Share this page:

Share
Share
Print Email

Our Approach to Privacy

Canada Health Infoway is committed to respecting privacy, safeguarding confidential information, and ensuring the security of personal information. PrescribeIT® is a national e-prescribing service that allows physicians and pharmacies to send messages for the purposes of:

  • transmitting prescription information to a pharmacist;
  • dispensing medication to the correct patient.

Practices and safeguards to protect personal information

The following safeguards are in place to protect health information in PrescribeIT®:

Administrative

  • Infoway has appointed an individual who is accountable for privacy and security, namely, a Chief Privacy Officer.
  • Personnel with access to PrescribeIT® must pass background checks and receive privacy training.
  • Security roles and responsibilities of personnel involved in the provision of PrescribeIT® are documented.
  • Formal contracts and service level agreements are in place with any third party retained to assist in providing services.
  • Privacy and threat risk assessments are conducted. Privacy and security risk mitigation activities are established, assigned to a responsible individual, recorded and tracked as part of each assessment.
  • Policies and procedures are in place including a breach management protocol.
  • Retention of information follows legislative requirements and best practices across Canada. Our retention principles are as follows:
    • Personal Information (PI) and Personal Health Information (PHI) should be retained only as long as necessary for the fulfilment of the purposes for which it was collected and for minimum and maximum retention periods.
    •  If Personal Information or Personal Health Information is used to make a decision that directly affects an individual, the information should be kept in accordance with applicable legislation and should give the individual reasonable opportunity to obtain access to the PI/PHI.
    • Personal Information or Personal Health Information subject to an access or correction request must be retained for as long as necessary to allow the individual who is the subject of the information to exhaust any recourse the individual has under legislation.
    • Once information has reached its maximum retention period it must be securely destroyed or erased.
    • Custodian/trustees and Canada Health Infoway, and their agents and Service Providers, shall ensure that records are disposed of or destroyed in a secure manner that the reconstruction of the records is not reasonably foreseeable in the circumstance.
    • Infoway will conduct a fulsome review and refresh the policy every two years after the point of approval or earlier in circumstances where amendments to legislation, applicable agreements or the policies, procedures and practices in respect of privacy and security that have been implemented in relation to the system will impact the retention schedule. The review will include engagement with privacy oversight bodies and additional stakeholders as appropriate.

    • Technical

    • Formal processes have been established for granting and revoking access to PrescribeIT® systems. Such processes include regular reviews of permissions and accounts by accountable personnel.
    • Personnel accessing PrescribeIT® must use unique credentials and are only given the level of access necessary and sufficient for them to perform the tasks and functions for which they are responsible.
    • A formal password policy relating to PrescribeIT® systems is in place that ensures sufficient complexity, safe storage, and restrictions on access after too many failed attempts.
    • PrescribeIT® data is encrypted in transit and at rest using industry standard cryptographic algorithms.
    • There is a formal logging and auditing program for all transaction on PrescribeIT® systems.
    • Up-to-date antivirus and firewall protections are used.

    For more information about Canada Health Infoway, our programs, questions or concerns regarding our privacy practices, or to receive a copy of our Privacy Policy, please contact our Chief Privacy Officer:

    Canada Health Infoway Inc.
    Chief Privacy Officer
    150 King St. West, Suite 1100
    M5H 1J9 Toronto, Ontario 
    This email address is being protected from spambots. You need JavaScript enabled to view it.

    An individual may also direct complaints to the privacy commissioner of the jurisdiction in which they reside.

Tags:
Privacy