Client Registry PIA Summary

Date of PIA Report: October 2011

Date PIA Summary Last Reviewed and Updated: December 2, 2025 (Rebranding)

The following is a summary of the above-referenced privacy impact assessment (PIA), including a brief background, key findings, and risks and recommendations as applicable. See our Privacy Contact page to find information on how to contact the Ontario Health Privacy Office should you have any questions.

Background

The function of the client registry is to provide an authoritative repository of identification data, which enables the accurate and unique identification of any individual who receives health care in Ontario, through the use of the individual’s health card number. The client registry is one of the cornerstone information systems that will support the deployment of a longitudinal electronic health record for all Ontarians.

The Ministry of Health and the Ministry of Long Term Care maintain the registered persons database (RPDB), a repository of demographic information (including health card number) on all residents of Ontario who are eligible for the Ontario Health Insurance Plan (OHIP). The RPDB includes a listing of the unique health card numbers that have been issued to individuals eligible for OHIP coverage, as well as demographic information such as date of birth, gender, address and deceased date (where applicable).

eHealth Ontario receives a feed of RPDB data from the MOHLTC and retains this information in the client registry. Approved eHealth Ontario systems (and ultimately end-users) can make a call to the client registry, using an individual’s health card number, to confirm the individual’s identity and/or to retrieve demographic information, including PHI, about that individual from the client registry. Accurate and timely identification of individuals whose personal health information (PHI) is retained in the systems that make-up the electronic health record is essential to ensuring that information is released from eHealth Ontario systems, about the correct individual, and that the right individual is being provided appropriate health services.

Because the client registry contains health card number, which is defined as PHI under the Personal Health Information Protection Act, 2004 (PHIPA), eHealth Ontario policies and Ontario Regulation (O.Reg.) 329/04 require that a PIA of the client registry initiative be undertaken.

Key Findings

The scope of the client registry physical PIA includes all components of the system up to and including release two, scheduled for November 2011. The PIA analyzes the legislative authority under which eHealth Ontario receives PHI from contributing health information custodians (HICs) (such as the MOHLTC and enduser (HICs), and flows this information to other eHealth Ontario systems that make a call to the client registry for PHI. The PIA also considers the technical, administrative and physical safeguards which have been put in place to ensure that all flows of PHI occur in a secure and privacy-protective manner, and are in compliance with legislative requirements, relevant agreements, best practices as represented in the Canadian Standards Association Privacy Code and eHealth Ontario’s privacy policies, procedures and privacy best practices.

The PIA concludes that eHealth Ontario has the overall PHIPA authorities for operating and managing the Client Registry, for the purpose of creating or maintaining one or more electronic health records, under s.6.2 of O.Reg. 329/04. Additionally, eHealth Ontario has a robust infrastructure for the processing of sensitive PHI, with policies and practices to protect the privacy of Ontarians and the security of the information in the custody of eHealth Ontario.

The PIA recommends several measures to ensure that the data received and utilized by eHealth Ontario, for the purposes of the client registry, complies with PHIPA and O.Reg. 329/04 as well as eHealth Ontario policies, procedures and privacy best practices.

Risks and Recommendations

The Physical PIA provides a number of recommendations associated with the client registry initiative, as summarized below:

1. Annual enterprise privacy training programs and materials to be revised to reflect the updated privacy policies. Additionally, eHealth Ontario to update role-based privacy education and training materials, for the users and operators of the client registry who have access to PHI.
2. eHealth Ontario’s electronic health record data retention Policy to be finalized and approved, and the client registry data to be retained in accordance with the policy.
3. eHealth Ontario to develop and document an access control procedure, which sets out the approvals process for access to PHI within eHealth Ontario’s systems by eHealth Ontario staff and service providers.
4. eHealth Ontario to review and, if required, revise third party agreements that relate to the client registry, to ensure compliance with the obligations set out in s.6.2 of O.Reg. 329/04.
5. eHealth Ontario to review, and if required, update privacy and security incident management procedures to specifically address the new requirement in O.Reg. 329/04 to notify contributing HICs (i.e. MOHLTC), of inappropriate access, use, or disclosure of PHI in the client registry.
6. eHealth Ontario to develop and document a procedure for managing individual access requests for client registry data (For example, direct individuals to the contributing HIC).

eHealth Ontario is currently in the process of implementing each of the recommendations identified in the 2011 client registry Physical PIA.