctly identify a patient, and summary clinical and planning information needed for continuity of care.

CHRIS Roles Under PHIPA

We are subject to the Ontario Personal Health Information Protection Act, 2004 (PHIPA) when managing the CHRIS electronic platform and related services for CHRIS Tenants. We operate under the following roles when handling PHI for CHRIS Tenants:

Health Information Network Provider (HINP)

A HINP provides the electronic means for the disclosure of PHI among a group of HICs.1

As a HINP, we provide and manage the CHRIS technical platform for the provincial CHRIS viewer. The provincial platform allows CHRIS Tenants (that is, HICs) to securely exchange PHI with one another.

We are required to adhere to certain responsibilities as a HINP under PHIPA, including the responsibility to protect the PHI we handle and the privacy of the individuals to whom the PHI relates. Similarly, each participating CHRIS Tenant is required to sign a participation agreement, recognizing its commitment as a HIC to protect the PHI it handles, and the privacy of the individuals to whom the PHI relates.

1 O. Reg. 329/04 section 6(2)

Electronic Service Provider (ESP)

An ESP supplies services to allow a HIC to use electronic means to collect, use, modify, disclose, retain or dispose of PHI.2

Each CHRIS Tenant is provided with a tenant specific CHRIS repository. The patient data in each tenant specific CHRIS repository is exclusive to and only accessible by people authorized to act on behalf of that CHRIS Tenant. We manage each tenant specific CHRIS repository in our role as an ESP for the CHRIS Tenant. This role allows us to handle PHI only as permitted by each HIC acting as a CHRIS tenant.

2 O. Reg. 329/04 section 6(1)

PHIPA Agent

We may also help individual CHRIS Tenants transfer PHI from CHRIS to a provincial partner or another authorized party (for example, for evaluation of health system performance or quality improvement initiatives). In such cases we facilitate the PHI transfer as a PHIPA Agent of the CHRIS Tenant. We act on behalf of, and with the authorization of, the specific CHRIS Tenant to fulfil a lawful purpose.

CHRIS Tenants and Authorized Users

CHRIS Tenants

The CHRIS provincial and local electronic platform is only available to HIC Organizations and their authorized PHIPA Agents that have completed and submitted the Ontario Health privacy readiness questionnaire before CHRIS onboarding. The following HIC Organizations are currently CHRIS Tenants:

  • Ontario Health atHome
  • Some approved Ontario hospitals delivering bundled care programs in the community
  • Health Service Providers, including those that may be constituent members of an Ontario Health Team

Authorized Users

An authorized user of CHRIS is an individual or organization that is a PHIPA Agent of a CHRIS Tenant and is authorized by a Tenant to access the PHI in CHRIS on their behalf and in connection with clearly defined responsibilities.

Individual Authorized Users are primarily those individuals who are granted access to CHRIS and are employees or resources of a CHRIS Tenant.

Organization Authorized Users can be HICs/non-HICs and may only access the PHI in CHRIS under the authority of a CHRIS Tenant, as their PHIPA Agent. An Organization authorized user must have agreements in place with one or more CHRIS Tenants that stipulate when and why it may access PHI in CHRIS, along with its obligations for safeguarding of that PHI.

Accountability for PHI in CHRIS

Privacy Oversight

Ontario Health is responsible for ensuring the programs we manage follow PHIPA. Individuals at the highest levels of the organization are appointed to ensure there is proper oversight and day-to-day compliance with PHIPA, through a robust privacy program.

We have assembled a CHRIS Privacy Steering Committee to oversee matters related to patient privacy, safeguarding of PHI, dispute resolution and the program impact of changes to privacy laws and regulations. Membership for the committee will include:

  • Ontario Health privacy team members
  • appointees from both CHRIS Tenants and Ontario Health Teams
  • representatives from other community health institutions

Each CHRIS Tenant is responsible for providing Ontario Health with a single point of contact (a CHRIS Privacy Representative) for all privacy matters related to CHRIS. A CHRIS Privacy Representative may be a member of a tenant organization, or an agent delegated as the primary privacy contact for the CHRIS Tenant. The CHRIS Privacy Representative will have access to the PHI within the CHRIS shared platform and will take the lead on behalf of the CHRIS Tenant in ensuring the authorized user organizations comply with PHIPA and the Tenant Standards for Privacy when Using CHRIS, designed to create consistent understanding among users to protect patient data.

Policies

Ontario Health has developed a set of privacy standards and procedures that govern the protocols applied to the CHRIS technology platform. The suite of privacy standards is intended to be used for implementation by all CHRIS tenants. The Tenant Standards for Privacy when Using CHRIS outline the general privacy practices each CHRIS Tenant should have in place to ensure compliance with PHIPA, especially when coordinated action among CHRIS Tenants and/or with Ontario Health is required.

Agreements with HIC Organizations

Before CHRIS onboarding, each prospective CHRIS Tenant must sign a Master Data Sharing and Services Agreement and CHRIS Service Schedule. These documents outline the roles and responsibilities of Ontario Health, CHRIS Tenants and authorized users when participating in CHRIS.

Collection, Use, Disclosure and Retention of PHI in CHRIS

Collection of PHI

Ontario Health provides services to CHRIS Tenants so that they may use the CHRIS solution to collect, use and disclose patient data. In providing the CHRIS solution, we operate as a HINP and an ESP, as described in the PHIPA regulation.

In our roles as a HINP and ESP, we do not collect PHI from patients for our own purpose.

CHRIS Tenants collect PHI from patients to support the delivery of home and community health services. CHRIS Tenants may collect PHI either from the patient or from another CHRIS Tenant by using the shared CHRIS repository. As stipulated in the CHRIS agreements, each CHRIS Tenant shall only collect PHI in compliance with their obligations as a HIC under PHIPA.

Use of PHI

The PHI in CHRIS is used by CHRIS Tenants and their authorized representatives for the purposes for which it was collected (for example, to plan and deliver community or home health services).

Ontario Health may use the PHI in CHRIS only as necessary to provide digital services, for example: /p>

  • as required to maintain and operate the CHRIS systems
  • to investigate a privacy or security incident

Disclosure of PHI

Ontario Health does not disclose any PHI for our own purpose, except however we may disclose PHI on behalf of a CHRIS Tenant that has authorized the disclosure, or otherwise where permitted or required by law.

CHRIS Tenants use the CHRIS solution to disclose PHI to other CHRIS Tenants to plan and deliver community or home health services. If Ontario Health is acting as a PHIPA Agent for a CHRIS Tenant, we may disclose PHI on behalf of the CHRIS Tenant to an authorized representative or partner organization of that CHRIS Tenant.

CHRIS Tenants must ensure that all collections, uses and disclosures of PHI made through CHRIS are lawful and comply with the obligations of a HIC under PHIPA.

Retention of PHI

PHI in CHRIS is retained in accordance with the terms of the Master Data Sharing and Services Agreement and the CHRIS Services Schedule and as agreed to by Ontario Health and the Tenant.

Safeguards for the Protection of PHI in CHRIS

Ontario Health has physical, administrative and technical safeguards in place to protect PHI against loss, theft, unauthorized access, disclosure, copying, use or modification. Each Master Data Sharing Services Agreement in place with a CHRIS Tenant outlines the specific safeguards we apply to protect PHI in CHRIS. The following describes some of the safeguards we implement to protect PHI.

Physical Safeguards

  • Controls to secure physical premises, including controlled access to offices
  • Secondary level of access controls for some employee zones where sensitive data may reside
  • Appropriate identification for employees
  • Video surveillance for forensic purposes

Administrative Safeguards

  • Privacy policies that outline how Ontario Health and CHRIS Tenants will protect the PHI in CHRIS
  • User terms and conditions that outline an authorized user’s responsibilities for accessing and keeping data secure in CHRIS
  • Privacy and security training to reinforce protocols for the protection of PHI:
    • Ontario Health privacy and security training
    • CHRIS Tenants are required to implement training to align with the Tenant Standards for Privacy Related Training of their PHIPA Agents
  • Privacy incident management practices to identify, contain, investigate and report on privacy incidents and breaches
    • If we receive an incident notification related to data in CHRIS, we will contact the privacy representative of the CHRIS Tenant that contributed the PHI at the first reasonable opportunity. Our representatives will follow the general protocols outlined in our Tenant Standards for Managing Privacy Incidents of PHI in CHRIS.
    • CHRIS Tenants must identify and address privacy incidents in compliance with the Tenant Standards for Managing Privacy Incidents of PHI in CHRIS.
  • Ontario Health will conduct privacy and security risk assessments to ensure privacy risks for the CHRIS platform are identified, mitigated and responsibly managed. Our representatives will follow the guidelines outlined in our Privacy Impact Assessment Standard and Privacy Risk Management Policy.

Technical Safeguards

  • Adoption of industry standards to ensure the security of PHI in CHRIS
  • Encryption applied to sensitive data in transmission
  • A logging, monitoring and auditing system to record when PHI is accessed or transferred
    • When conducting a CHRIS access audit, we will comply with our Tenant Standards for Managing Privacy Incidents of PHI in CHRIS.
    • CHRIS Tenants are required to conduct system audits for their authorized users, as described in the Tenant Standards for Managing Privacy Incidents of PHI in CHRIS.

Managing Consent in CHRIS

As a HIC, the CHRIS Tenant has the responsibility for obtaining and managing patient consent.

Each CHRIS Tenant that contributed PHI to CHRIS will determine the preferred consent method (express or implied) applied by that CHRIS Tenant. CHRIS Tenants must comply with a consent directive expressly given by the patient. The CHRIS technical platform provides mechanisms that may help a CHRIS Tenant document consent, implement a consent directive, or withdraw or withhold consent, as described in the Tenants Standards for Managing Patient Consent in CHRIS.

Accessing or Correcting PHI in CHRIS

If Ontario Health receives a request for access or a request for correction of PHI in a patient record stored in CHRIS, we will forward that request to the contributing CHRIS Tenant at the first reasonable opportunity.

All requests from patients to access their PHI should be sent to and fulfilled by the CHRIS Tenant that contributed the PHI. If a patient is requesting the correction of their PHI in CHRIS, the request should be made to and fulfilled by the CHRIS Tenant that contributed the PHI.

CHRIS Tenants are required to manage access and correction requests in CHRIS, in accordance with the Tenant Standards for Managing Access Requests and Corrections for PHI in CHRIS and their obligations as HICs under PHIPA.

CHRIS Privacy Contact Information

If you have questions about CHRIS privacy or Ontario Health privacy practices for the CHRIS platform, or if you have concerns about a CHRIS Tenant, please contact us by mail or email.

Mail:
Chief Privacy Officer
Strategy, Planning Privacy & Analytics Department
Ontario Health
500 – 525 University Avenue
Toronto, ON M5G 2L7

Email: privacy@ontariohealth.ca

You also have the right to submit a concern or complaint about CHRIS information practices to the Ontario Privacy Commissioner.

Mail:
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8

Phone: 416-326-3333 or 1-800-387-0073
TDD/TTY: 416-325-7539
Email: info@ipc.on.ca

Last Updated: January 16, 2025